ABSTRACT
Cyberspace continues to elicit a sense of a fundamental departure from business as usual. Dynamic new technologies and new applications are the epitome of a global project on which financial transactions, infrastructure controls, and communications are increasingly reliant on to function. The processes of securing cyber assets that are critical for the functioning of the developed world, as well as the risks of utilizing cyberspace, are surprisingly familiar. A common methodology of assessing risk in cyberspace is lacking, and efforts to mitigate risk in this domain are hampered by ineffectual cooperation between public security and private actors who are responsible for computer and network security. Although private technological innovation in the development of the Internet is unquestioned, corporations have repeatedly been the victims of cyber attacks. Efforts to reduce threats and vulnerabilities in cyberspace have proven elusive in the face of actors who can attack from anywhere in the globe with true anonymity. In sum, private efforts to secure their digital dominions have led to a succession of dead ends. In this chapter I examine the obstacles for reducing risk in cyberspace. It will be shown that an inability to generate a common framework for managing cyber risk has only enhanced insecurity for all actors as failure to agree how to protect a non-excludable good has led to a negative-sum outcome. In other words, private sector attempts to secure their own networks have led to everyone being worse off. Creating the Internet, and policing it, are two very different problems.
