Beckstrom on cybersecurity

LAS VEGAS ' Cybersecurity is hampered by a lack of understanding about the physics and economics of the networks we are trying to defend, according to Rod Beckstrom, director of the Homeland Security Department's National Cyber Security Center, said Thursday at the Black Hat Briefings.

Risk management is a process of balancing security efforts against an acceptable level of risk because absolute security is not possible. But Beckstrom, speaking at the Black Hat Briefings yesterday, said we have no method for valuing our networks or measuring the effectiveness of our security.

'Without the economics, we don't have a risk-management function in terms of our investment,' Beckstrom added.

Beckstrom, who has been on the job about four months, did not go into detail about his office's plans, although he said the goal is to build bridges between the military, intelligence and civilian communities in government.

'We're a brand-new government initiative, and we are working on our initial plan,' he said. 'My job is to help foster cooperation and information-sharing between those three communities.'

Information sharing is a common refrain in his comments. His mantra is 'all of us are smarter than any of us.'

To balance cost and returns in risk management, the amount of money spent on security should not exceed the cost of the losses being prevented. Initial investments in IT security typically bring a high rate of return by sharply reducing losses. But finding the point of diminishing returns is difficult without a good economic model.

'We need to do a lot more work in that area,' he said. 'We may want to invest in protocols because it might be the best investment we can make.'

Fixing flaws in the protocols that underlie our networks would give us the biggest bang for the buck in the federal government's security spending, Beckstrom said. Such fixes are relatively cheap and have a wide impact, although they are not necessarily simple to implement, as the current effort to patch the Domain Name System shows. But in times of emergency, keeping network operations functioning is critical to any response.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected