Ruperto Majuca

Is Internet security a public good? How should society handle the spill-over effects arising from the interrelatedness of Internet risks? What role, if any, does police enforcement play? What optimal combination of each of these security measures – police enforcement, and individual investments in both private and non-rivalrous security goods – should be used to effectively combat cybercrimes? In this paper, I argue that some, but not all, investments in security have the nature of public goods. Thus, I attempt to model the situation where firms invest in both private and public security goods. Furthermore, I include public enforcement of law in my model. Thus, I study a model where crimes are addressed through a combination of private and public measures. By so doing, I hope to capture the substitutability between the private and public responses, and determine the optimal combination of these approaches. Lastly, my model seeks to capture the interrelatedness of risks in the Internet. In sum, in this paper, I study a model that combines all of these elements: private investments in security; investments in security that have the nature of public goods; externalities; and public enforcement of law. I find that the socially-optimal level of security is achieved by equalizing the marginal-benefit-to-marginal-cost ratios of each of the three alternatives – private security investment, non-rivalrous security investment, and law enforcement measures. Furthermore, the interrelatedness of Internet risks causes individual firms to underinvest in private and public security goods. The government thus decidedly lowers the level of police enforcement expenditures in order to induce firms to invest more in individual precautions. I also find that, under certain conditions, cooperation results in socially-optimal levels of expenditures in private and public security goods expenditures. The Shapley (1953) value can be used as a criterion for allocating the costs and benefits among the members of a security cooperative. Several simulations illustrate the results of the model under several scenarios.

This dissertation contains three essays on the law and economics of cybersecurity. Chapter 1 contains the introduction to the problem and the review of the different technological, economic, and law-based solutions hitherto proposed to combat the problem. Chapter 2, which contains the first essay, puts forward the idea that cyberinsurance can be a powerful tool to align market incentives toward improving cybersecurity. We present three economic arguments for cyberinsurance as well as conduct time and case studies to trace the evolution of the cyberinsurance industry. We conclude that in theory, there are significant theoretical foundations to support the case for cyberinsurance as a market-based solution to managing Internet security risks. In practice, although some implementation issues remain, cyberinsurers were able to find ways to address what used to be major problems, such as adverse selection, moral hazard, etc. In Chapter 3, we examine whether firms whose computer systems are under attack should be permitted to hack back, and how the law of self-defense in cyberspace should be designed. We employ a formal, game-theoretic analysis of the strategic interaction between the hacker and the attacked firm/individual. We also include, in our extended model, Bayesian updating to capture the effect of intrusion detection system technology, as well as consider the social planner's perspective and the effect of different liability regimes. We conclude that neither total prohibition nor unrestrained permission of hackback is optimal. Instead, the model results suggest that hackback should be permitted when: (1) other alternatives, such as police enforcement and resort to courts, are either ineffective or ineffectual; (2) there is a serious prospect of hitting the hacker instead of innocent third parties; and (3) the damages to the attacked firm's (that is, the entity that is hacking back) systems that can be potentially mitigated outweigh the potential damages to third parties. In Chapter 4, we study a model where cybercrimes are addressed through a combination of private and public measures, as well as study the public goods and externalities aspects of Internet security. We find that the socially-optimal level of security is achieved by equalizing the marginal-benefit-to-marginal-cost ratios of the different security measures. The interrelatedness of Internet risks causes firms to underinvest in private and public security goods. The government decidedly lowers the level of police expenditures to induce firms to invest in more precautions. Under certain conditions, cooperation results in socially-optimal levels of private and public security goods expenditures.

Professor Jay Kesan from the University of Illinois College of Law, in joint work with Ruperto Majuca of the University of Illinois Department of Economics, argue in favor of legal rules that allow hacking [data] back in certain business circumstances. They analyze the strategic interaction between the hacker and the attacked company or individual and conclude that neither total prohibition nor unrestrained permission of hack-back is optimal. Instead, they argue that when other alternatives such as criminal enforcement and litigation are ineffective, self-defense is the best response to cybercrime because there is a high likelihood of correctly attacking the criminal, ad the mitigation of damages to the hacked victim\u27s systems may outweigh the potential damages to third parties during the hack-back. In addition, the law should require that counterstrikers use only the requisite measures that are necessary to avoid damage to their own systems. Also, proper liability rules will ind...

We develop a small open economy New Keynesian DSGE model of financial-real linkages with banking intermediation and macroprudential regulation. The study has two main objectives: (i) understand the role of banking intermediation and financial frictions in the transmission of monetary policy; and (ii) examine the implications of macroprudential regulation of the banking system to the real economy. The results of our research suggest that although the macroprudential tools used by central banks may achieve the goal of safeguarding financial stability of the banking system, it is important to watch out for their effects to the short-run business cycle fluctuations of the real economy. © 2016 by De La Salle University

Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Zwecken und zum Privatgebrauch gespeichert und kopiert werden. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich machen, vertreiben oder anderweitig nutzen. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, gelten abweichend von diesen Nutzungsbedingungen die in der dort genannten Lizenz gewährten Nutzungsrechte. Terms of use: Documents in EconStor may be saved and copied for your personal and scholarly purposes. You are not to copy documents for public or commercial purposes, to exhibit the documents publicly, to make them publicly available on the internet, or to distribute or otherwise

constitutes studies that are preliminary and subject to further revisions. They are be-ing circulated in a limited number of cop-ies only for purposes of soliciting com-ments and suggestions for further refine-ments. The studies under the Series are unedited and unreviewed. The views and opinions expressed are those of the author(s) and do not neces-sarily reflect those of the Institute. Not for quotation without permission from the author(s) and the Institute.

The Philippines continues to demonstrate a development puzzle. Despite abundant natural and human resources, its development record pales in comparison with its neighbors in East Asia. This study presents a SWOT analysis to explain the economic development of the Philippines. To overcome the threats and weaknesses, the Philippines should aspire for BRISK development: balanced, rapid, inclusive, sustainable and capital-intensive economic growth. Policy recommendations include standard reforms related to expanding fiscal space and improving infrastructure. However, Philippine history requires that special attention be given to strengthening institutions and weakening the grip of oligarchs. The rapid rise of China and India and the establishment of the ASEAN Economic Community provide an opportunity to attract more foreign direct investment, diversify the productions base, and expand the role of small and medium sized enterprises.

Internet security is a big problem. Several approaches have been suggested to deal with the problem, ranging from technological, to law-based, to economics-based solutions. One approach emerging is the notion of self-help – using reasonable force in self-defense against hackers. Hitherto, the law has not taken a clear position on whether or not counterstrike should be allowed in cyberspace. Here, we try to understand the optimality of hackback and articulate what the law on self-defense in cyberspace ought to be. In particular, we seek to answer the following questions: Should society permit hackback? How should the law on self-defense in cyberspace be designed? Which among the tools of combating cybercrimes – law enforcement, court litigation, hacking back the hacker – should be used to most effectively address cybercrimes? What optimal mix of these alternatives should be used to combat cyber-attacks? What role does technology play? One major argument for hackback is that tradition...

In this paper, vector error correction model and multivariate GARCH (triangular BEKK and dynamic conditional correlation) models are used to analyze the impact of changes in oil prices on Malaysia’s real GDP, inflation, fiscal revenues, stock market and exchange rate. The results suggest that every USD1 increase in Brent oil prices is associated with an increase in real GDP of approximately MYR 646 million, an increase in CPI level of 0.03, and an increase in annual fiscal revenues of around MYR 339 million. A 1 percent increase in oil prices also results in a 0.04 percent increase in the stock market index and 0.03 percent appreciation of the ringgit tomorrow. Also, the multivariate GARCH model results suggest the existence of significant volatility persistence in, and inter-sector volatility spillovers between oil, stock and foreign exchange markets. JEL classification: E32, C32, G11, G13, Q34, Q42

The focus of this paper is to undertake an empirical analysis of the Philippine balance of payments and to predict the date of the exchange rate collapse. Domestic credit expansion stimulated speculative attacks against the peso leading to the eventual depletion of the Central Bank’s stock of foreign reserves. This was so even though the initial level of reserves suspended the devaluation and arti?cially defended the peso. Moreover, a domestic credit growth that is faster than the world average given a domestic income growth that is slower than the world average affects the balance of payments negatively.

We present three economic arguments for cyberinsurance. First, cyberinsurance results in higher security investment, increasing the level of safety for information technology (IT) infrastructure. Second, cyberinsurance facilitates standards for best practices as cyberinsurers seek benchmark security levels for risk management decision-making. Third, the creation of an IT security insurance market redresses IT security market failure resulting in higher overall societal welfare. We conclude that this is a significant theoretical foundation, in addition to market-based evidence, to support the assertion that cyberinsurance is the preferred market solution to managing IT security risks.

We examine the transmission of economic shocks both from the rest of the world into the ASEAN region, as well as the transmission of such shocks from the rest of the row and ASEAN into a typical AMS. The approach we take is three-pronged. First, we will look into the trade and financial linkages of a "typical" AMS. By "typical", we mean representative AMSs, e.g., Singapore for a developed country, Philippines or Indonesia for ASEAN5 economies and Vietnam for the CLMV (Cambodia, Lao, Myanmar, Vietnam) economies. We look at trade and financial linkages between these typical AMSs, the ASEAN as a whole, and the rest of the world. Second, we employ a specialized type of vector autoregression (VAR) model to decompose the shocks into trade shocks, financial shocks, and commodity price shocks. This we do for the typical AMS in relation to ASEAN and the rest of the world. By decomposing the shocks into their constituent components, we hope to glean important insights on, ...

This dissertation contains three essays on the law and economics of cybersecurity. Chapter 1 contains the introduction to the problem and the review of the different technological, economic, and law-based solutions hitherto proposed to combat the problem. Chapter 2, which contains the first essay, puts forward the idea that cyberinsurance can be a powerful tool to align market incentives toward improving cybersecurity. We present three economic arguments for cyberinsurance as well as conduct time and case studies to trace the evolution of the cyberinsurance industry. We conclude that in theory, there are significant theoretical foundations to support the case for cyberinsurance as a market-based solution to managing Internet security risks. In practice, although some implementation issues remain, cyberinsurers were able to find ways to address what used to be major problems, such as adverse selection, moral hazard, etc. In Chapter 3, we examine whether firms whose computer systems a...

We present three economic arguments for cyberinsurance. First, cyberinsurance results in higher security investment, increasing the level of safety for informa-tion technology (IT) infrastructure. Second, cyberinsurance facilitates standards for best practices as ...

This Policy Brief is based on ERIA Discussion Paper 2013-18 titled “Managing Economic Shocks and Macroeconomic Coordination in an Integrated Region: ASEAN Beyond 2015”. It examines the transmission of economic shocks both from the rest of the world into the ASEAN region and into a typical ASEAN member state (AMS). “Typical” here means representative AMSs, e.g., Singapore for a developed country, Philippines or Indonesia for ASEAN-5 economies and Viet Nam for the CLMV (Cambodia, Lao PDR, Myanmar, Viet Nam), where Viet Nam was chosen for data availability reasons. This paper looks into the trade and financial linkages of a typical AMS and employs a specialised type of vector autoregression (VAR) model to decompose the shocks into trade shocks, financial shocks, and commodity price shocks. The Brief concludes with an analysis of the implications for macroeconomic policy coordination in the region.

We conduct a case study of the cyberinsurance industry. We examine the developing cyberliability legislation and the emerging cyberinsurance market. We conclude that cyberinsurers are able to find ways to deal with several problems that could result in the failure of market solution. Although some issues still need to be worked out, we suggest that the direction to be taken should be towards resolving these issues, rather than giving up the market solution. When these obstacles are fully worked out, the full market solution can result in the following benefits. First, cyberinsurance would result in higher security investment, increasing the level of safety for information technology (IT) infrastructure. Second, cyberinsurance can facilitate standards for best practices as cyberinsurers seek benchmark security levels for risk management decision-making. Third, the creation of an IT security insurance market will result in higher overall societal welfare.