rod beckstrom cyber security speech at afcea 090225
DESCRIPTION
Speach given by Mr. Rod Beckstrom at AFCEA conference in Washington DC on 25 FEB 2009 on the topic of cyber securityTRANSCRIPT
![Page 1: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/1.jpg)
![Page 2: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/2.jpg)
This presentation is dedicated to the survivors and familiesof 9/11 and other acts of terrorism and violence worldwide.
![Page 3: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/3.jpg)
9/11 Commission Report“connecting the dots”
DNINCTCDHSNCSC
![Page 6: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/6.jpg)
Presenter’s Name June 17, 2003
![Page 7: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/7.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Risk Mgt.
InternetArchitecture
Strategy
Awareness
Dream State
Privacy
Resilience
![Page 8: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/8.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Awareness(Mapping &Inventory… where am I? )
![Page 9: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/9.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Dream State(what is the end state we seek?)
![Page 10: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/10.jpg)
Presenter’s Name June 17, 2003
Getting our head around cyber
Image source: www.thepromiseofgod.net
Strategy
What GameAre we Playing?
![Page 11: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/11.jpg)
Presenter’s Name June 17, 2003
The Prisoners Dilemma
![Page 12: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/12.jpg)
Presenter’s Name June 17, 2003
The Prisoners Dilemma
W/W
W/L
L/WW/W
L/L
![Page 13: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/13.jpg)
Presenter’s Name June 17, 2003
Iterated Prisoners Dilemma
W/W
W/L
L/WW/W
L/L
200 X
“The Evolution of Cooperation” Axelrod
![Page 14: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/14.jpg)
Presenter’s Name June 17, 2003
E Pluribus Unum
Collaboration &Social Networking
![Page 15: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/15.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
![Page 16: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/16.jpg)
Presenter’s Name June 17, 2003
Economics of Networks
What is the value of a network?
How much should be spent to defend it?
Fundamental Questions
![Page 17: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/17.jpg)
Presenter’s Name June 17, 2003
Economics of Networks
The value of a network is equal to the summation of the net present value to each user, calculated as the benefit value of all transactions minus the costs, from the standpoint of each user, over any time period.
New Network Valuation Model
![Page 18: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/18.jpg)
Presenter’s Name June 17, 2003
Economics of Networks
NPV = ΣB - ΣC
Where:NPV = net present value of all transactionsB = the benefit value of all transactionsC = the cost of transactions
Value to the Individual
![Page 19: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/19.jpg)
Presenter’s Name June 17, 2003
Book Purchase Example
B = Cost of buying book at store $26
C = Cost of buying online and shipping - 16
NPV = = 10
NPV = ΣB - ΣC
![Page 20: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/20.jpg)
Presenter’s Name June 17, 2003
Economics of Networks
i1
n
NPV (Vi, j ) Bi,k
(1 r)tk
k1
n
Ci,l
(1 r )t l
l1
n
Where: NPV(Vi,j) = net present value of all transactions 1 through n to individual i with respect to network j
j = identifies one network or network system
i = one user of the networkBi,k = the benefit value of transaction k to the individual i
Ci,l = the cost of transaction l to individual i
rk and rl = the discount rate of interest to the time of transaction k or ltk or tl = the elapsed time in years to transaction k or l
![Page 21: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/21.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Economics
Risk Mgt.
![Page 22: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/22.jpg)
Presenter’s Name June 17, 2003
Economics of Security
NPV = ΣB - ΣC
Where:SI = Security InvestmentsL = Losses
Basic Model
NPV = ΣB - ΣC’ - ΣSI - ΣL Security Model
![Page 23: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/23.jpg)
Presenter’s Name June 17, 2003
Economics of Security
Minimize Security Costs = Σ SI + Σ L
The Economic Risk Management Function
![Page 24: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/24.jpg)
Presenter’s Name June 17, 2003
Loss $
Security Investment $
Economics of Security
![Page 25: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/25.jpg)
Presenter’s Name June 17, 2003
Hacker Economics
NPV = ΣB - ΣC’ - ΣSI - ΣL Your Loss
Is the Hacker’s Gain
NPV = ΣB - ΣC’ - ΣSI - ΣL
![Page 26: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/26.jpg)
Presenter’s Name June 17, 2003
Economics of deterrence
NPV = ΣB - ΣC’ - ΣSI - ΣL
Minimize the Hacker’s Gain
![Page 27: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/27.jpg)
Presenter’s Name June 17, 2003
Supply Chain Solution
NPV = ΣB - ΣC’ - ΣSI - ΣL
1) Reward Good GuysPay large fees to Anyone who finds malicious code
NPV = ΣB - ΣC’ - ΣSI - ΣL
2) Punish Bad GuysLevy large fines on companies with bad products
![Page 28: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/28.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
InternetArchitecture
![Page 29: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/29.jpg)
Presenter’s Name June 17, 2003
Loss $
Economics of Protocols
Better Protocols Drive Loss Function Down
Security Investment $
![Page 30: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/30.jpg)
Presenter’s Name June 17, 2003
IPv6, DNS-SEC, BGP-SEC,
SMTP, SMS/IP, POTS …
Protocol Investments
![Page 31: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/31.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Resilience
![Page 32: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/32.jpg)
Presenter’s Name June 17, 2003
Correlation of Losses
Correlations of losses due to IP failure (LIP) are trending towards 1.0
![Page 33: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/33.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Image source: www.thepromiseofgod.net
Privacy
![Page 34: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/34.jpg)
Presenter’s Name June 17, 2003
![Page 35: Rod Beckstrom cyber security speech at AFCEA 090225](https://reader037.vdocuments.us/reader037/viewer/2022103018/55909c7f1a28ab7a148b45cc/html5/thumbnails/35.jpg)
Presenter’s Name June 17, 2003
Getting our heads around cyber
Economics
Risk Mgt.
NetworkArchitecture
Strategy
Awareness
NetworkedIntelligence
Dream State
Privacy