One thing after another: The role of users, manufacturers, and intermediaries in iot security

In recent years the number of Internet-connected devices (aka as Internet of Things (IoT)) has increased dramatically. IoT Manufacturers have launched into the market a variety of IoT products to make a profit, while users buy them for the convenience of the technology. Despite IoT technology’s benefits to society, infected IoT devices with...

SAVing the Internet: Measuring the adoption of Source Address Validation (SAV) by network providers

IP spoofing is the act of forging source IP addresses assigned to a host machine. Spoofing provides users the ability to hide their identity and impersonate another machine. Malicious users use spoofing to invoke a variety of attacks. Examples are Distributed Denial of Service (DDoS) attacks, policy evasion and a range of application-level...

Outsourcing Cybercrime

Many scientific studies and industry reports have observed the emergence of so-called cybercrime-as-a-service. The idea is that specialized suppliers in the underground economy cater to criminal entrepreneurs in need of certain capabilities – substituting specialized technical knowledge with “knowing what to buy”. The impact of this trend could...

Information availability and data breaches: Data breach notification laws and their effects

In response to evolving cybersecurity challenges, global spending on information security has grown steadily, and could eventually reach a level that is inefficient and unaffordable. A better understanding of new socio-technical-economic complexities around information security is urgently needed, which requires both reconsideration of...

Evaluating Hosting Provider Security Through Abuse Data and the Creation of Metrics

Hosting providers are theoretically in a key position to combat cybercrime as they are often the entities renting out the resources that end up being abused by miscreants. Yet, notwithstanding hosting providers' current security measures to combat abuse, their responses vary widely. In many cases the response is ineffective, as empirical...

Increasing the Impact of Voluntary Action Against Cybercrime

Resources on the Internet allow constant communication and data sharing between Internet users. While these resources keep vital information flowing, cybercriminals can easily compromise and abuse them, using them as a platform for fraud and misuse. Every day, we observe millions of internet-connected resources are being abused in criminal...

The Role of Hosting Providers in Web Security: Understanding and Improving Security Incentives and Performance via Analysis of Large-scale Incident Data

In theory, hosting providers can play an important role in fighting cybercrime and misuse. This is because many online threats, be they high-profile or mundane, use online storage infrastructure maintained by hosting providers at the core of their criminal operations. <br/>However, in practice, we see large differences in the security measures...

Large-scale copyright enforcement and human rights safeguards in online markets: A comparative study of 22 sanctioning mechanisms from eight enforcement strategies in six countries between 2004 and 2014

The Internet has facilitated large-scale copyright infringement. Fighting this one case at a time via the standard civil law procedures is costly in terms of time and money. In response, copyright holders have adopted new strategies that they hoped would be more effective at large-scale enforcement. The question is how these large-scale...

Cybersecurity via Intermediaries: Analyzing Security Measurements to Understand Intermediary Incentives and Inform Public Policy

Research in the field of information security economics has clarified how attacker and defender incentives affect cybersecurity. It has also highlighted the role of intermediaries in strengthening cybersecurity. Intermediaries are organizations and firms that provide the Internet’s infrastructure and platforms. This dissertation looks at how...

Naar een drie-eenheid van co-regulering; Over spanningen tussen drie toezichtregimes

Publieke toezichthouders zijn vaak onderwerp van kritiek. Ze zouden enerzijds een administratieve last vormen voor het bedrijfsleven, anderzijds wordt hen na incidenten veelal verweten niet of te slap te hebben opgetreden. In deze vijandige omgeving en budgettaire krapte staan zij voor de uitdaging kwalitatief goed toezicht te houden met...

Governance Structures of Free/Open Source Software Development: Examining the role of modular product design as a governance mechanism in the FreeBSD Project

My dissertation looks at the Governance Structures of Free/Open Source (FOSS) Development, based on a case study of FreeBSD, a large FOSS project. More specifically, it examines 3 well-known theories. The 1st theory [decreasing returns to scale] holds that increasing the number of persons working together results in a productivity drop due to (a...

Competing Public Values: Coping strategies in heavily regulated utility industries