Editorial Director of the Computer Security Institute (CSI), San Francisco, CA,
and author of Tangled web: Tales of Digital Crime from the Shadows of
Cyberspace. (Que, 2000)
How difficult is it to quantify the effects of cyber criminal
Quantifying financial losses from cyber attacks is one of our major problems.
Really, you're still doing "guesstimates." Sometimes you'll see tens of
thousands, and hundreds of thousands of dollars lost in an attack, and that's
mostly the cost of clean-up and investigation. But the real costs are the soft
costs--lost business opportunities. If you're conducting e-business and
you're counting on $600,000 an hour in revenue, like Amazon, and your service
is disrupted by a denial of service attack, you can start with the figure
$600,000 for every hour that you're down. If you're Cisco and you're making $7
million a day online, and you're down for a day, you've lost $7 million.
That's where you start. . . .
There were estimates that the "Love Bug" virus did damage in the billions
and billions of dollars. That scale leaves most people saying, "That's beyond
any kind of comprehension."
Right. It staggers the imagination, and there's a tendency to
disbelieve that four lines of code literally cost $80 million, or $10 billion
in damages. But if you think about it in terms of a 24/7 global corporation, a
Fortune 500 corporation, there's a little meter inside it, ticking all the
time. . . . A Fortune 500 corporation was hit by the "Melissa" virus when it
came out, and their own internal tabulation was that they lost $10 million.
When you ask them how they lost it, it was lost productivity, lost network
operation time. All of this is factored into their budgets. They have a
dollar sign attached to each minute of network time, and when you disrupt that
minute of network time, you cost that much money. And every serious corporation values their information. This trade secret is
worth X amount of money. If that trade secret is compromised online, or
through some kind of hacking, insider or outsider, then that much money is
Chief Executive Officer & Co-Founder of iDefense, a private agency
specializing in information intelligence.
The cost of the "Love Letter" virus, which affected everyone . . . ranges
between $4 billion and $10 billion. That's the equivalent of a complete
obliteration of a major American city. And that was one individual from
thousands of miles away.
Chief of Information Security, Microsoft Corporation
When I'm talking to people in this information security industry, I get a
much darker, more frightening perspective than I get from you. Is
that because you're out on the West Coast, or because you're not in that
specific line? . . . What is the reality here?
I'm probably a bit more pragmatic than some of these folks are . . . even going
back to the denial of service attacks back in February. Some of the reports of
that allege that billions of dollars' worth of business was lost. Well, if
that were the case for a five-hour downtime, it would show that that company is
making trillions of dollars a year, and it's not realistic. But when you
separate through that and look at . . . those of us who work in this business
day to day, yes, there are challenges that we have; there are patches that we
need to worry about. But we're able to run the business successfully. We're
able to do our jobs. It's no worse, in some cases, than a bad winter snowstorm
that keeps you from getting in the work for a day or two. In this case, it's
home · who are hackers? · risks of the internet · who's responsible · how to be vigilant · interviews
discussion · video excerpts · synopsis · press · tapes · credits
FRONTLINE · wgbh · pbs online
some photos copyright ©2001 photodisc
web site copyright 1995-2014
WGBH educational foundation