Scott Borg
The article Digital doomsday can be avoided with preparation said
A common nightmare scenario in the business world is that a hacker will crack a company’s digital defenses, steal sensitive data or disable the network. Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit (US-CCU), an independent organization that churns out information security data on behalf of the government, says enterprises face a darker possibility.
Online outlaws could quietly penetrate the network and, over six to eight months, alter critical data so that it’s no longer accurate. For instance, an attacker could access a health insurance company’s patient records and modify information on a person’s prescriptions or surgical history. Or an attacker could access an automotive company’s database and tamper with specifications on various car parts.
“The big worry shouldn’t be that someone’s going to shut down a company’s computer system”, Borg said. “If you shut down almost anything in our economy for a couple days, the damage is minimal. We have enough inventory to time shift our activities so we’re not badly hurt. But if the attacker causes physical damage or makes it so the business process is faulty, the damage can be horrendous.”
“If hospitals are denied access to someone’s insurance information, it’s a nuisance”, he said. “If someone accesses a hospital computer [and] changes numbers, tampers with dosage schedules and announces his handiwork six months later, panic could ensue, people would be afraid to go to a medical facility and the health industry could suffer massive lawsuits and bankruptcies.”
In the auto industry, tampering with auto parts data could lead to cars failing on the road, people getting injured or killed and the auto manufacturer going belly-up. “People would stop buying cars”, Borg said.
The bad guys have plenty of motivation to go beyond simply extracting someone’s personal data for the sake of identity theft.
“If you can cause a huge economic event, you can make a huge profit off it”, he said. “If you can damage an industry and radically change demand for a commodity, there are ways to make an awful lot of money in the process.”
Scott Borg is
Director and Chief Economist of the
U.S. Cyber Consequences Unit, and a Senior
Research Fellow at the
Center for Digital Strategies,
Tuck School of Business,
Dartmouth College.
The U.S. Cyber Consequences Unit (CCU) is an independent research group
that was set up to provide the United States government with economic and
strategic assessments of the consequences of possible cyber-attacks.
Although it was initially funded by the U.S. government, it is not part
of any government department and has no official government status. This
allows the CCU to protect the confidential information of the
corporations that help it with its research and that would often be
unwilling to share their information with the government. The primary
concern of the CCU is the sort of large scale cyber-attacks that could be
mounted by criminal organizations, terrorist groups, rogue corporations,
and nation states, but it also considers ordinary hacker mischief and
white collar crime.
Scott became exasperated with the neo-classical economics in which he was
trained, because he believed that it did not accurately model the way
value was created in non-Western business systems, in other historical
periods, and in the more innovative parts of the information age
economy. This led him to build a new set of models with fewer
constraining
assumptions, drawing on some game theory concepts invented by
Harborne Stuart and
Adam Brandenburger. He applied the new models successfully to
the
economics
of
information, and helped to develop, the theoretical basis
for a series of value
creation concepts that rapidly became very influential in business
consulting circles:
value net analysis,
value-based pricing,
channel providers,
configurators, and markets employing
multi-variable matching.
More recently, Scott turned his attention from value creation to value
destruction. He discovered that the American economy could be
extremely
vulnerable, not to the past sorts of
denial-of-service attacks, but to
the sort of cyber attacks that would hijack our information systems with
false information. He decided that he had better try to do something
about this. Hence, his current job.
Scott describes himself as self-educated, but studied at various times
at the
Helmholtz Gymnasium in Frankfurt, Germany,
the
University of Chicago, the
London School of Economics and
Yale University.
His irregular academic career was due to severe dysgraphia, which makes
him virtually unable to write without the aid of a computer. Despite
this limitation, he has written a number of books and articles, including
Economically Complex
Cyberattacks,
Getting
Ready for the Coming Bio-Economy: An Advance Survey with Ten
Practical Tips,
and, with John Bumgarner,
The US-CCU Cybersecurity Checklist.
Read his LinkedIn profile.
