摘要: 工业互联网是工业4.0、中国制造2025等国家战略的基石。它通过将物理世界的机器、设备和传感器与数字世界的网络、数据和分析平台连接起来，实现了赛博物理系统的融合。物联网设备广泛应用于工业互联网中，随着物联网设备的快速普及和网络威胁的不断升级，物联网平台的安全管理已成为学术界和实践界亟需解决的重要议题。由于物联网的高度互联性和异构性提升了管理效率，其更容易遭受到攻击。而一旦单个节点遭到入侵，风险便可能迅速扩散至整个系统，导致物联网平台、企业及消费者均面临重大损失。在此背景下，本文将信息经济学的分析框架引入物联网安全管理领域，构建博弈模型，系统研究物联网平台如何为具有异质性偏好的消费者设计差异化的安全产品方案，并重点考察消费者异质性和安全外部性对物联网平台最优策略的影响。本文拓展了信息安全经济学研究的边界，系统刻画了外部性与信息不对称对物联网平台安全决策的交互作用，同时为物联网平台如何优化安全资源配置、设计差异化产品策略、以及监管机构如何制定信息披露与消费者认证政策提供了有价值的启示。

Abstract: The Industrial Internet of Things (IIoT) serves as the cornerstone of national strategies such as Industry 4.0 and “Made in China 2025”. It achieves the integration of Cyber-Physical Systems (CPS) by connecting machines, devices, and sensors in the physical world with the networks, data, and analytical platforms of the digital world. With IoT devices being widely used in IIoT and the rapid proliferation of these devices alongside escalating cyber threats, security management for IoT platforms has become a critical issue urgently needing resolution in both academic research and practical applications. The high interconnectivity and heterogeneity of IoT, while enhancing management efficiency, also make it more vulnerable to attacks. Once a single node is compromised, risks can rapidly propagate throughout the entire system, potentially leading to significant losses for the IoT platform, enterprises, and consumers alike. Within this context, this paper introduces the analytical framework of information economics into the field of IoT security management. It constructs a game-theoretic model to systematically investigate how an IoT platform can design differentiated security product schemes for consumers with heterogeneous preferences, with a specific focus on examining the impact of consumer heterogeneity and security externalities on the platform’s optimal strategy. This research expands the boundaries of information security economics by systematically characterizing the interaction between externalities and information asymmetry in shaping IoT platforms’ security decisions. Simultaneously, it provides valuable insights for IoT platforms on how to optimize security resource allocation and design differentiated product strategies, as well as for regulatory bodies on how to formulate information disclosure and consumer certification policies.