IntroductionThe failure to determine responsibility for malicious traffic passing over the Internet is difficult, but not impossible, and the failure to act is not acceptable. Without the ability to assign responsibility, the environment of constant shifting of responsibility will continue to foster lackluster security practices by all parties on the Internet and create unwanted economic costs. To address this issue, aspects of the problem must be assessed, including the costs of malicious traffic, actors on the Internet, and issues related to assigning responsibility. After establishing the factors a recommendation for assigning responsibility is provided. Problem Analysis The concept of assigning responsibility is not new to the world, but the Internet presents unique challenges. These challenges arise from a number of factors interacting with each other without necessary consideration of the overall effects that occur in a common environment, such as the Internet (Mead, 2004). Although liability on the Internet needs to be addressed for a variety of reasons, this paper will only consider the case of malicious traffic. The justification for identifying the problem is the economic impact of the current environment. The various actors of the Internet (end users, operating system (O/S) manufacturers, software vendors and Internet Service Providers (ISPs), as well as examples of malicious traffic: Trojan horses and botnets. Next, the discussion shifts to identified issues related to assigning responsibility, such as legal, externalities, and privacy (Kuwahara, 2007). Malicious traffic is costly The economic cost of malicious traffic is itself significant enough to justify efforts to assign responsibility. These impacts economical appear externally… in the middle of the document… implementation planning and are generally familiar to all parties except end users. ISPs will be responsible for providing compliant infrastructure and ensuring end user compliance before connection. along with default assistance when an incident occurs, this is similar to the current role played by ISPs in enforcing digital rights management (National Acadamy of Sciences, 2010). Operating system and software vendors are required to comply with the baseline to avoid liability, which they already do to have the US government as a customer. End users see the most significant change in the fact that they must complete web-based training (created by the government) and carry cyber insurance for potential malpractice. The ISP is a likely provider of this insurance and the premium portion of the account fees and rates negotiated by the ISP based on the level of compliance adopted.