Michel van Eeten

Michel van Eeten's chair focuses on the Governance of Cybersecurity. He studies the interplay between technological design and economic incentives in Internet security. His team analyses large-scale Internet measurement and incident data to identify how the markets for Internet services deal with security risks. 


He has conducted empirical studies for the ITU and the OECD on the economics of malware and the role of Internet Service Providers in botnet mitigation. The latter study found that just 50 Internet Service Providers (ISPs) harbor around half of all infected machines worldwide and that countries with active telecom regulators have lower infection rates. The Dutch government commissioned an in-depth study on the Dutch market, which estimated that each year around 5-10 percent of all Dutch households have at least one computer in a botnet. 


He recently won a four-year grant from NWO (Netherlands Organisation for Scientific Research) to develop reputation metrics for Internet intermediaries, such as ISPs, hosting providers, registrars and transit providers. Such reputation metrics have the potential to change the security incentives operating in these markets.


Complementary to this project, he has also received funding as part of two EU projects: the Advanced Cyber Defense Center, which develops anti-botnet services for European operators and users, and the eCrime project, which will study the economic impact of cybercrime on non-ICT sectors, such as health and the chemical industry.


Originally trained as a social scientist, Michel van Eeten has worked on critical infrastructure protection issues for over a decade. His work as a policy analyst included advice for a variety of infrastructure operators and service providers in telecommunications, rail transport, electricity provision, water supply and financial services. He is also a member of the Dutch Cyber Security Council. As part of his administrative responsibilities, he currently serves as the Director of the TPM Graduate School.



Dr. M.J.G van Eeten


+31 (0)15 27 87050

Techniek, Bestuur & Management 

Beleid, Organisatie, Recht & Gaming (POLG) 

Jaffalaan 5, b2.160 

2628 BX, Delft, Nederland

Disciplinary background

  • Public Management

Scientific expertise

  • Governance of Infrastructures
  • Internet Security
  • Critical Infrastructure Protection
  • High Reliability Organizations
  • Multi-Actor Networks
  • Symbolic Language in Politics and Policy

Areas of application

  • internet
  • rail systems
  • electricity grids
  • telecommunication networks
  • financial sector

Selected publications

Van Eeten, M.J.G. and M. Mueller, (2012). Where is the governance in Internet governance? New Media & Society, published online before print at November 21, 2012.

Van Eeten, Michel J.G., E. Luiijf, M. Klaver, A. Nieuwenhuis, E. Cruz (2011), The State and the Threat of Cascading Failure Across Critical Infrastructures: The Implications of Empirical Evidence from Media Incident Reports, Public Administration, 89 (2), pp. 381–400.

Van Eeten, Michel J.G., J. Bauer, H. Asghari and S. Tabatabaie, (2011), Internet Service Providers And Botnet Mitigation: A Fact-Finding Study On The Dutch Market. Den Haag: Ministerie van Economische Zaken, Innovatie en Landbouw.

Van Eeten, Michel, (2011), Gedijen bij onveiligheid: Afwegingen rond de risico’s van informatietechnologie. In: D. Broeders, M.K.C. Cuijpers & J.E.J. Prins (red.), De staat van informatie, Amsterdam: Amsterdam University Press, pp. 133-157.

Van Eeten, Michel J.G., J. Bauer, H. Asghari & S. Tabatabaie, (2010),The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data, OECD STI  Working Paper 2010/5, Paris: OECD.

Anania, L., J.M. Bauer, M. van Eeten eds. (2011). The economics of cybersecurity, special issue of Communications & Strategies, no. 81, 1st Q. 2011.

Bauer, Johannes M. and Michel J.G. van Eeten, (2009), Cybersecurity: Stakeholder Incentives, Externalities, and Policy Options, Telecommunications Policy 33 (11), 706-169.

Van Eeten, Michel and Johannes Bauer, (2008), Economics Of Malware: Security Decisions, Incentives And Externalities , OECD STI Working Paper 2008/1 JT03246705, Paris: Organisation for Economic Co-operation and Development.

De Bruijne, Mark and Michel van Eeten, (2007), Systems that Should Have Failed Critical Infrastructure Protection in an Institutionally Fragmented EnvironmentJournal of Contingencies and Crisis Management 15 (1): 18-29.

Roe, Emery and Paul Schulman, Michel van Eeten and Mark de Bruijne, (2005), High Reliability Bandwidth Management in Large Technical Systems , in: Journal of Public Administration Research and Theory, vol. 15, no. 1, pp. 263-280.

Schulman, Paul, Emery Roe, Michel van Eeten, Mark de Bruijne, (2004), High Reliability and the Management of Critical Infrastructures , in: Journal of Contingencies and Crisis Management, vol. 12, no. 1: pp. 14-28.

Van Wendel de Joode, R., J.A. de Bruijn en M.J.G. van Eeten (2003), Protecting the Virtual Commons, Self-organizing open source and free software communities and innovative intellectuel property regimes , Information Technology and Law Series Nr. 3, Cambridge University Press, Cambridge.

Van Eeten, Michel and Emery Roe, (2002), Ecology, Engineering and Management: Reconciling Ecosystem Rehabilitation and Service Reliability , Oxford: Oxford University Press.

Naam auteur: bauke
© 2015 TU Delft