What are Beckstrom’s Laws of Cyber Security?

The Internet of Things (IoT) has many defining characteristics, such as tiny, cheap and low power sensors, embedded computers, and connectivity. But one characteristic will rule them all, namely, security. In the very near future, the IoT will probably not exist if it isn’t secure.

Beckstrom’s Laws of Cyber Security sums it up nicely:

  1. Everything that is connected to the Internet can be hacked
  2. Everything is being connected to the Internet
  3. Everything else follows from the first two laws.

Perhaps this should be called a corollary to Beckstrom’s law, as it provides a short proof to the existing law. Originally, Beckstrom’s law (or theorem) was formulated to determine the real valuable or a given network. Postulated by Rod Beckstrom, former director of the National Cybersecurity Center, the law states that, the value of a network, “equals the net value added to each user’s transactions conducted through that network, summed over all the users.”

Image Source: Beckstrom.com

According to Beckstrom, his law can be used to value any network be it social networks, computer networks, and even the Internet as a whole. In his model, the values of the network are determined by looking at all of the transactions conducted and the value added by each transaction.

To determine the value of a network, Becktrom used an economic point-of-view which considers what the additional transactions cost or loss would be if the existing network was turned off. For example, if a goods delivery service is shut down, then customers will go without those goods or obtain them in a different manner (i.e. driving to the store).

This focus on transactions is what distinguishes Beckstrom’s Law from its more famous cousin, Metcalfe’s Law. For Metcalfe, the value of a network was based purely on the size of the network, specifically the number of nodes. Conversely, Beckstrom’s Law focused on transactions, which makes it more applicable to current experiences on the Internet. This means that Metcalfe’s Law doesn’t account for a decreasing value of the network from an increase number of users or hackers who steal value.

Focusing on transactions makes Beckstrom’s Law of immediate value to the…