Advisory Board

Scott Borg

The article Digital doomsday can be avoided with preparation said

A common nightmare scenario in the business world is that a hacker will crack a company’s digital defenses, steal sensitive data or disable the network. Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit (US-CCU), an independent organization that churns out information security data on behalf of the government, says enterprises face a darker possibility.
 
Online outlaws could quietly penetrate the network and, over six to eight months, alter critical data so that it’s no longer accurate. For instance, an attacker could access a health insurance company’s patient records and modify information on a person’s prescriptions or surgical history. Or an attacker could access an automotive company’s database and tamper with specifications on various car parts.
 
“The big worry shouldn’t be that someone’s going to shut down a company’s computer system”, Borg said. “If you shut down almost anything in our economy for a couple days, the damage is minimal. We have enough inventory to time shift our activities so we’re not badly hurt. But if the attacker causes physical damage or makes it so the business process is faulty, the damage can be horrendous.”
 
“If hospitals are denied access to someone’s insurance information, it’s a nuisance”, he said. “If someone accesses a hospital computer [and] changes numbers, tampers with dosage schedules and announces his handiwork six months later, panic could ensue, people would be afraid to go to a medical facility and the health industry could suffer massive lawsuits and bankruptcies.”
 
In the auto industry, tampering with auto parts data could lead to cars failing on the road, people getting injured or killed and the auto manufacturer going belly-up. “People would stop buying cars”, Borg said.
 
The bad guys have plenty of motivation to go beyond simply extracting someone’s personal data for the sake of identity theft.
 
“If you can cause a huge economic event, you can make a huge profit off it”, he said. “If you can damage an industry and radically change demand for a commodity, there are ways to make an awful lot of money in the process.”

Scott Borg is Director and Chief Economist of the U.S. Cyber Consequences Unit, and a Senior Research Fellow at the Center for Digital Strategies, Tuck School of Business, Dartmouth College.
 
The U.S. Cyber Consequences Unit (CCU) is an independent research group that was set up to provide the United States government with economic and strategic assessments of the consequences of possible cyber-attacks. Although it was initially funded by the U.S. government, it is not part of any government department and has no official government status. This allows the CCU to protect the confidential information of the corporations that help it with its research and that would often be unwilling to share their information with the government. The primary concern of the CCU is the sort of large scale cyber-attacks that could be mounted by criminal organizations, terrorist groups, rogue corporations, and nation states, but it also considers ordinary hacker mischief and white collar crime.
 
Scott became exasperated with the neo-classical economics in which he was trained, because he believed that it did not accurately model the way value was created in non-Western business systems, in other historical periods, and in the more innovative parts of the information age economy. This led him to build a new set of models with fewer constraining assumptions, drawing on some game theory concepts invented by Harborne Stuart and Adam Brandenburger. He applied the new models successfully to the economics of information, and helped to develop, the theoretical basis for a series of value creation concepts that rapidly became very influential in business consulting circles: value net analysis, value-based pricing, channel providers, configurators, and markets employing multi-variable matching.
 
More recently, Scott turned his attention from value creation to value destruction. He discovered that the American economy could be extremely vulnerable, not to the past sorts of denial-of-service attacks, but to the sort of cyber attacks that would hijack our information systems with false information. He decided that he had better try to do something about this. Hence, his current job.
 
Scott describes himself as self-educated, but studied at various times at the Helmholtz Gymnasium in Frankfurt, Germany, the University of Chicago, the London School of Economics and Yale University. His irregular academic career was due to severe dysgraphia, which makes him virtually unable to write without the aid of a computer. Despite this limitation, he has written a number of books and articles, including Economically Complex Cyberattacks, Getting Ready for the Coming Bio-Economy: An Advance Survey with Ten Practical Tips, and, with John Bumgarner, The US-CCU Cybersecurity Checklist.
 
Lifeboat Tidbit: Future Nobel Laureate Frank Wilczek used to help Scott with his math assignments when they were both sixteen or seventeen-year-old undergraduates at the University of Chicago. Frank also used to wake him by playing the Rolling Stones first thing in the morning in the dorm room below his.