Government intervention in information infrastructure protection

Critical information infrastructure protection is the subject "du jour." An important part to addressing the issue is to answer the question whether the private sector or the government should be responsible for protection. The choice of governing arrangement - government provision, private provision or any combination thereof - is essential to ensuring an adequate level of security. This paper discusses how the market for critical information infrastructure protection may be susceptible to various market failures, namely public goods, externalities and information deficits. The presence of these market failures suggests that government intervention in the market is necessary. While this paper does not present a specific regulatory model or a set of regulatory tools to address these market failures, it asserts that understanding the market failures inherent in critical information infrastructure protection is a key element to designing a successful regulatory policy. Failure to understand and acknowledge the reasons for the inability of the private sector to provide adequate protection can impact a nation-state's security and render it vulnerable to attack.