Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-ordination

The concept of stewardship in environmental economics is an established tool for environmental and natural resource management and the mitigation of risk from climate change. Similar concepts are well-established in accounting and management. Despite the ubiquity of the concept of stewardship, there is no generally accepted definition. We define the information steward as the agent/institution who enhances the system’s resilience and sustainability, by maintaining and extending the life of its nominal operational capacity. Unlike individual agents who are not able to value systemic losses, the steward, whose function is the viability of the system as a whole, values such damages that degrade the system at a higher rate by adopting a lower discount rate. In the presence of deliberate attacks that degrade the information used/kept in the system, individual agents’ defensive expenditure is always lower that the expenditure undertaken under instructions from the information steward. The ability of the steward to mobilize the totality of agents reduces the number of attackers, increasing the systems sustainability under a variety of technological considerations. The resulting configuration of defensive expenditure, although higher than the level that individual agents would have chosen based on their own valuation of their expected losses, ensures that the overall probability of successful attacks falls, significantly extending the system’s sustainability. 1. INFORMATION STEWARDSHIP The concept of stewardship in environmental economics is an established tool for environmental and natural resource management (e.g., [11]) and the mitigation of risk from climate change (e.g., [27]). Similar concepts are well-established in accounting (e.g., [14]), management (e.g., [9]), and insurance (e.g., [26, 5]). Despite the ubiquity of the concept of stewardship, there is no generally accepted definition. Generically speaking, stewardship refers to the function of maintaining a given status of system. In the field of information security, the concept of stewardship has been used, albeit at a quite high level of abstraction, from the perspective of information management [24, 3]. The aim of this paper is to develop a more concrete definition of information stewardship and provide an economic model demonstrating the impact of the exercise of stewardship on the behaviour of information systems. Inspired by the literature in environmental science, and bearing in mind existing work in information management, we define the role of the steward as the institution which maintains the system’s resilience and sustainability, in the presence of unanticipated shocks that degrade nominal operating conditions. 1 2 CHRISTOS IOANNIDIS, DAVID PYM, AND JULIAN WILLIAMS By resilience (cf. [16]), we mean the system’s internal capacity to restore to an acceptable operating state. Consider the ‘marketplace’ ecosystem of an internet retailer, whose IT system experiences a shock, such as major DDOS attack. The system will be deemed resilient if, after such an attack, to restore itself to its usual operating capacity by rapidly and progressively isolating the attackers and restoring services to legitimate users. In this case, the resilience of the system is characterized by the speed of service restoration and the quality of the restored service for legitimate customers. Organizations may differ in their preferences for rapidity and quality of service restoration. The dynamics of resilience are depicted in Figure 1. In this graph, we depict the system’s predictable time path within the acceptable tolerances in performance denoted by its nominal operational capacity. Along this path, at time t1 the system experiences an unanticipated shock of moderate magnitude that degrades its capacity, placing it outside the acceptable range and guides the system to lower capacity levels. In the absence of the steward, such a shock may prove permanently detrimental to the state of the system, with the system’s path depicted by the broken line. However, the actions of the steward render the system resilient as they are able to reverse the divergent path and restore the system to its ‘trend capacity (solid line), up to the planning horizon T Alternatively, in the presence of a substantial shock, as the one depicted at time t2, the best the steward can achieve is to halt the system’s rapid deterioration and stabilize the systems operational capacity to a steady, albeit lower, level. In both circumstances, the impact of the steward is to restore the system’s equilibrium path in the presence of disturbances, rendering the system resilient to them. It is the steward’s ability to reverse the divergent paths, harming all the agents in the ecosystem following shocks, which enhances the welfare of all its participants. All such mechanisms/procedures are put in place at t0; that is, the steward anticipates the possibility of shocks and adopts the required policies in advance of their (shocks) realization. The steward therefore prepares the system to be resilient, rather than simply reacting to the shocks when they happen. By sustainability, we mean the tendency of the system to maintain itself within acceptable bounds of operating state despite possibly hidden dynamics that may tend to guide the system outwith these bounds. Consider again the internet retailer, whose role is to co-ordinate a ‘marketplace’ of providers of goods and services. By underwriting payments to both sides of this market, the market remains liquid and functioning. In the absence of such action and, given that in this market transactions are not supported by personal verification, the individuals’ incentive structure may lead market failure. In both such cases, the actions of the retailer maintains the system’s capacity by providing sufficient system resources and appropriate management policies and so acts as the steward of the ecosystem. The dynamics of sustainability are depicted in Figure 2. In this graph, we characterize the system’s equilibrium course over time. We envisage that the system degrades steadily and predictably along this path. Its internal dynamic structure without the steward will result in the systems inability to perform within the acceptable bounds by t1. The steward’s contribution to 1Following Moore [21], Nardi and O’Day [22] and others, we define an information ecosystem as an economic community of interacting (IT) networks, exchanging information and executing transactions according to agreed protocols, possibly under different jurisdictions. The underlying notion of system is described in terms of the concepts of distributed systems theory [8], and can be modelled mathematically as in [7]. SUSTAINABILITY IN INFORMATION STEWARDSHIP 3 Nominal( Opera-ng( Capacity(