In this paper we present what we believe to be the first systematic study of the costs of cybercrime. It was prepared in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem. For each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs -both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now 'cyber' because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. As far as direct costs are concerned, we find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost in the tens of pence/cents. However, the indirect costs and defence costs are much higher for transitional and new crimes. For the former they may be roughly comparable to what the criminals earn, while for the latter they may be an order of magnitude more. As a striking example, the botnet behind a third of the spam sent in 2010 earned its owners around US$2.7m, while worldwide expenditures on spam prevention probably exceeded a billion dollars. We are extremely inefficient at fighting cybercrime; or to put it another way, cybercrooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society. Some of the reasons for this are well-known: cybercrimes are global and have strong externalities, while traditional crimes such as burglary and car theft are local, and the associated equilibria have emerged after many years of optimisation. As for the more direct question of what should be done, our figures suggest that we should spend less in anticipation of cybercrime (on antivirus, firewalls, etc.) and more in response -that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail.
Recent years have witnessed major governmental initiatives regarding critical infrastructure protection (CIP). During that same time, critical infrastructures (CIs) have undergone massive institutional restructuring under the headings of privatization, deregulation and liberalization. Little research has gone into understanding the interactions between these two developments. In this article, we outline the consequences of institutional restructuring for the changing ways in which CIs ensure the reliability and security of their networks and services. Neither Normal Accident Theory nor High‐Reliability Theory can account for reliability under these conditions. We then investigate the implications of these findings for CIP.
The threat of cascading failures across critical infrastructures has been identified as a key challenge for governments. Cascading failure is seen as potentially catastrophic, extremely difficult to predict and increasingly likely to happen. Infrastructures are largely privately operated and private actors are thought to under-invest in mitigating this threat. Consequently, experts have demanded a more dominant role for government, including the use of regulation. Empirical evidence on cascading failure is, however, extremely scarce. This paper analyses new data drawn from news reports on incidents. We find that, contrary to current thinking, cascades are not rare. Neither do they indicate a wide array of unknown dependencies across infrastructures. Rather, we find a small number of focused, unidirectional pathways around two infrastructures: energy and telecommunications. We also found that most cascades were stopped quickly, in contrast to the oft-cited 'domino effect'. These findings undermine the case for more intrusive public oversight of critical infrastructures.
The governance of the Internet provides one of the most important arenas in which new ideas regarding Internet studies can be applied and tested. This paper critiques the prevailing conceptualization of Internet governance. The label is routinely applied to the study of a few formal global institutions with limited or no impact on governance, but not to studies of the many activities that actually shape and regulate the use and evolution of the Internet, such as Internet service provider interconnection, security incident response or content filtering. Consequently, current conceptualizations of Internet governance inflate the presence and influence of state actors. Furthermore, they undermine efforts to understand how large-scale distributed systems in the global economy can be governed in the absence of formalized international regimes. We conclude by discussing how concepts of networked governance can be applied and extended to illuminate the study of Internet governance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.