Responsibility for Cybersecurity

For this discussion we are staying with the theme of negative externalities in cybersecurity. But this time, it’s personal!We’ve occasionally touched on cybersecurity in the home this quarter. From a perspective of cyberwar or cyberterrorism, most of what you worry about at home is not a serious concern. Ransomware or spyware or a file deletion virus on our personal computers isn’t a national security issue.But there is one way in which the cybersecurity of your personal computer does potentially become a national security issue – if attackers are using your computer to launch an attack on someone else, for instance, on critical infrastructure. This happens in two ways:1. The attacker may use your computer as an interim step in an attack, for the purpose of making attribution difficult.2. Your computer may be part of a botnet.The first of these is not actually as significant of a threat as the second. When an attacker routes an attack through other computers, they usually want to use computers that are connected to the internet 24 hours a day, and personal computers often are not. They are much more likely to use compromised web servers than personal computers for this purpose.But for botnets, they just want to control as many computers as possible, whether those computers are online 24/7 or not.If you haven’t noticed already, this is another perfect example of a negative externality. You pay very little price if your computer is part of a botnet. It may slow your internet connection occasionally, but otherwise you won’t even know anything is happening. But the victims of the attack will. Your lack of cybersecurity is a negative externality, passing along the cost to someone else.So here’s the question:Should individuals have some responsibility for protecting their computer from becoming part of a botnet? Should there be a penalty if they are part of a botnet?And if you want to go in a slightly different direction, ISPs can usually identify when a customer’s computer is part of a botnet (though they may not be able to identify the exact computer). Should ISPs be required to notify a customer if their computer is part of a botnet? Should the ISP have the power (or even be required) to disconnect that customer from the internet until the customer can have their computer cleaned ?You can post on either of those topics, or both.

Still stressed from student homework?
Get quality assistance from academic writers!