Security Economics

1 / 33
About This Presentation
Title:

Security Economics

Description:

Security Economics – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: Security Economics


1
Security Economics
  • Ross Anderson
  • Cambridge University

2
Economics and Security
  • The link between economics and security atrophied
    after WW2
  • Since 2000, we have started to apply economic
    analysis to IT security and dependability
  • Economic analysis often explains failure better
    then technical analysis!
  • Infosec mechanisms are used increasingly to
    support business models (DRM, accessory control)
    rather than to manage risk
  • Economic analysis is also vital for the public
    policy aspects of security
  • It has broader importance too

3
The Classical View
  • When production factors were just land, labour
    and capital, a country can maybe grow fastest by
    capturing more land and labour
  • Before the gains from trade were understood, big
    empires mean big markets
  • Richer countries can afford bigger navies
  • But the invention of the atomic bomb seemed to
    decouple national survival from national economic
    performance
  • The political-economy and international-relations
    communities drifted apart

4
Traditional View of Infosec
  • People used to think that the Internet was
    insecure because of lack of features crypto,
    authentication, filtering
  • So engineers worked on providing better, cheaper
    security features AES, PKI, firewalls
  • About 1999, we started to realize that this is
    not enough

5
Incentives and Infosec
  • Electronic banking UK banks were less liable for
    fraud, so ended up suffering more internal fraud
    and more errors
  • Distributed denial of service viruses now dont
    attack the infected machine so much as using it
    to attack others
  • Health records hospitals, not patients, buy IT
    systems, so they protect hospitals interests
    rather than patient privacy
  • Why is Microsoft software so insecure, despite
    market dominance?

6
New View of Infosec
  • Systems are often insecure because the people who
    could fix them have no incentive to
  • Bank customers suffer when bank systems allow
    fraud patients suffer when hospital systems
    break privacy Amazons website suffers when
    infected PCs attack it
  • Security is often what economists call an
    externality like environmental pollution
  • Since about 2002, this has been used to justify
    government intervention in infosec

7
New Uses of Infosec
  • Xerox started using authentication in ink
    cartridges to tie them to the printer
  • Followed by HP, Lexmark and Lexmarks case
    against SCC
  • Motorola started authenticating mobile phone
    batteries to the phone
  • BMW now has a car prototype that authenticates
    its major components

8
IT Economics (1)
  • The first distinguishing characteristic of many
    IT product and service markets is network effects
  • Metcalfes law the value of a network is the
    square of the number of users
  • Real networks phones, fax, email
  • Virtual networks PC architecture versus MAC, or
    Symbian versus WinCE
  • Network effects tend to lead to dominant firm
    markets where the winner takes all

9
IT Economics (2)
  • Second common feature of IT product and service
    markets is high fixed costs and low marginal
    costs
  • Competition can drive down prices to marginal
    cost of production
  • This can make it hard to recover capital
    investment, unless stopped by patent, brand,
    compatibility
  • These effects can also lead to dominant-firm
    market structures

10
IT Economics (3)
  • Third common feature of IT markets is that
    switching from one product or service to another
    is expensive
  • E.g. switching from Windows to Linux means
    retraining staff, rewriting apps
  • Shapiro-Varian theorem the net present value of
    a software company is the total switching costs
  • This is why so much effort is starting to go into
    accessory control manage the switching costs in
    your favour

11
IT Economics and Security
  • High fixed/low marginal costs, network effects
    and switching costs all tend to lead to
    dominant-firm markets with big first-mover
    advantage
  • So time-to-market is critical
  • Microsoft philosophy of well ship it Tuesday
    and get it right by version 3 is not perverse
    behaviour by Bill Gates but quite rational
  • Whichever company had won in the PC OS business
    would have done the same

12
IT Economics and Security 2
  • When building a network monopoly, it is also
    critical to appeal to the vendors of
    complementary products
  • E.g., application software developers in the case
    of PC versus Apple, or now of Symbian versus
    WinCE, or WinMP versus Real
  • Lack of security in earlier versions of Windows
    made it easier to develop applications
  • So did the choice of security technologies that
    dump most costs on the user (SSL, PKI, )

13
Why are many security products ineffective?
  • Akerlofs Nobel-prizewinning paper, The Market
    for Lemons provides key insight asymmetric
    information
  • Suppose a town has 100 used cars for sale 50
    good ones worth 2000 and 50 lemons worth 1000
  • What is the equilibrium price of used cars in
    this town?
  • If 1500, no good cars will be offered for sale
  • Fix brands (e.g. Volvo certified used car)
    analogy led to Common Criteria etc

14
Security and Liability
  • Why did digital signatures not take off?
  • Industry thought legal uncertainty. So EU passed
    electronic signature law
  • Recent research customers and merchants resist
    transfer of liability by bankers for disputed
    transactions
  • Best to stick with credit cards, as that way
    fraud is still largely the banks problem
  • Similar resistance to phone-based payment
    people prefer prepayment plans because of
    uncertainty

15
Privacy
  • Most people say they value privacy, but act
    otherwise
  • Privacy technology ventures have mostly failed
  • Acquisti et al people care about privacy when
    buying clothes, but not cameras (some items
    relate to your image, so are privacy sensitive)
  • Issue for mobile phone industry phone viruses
    worse for image than PC viruses
  • Issue for the database state the Blair
    project of NPfIT, Childrens Databases, ID cards
  • Alternative models include externality people
    who go ex-directory

16
How Much to Spend?
  • How much should the average company spend on
    information security?
  • Governments, vendors say much much more than at
    present!
  • But hey - theyve been saying this for 20 years
  • Measurements of security return-on-investment
    suggest about 20 p.a.
  • So current expenditure may be about right

17
How are Incentives Skewed?
  • If you are DirNSA and have a nice new hack on NT,
    do you tell Bill?
  • Tell protect 300m Americans
  • Dont tell be able to hack 400m Europeans,
    1000m Chinese,
  • If the Chinese hack US systems, they keep quiet.
    If you hack their systems, you can brag about it
    to the President

18
Skewed Incentives (2)
  • Within corporate sector, large companies tend to
    spend too much on security and small companies
    too little
  • Research shows adverse selection effect
  • The most risk-averse people end up as corporate
    security managers
  • More risk-loving people may be sales or
    engineering staff, or entrepreneurs
  • Also due-diligence effects, government
    regulation, insurance market issues

19
Large Project Failure
  • Maybe 30 of large projects fail
  • But we build much bigger failures nowadays than
    30 years ago so
  • Why do more public-sector projects fail?
  • Consider what the incentives are on project
    managers versus ministers and what sort of
    people will become successful project managers
    versus ministers!

20
Games on Networks
  • The topology of a network can be important!
  • Barabási and Albert showed that a scale-free
    network could be attacked efficiently by
    targeting its high-order nodes
  • Think rulers target Saxon landlords / Ukrainian
    kulaks / Tutsi schoolteachers /
  • Can we use evolutionary game theory ideas to
    figure out how networks evolve?
  • Idea run many simulations between different
    attack / defence strategies

21
Games on Networks (2)
  • Vertex-order attacks with
  • Black normal (scale-free) node replenishment
  • Green defenders replace high-order nodes with
    rings
  • Cyan they use cliques (c.f. system biology )

22
Open versus Closed?
  • Are open-source systems more dependable? Its
    easier for the attackers to find vulnerabilities,
    but also easier for the defenders to find and fix
    them
  • Theory openness helps both equally if bugs are
    random and standard dependability model
    assumptions apply
  • Statistics bugs are correlated in a number of
    real systems (Milk or Wine?)
  • Trade-off the gains from this, versus the risks
    to systems whose owners dont patch

23
Why Bill wasnt interested in security
  • While Microsoft was growing, the two critical
    factors were speed, and appeal to application
    developers
  • Security markets were over-hyped and driven by
    artificial factors
  • Issues like privacy and liability were more
    complex than they seemed
  • The public couldnt tell good security from bad
    anyway

24
Why is Bill now changing his mind?
  • Trusted Computing initiative ranges from TCG to
    the IRM mechanisms in Office 2003
  • TCG put a TPM (smartcard) chip in every PC
    motherboard, PDA, mobile phone
  • This will do remote attestation of what the
    machine is and what software its running
  • On top of this will be layers of software
    providing new security functionality, of a kind
    that would otherwise be easily circumvented, such
    as DRM and IRM

25
Why is Bill now changing his mind? (2)
  • IRM Information Rights Management changes
    ownership of a file from the machine owner to the
    file creator
  • Files are encrypted and associated with rights
    management information
  • The file creator can specify that a file can only
    be read by Mr. X, and only till date Y
  • Now shipping in Office 2003
  • What will be the effect on the typical business
    that uses PCs?

26
Why is Bill now changing his mind? (3)
  • At present, a company with 100 PCs pays maybe
    500 per seat for Office
  • Remember value of software company total
    switching costs
  • So cost of retraining everyone to use Linux,
    converting files etc is maybe 50,000
  • But once many of the documents cant be converted
    without the creators permission, the switching
    cost is much higher
  • Lock-in is the key

27
Strategic issues
  • TCG initiative started by Intel as they believed
    that control of the home hub was vital
  • They made 90 of their profits from PC
    processors, and controlled 90 of the market
  • Innovations such as PCI, USB and now TC are
    designed to grow the overall size of the PC
    market
  • They are determined not to lose control of the
    home to the Sony Playstation

28
Strategic Issues (2)
  • Who will control users data?
  • Microsoft view everything will be on an MS
    platform (your WP files, presentations, address
    book, pictures, movies, music)
  • European Commission view this is illegal
    anticompetitive behaviour
  • Proposed anti-trust remedy force MS to unbundle
    Media Player, or to include other media players
    in its Windows distribution

29
The Information Society
  • More and more goods contain software
  • More and more industries are starting to become
    like the software industry
  • The good flexibility, rapid response
  • The bad frustration, poor service
  • The ugly monopolies
  • How will law evolve to cope?

30
Property
  • The Edinburgh enlightenment the core mission of
    government wasnt enforcing faith, but defending
    property rights
  • 18th-19th century rapid evolution of property
    and contract law
  • Realisation that these are not absolute!
  • Abolition of slavery, laws on compulsory
    purchase, railway regulation, labour contracts,
    tenancy contracts,

31
Intellectual Property
  • Huge expansion as software etc have become more
    important - 7 directives since 1991
  • As with ordinary property and contract in
    18501950, were hitting serious conflicts
  • Competition law - legal protection of DRM
    mechanisms leads to enforcement of illegal
    contracts and breaches of the Treaty of Rome
  • Environmental law - recycling of ink cartridges
    mandated, after printer vendors use tamper
    resistance and cryptography to stop it
  • Many more

32
Conclusions
  • The Information Society has evolved from the
    Wild West of 1850 to maybe 1920
  • We need to figure out how to balance competing
    social goals, as we have in the physical world
  • This means government involvement in the Internet
  • Security economics provides some of the tools
    needed to understand whats going on and to
    analyse policy options
  • It may also provide some broader insights into
    issues from dependability to terrorism

33
More
  • Economics and Security Resource Page
    www.cl.cam.ac.uk/rja14/econsec.html (or follow
    link from www.ross-anderson.com)
  • WEIS Annual Workshop on Economics and
    Information Security next at CMU, June 78 2006
  • Foundation for Information Policy Research
    www.fipr.org
Write a Comment
User Comments (0)