Director and Chief Economist, U.S. Cyber Consequences Unit (US-CCU)
Scott Borg is the Director and Chief Economist of the U.S. Cyber Consequences Unit (US-CCU), an independent, non-profit research institute that investigates the strategic and economic consequences of possible cyber-attacks. He is responsible for many of the concepts that are currently being used to analyze the implications of cyber security in business contexts. He did pioneering research on the possible impact of cyber attacks on critical infrastructure industries and on a risk-based approach to cyber defense. In collaboration with John Bumgarner, he is author of the US-CCU Cyber-Security Check List, which is regularly used by security professionals in over eighty countries.
He advises the U.S. government and the EU on trends in cyber security, on cyber-security exercises, on how to quantify cyber risks, and on the policy alternatives for reducing those risks. Much of his recent work has been concerned with quantifying the contributions of cyber-attacks to military operations. He comments regularly on cyber security for television and radio and has been a guest lecturer at Harvard, Yale, Columbia, and other leading universities. He is currently a member of the Commission on Cybersecurity for the 44th President and a Senior Research Fellow in International Security Studies at the Fletcher School of Law and Diplomacy of Tufts University. His book Cyber Attacks: A Handbook for Understanding the Economic and Strategic Risks should be out later this year.
Regional Cyber Conflicts and Their Implications for Global Cyber Security
Regional conflicts today almost always have a cyber component. Since 1998, there have at least twenty significant regional cyber campaigns. The US-CCU has been in a position to examine some of these very closely, including the 2008 campaign against Georgia. Most of the cyber campaigns have been carried out by informal civilian militias, sometimes with help from local organized crime. Governments have encouraged and influenced these cyber conflicts to varying degrees, but can't always control them. The cyber attackers are becoming increasingly well organized. There are currently signs of new alliances between potential attackers in different countries. As a result of these developments, regional cyber conflicts now have the potential to escalate, to spread, and to disrupt the global supply chains. Air travel in many areas could be interrupted The delivery of oil and gas, large scale electrical equipment, pharmaceuticals, and many other critical supplies could be affected. Spreading cyber conflicts could also lead to direct attacks from unexpected quarters. In the months and years to come, governments and businesses will increasingly need to be prepared for these developments.
Identifying the Neglected Opportunities for Stopping Cyber Attackers Scott Borg Director and Chief Economist, U.S. Cyber Consequences Unit (US-CCU)
This presentation will outline a comprehensive framework for mapping all cyber-attack techniques and all counter-measures. This framework makes it easy to see where the repertoire for each is well supplied where techniques and counter-measures are missing. Once this framework is applied, it becomes evident that the bulk of our cyber-security resources, including most of the R&D money, has been poured into only a few types of counter-measures, while many others that are at least as promising have been comparatively neglected.