Logo NGI
nl
en
Zoeken

infrabase >

projecten >

networked governance of internet security

 
 
Nummer
04.12
 
Naam
Networked governance of internet security
 
Samenvatting

The emergence of the Internet as a critical infrastructure has put increasing pressure on governments to develop interventions to ensure information security. The problem is that there is very little empirical evidence on which to base those interventions.

 
Projectleider
Milton Mueller (projectleider)
Onderzoekers
Andreas Schmidt
Beschrijving

The emergence of the Internet as a critical infrastructure has put increasing pressure on governments to develop interventions to ensure information security. The problem is that there is very little empirical evidence on which to base those interventions. This project has been pioneered a quantitative comparative analysis of governmental involvement in Internet security across a large set of countries and explored its impact on one of the most urgent security issue in recent times: botnets. These are the networks of thousands, sometimes millions, of computers that are infected with malware which puts them under the control of criminals. Botnets are the platform for a wide variety of criminal businesses: spam, phishing, click fraud, banking fraud, extortion via ‘ransomware’, and the sale of rogue anti-virussoftware – to name but a few.

The study delivered several path-breaking findings. For example, close to 80% of the infected machines in botnets are located in the networks of Internet service providers, the firms that provide Internet access for consumers and businesses. Just 10 ISPs control around 30% of all infected machines worldwide. And 50 ISPs control almost half of the total global botnet population. This is remarkable, as there are more than 10,000 ISPs operating on the Internet. Also: these are not ISPs in faraway jurisdictions with lax law enforcement, but large companies in the most industrialized countries.

This makes the ISPs important control points for government interventions. Here, the study has found evidence that informal collaboration among telecom regulators in different countries can have substantial impact. We saw that countries who’s regulator has joined the London Action Plan have lower infection rates than other countries. Furthermore, laws to protect privacy seem to discourage ISPs from monitoring their networks and acting against botnets. Countries with more stringent privacy laws have higher infection rates. This does not mean that countries should reduce their privacy protections. In fact, we suspect that the ISPs are too risk averse in their interpretation of the laws. Regulators in those countries should collaborate with the ISPs to help them understand the ways in which they can mitigate security threats without risking breaching privacy laws. The countries where public-private collaboration has been most intense, Finland and Japan, also consistently have the lowest infection rates. All of this suggests that informal and collaborative approaches are effective and should be developed before attempts to introduce more formal legal requirements.

 
Partners
Technische Universiteit Delft, Faculteit Techniek, Bestuur en Management
Deelprogramma
Reliable infrastructures
Sector
ICT-infrastructuur
Publicaties
A quantitative analysis of London action Plan against spam overige publicaties
 
At the boundaries of peer production: The organization of Internet security production in the cases of Estonia 2007 and Conficker wetenschappelijk artikel
 
Intemet Security and Networked Govemance in Intemational Relations wetenschappelijk artikel
 
The Fierce Domain - Conflicts in Cyberspace 1986-2012 hoofdstuk in wetenschappelijk boek
Afgerond
Dit project is nog niet afgerond.
 

Logo NGI

Bouwcampus
Van der Burghweg 1
2628 CS Delft
secretariaat@nginfra.nl
telefoon: 015 303 0900

© 2016 Next Generation Infrastructures