Exploit Derivatives & National Security

Critical infrastructures remain vulnerable to cyber attack despite a raft of post-9/l] legislation focused on cyber security in critical infrastructures. An emerging discipline known as the "economics of information security" may provide a partial solution in the form of a hypothetical market that trades "exploit derivatives, " a modified futures contract tied to cyber security events. This paper argues that such a market could serve to predict and prevent cyber attacks through the operation of the efficient capital market hypothesis, but only after changes to the present regulatory environment. Specifically, I argue that a statutory safe harbor would allow the creation of a pilot market focused on vulnerabilities in Internet protocol version six, an emerging communications standard that China hopes to deploy throughout its national network before the 2008 Olympics. Indeed, such a safe harbor would align the interests of military and civilian policymakers on the common goal of protecting critical infrastructure from a computer network attack originating in China, whether instigating by the People's Liberation Army or so-called "black-hat" hackers. * J.D., University of Colorado, 2007; LL.M. candidate, Peking University, 2009. The author served as Editor-in-Chief of the Journal on Telecommunications & High Technology Law and as communications director of the Silicon Flatirons Program. This article benefited from the comments of Gabriel Rosenberg and Chris Riley, as well as the help of Professors Paul Ohm, Scott Peppet, Doug Sicker, and Philip J. Weiser, but above all else from the advice and support of Katie Roenbaugh Schwalb. 1 SCHWALB: EXPLOIT DERIVATIVES & NATIONAL SECURITY Published by Yale Law School Legal Scholarship Repository, 2007 EXPLOIT DERIVATIVES & NATIONAL SECURITY