Advancing the concept of cybersecurity as a public good

Abstract

This paper presents an agent-based model of cybersecurity as a participatory public good. Ineffective cybersecurity measures pose serious threats and risks to the development and stability of information societies in the world. Various doctrines and thesis explore how this domain should be treated by the public and private stakeholders. One of these doctrines is cybersecurity as a public good. In this paper, we highlight divergent views about the type of cybersecurity as an economic good. Then, the paper proposes an agent-based simulation model of a repeated public goods game among a set of defenders that are in an uncertain environment with incomplete and imperfect information. In the model, defenders have a probability to choose contribution or being a free-rider, depending on their own preferences and facing with revealed preferences of other defenders. This model implements a utility maximization that applies to each individual, modeling the existence of free-riders, punishments, and interdependency of decisions under a polycentric governance structure. The results of this simulation model show that, over time, defenders update their preferences in reaction to the behavior of other defenders and the experience of cyber-attacks. They indicate a high level of contribution to the provision of cybersecurity as a public good and the effectiveness of decentralized punishment on increasing the contributions. The consistency of the pattern of our results across different empirical studies lends us some reassurance that our model behavior is in quantitative agreement with empirical macro-structures. Furthermore, implementation of a polycentric structure challenges all the relevant agents to take action, and provides more robust environment.