SCP-2628 Keter ? low confidence
SCP-2628
Expected annual
$28.3M
One-time setup
$19.6M
Annual recurring
$25.9M
Personnel
39
Initial containment and capability buildout requires ~USD 19.63M one-time for secure facilities, buybacks, replacements and contingency; steady-state annual operations are ~USD 25.88M driven primarily by mass amnestic administration, forensic analysis, replacement/buyback programs and staffing.
🏗️ One-Time Capital Costs Total: $19.6M
Crisis Contingency Fund $10.0M
[#18] Reserve fund for large-scale propagation, emergency takedowns, rapid procurement or extraordinary interventions.
Civilian Replacement Program $3.5M
[#8] One-time procurement and logistics for replacement devices provided to known civilian users (baseline assumption: ~10k replacements).
Manufacturer Buybacks $1.8M
[#7] Initial coordination/subsidy payments to manufacturers to support recalls/buybacks (assumes moderate initial campaign).
Facilities $1.2M
[#1] Secure containment retrofit: structural work, EMP/EM shielding, physical access controls and secure vault space.
Legal Indemnity Pool One Time $1.0M
[#19] One-time establishment of legal defense/indemnity pool and escrow for settlements.
Patch Tool Development $800K
[#6] One-time development of removal/patch tools, QA and secure distribution mechanisms.
Initial Research And Lab Setup $500K
[#1, #12, #6] Air-gapped lab suites, initial research instruments, sandbox orchestration and lab-specific instrumentation.
Equipment $200K
[#1, #14, #11] Faraday cages, evidence handling hardware, write-blockers and other forensic/evidence equipment.
Honeynet Deployment $150K
[#10] Initial deployment of honeypots/honeynets and telemetry sensors.
Hpc Cluster $150K
[#12] One-time purchase of GPU/CPU sandbox cluster for dynamic analysis at scale.
Containment Simulation Setup $150K
[#28] One-time cost to model worst-case scenarios and build emergency playbooks / simulation infrastructure.
Sinkhole Infrastructure Setup $100K
[#2] One-time setup for sinkhole/C&C takeover servers, DNS/SSL configuration and colocation/rack setup.
Amnestic Inventory $50K
[#24] Initial secure procurement and storage setup for Class B amnestic inventory.
Secure Quarantine Shelving $30K
[#14] Secure storage/shelving setup for quarantined devices prior to destruction or analysis.
🔄 Annual Recurring Costs Total: $25.9M/yr
Class B Administration $15.0M/yr
[#9] Costs for Class B amnestic administration, medical staff and monitoring (baseline assumes ~10k known users × avg USD 1,500 per administration).
Forensic Imaging $2.5M/yr
[#11] Per-device forensic imaging and secure evidence storage (baseline imaging volume assumed).
Staff Wages $1.8M/yr
[#3] Salaries for reverse-engineering/malware analysis team (senior analysts, forensics specialists, support sysadmins).
Mtf Field Operations $1.0M/yr
[#4] Salaries, travel, vehicles, comms gear and tactical PPE for mobile task force operations (annualized).
Research And Monitoring $900K/yr
[#13, #25, #22] Long-term R&D, threat feeds, ML model maintenance and behavioral/social research contracts.
Cover Story And Legal $800K/yr
[#5, #15] Legal retainers, liaison officers, PR/cover-story expenditures and information-control work.
Outreach And Contact Tracing $740K/yr
[#16] Call center, case management, scheduling logistics and per-user administrative overhead for notifications.
Logistics And Transport $400K/yr
[#20, #16] Annual logistics budget for overseas ops, shipping replacement devices and contact-tracing logistics.
Honeynet Operations $360K/yr
[#10] Storage, retention and analyst costs for telemetry and honeynet operations.
Travel And Lodging $300K/yr
[#20] Annual travel budget for sending teams worldwide, lodging and per-operation logistics.
Social Harms Remediation $300K/yr
[#27] Counseling, reintegration programs and program budgets to address secondary social harms.
Manufacturer Buyback Ongoing $250K/yr
[#7] Ongoing coordination/subsidies for manufacturer recall programs until eradication.
Sinkhole Infrastructure Bandwidth $240K/yr
[#2] Ongoing bandwidth, colocation, DDoS mitigation and DNS/SSL management for sinkholing and C&C takeover.
Insurance Premiums $200K/yr
[#19] Annual insurance premiums and ongoing legal indemnity contributions.
Amnestic Storage And Replenishment $200K/yr
[#24] Ongoing replenishment, secure storage and controlled dispensing logistics for Class B agents.
It Asset Replacement $200K/yr
[#26] Replacement/hardening of Foundation IT assets that become infected during operations.
Patch Tool Maintenance $150K/yr
[#6] Ongoing maintenance and QA for removal tools, signed updates and distribution mechanisms.
Device Disposal $150K/yr
[#14] Recurring secure destruction / e-waste disposal fees per device.
Facilities Maintenance $100K/yr
[#1] Ongoing maintenance of containment facility, EM shielding upkeep and utilities for secure labs.
Training Exercises $100K/yr
[#17] Regular tabletop and field exercises for takedowns and incident response.
Hpc Operations $60K/yr
[#12] Electricity, maintenance and administration for dynamic-analysis cluster.
Software Distribution $60K/yr
[#23] Platform fees and per-device distribution overhead for pushing cleaners/updates.
Network Monitoring Agreements $50K/yr
[#21] Paid arrangements for packet capture, BGP coordination and monitoring with ISPs/backbone providers.
Containment Simulation Updates $20K/yr
[#28] Annual updates to worst-case modeling and playbooks.
Supplies And Consumables $0/yr
[]
Cost Scenarios
📊 Baseline (baseline) $25.9M/yr
75.0% probability / year
Normal year with ongoing containment, analysis, administration and modest replacement/buyback activity (no major breaches).
routine_containment steady_investigation_load
🚨 Minor Incident $27.9M/yr
20.0% probability / year +$2.0M vs baseline
Localized propagation spike or several C2 takeovers requiring expedited takedowns, additional legal ops and a targeted recall/replacement batch.
localized_outbreak additional_c2_takeovers targeted_recall
🚨 Major Breach $65.9M/yr
5.0% probability / year +$40.0M vs baseline
Internet-scale propagation, public exposure and mass replacement/recall program with substantial legal and contingency drawdowns.
internet_scale_propagation mass_media_exposure failed_containment
👥 Personnel 39 total
Role Count Notes
Research Scientist / Malware Analyst 12 [#3] Senior malware analysts, reverse engineers and forensic specialists (24/7 coverage).
Security Officer / MTF Agent 8 [#4] Mobile task force personnel for takedowns, seizures and onsite containment.
Sysadmin / DevOps 3 [#2, #3] Infrastructure ops for sinkholes, hosting and CI/CD for patch deployment.
Legal / Liaison Officer 2 [#5] Cyber-law retainer contacts and liaison staff for ISP/foreign coordination.
Medical Officer 4 [#9, #24] Clinicians and nursing staff for Class B administration and monitoring.
Administrative Staff / Call Center Operator 10 [#16] Outreach, notification, scheduling and case-management personnel.
📋 Confidence Notes
Estimates assume a baseline known-exposed population of ~10,000 devices and moderate containment posture; many line items scale linearly with infected-device counts and per-operation variability is large, so totals are uncertain and could be an order of magnitude different for internet-scale infections.
← SCP-2627 ↑ All SCPs SCP-2629 →