Re: computing the cost of incidents

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 03/29/03 

From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 29 Mar 2003 19:09:48 GMT

usenet@entropymedia.com (sam bailey) writes:

]I'm doing some background research for an upcoming television program
]on computer security and in the process of reading all the interviews
]we've done with people in the field there's a wide variation in the
]damage estimates from more recent worms and things like slammer: from
]around hundreds of millions ($US) to hundreds of billions.

]I'm no expert on the matter but the higher-end numbers seem mighty
]inflated to me - they almost seem like they count the salary of
]everyone who's touched a system affected by the worm. I know there
]were some serious disruptions in the case of slammer (trading desks
]closed at financial institutions, atms, credit card clearing systems)
]but I can't see it being more than the GNPs of many small countries.

]can anyone point me towards some resource or method for estimating
]these sorts of things a bit more realistically? I understand nobody
]can really say for sure on these matters I feel like there must be
]some way to come up with a rough picture of it. or if I'm off base
]here and these numbers are indeed realistic that information would be
]a great help as well. I worry about this because in news stories on
]security issues they often understate some risks and overstate others
]- I'm just trying to bring a bit of balance to the process. I'll read
]the group here and the email address in the header is valid - any help
]would be much appreciated.

Almost all such numbers are both pure speculation and self serving. And
without detailing exactly what you mean by "cost" (eg are heart attacks
caused by annoyance at stupid news articles counted as a cost?)
completely impossible to calculate.
And in may cases are they costs atributed to the worm or to the
incompetence of the sysadmins or of the coders (eg not installing
patches which have been available for months or years, or continuing to
use strcpy 10 years after its dangers are well known.)

Relevant Pages

  • RE: [Full-Disclosure] Authorities eye MSBlaster suspect
    ... >> a profit from the worm. ... But the biggest cost was the diversion of ... connections without taking _extremely careful and well thought through ... > the cost of medical research without giving human benefits. ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] Authorities eye MSBlaster suspect
    ... IMHO is prudent to expend some overkill ... >> a profit from the worm. ... But the biggest cost was the diversion of ... > the cost of medical research without giving human benefits. ...
    (Full-Disclosure)
  • RE: [Full-Disclosure] Authorities eye MSBlaster suspect
    ... For every penny that a company chalks up as a cost to ... > a profit from the worm. ... the cost of medical research without giving human benefits. ... lab server into a warez server when they get hit with a leading-edge or rare ...
    (Full-Disclosure)
  • Re: lsass.exe
    ... You don't have a firewall and connected to the internet without an ... You have not updated your version of windows in a very long time (if you ... Your lack of computer security practices has resulted in your computer being ... infected with the SASSER worm. ...
    (microsoft.public.windowsxp.general)
  • Re: lsass.exe
    ... > Your lack of computer security practices has resulted in your computer being ... Your poor judgment and unsafe practices make you a threat to ... > most likely spreading the worm as you read this). ... It's not his fault that anyone who runs Windows ...
    (microsoft.public.windowsxp.general)