More Web Proxy on the site http://driver.im/

research-article

An Economic Alternative to Improve Cybersecurity of E-government and Smart Cities

Authors:

Qi LiaoAuthors Info & Claims

dg.o '16: Proceedings of the 17th International Digital Government Research Conference on Digital Government Research

Pages 455 - 464

https://doi.org/10.1145/2912160.2912170

Published: 08 June 2016 Publication History

Abstract

While the rapid progress in smart city technologies are changing cities and the lifestyle of the people, there are increasingly enormous challenges in terms of the safety and security of smart cities. The potential vulnerabilities of e-government products and imminent attacks on smart city infrastructure and services will have catastrophic consequences on the governments and can cause substantial economic and noneconomic losses, even chaos, to the cities and their residents. This paper aims to explore alternative economic solutions ranging from incentive mechanisms to market-based solutions to motivate smart city product vendors, governments, and vulnerability researchers and finders to improve the cybersecurity of smart cities.

References

[1]

Open-air computers. The Economist, October 27 2012.

[2]

L. Ablon, M. C. Libicki, and A. A. Golay. Markets for cybercrime tools and stolen data: Hackers' bazaar. RAND Corporation research report, 2014.

Digital Library

[3]

A. M. Algarni and Y. K. Malaiya. Software vulnerability markets: Discoverers and buyers. International Journal of Computer, Information Science and Engineering, 8(3):71--81, 2014.

[4]

Y. A. Alsultanny. Evaluating users intention to use e-government services. International Journal of Emerging Trends & Technology in Computer Science, 3(5):55--60, September-October 2014.

[5]

R. Anderson and T. Moore. The economics of information security: A survey and open questions. Science, 314:610--613, 2006.

[6]

S. Anthony. The first rule of zero-days is no one talks about zero-days (so we'll explain). Ars Technica, October 20 2015.

[7]

A. Arora, A. Nandkumar, and R. Telang. Does information security attack frequency increase with vulnerability disclosure: An empircal analysis. Information Systems Frontiers, 8(5):350--362, 2006.

Digital Library

[8]

A. Arora, R. Telang, and H. Xu. Optimal policy for software vulnerability disclosure. Management Science, 54(4):642--656, 2008.

Digital Library

[9]

T. August and T. I. Tunca. Who should be responsible for software security? a comparative analysis of liability policies in network environments. Management Science, 57(5):934--959, 2011.

Digital Library

[10]

L. Bilge and T. Dumitras. Before we knew it: an empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 833--844, Raleigh, NC, October 16--18 2012.

Digital Library

[11]

J. Brumfield. Verizon 2015 data breach investigations report. April 13 2015.

[12]

C. Cerrudo. An emerging US (and world) threat: Cities wide open to cyber attacks. IOActive White Paper, 2015.

[13]

S. Dynes, E. Goetz, and M. Freeman. Cyber security: Are economic incentives adequate? IFIP International Federation for Information Processing, 253:15--27, 2008.

[14]

M. Eslava. The political economy of fiscal deficits: A survey. Journal of Economic Surveys, 25(4):645--673, 2011.

[15]

M. Finifter, D. Akhawe, and D. Wagner. An empirical study of vulnerability reward programs. In Proceedings of the 22nd USENIX conference on Security, pages 273--288, Washington, D.C., August 14--16 2013.

Digital Library

[16]

S. Frei. The known unknowns: Empirical analyais of publicly unknown security vulnerabilities. NSS Labs, December 2013.

[17]

S. Frei and F. Artes. International vulnerability purchase program: Why buying all vulnerabilities above black market prices is economically sound. NSS Labs, December 2013.

[18]

B. Ghena, W. Beyer, A. Hillaker, J. Pevarnek, and J. A. Halderman. Green lights forever: Analyzing the security of traffic infrastructure. In WOOT'14 Proceedings of the 8th USENIX conference on Offensive Technologies, pages 7--7, San Diego, CA, August 19 2014.

Digital Library

[19]

A. Greenberg. Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees). Forbes, March 21 2012.

[20]

A. Greenberg. Shopping for zero-days: A price list for hackers' secret software exploits. Forbes, March 23 2012.

[21]

K. Huang, J. Zhang, W. Tan, and Z. Feng. An empirical analysis of contemporary android mobile vulnerability market. In Proceedings of the 2015 IEEE International Conference on Mobile Services (MS), pages 182--189, New York, NY, June 27-July 2 2015.

Digital Library

[22]

A. G. Illera and J. V. Vidal. Lights off! The darkness of the smart meters. Black-hat Europe, October 14--17 2014.

[23]

H. Joh and Y. Malaiya. Seasonal variation in the vulnerability discovery process. In Proceedings of ICST '09, International Conference on Software Testing Verification and Validation, pages 191--200, Denver, CO, April 1-4 2009.

Digital Library

[24]

D. Klaper and E. Hovy. A taxonomy and a knowledge portal for cybersecurity. In Proceedings of the 15th Annual International Conference on Digital Government Research, pages 79--85, 2014.

Digital Library

[25]

J. H. Lee, M. G. Hancock, and M.-C. Hu. Towards an effective framework for building smart cities: Lessons from Seoul and San Francisco. Technological Forecasting and Social Change, 89:80--99, November 2014.

[26]

R. Lemos. Private market growing for zero-day exploits and vulnerabilities. TechTarget, November 2012.

[27]

R. M. Margolis and D. M. Kammen. Evidence of under-investment in energy R&D in the United States and the impact of federal policy. Energy Policy, 27:575--584, 1999.

[28]

A. Mein and C. Evans. Dosh4Vulns: Google's vulnerability reward programs. March, 2011.

[29]

C. Miller. The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. In Proceedings of the Sixth Workshop on the Economics of Information Security, Pittsburgh, PA, June 2007.

[30]

I. J. Mojica, B. Adams, M. Nagappan, S. Dienst, T. Berger, and A. E. Hassan. A large-scale empirical study on software reuse in mobile apps. IEEE Software, 31:78--86, 2014.

[31]

W. D. Nordhaus. The political business cycle. Review of Economic Studies, 42(2):169--190, April 1975.

[32]

N. Perlroth and D. E. Sanger. Nations buying as hackers sell flaws in computer code. The New York Times, July 13 2013.

[33]

S. Pfleeger and R. Cunningham. Why measuring security is hard. IEEE Security & Privacy, 8(4):46--54, July/August 2010.

[34]

S. Ransbotham, S. Mitra, and J. Ramsey. Are markets for vulnerabilities effective? MIS Quarterly, 36(1):43--64, March, 2012.

[35]

M. J. Schwartz. So you want to be a zero day exploit millionaire? InformationWeek, November 10 2011.

[36]

M. D. Scott. Tort liability for vendors of insecure software: Has the time finally come? Maryland Law Review, 67(2):425--484, 2008.

[37]

P. N. Stockton and M. Golabek-Goldman. Curbing the market for cyber weapons. Yale Law & Policy Review, 32:101--128, December 18 2013.

Cited By

Algarni A(2022)The Historical Relationship between the Software Vulnerability Lifecycle and Vulnerability Markets: Security and Economic RisksComputers10.3390/computers1109013711:9(137)Online publication date: 14-Sep-2022
https://doi.org/10.3390/computers11090137
Khan AZaib SKhan FTarimer ISeo JShin J(2022)Analyzing and Evaluating Critical Cyber Security Challenges Faced by Vendor Organizations in Software Development: SLR Based ApproachIEEE Access10.1109/ACCESS.2022.317982210(65044-65054)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3179822
van der Linden DRashid A(2020)The Effect of Software Warranties on CybersecurityACM SIGSOFT Software Engineering Notes10.1145/3282517.330239843:4(31-35)Online publication date: 22-Oct-2020
https://dl.acm.org/doi/10.1145/3282517.3302398

An Economic Alternative to Improve Cybersecurity of E-government and Smart Cities
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Smart City and Smart Government: Synonymous or Complementary?
WWW '16 Companion: Proceedings of the 25th International Conference Companion on World Wide Web

Smart City is an emerging and multidisciplinary domain. It has been recently defined as innovation, not necessarily but mainly through information and communications technologies (ICT), which enhance urban life in terms of people, living, economy, ...
Smart cities and smart governments: using information technologies to address urban challenges
dg.o '13: Proceedings of the 14th Annual International Conference on Digital Government Research

Many cities are focused on becoming "smarter". They are exploring the power of information and communication technologies (ICTs) to become more efficient, effective, transparent, accountable and sustainable. However, there has not been a systematic ...
Delivering public value through open government data initiatives in a Smart City context

By using ICT in an innovative way, governments can improve the delivery of services and interaction with stakeholders. Open data is a way to help public organizations became more open and improve interaction with stakeholders. This paper aims to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

dg.o '16: Proceedings of the 17th International Digital Government Research Conference on Digital Government Research

June 2016

532 pages

ISBN:9781450343398

DOI:10.1145/2912160

Editors:
Yushim Kim,
Monica Liu

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 June 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

dg.o '16

dg.o '16: 17th International Digital Government Research Conference

June 8 - 10, 2016

Shanghai, China

Acceptance Rates

Overall Acceptance Rate 150 of 271 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
189
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Algarni A(2022)The Historical Relationship between the Software Vulnerability Lifecycle and Vulnerability Markets: Security and Economic RisksComputers10.3390/computers1109013711:9(137)Online publication date: 14-Sep-2022
https://doi.org/10.3390/computers11090137
Khan AZaib SKhan FTarimer ISeo JShin J(2022)Analyzing and Evaluating Critical Cyber Security Challenges Faced by Vendor Organizations in Software Development: SLR Based ApproachIEEE Access10.1109/ACCESS.2022.317982210(65044-65054)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3179822
van der Linden DRashid A(2020)The Effect of Software Warranties on CybersecurityACM SIGSOFT Software Engineering Notes10.1145/3282517.330239843:4(31-35)Online publication date: 22-Oct-2020
https://dl.acm.org/doi/10.1145/3282517.3302398

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents