On the Provision of Public Goods on Networks: Incentives, Exit Equilibrium, and Applications to Cyber .

Attempts to improve the state of cyber-security have been on the rise over the past years. The importance of incentivizing better security decisions by users in the current landscape is two-fold: it not only helps users protect themselves against attacks, but also provides positive externalities to others interacting with them, as a protected user is less likely to become compromised and be used to propagate attacks against other entities. Therefore, security can be viewed as a public good. This thesis takes a game-theoretic approach to understanding the theoretical underpinnings of users' incentives in the provision of public goods, and in particular, cyber-security. We analyze the strategic interactions of users in the provision of security as a non-excludable public good. We propose the notion of exit equilibrium to describe users' outside options from mechanisms for incentivizing the adoption of better security decisions, and use it to highlight the crucial effect of outside options on the design of incentive mechanisms for improving the state of cyber-security. We further focus on the general problem of public good provision games on networks. We identify necessary and sufficient conditions on the structure of the network for the existence and uniqueness of the Nash equilibrium in these games. We show that previous results in the literature can be recovered as special cases of our result. We provide a graph-theoretical interpretation of users' efforts at the Nash equilibria, Pareto efficient outcomes, and semi-cooperative equilibria of these games, by linking users' effort decisions to their centralities in the interaction network. Using this characterization, we separate the effects of users' dependencies and influences (outgoing and incoming edges, respectively) on their effort levels, and uncover an alternating effect over walks of different length in the network. We also propose the design of inter-temporal incentives in a particular type of security games, namely, security information sharing agreement. We show that either public or private assessments can be used in designing incentives for participants to disclose their information in these agreements. Finally, we present a method for crowdsourcing reputation that can be useful in attaining assessments of users' efforts in security games.PhDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/133328/1/naghizad_1.pd

Building a National IoT Plan: Policy Recommendations and the Case of Brazil

The Internet of Things (“IoT”) is an expression that refers to a whole set of new services and devices that includes at least three fundamental aspects: connectivity, use of sensors or actuators, and computational capacity for data processing and storage. The Internet of Things goes beyond connecting objects to each other; it also gives them the power to process data (thereby making them "smart"). For developing countries such as Brazil, the opportunities offered by the Internet of Things can compensate for shortcomings in infrastructure and services, and can improve innovation, quality of life, productivity, and even the economic complexity of our basket of export products. However, the way in which each country will seize this opportunity will depend on its specific aspirations and strategies. The broader economic, social, political, and legal context of the country should be considered, as well as the local development of information and communication technologies. For this reason, the National Bank for Economic and Social Development (BNDES), in partnership with the Ministry of Science, Technology, Innovation and Communications (MCTIC), has commissioned this study, "Internet of Things: An Action Plan for Brazil." This study, mapped by a consortium comprised by McKinsey & Company, the CPqD Foundation, and Pereira Neto | Macedo Law Firm, outlines the local technological and economic challenges related to the topic, as well as well as how to address legal issues inherent to the development of IoT in Brazil

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Global Cyber Intermediary Liability: A Legal & Cultural Strategy

This Article fills the gap in the debate on fighting cybercrime. It considers the role of intermediaries and the legal and cultural strategies that countries may adopt. Part II.A of this Article examines the critical role of intermediaries in cybercrime. It shows that the intermediaries’ active participation by facilitating the transmission of cybercrime traffic removes a significant barrier for individual perpetrators. Part II.B offers a brief overview of legal efforts to combat cybercrime, and examines the legal liability of intermediaries in both the civil and criminal context and in varying legal regimes with an emphasis on ISPs. Aside from some level of injunctive relief, intermediaries operate in a largely unregulated environment. Part III looks at what we can learn from other countries. The cleanest intermediary country, Finland, and the worst country, Lithuania, were selected in order to explore the causes for the differences between country performances. The section examines the remarkable distinctions between national cultures to explain differences in national cybercrime rates. Part III.A of this Article argues that the criminal code laws do not account for the difference in host and ISP performances between Finland and Lithuania. There are few differences in the codified laws pertaining to cybercrime between these countries. Instead, it is Finland’s cultural and business environments that appear to drive its cybercrime ranking. Part IV suggests reforms to shift a country’s culture to make it less prone to corruption. However, changing a culture takes time so Part IV also proposes a private law scheme in which intermediaries are unable to wave the “flag of immunity,” as they do now. The guiding philosophy for this proposal is that harmed parties should be permitted to recover damages directly from “bad” intermediaries

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio