The cyber security technical infrastructure (CSTI) is
|“||an example of what is sometimes called an "industrial commons": the embedded knowledge and technology framework that enhances the efficiency, effectiveness, and productivity of the proprietary capital and labor that use it. It is a common set of technologies, standards, policies, and procedures that competing firms draw on to unify their cyber security assets and achieve a more secure environment.||”|
CSTI components include standards, operating protocols, test methods, reference data, performance metrics, analytical tools, and information sharing systems (collectively referred to as "infratechnologies"), as well as novel security concepts and precompetitive prototype systems (called "technology platforms") that collectively raise the level of national cyber security.
By enabling stakeholders to measure errors in software, ascertain the quality of software regarding cyber security, and fully understand the nature of vulnerabilities, CSTI creates the incentive for software suppliers to compete along the critical dimension of quality and increases the effectiveness and efficiency of all stakeholders' production of secure cyber environments. The CSTI increases firms' return on cyber security R&D investments and increases customers' willingness to pay for products and services. In other words, the CSTI stimulates the deployment and diffusion of new technologies.
- Overview section: Economic Analysis of an Inadequate Cyber Security Technical Infrastructure, at ES-2.