2009 SCADA Security Scientific Symposium The Economics of Control System Security Ross Anderson Cambridge University.

Slides:



Advertisements
Similar presentations
Market Dominance “Dominant firms: Impact on consumers and producers plus issues of control and regulation”
Advertisements

Vista, TC and Competition Policy Ross Anderson Cambridge University and Foundation for Information Policy Research.
Competition and ‘Trusted Computing’ Ross Anderson Cambridge University and Foundation for Information Policy Research.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
Fall 2008 Version Professor Dan C. Jones FINA 4355 Class Problem.
Amazon. Cloud computing also known as on-demand computing or utility computing. Similar to other utility providers like electric, water, and natural gas,
Web App Security – The Good, the Bad and the Ugly Ross Anderson Cambridge University.
Security Economics and European Policy Ross Anderson Rainer Böhme Richard Clayton Tyler Moore Computer Laboratory, University of Cambridge.
Information Security Economics – and Beyond Ross Anderson Tyler Moore Cambridge University.
The Economics of Information Security: A Survey and Open Questions Ross Anderson, Tyler Moore Cambridge University.
Security Economics Ross Anderson Cambridge University.
Security Economics Ross Anderson Cambridge University.
The Economics and Psychology of Security Ross Anderson Cambridge University.
Information Security Economics – and Beyond Ross Anderson Cambridge University.
Economics of Dependability and Security Economics of Dependability and Security Ross Anderson Cambridge University.
The Economics of Information Security Ross Anderson Cambridge University.
Information Society – Future Prospects Ross Anderson Cambridge University and Foundation for Information Policy Research.
An Economic Perspective on Security Ross Anderson Cambridge University.
Towards a Science of Security and Human Behaviour Ross Anderson Cambridge University.
Security Economics Ross Anderson Cambridge University.
The New Internet Explorer 7 By Ronald Pastor. Overview  Makes everyday web surfing easier –Internet Explorer 7 provides improved navigation through tabbed.
Economics, Policy and Information Security Economics, Policy and Information Security Ross Anderson Cambridge University.
The Cloud: Demystified Neil Cattermull Frontier Technology.
YOUR INTERNET EXPERIENCE
Security Engineering Security Computer Science Tripos part 2 Ross Anderson.
Information Security – Where Computer Science, Economics and Psychology Meet Ross Anderson Cambridge University.
Security Economics and Public Policy Ross Anderson Cambridge University.
The Economics of Security and Privacy Ross Anderson Cambridge University.
INTRODUCTION TO CLOUD COMPUTING Cs 595 Lecture 5 2/11/2015.
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.
Norman SecureSurf Protect your users when surfing the Internet.
 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Manjit kaur Manjit Kaur1. Why do we need to protect our computer from a virus? A reason why we need to protect our computer from a virus is because it.
08 Network Effects 5 Aaron Schiff ECON Reading: Cabral, Ch 17.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Overview of Network Industries Nien-Pen Liu. Main Characteristics Consumption externalities Complements, compatibility and standards Switching costs and.
Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.
Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.
Manjit kaur Manjit Kaur1. Why do we need to protect our computer from a virus? A reason why we need to protect our computer from a virus is because it.
IB Business Management
Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
What’s a mobile app? A mobile app is a software program you can download and access directly using your phone or another mobile device, like a tablet.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
MAS967 Technology Strategy for New Enterprises Class 2: The evolution of industries, technologies & markets Professor Fiona Murray.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Society & Computers PowerPoint
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Powered by Microsoft Azure, The Tyros Allows Sports Coaches, Athletes, and Officials to Share and Analyze Game Videos Anywhere There’s an Internet Connection.
The Case against Microsoft. © 2004 Pearson Addison-Wesley. All rights reserved12-2.
MICROSOFT AZURE APP BUILDER PROFILE: RAVERUS LTD. Raverus is a customer-driven company engaged in providing software applications designed to improve and.
Get2Modern A plan for Windows XP & Office 2003 EOS migration in SMB Microsoft Confidential. NDA required.
CISOs Guide To Communicating WNCRY.
Chapter 6: Securing the Cloud
Economics of IT & Information Security
E-COMMERCE Learning Unit 8: Electronic Commerce Strategy
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.
ACROSS THE WORLD MCAFEE PROVIDING THE UPDATE PROTECTION SOLUTIONS TO THE COMPUTER USERS. AS SAME TO THE ERROR ABOVE, WAIT FOR FEW MINUTES AND THINK SOME.
Risk of the Internet At Home
Cloud Computing Cloud computing refers to “a model of computing that provides access to a shared pool of computing resources (computers, storage, applications,
Information Security Economics – and Beyond
Towards a Science of Security and Human Behaviour
LO2 – Understand Computer Software
Presentation transcript:

2009 SCADA Security Scientific Symposium The Economics of Control System Security Ross Anderson Cambridge University

2009 SCADA Security Scientific Symposium Traditional View of Infosec People used to think that the Internet was insecure because of lack of features – crypto, authentication, filtering So we all worked on providing better, cheaper security features – AES, PKI, firewalls … About 1999, some of us started to realize that this is not enough

2009 SCADA Security Scientific Symposium Economics and Security Since 2000, we have started to apply economic analysis to IT security and dependability It often explains failure better! For example – UK banks were less liable for fraud, so ended up suffering more internal fraud and more errors DDoS: viruses now don ’ t attack the infected machine so much as use it to attack others Why is Microsoft software so insecure, despite market dominance?

2009 SCADA Security Scientific Symposium New View of Infosec Systems are often insecure because the people who guard them, or who could fix them, have insufficient incentives –Bank customers suffer when poorly-designed bank systems make fraud and phishing easier –Casino websites suffer when infected PCs run DDoS attacks on them Insecurity is often what economists call an ‘ externality ’ – a side-effect, like environmental pollution

2009 SCADA Security Scientific Symposium New Uses of Infosec Xerox started using authentication in ink cartridges to tie them to the printer – and its competitors soon followed Carmakers make ‘ chipping ’ harder, and plan to authenticate major components DRM: Apple grabs control of music download, MS accused of making a play to control distribution of HD video content

2009 SCADA Security Scientific Symposium Security Economics This has grown since 2001 into a field with over 100 active researchers Annual Workshop on the Economics of Information Security (WEIS) – 6/09 in London Topics range from econometrics of online crime through DRM policy to return on security investment and how to manage the patching cycle I’ll focus on things of obvious interest to SCADA We have the tools – tell us your problems!

2009 SCADA Security Scientific Symposium IT Economics (1) The first distinguishing characteristic of many IT product and service markets is network effects Metcalfe ’ s law – the value of a network is the square of the number of users Real networks – phones, fax, Virtual networks – PC architecture versus MAC, or Symbian versus WinCE Network effects tend to lead to dominant-firm markets where the winner takes all

2009 SCADA Security Scientific Symposium IT Economics (2) The second common feature of IT product and service markets is high fixed costs and low marginal costs (as in telcos, airlines, hotels … ) Competition can drive down prices to marginal cost of production This can make it hard to recover capital investment, unless stopped by patent, brand, compatibility … These effects can also lead to dominant-firm market structures

2009 SCADA Security Scientific Symposium IT Economics (3) Third common feature of IT markets is that switching from one product or service to another is expensive E.g. switching from Windows to Linux means retraining staff, rewriting apps Shapiro-Varian theorem: the net present value of a software company is the total switching costs So major effort goes into managing switching costs – once you have $3000 worth of songs on a $300 iPod, you ’ re locked into iPods

2009 SCADA Security Scientific Symposium IT Economics and Security High fixed/low marginal costs, network effects and switching costs all tend to lead to dominant- firm markets with big first-mover advantage So time-to-market is critical Microsoft philosophy of ‘ we ’ ll ship it Tuesday and get it right by version 3 ’ was not perverse behaviour by Bill Gates but quite rational Whichever company had won in the PC OS business would have done the same

2009 SCADA Security Scientific Symposium IT Economics and Security (2) When building a network monopoly, you must appeal to vendors of complementary products That ’ s application software developers in the case of PC versus Apple, or now of Symbian versus Linux/Windows/J2EE/Palm Lack of security in earlier versions of Windows made it easier to develop applications So did the choice of security technologies that dump costs on the user (SSL, not SET) Once you ’ ve a monopoly, lock it all down!

2009 SCADA Security Scientific Symposium How is SCADA Different? This conventional analysis explains why PC and mobile platforms are less secure… Control systems have even higher switching costs, lower network effects, higher marginal costs Competition not dominated by market races! Lock-in is long-term, as with set-top boxes There are still quite a few results and insights that may apply directly

2009 SCADA Security Scientific Symposium Conflict theory Does the defence of a country or a system depend on the least effort, on the best effort, or on the sum of efforts? The last is optimal; the first is really awful Software is a mix: it depends on the worst effort of the least careful programmer, the best effort of the security architect, and the sum of efforts of the testers So one lesson is: hire fewer better programmers, more testers, top architects

2009 SCADA Security Scientific Symposium Competition vs Coordination It’s often hard to get competitors to coordinate, and in SCADA we may have a natural experiment taking place: –The USA is going for regulation via NERC-CIP –The UK via CPNI is getting users together by sector to become more intelligent and coordinated customers I wonder what sort of outcomes we’ll see? (Normally the USA does market-led solutions while the EU does regulation) Also, some industries care more than others, and some countries just don’t care at all

2009 SCADA Security Scientific Symposium Competition vs Coordination (2) It may depend on the detail! Another known problem is how to incentivise providers to maintain adequate reserve / emergency capacity (E.g., phone networks now survive a few days without power, not 6 weeks) Putting these together: reports (at Electric Power 08) of NERC CIP compliance games: managers removed black start capability in order not to be assessed ‘critical’under CIP-2

2009 SCADA Security Scientific Symposium Adverse Selection, Moral Hazard A lot is known about these in other contexts (why do Volvo drivers have more accidents?) Neat example: Ben Edelman, ‘Adverse selection on online trust certifications’ (WEIS 06) Websites with a TRUSTe certification are more than twice as likely to be malicious The top Google ad is about twice as likely as the top free search result to be malicious (other search engines worse …) Conclusion: ‘Don’t click on ads’

2009 SCADA Security Scientific Symposium Open versus Closed Are open systems more dependable? It’s easier for the attackers to find vulnerabilities, but also easier for the defenders to find and fix them This debate goes back to the 17th century! Theorem (2002): openness helps both equally if bugs are random and standard dependability model assumptions apply So whether open is better than closed will depend on whether / how your system differs from the ideal

2009 SCADA Security Scientific Symposium Open versus Closed (2) Big debate at WEIS 2004! –Rescorla: patching doesn’t improve systems much so failures dominated by patching failures –Arora et al: without disclosure, vendors won’t improve. Optimal to disclose after a delay Empirical work: operating system bugs are correlated in a number of real systems Emerging consensus: CERT-type rules plus breach disclosure laws How should this apply to control systems?

2009 SCADA Security Scientific Symposium Security metrics VaR approach (Value at Risk) discredited in our field long before the credit crunch. What else? Insurance markets – can be dysfunctional because of correlated risk Vulnerability markets – in theory can elicit information about cost of attack (led to foundation of iDefense, Tipping Point, …) Stock markets – in theory can elicit information about costs of compromise. Prices drop a few percent after a breach disclosure

2009 SCADA Security Scientific Symposium How Much to Spend? How much should the average company spend on information security? Governments, vendors say: much much more than at present But they ’ ve been saying this for 20 years! The total expenditure may be about right – but may be low / high in some firms / industries Big firms spend more than small; governments spend way more than the private sector

2009 SCADA Security Scientific Symposium Government Bias … If you are DirNSA and have a nice new hack on XP and Vista, do you tell Bill? Tell – protect 300m Americans Don ’ t tell – be able to hack 400m Europeans, 1000m Chinese, … If the Chinese hack US systems, they keep quiet. If you hack their systems, you can brag about it to the President So offense can be favored over defense

2009 SCADA Security Scientific Symposium Security and Policy Our ENISA report, published last March, has 15 recommendations. The most relevant here are: –Security breach disclosure law –Data on which ISPs host malware –Networked devices to be secure by default –Responsible vulnerability disclosure plus liability for unpatched software, with patches separate from updates –… See links from my web page

2009 SCADA Security Scientific Symposium Other Threads Might we see an electronic reprise of the 1996 IRA attack on London? Or is the ‘SCADA security’ program crying wolf? Institutional cultures – defense vs other firms The high costs of custom secure systems But – Common Criteria issues (see our paper on vulnerabilities in Chip and PIN payment systems) And the high costs of multilevel security

2009 SCADA Security Scientific Symposium Other Threads (2) What happens when you merge industries with 15- year and 15-month product cycles? Power generation won’t be as disrupted as telecomms Models of security investment and risk – financial models, lifecycle models, comparisons across industries, supply chain issues, contracts Studies of compliance costs (SOX etc) Are there positive incentives for change – perhaps future protocol standards for ‘smart grids’?

2009 SCADA Security Scientific Symposium To Wrap Up Security economics looks like it has a lot to offer the control engineering community Protecting SCADA is intertwined with business structures, risk dynamics and regulation We’ve developed a lot of tools over the last eight years – see my Security Economics Resource Page at I have a new research student starting in this field What are your worst problems?

2009 SCADA Security Scientific Symposium

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.