SCP-1715 Euclid ~ medium confidence
SCP-1715
Expected annual
$1.8M
One-time setup
$1.5M
Annual recurring
$1.7M
Personnel
11
Estimated one-time setup and contingency costs are approximately $1.51M, driven by contingency reserves, initial software/hardware development, and legal/setup fees. Annual operating costs are approximately $1.71M/year, driven primarily by staff wages, legal/cover-up allocations, and ongoing monitoring/compute and storage.
🏗️ One-Time Capital Costs Total: $1.5M
Contingency Reserve $1.0M
[#23] Emergency/contingency reserve for outbreak scaling and large payouts (one-time held reserve).
Equipment $335K
[#1, #5, #19, #17] ANTIBEN development (software/system) and deployment, DDoS/offensive capability setup, field agent physical equipment purchase, and one-time secure-comm tooling purchases.
Legal Setup Retainer $50K
[#10] Legal/policy and cover-story retainer and initial setup costs (one-time).
Initial Research And Lab Setup $40K
[#11] Honeypot/controlled community setup (servers, moderation tooling, forensic hooks).
Facilities $38K
[#4] Secure rack/multi-region secure hosting physical setup (one-time).
Decommissioning And Legal Cleanup $30K
[#24] Decommissioning, secure data destruction, and legal cleanup (one-time).
Background Checks Initial $22K
[#18] One-time new-hire background checks / polygraphs (estimated per-staff initial checks).
🔄 Annual Recurring Costs Total: $1.7M/yr
Staff Wages $782K/yr
[#6, #7, #9, #12] Cybersecurity/SOC staffing (1.5 FTE equivalent), Level-2 twice-weekly checks (≈0.1 FTE), incident response/takedown team (2–4 FTEs), and digital forensics/research staff salaries.
Cover Story And Legal $600K/yr
[#10, #14, #15, #20, #21, #23] Ongoing legal retainers and PR/attribution operations, liaison/takedown specialist retainers and per-action fees, insurance/legal risk mitigation budget, and annual allocation to cover-up/compensation reserve.
Research And Monitoring $174K/yr
[#2, #3, #11, #12, #16, #22] Ongoing cloud compute for crawler/ML inference, bandwidth/scraping egress, honeypot operations, forensic tool licenses, data storage/logging retention, and audits/compliance.
Supplies And Consumables $56K/yr
[#17, #18, #19] Recurring secure-comms/service subscriptions, training and vetting refreshers, and minor recurring equipment replacements/consumables.
Facilities Maintenance $34K/yr
[#4, #19] Colocation/transit/rack hosting recurring costs and ongoing equipment maintenance/replacement.
Logistics And Transport $30K/yr
[#13] Field investigations and coordination with local law enforcement (travel, per-diem, logistics) per-year allocation.
Per Incident Ddos Costs $15K/yr
[#8] Expected annual spend for per-incident DDoS bandwidth/ephemeral instance usage (assumes small number of modest attacks/year).
Ddos Mitigation And Offensive Capacity $12K/yr
[#5] Recurring costs to maintain retained outbound capacity, scrubbing/mitigation services and tooling.
Takedown Per Action Fees $10K/yr
[#15] Per-action fees paid to takedown specialists/ISPs (annual expected allocation).
Cost Scenarios
📊 Baseline (baseline) $1.7M/yr
69.0% probability / year
Normal year with routine monitoring, occasional small incidents handled under budgeted operations.
routine_monitoring small_domestic_takedowns no simultaneous outbreaks
🚨 Minor Incident $1.8M/yr
25.0% probability / year +$80K vs baseline
One or a few modest incidents requiring takedown, a small field response, and limited hush/PR expenditures.
single_forum_manifestation small_DDoS_response limited_field_investigation
🚨 Major Breach $2.2M/yr
5.0% probability / year +$500K vs baseline
High-visibility or international case requiring multiple takedowns, heavier legal action, emergency hires/OT and significant payouts.
international_case multiple_simultaneous_manifestations large_cover_payments
🚨 Simultaneous Outbreak $2.9M/yr
1.0% probability / year +$1.2M vs baseline
Outbreak scenario: multiple simultaneous manifestations (near or at observed maximum), requiring large-scale emergency response, widespread honeypot deployment and large contingency drawdowns.
multiple_simultaneous_manifestations high_public_visibility international_scale_response
👥 Personnel 11 total
Role Count Notes
Cybersecurity / SOC 2 [#6, #17] 1 full-time sysadmin + 1 part-time SOC analyst; supports SOC operations and secure-comms tooling.
Incident Response / Takedown Specialists 3 [#9, #15, #13] Team performing digital takedowns, admin engagement, and coordination with local law enforcement; supported by retained specialists/ISPs.
Research Scientist / Analyst 3 [#12, #1, #11] Digital forensics and research staff analyzing manifestations, maintaining ANTIBEN models, and running honeypot experiments.
Level-2 Staff 1 [#7] Level-2 operator performing twice-weekly checks of ANTIBEN (≈0.1 FTE-equivalent workload).
Field Agents / Response Team 2 [#13, #19] Agents performing on-site investigations and evidence control; equipped with field laptops, vehicles and evidence kits.
📋 Confidence Notes
Analyst notes provide detailed line-item ranges allowing a reasonable estimate, but many values (incident frequency, per-incident payouts, and chosen contingency size) are highly variable. Probabilities and midpoints introduce further uncertainty.
← SCP-1714 ↑ All SCPs SCP-1716 →