Economics Project- Overview

home > projects > Economics Project- Overview

 Project Overview (Pdf)

 

The following information describes the Economics Project supported by the I3P from 2005-2007.  Some aspects of this project are currently under further research as part of the Business Rationale for Cyber Security Project.

 

The notion of levels of infrastructure guides the way the research is organized and coordinated. Information infrastructure security can be viewed from three perspectives: national, firm or enterprise, and technology. The national level views the information infrastructure as an element of national security, where cyber security incidents can disrupt, impair or destroy critical economic capabilities. The enterprise level considers the effects of degraded or destroyed infrastructure on the degree to which an enterprise can maintain its bottom line by developing and delivering products and services. The technology level addresses those technologies that protect the infrastructure, by deterring particular threats, preventing certain classes of attacks, or mitigating the consequences of attack.

 

PROJECT OVERVIEW

The multi-disciplinary research, being conducted at leading national facilities, aims to provide decision-makers with data and analysis to help them make informed decisions about protecting the nation’s critical infrastructure. the information security decision-nation’s critical infrastructures. The project is organized and coordinated around three perspectives:

 

  1. A national level perspective,
  2. An enterprise perspective and,
  3. A technology perspective.

 

RESEARCH APPROACH

The research is organized in three threads:

 

  1. Thread I addresses national concerns, by viewing problems on a macro-economic scale. Its research assesses how industry sectors inter-act within the U.S. economy, particularly in terms of how impairments to the information infrastructure can destroy economic capabilities and generate ripple effects throughout the U.S. economy.

 

  1. Thread II examines enterprise considerations, looking at how firms apply security technologies and deal with the effects of security breaches. In particular, this research generates information about how enterprises make security investment decisions and balance their security costs with other economic demands.

 

  1. Thread III considers the technology behind the information infrastructures, examining threats against core infrastructure technologies and developing a set of least-cost responses and policy recommendations to stimulate deployment.

 

KEY QUESTIONS

  • How are information security decisions made?
  • How can we make more informed and realistic security decisions?
  • What data are available, and how credible are they?
  • What market and policy mechanisms are most effective in promoting security?

 

PROJECT GOALS

The goal of the research team  is to use its finding to influence future government policies and corporate decision-making The research team seeks to:

  • Understand the barriers and incentives to investment in cyber security
  • Identify the most serious threats
  • Quantify the costs of cyber security and the effects of cyber attacks
  • Measure and model the effectiveness of current security tools, processes and policies

 

PROJECT SUCCESS

The research will reveal a detailed and nuanced picture of the dependence of U.S, sector, and enterprise economies on the security and integrity of the information infrastructure. The results will include a set of macro- and micro- economic models and findings about the nature of information security decision-making.

 

PLANNED RESULTS

As a result of this project:

  • Decision-makers will be able to evaluate and contrast the likely economic consequences of a variety of proposed policies involving investment priorities and resource allocations.
  • Security decisions can be made not only by the availability of technology, but also be the economic, organizational, behavioral, and cultural considerations at enterprise and sector levels.

PROJECT PUBLICATIONS

 

TEAM MEMBERS

The research team is composed of researchers and engineers from the following institutions:

Institute for Security Technology Studies, Dartmouth College’s Tuck School of Business
I3P Administrative Office
Critical Infrastructure Protection Program, George Mason University
MIT Lincoln Laboratories
RAND Corporation
University of Virginia

 

WORKING WITH INDUSTRY

The research team is working closely with industry and government stakeholders by: conducting workshops; performing case studies and interviews; working on standards groups and committees; developing tools; and publishing and disseminating findings. All results are made realistic by working with and vetting by industry and government stakeholders.

 

RESEARCH PRODUCTS CURRENTLY UNDER DEVELOPMENT INCLUDE:

  • Macro and micro models to aid understanding of risk and decision-making
    • Models from the national, enterprise and technology perspectives
    • A macro-economic decision support tool   (currently in prototype form)
    • Scenarios and frameworks to integrate the   three perspectives
  • An integrated picture of economic dependence on the security and integrity of the information infrastructure.
    • Publications bringing together many disciplines
    • Standards and policy proposals to increase the incentives for infrastructure security deployment

 

Points of Contact:

Project Leader: Shari Lawrence Pfleeger pfleeger@rand.org (703) 413-1100 Ext.5525

I3P Assistant Director for Research and Analysis : Eric Goetz, , (603) 646-0692

Dartmouth Leaf Icon
The I3P is managed by Dartmouth College.
Copyright © 2007, the Trustees of Dartmouth College. All rights reserved.