U.S. Cyber Consequences Unit
Director and Chief Economist, U.S. Cyber Consequences Unit
Scott Borg is Director of the U.S. Cyber Consequences Unit, an independent, nonprofit research institute. It investigates the strategic and economic consequences of cyber attacks. Widely recognized as the leading authority on the economics of cybersecurity, he has been the principal proponent of a quantitative, risk-based approach to cybersecurity for nearly twenty years. He wrote the ISA Guidelines for Securing the Electronics Supply Chain, a comprehensive reference document. Along with John Bumgarner, he is co-author of the new US-CCU Cyber-Security Matrix, the most comprehensive survey of cyber defense measures. This is currently being developed into a free, customizable software tool. Borg’s other technical contributions have included pioneering work on the techniques for hiding and finding malware. Because of the way he has employed economic models to analyze potential attackers, he has been able to anticipate most of the new developments in cybersecurity since 2002. He predicted Stuxnet, for example, its exact target, and how it would reach and damage that target, fourteen months before it was found. He teaches economically oriented master classes on cyber threat analysis and cyber consequence analysis for other cyber-security experts. He has been quoted in most of the world’s leading news publications and comments often for NBC, CNN, BBC, NPR and other broadcast media. He has testified before the U.S. Senate, served on the Commission on Cybersecurity for the 44th Presidency, and lectured at Harvard, Columbia, and other leading universities.