Can competitive insurers improve network security?
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
| Hi-index | 0.01 |
Managing security risks in the Internet has so far mostly involved methods to reduce the risks and the severity of the damages. Those methods reduce but do not eliminate risk, and the question remains on how to handle the residual risk. Current schemes applied by Internet Service Providers (ISPs) penalize the users, who suffer from the consequences. In this paper, we take a new approach to the problem of Internet security and advocate managing the residual risk by buying insurance against it and consequently re-arranging the incentive chain. We first analyze the current state of the Internet and investigate if it is possible to alleviate the existing problems by introducing insurance schemes. By performing detailed analysis we define an insurance policy that can survive in a competitive market. Following that, we analyze the impact of insurance-based ISPs on the rest of the network and attempt to answer whether using insurance can increase the overall security of the system and provide incentive to other ISPs to implement such policies.