The Economics Of Cybersecurity
Malicious Life
Malicious Life
4.8 • 1K Ratings
🗓️ 15 May 2023
⏱️ 27 minutes
🧾️ Download transcript
Summary
The numbers can’t be any clearer: a DDoS attack costs less than a hundred dollars, while the price tag for mitigating it might reach tens if not hundreds of thousands of dollars. A single well crafted phishing email can easily circumvent cyber defenses which cost millions of dollars to set up. How can we change the extreame cost asymmetry between attackers and defenders in cyberspace?
Advertising Inquiries: https://redcircle.com/brands
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hi, I'm Ryan Levy. |
| 0:01.0 | Welcome to Cyber reasons Malicious Life. There's a lesson Tyler Moore learned quite early in his career. |
| 0:32.8 | I'm Tyler Moore, I'm the Tandy Professor of Cybersecurity and Chair of the School of |
| 0:37.4 | Cyber Studies at the University of Tulsa. |
| 0:40.6 | As a young computer scientist, Tyler investigated vulnerabilities in SS7, a telephone signaling protocol. |
| 0:48.0 | Being a rather old protocol without any authentication to speak of, it wasn't a very difficult job. |
| 0:54.6 | We wrote these attacks, wrote papers, we got audiences with important people at the big |
| 0:59.2 | telcos and the government, they all listened very politely and did absolutely nothing about it. |
| 1:05.2 | In fact the SS7 vulnerabilities continued to this day and just within the past couple |
| 1:11.6 | of years there have been some high profile exploits that have come to pass. |
| 1:16.7 | Tyler and his colleagues tried but didn't get anywhere. Why? Simple economics. It was a misalignment of incentives. And so you look at the |
| 1:28.1 | incentives of the Telecoes and the manufacturers of telecommunications equipment, they had high fixed cost investments in these protocols that were designed for a closed telephone system. |
| 1:41.0 | And deregulation came in the 1990s, introduced lots of new players. |
| 1:45.0 | And so a system that was designed without authentication might have worked in a |
| 1:50.0 | entirely closed system, but as it opened up, it no longer made sense, but the cost of actually |
| 1:58.6 | overhauling the protocol and adding in these security features was high and the return on that was very very |
| 2:06.8 | low to none right and so it was just easier to sweep the concerns under the rug and that's what has happened. |
| 2:17.3 | You can think of money as the thing which connects the virtual world of bits and bites with the physical world. |
| 2:25.0 | You might think that your code or research is excellent and valuable, |
| 2:29.8 | but it's only when that work meets the real world via the exchange of dollars and euros that its true value is revealed. |
| 2:38.0 | This value is what determines the incentives of different parties that participate in the economic playing field, and these incentives, in turn, determine the actions that these players will take. with you to back you up, planes over your head and all that kind of stuff. |
| 3:05.4 | But a gorilla is on his own. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Malicious Life, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Malicious Life and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.