Skip to Content
Uncategorized

Taking on Security with Beckstrom’s Law

The former cyber chief explains his equation for valuing networks, and what it means for computer security.
August 3, 2009

For many years, computer scientists and venture capitalists have posited that value of any Internet-based technology or service increases by approximately the square of the number of users.

Yet, that model, known as Metcalfe’s Law, departs significantly from current experiences on the Internet. For example, the relationship does not account for service degradation due to an overabundance of users or bad actors who steal value from the network, according to Rod Beckstrom, an entrepreneur and the former head of the National Cybersecurity Center. Just last week, Microsoft founder Bill Gates cut himself off from Facebook, canceling his account because, in the words of one media report, “it was just way too much trouble.”

Instead of focusing on the number of nodes in the network, we need to focus on the transactions, Beckstrom argues.

“The key to cybersecurity is the number of transactions that we want versus the number of transactions that we don’t want,” he told attendees at the DEFCON Hacking Conference on Friday. “If we can find what the value of the network is to you–and 1.5 billion people–that’s what is important.”

Beckstrom started with a simple equation, that the value of a network is equal to the benefit it provides minus the cost to provide it, and tailored it for the security world. The reduced form of the equation expresses value, V, as:

V = B - C’ - SI - L

“SI” is the security investment that a company or person spends to avoid losses and “L” is the actual losses due to poor security. “B” is the benefit, and the remaining costs, “C’ ”, are all those outside of the security investments and losses.

Using this equation, security management can focus on minimizing the costs of computer security, “SI” and “L”. On the other hand, proactive defenders, such as law enforcement, can focus on raising the security costs of the bad guys, Beckstrom said.

“Hackers have to spend a lot of money on trying not to be found–that’s the security investment,” he said. “Loss is getting caught or being taken to court.”

The model easily scales and has similarities to profit-and-loss relationships, so corporate financial officers can easily get their heads around the concept. Unfortunately, the model is only as good as the data, and that can be a problem, Beckstrom acknowledged.

Keep Reading

Most Popular

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

AGI is just chatter for now concept
AGI is just chatter for now concept

The hype around DeepMind’s new AI model misses what’s actually cool about it

Some worry that the chatter about these tools is doing the whole field a disservice.

Hoan Ton-That, CEO of Clearview AI
Hoan Ton-That, CEO of Clearview AI

The walls are closing in on Clearview AI

The controversial face recognition company was just fined $10 million for scraping UK faces from the web. That might not be the end of it.

spaceman on a horse generated by DALL-E
spaceman on a horse generated by DALL-E

This horse-riding astronaut is a milestone in AI’s journey to make sense of the world

OpenAI’s latest picture-making AI is amazing—but raises questions about what we mean by intelligence.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.