Applying Public Health Systematic Approaches to Cybersecurity: The Economics of Collective Defense
Josiah Dykstra, William Yurcik
TL;DR
It is argued government coordination is economically necessary rather than merely beneficial, and specific federal roles in establishing standards, funding research, coordinating response, and addressing information asymmetries that markets cannot resolve are outlined.
Abstract
The U.S. public health system increased life expectancy by more than 30 years since 1900 through systematic data collection, evidence-based intervention, and coordinated response. This paper examines whether cybersecurity can benefit from similar organizational principles. We find that both domains exhibit public good characteristics: security improvements create positive externalities that individual actors cannot fully capture, leading to systematic market failure and underinvestment. Current cybersecurity lacks fundamental infrastructure including standardized population definitions, reliable outcome measurements, understanding of transmission mechanisms, and coordinated intervention testing. Drawing on public health's transformation from fragmented local responses to coordinated evidence-based discipline, we propose a national Cyber Public Health System for systematic data collection, standardized measurement, and coordinated response. We argue government coordination is economically necessary rather than merely beneficial, and outline specific federal roles in establishing standards, funding research, coordinating response, and addressing information asymmetries that markets cannot resolve.