This presentation is dedicated to the survivors and families
of 9/11 and other acts of terrorism and violence worldwide.
9/11 Commission Report
“connecting the dots”
DNI
NCTC
DHS
NCSC
Getting
Our
Heads
Around
Cybersecurity
Rod Beckstrom
Director
rod.beckstrom@dhs.gov
Black Hat
Black Hat
WIRED
Getting
Our
Heads
Around
Cybersecurity
Rod Beckstrom
Director
rod.beckstrom@dhs.gov
Presenter’s Name June 17, 2003
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Risk Mgt.
In...
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Awareness
(Mapping &
I...
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Dream State
(what is t...
Presenter’s Name June 17, 2003
Getting our head around cyber
Image source: www.thepromiseofgod.net
Strategy
What
Game
Are ...
Presenter’s Name June 17, 2003
The Prisoners Dilemma
Presenter’s Name June 17, 2003
The Prisoners Dilemma
W/W
W/L
L/WW/W
L/L
Presenter’s Name June 17, 2003
Iterated Prisoners Dilemma
W/W
W/L
L/WW/W
L/L
200 X
“The Evolution of Cooperation” Axelrod
Presenter’s Name June 17, 2003
E Pluribus Unum
Collaboration &
Social Networking
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Presenter’s Name June 17, 2003
Economics of Networks
What is the value of a network?
How much should be spent to defend it...
Presenter’s Name June 17, 2003
Economics of Networks
The value of a network is equal to the
summation of the net present v...
Presenter’s Name June 17, 2003
Economics of Networks
NPV = ΣB - ΣC
Where:
NPV = net present value of all transactions
B = ...
Presenter’s Name June 17, 2003
Book Purchase Example
B = Cost of buying book at store $26
C = Cost of buying online and sh...
Presenter’s Name June 17, 2003
Economics of Networks
∑
i=1
n
NPV(Vi,j)=
Bi,k
(1+r)tk
k=1
n
∑ −
Ci,l
(1+r)tl
l=1
n
∑
Where:...
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Risk Mgt.
Presenter’s Name June 17, 2003
Economics of Security
NPV = ΣB - ΣC
Where:
SI = Security Investments
L = Losses
Basic Model...
Presenter’s Name June 17, 2003
Economics of Security
Minimize
Security Costs = Σ SI + Σ L
The Economic Risk Management Fun...
Presenter’s Name June 17, 2003
Loss $
Security Investment $
Economics of Security
Presenter’s Name June 17, 2003
Hacker Economics
NPV = ΣB - ΣC’ - ΣSI - ΣL
Your Loss
Is the Hacker’s Gain
NPV = ΣB - ΣC’ - ...
Presenter’s Name June 17, 2003
Economics of deterrence
NPV = ΣB - ΣC’ - ΣSI - ΣL
Minimize the Hacker’s Gain
Presenter’s Name June 17, 2003
Supply Chain Solution
NPV = ΣB - ΣC’ - ΣSI - ΣL
1) Reward Good Guys
Pay large fees to Anyon...
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Internet
Architecture
Presenter’s Name June 17, 2003
Loss $
Economics of Protocols
Better Protocols Drive
Loss Function Down
Security Investment...
Presenter’s Name June 17, 2003
IPv6, DNS-SEC, BGP-SEC,
SMTP, SMS/IP, POTS …
Protocol Investments
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Resilience
Presenter’s Name June 17, 2003
Correlation of Losses
Correlations of losses due to IP failure (LIP) are trending towards 1...
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Privacy
Presenter’s Name June 17, 2003
Presenter’s Name June 17, 2003
Getting our heads around cyber
rod.beckstrom@dhs.gov
Economics
Risk Mgt.
Network
Architectu...
Rod Beckstrom cyber security speech at AFCEA 090225
Upcoming SlideShare
Loading in …5
×

Rod Beckstrom cyber security speech at AFCEA 090225

973 views

Published on

Speach given by Mr. Rod Beckstrom at AFCEA conference in Washington DC on 25 FEB 2009 on the topic of cyber security

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
973
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
40
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • http://www.thepromiseofgod.net/themakeupofman/PROMISE7.HTML
  • Rod Beckstrom cyber security speech at AFCEA 090225

    1. 1. This presentation is dedicated to the survivors and families of 9/11 and other acts of terrorism and violence worldwide.
    2. 2. 9/11 Commission Report “connecting the dots” DNI NCTC DHS NCSC
    3. 3. Getting Our Heads Around Cybersecurity Rod Beckstrom Director rod.beckstrom@dhs.gov Black Hat
    4. 4. Black Hat WIRED Getting Our Heads Around Cybersecurity Rod Beckstrom Director rod.beckstrom@dhs.gov
    5. 5. Presenter’s Name June 17, 2003
    6. 6. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Economics Risk Mgt. Internet Architecture Strategy Awareness Dream State Privacy Resilience
    7. 7. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Awareness (Mapping & Inventory… where am I? )
    8. 8. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Dream State (what is the end state we seek?)
    9. 9. Presenter’s Name June 17, 2003 Getting our head around cyber Image source: www.thepromiseofgod.net Strategy What Game Are we Playing?
    10. 10. Presenter’s Name June 17, 2003 The Prisoners Dilemma
    11. 11. Presenter’s Name June 17, 2003 The Prisoners Dilemma W/W W/L L/WW/W L/L
    12. 12. Presenter’s Name June 17, 2003 Iterated Prisoners Dilemma W/W W/L L/WW/W L/L 200 X “The Evolution of Cooperation” Axelrod
    13. 13. Presenter’s Name June 17, 2003 E Pluribus Unum Collaboration & Social Networking
    14. 14. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Economics
    15. 15. Presenter’s Name June 17, 2003 Economics of Networks What is the value of a network? How much should be spent to defend it? Fundamental Questions
    16. 16. Presenter’s Name June 17, 2003 Economics of Networks The value of a network is equal to the summation of the net present value to each user, calculated as the benefit value of all transactions minus the costs, from the standpoint of each user, over any time period. New Network Valuation Model
    17. 17. Presenter’s Name June 17, 2003 Economics of Networks NPV = ΣB - ΣC Where: NPV = net present value of all transactions B = the benefit value of all transactions C = the cost of transactions Value to the Individual
    18. 18. Presenter’s Name June 17, 2003 Book Purchase Example B = Cost of buying book at store $26 C = Cost of buying online and shipping - 16 NPV = = 10 NPV = ΣB - ΣC
    19. 19. Presenter’s Name June 17, 2003 Economics of Networks ∑ i=1 n NPV(Vi,j)= Bi,k (1+r)tk k=1 n ∑ − Ci,l (1+r)tl l=1 n ∑ Where: NPV(Vi,j) = net present value of all transactions 1 through n to individual i with respect to network j j = identifies one network or network system i = one user of the network Bi,k = the benefit value of transaction k to the individual i Ci,l = the cost of transaction l to individual i rk and rl = the discount rate of interest to the time of transaction k or l tk or tl = the elapsed time in years to transaction k or l
    20. 20. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Economics Risk Mgt.
    21. 21. Presenter’s Name June 17, 2003 Economics of Security NPV = ΣB - ΣC Where: SI = Security Investments L = Losses Basic Model NPV = ΣB - ΣC’ - ΣSI - ΣL Security Model
    22. 22. Presenter’s Name June 17, 2003 Economics of Security Minimize Security Costs = Σ SI + Σ L The Economic Risk Management Function
    23. 23. Presenter’s Name June 17, 2003 Loss $ Security Investment $ Economics of Security
    24. 24. Presenter’s Name June 17, 2003 Hacker Economics NPV = ΣB - ΣC’ - ΣSI - ΣL Your Loss Is the Hacker’s Gain NPV = ΣB - ΣC’ - ΣSI - ΣL
    25. 25. Presenter’s Name June 17, 2003 Economics of deterrence NPV = ΣB - ΣC’ - ΣSI - ΣL Minimize the Hacker’s Gain
    26. 26. Presenter’s Name June 17, 2003 Supply Chain Solution NPV = ΣB - ΣC’ - ΣSI - ΣL 1) Reward Good Guys Pay large fees to Anyone who finds malicious code NPV = ΣB - ΣC’ - ΣSI - ΣL 2) Punish Bad Guys Levy large fines on companies with bad products
    27. 27. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Internet Architecture
    28. 28. Presenter’s Name June 17, 2003 Loss $ Economics of Protocols Better Protocols Drive Loss Function Down Security Investment $
    29. 29. Presenter’s Name June 17, 2003 IPv6, DNS-SEC, BGP-SEC, SMTP, SMS/IP, POTS … Protocol Investments
    30. 30. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Resilience
    31. 31. Presenter’s Name June 17, 2003 Correlation of Losses Correlations of losses due to IP failure (LIP) are trending towards 1.0
    32. 32. Presenter’s Name June 17, 2003 Getting our heads around cyber Image source: www.thepromiseofgod.net Privacy
    33. 33. Presenter’s Name June 17, 2003
    34. 34. Presenter’s Name June 17, 2003 Getting our heads around cyber rod.beckstrom@dhs.gov Economics Risk Mgt. Network Architecture Strategy Awareness Networked Intelligence Dream State Privacy

    ×