blog




  • Essay / Assigning Responsibility for Malicious Internet Traffic

    IntroductionThe inability to determine responsibility for malicious traffic passing over the Internet is a difficult task, but not impossible, and inaction is not acceptable. Without the ability to assign accountability, the ever-changing liability environment will continue to foster poor security practices by all parties on the Internet and create unwanted economic costs. To solve this problem, it is necessary to evaluate different parts of the problem, including the costs of malicious traffic, the actors on the Internet, and questions related to attribution of responsibility. After establishing the factors, we recommend assigning responsibility. Framing the Problem The concept of attribution is not new to the world, but the Internet presents unique challenges. These challenges arise from a number of factors that play on each other without the need to consider the overall effects that occur in a common environment, such as the Internet (Mead, 2004). Although liability on the Internet needs to be addressed for a number of reasons, this paper will only consider the case of malicious traffic. The rationale for identifying problems is the economic impact of the current environment. The different actors on the Internet (end users, operating system manufacturers (O/S), software publishers and Internet service providers (ISP), as well as examples of malicious traffic (Trojan horses and botnets). Next , the discussion turns to the identified issues related to the attribution of responsibilities, such as legal aspects, externalities and privacy (Kuwahara, 2007). Malicious traffic is costlyThe economic cost of malicious traffic is significant enough on its own. to justify efforts to assign responsibility These economic impacts appear outside... middle of the document...... implementation planning and are generally familiar to all parties except. ISPs will be responsible for providing compliant infrastructure and ensuring end user compliance before connection as well as pre-defined support when an incident occurs – this is similar to the current role ISPs play in. the application of digital rights management (National Academy of Sciences, 2010). Operating system and software vendors are required to comply with the baseline to avoid liability, which they already do to have the U.S. government as a customer. End users see the biggest change in that they are required to complete online training (created by the government) and purchase cyber insurance against potential negligence. The ISP is a likely provider of this insurance and the premium portion of the account fees and rates negotiated by the ISP based on the level of compliance adopted..