Black Hat, Las Vegas: Networks should be valued on the
transactions they make possible, rather than how many people (or
machines) are part of the network, says Icann's new boss.
Rod Beckstrom, CEO of the internet domain registrar, said a
network's value was the net value added to each user's
transactions, summed for all users.
The formula he proposed is based on his experience as head of
the US federal Cyber Security Council. When he joined, no-one knew
the value of the network or its components.
Not understanding how value arose from the network made it
impossible to identify where to spend on security to maximise
return on investment, he said.
Without this knowledge, providing security amounted to little
more than a series of uncoordinated projects, he said.
In proposing this new law, Beckstrom was overturning Metcalfe,
Reed and others who have tried to establish the value of
networks.
Beckstrom used the example of someone buying a book for $16 on
Amazon rather than paying $26 from the local bookstore. The net
value to the user was $10.
To someone who bought say 20 books a year, the value of the
network was $200. But this had to be set against a $40/m cost for
an internet account. This left a deficit of $280.
If that were all, logically no-one would use the net, he said.
But they persisted because they did other things on the net, such
as e-mail, Skype, and read news. Taken together, these extra uses
amounted to more than the annual cost of the internet
subscription.
Beckstrom warned that some networks had a natural membership
total where growing bigger reduced their value to users. One such
network was a golf club. Most private golf clubs run optimally at
500 members, he said, because this balanced the cost of running the
club against how often a member can play.
Similarly, support groups peaked at between eight and 12
members. More and fewer members both reduced the value of the
members' interactions. Either there were too few transactions (such
as diverse opinions and advice), or because there was too little
chance to express one's own views, he said.
This was behind Bill Gates's decision to quit Facebook,
Beckstrom said. Having too many "friends" was meaningless (and
valueless) unless he could transact with them in a meaningful way,
he said. The same was true for other social networks such as
Twitter and MySpace, he said.
It was crucial to understand that some networks destroyed value
once they grew beyond a certain size. "If not, the inverse effect
will break many network models [of value]."
Beckstrom said the value of security spending was equal to the
transaction value to a member of the network less the cost of the
transaction, the security investment and the losses from an
attack.
In measuring the dollar value of losses from attacks against
security spending, Beckstrom said Pareto's Law applied. Firms could
reduce 80% of losses simply by using (properly configured)
firewalls, anti-virus software, and keeping software patches up to
date, he said. After that, reducing losses was progressively more
expensive for a diminishing return.
Beckstrom said that while his formula was robust (Vint Cerf, the
founder of the internet, and others had reviewed and refined it),
companies still had to get the data.
This was hard, because few people measured the value of their
internet transactions. But it could be done, he said.