Black Hat, Las Vegas: Networks should be valued on the transactions they make possible, rather than how many people...
(or machines) are part of the network, says Icann's new boss.
Rod Beckstrom, CEO of the internet domain registrar, said a network's value was the net value added to each user's transactions, summed for all users.
The formula he proposed is based on his experience as head of the US federal Cyber Security Council. When he joined, no-one knew the value of the network or its components.
Not understanding how value arose from the network made it impossible to identify where to spend on security to maximise return on investment, he said.
Without this knowledge, providing security amounted to little more than a series of uncoordinated projects, he said.
In proposing this new law, Beckstrom was overturning Metcalfe, Reed and others who have tried to establish the value of networks.
Beckstrom used the example of someone buying a book for $16 on Amazon rather than paying $26 from the local bookstore. The net value to the user was $10.
To someone who bought say 20 books a year, the value of the network was $200. But this had to be set against a $40/m cost for an internet account. This left a deficit of $280.
If that were all, logically no-one would use the net, he said. But they persisted because they did other things on the net, such as e-mail, Skype, and read news. Taken together, these extra uses amounted to more than the annual cost of the internet subscription.
Beckstrom warned that some networks had a natural membership total where growing bigger reduced their value to users. One such network was a golf club. Most private golf clubs run optimally at 500 members, he said, because this balanced the cost of running the club against how often a member can play.
Similarly, support groups peaked at between eight and 12 members. More and fewer members both reduced the value of the members' interactions. Either there were too few transactions (such as diverse opinions and advice), or because there was too little chance to express one's own views, he said.
This was behind Bill Gates's decision to quit Facebook, Beckstrom said. Having too many "friends" was meaningless (and valueless) unless he could transact with them in a meaningful way, he said. The same was true for other social networks such as Twitter and MySpace, he said.
It was crucial to understand that some networks destroyed value once they grew beyond a certain size. "If not, the inverse effect will break many network models [of value]."
Beckstrom said the value of security spending was equal to the transaction value to a member of the network less the cost of the transaction, the security investment and the losses from an attack.
In measuring the dollar value of losses from attacks against security spending, Beckstrom said Pareto's Law applied. Firms could reduce 80% of losses simply by using (properly configured) firewalls, anti-virus software, and keeping software patches up to date, he said. After that, reducing losses was progressively more expensive for a diminishing return.
Beckstrom said that while his formula was robust (Vint Cerf, the founder of the internet, and others had reviewed and refined it), companies still had to get the data.
This was hard, because few people measured the value of their internet transactions. But it could be done, he said.