Unofficial thoughts on liability. Herb Lin firstname.lastname@example.org , 202-334-3191
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Unofficial thoughts on liability
The viewgraphs following this presentation do not represent the views of any organization with which Herb Lin is affiliated, and in particular they do not represent the views of the CSTB, the National Research Council, or the National Academies.
Losses due to deliberate action (hence no actuarial basis) (terrorists are not a probability distribution)
No metrics for security
Fundamental science of cybersecurity is not known
Damage is often invisible
Technical standardization can be similar to monoculture; weak in face of correlated threat
Impact of fix often impossible to be localized
Losses largely due to accident (harder to insure against arson than lightening)
Fire resistance can be quantified (sort of)
Fundamental science of fireproofing and structural engineering is known
Damage is visible
Standardization is advantageous when failures can be uncorrelated
Impact of fixes can be localized