SCP-6474 Unknown ~ medium confidence
SCP-6474
Expected annual
$8.0M
One-time setup
$3.1M
Annual recurring
$7.8M
Personnel
28
One-time setup and hardening (SIEM, HSMs, WORM/archive, development, revalidation) are the dominant up-front costs (~$3.13M). Recurring costs are driven by staffing, contingency/reserve funds, and ongoing licensing/maintenance (~$7.78M/yr).
🏗️ One-Time Capital Costs Total: $3.1M
Archive Revalidation Project $850K
[#25] One-off archive revalidation sweep to re-hash/re-sign the archive and catalog historical edits (mid-range estimate).
Equipment $505K
[#5, #7, #9] HSM/PKI hardware and WORM/tape hardware and extra storage/compute servers for diffs/ML; one-time procurement and integration (mid-range).
Crawler Development $500K
[#3] One-time development of crawlers/diff engines and initial ML model development (mid-range).
Facilities $475K
[#8, #18] Secure vault/tape library construction and secure archive rooms/retrofits and secure printers; mid-range estimates for physical construction and room retrofitting.
Siem Procurement $375K
[#1] Enterprise SIEM + File-Integrity Monitoring procurement and integration (one-time).
Test Env Setup $250K
[#12] Controlled-test environment and red-team exercise facility/setup costs (one-time).
Training Content Dev $100K
[#14] One-time creation of training modules, SOP updates, and awareness materials.
Initial Research And Lab Setup $75K
[#10] Digital forensics lab equipment (imaging tools, forensic software) and initial lab buildout.
🔄 Annual Recurring Costs Total: $7.8M/yr
Staff Wages $3.2M/yr
[#4, #10, #11, #13, #19, #18] Ongoing staff costs: crawler/monitoring engineers, digital forensic analysts, forensics staffing, dedicated research team salaries, personnel time for self-review, records QA/archivists, and security guard payroll.
Contingency Reserve $2.8M/yr
[#24] Risk-scaled contingency / catastrophic-failure reserve and insurance budget (recurring allocation to maintain readiness).
Research And Monitoring $414K/yr
[#3, #9, #20] Ongoing engineering/ops for ML/diff systems, compute/storage ops for monitoring, and external cryptanalysis/technical audits.
Cover Story And Legal $360K/yr
[#15, #23] Legal retainer/records compliance and PR/readiness budgets for containment-related external narrative management (recurring retainer and readiness spend).
Incident Response Fund $300K/yr
[#16] Annual reserve for rapid-response team activities and emergency IT containment actions.
Facilities Maintenance $210K/yr
[#7, #8, #12] Annual storage & retrieval, air-gapped rotation/storage, and test-environment operational costs.
Software Licenses $175K/yr
[#21] DLP, ERM, diff/annotation tools licensing and vendor integrations (annual).
Siem License $125K/yr
[#2] Annual SIEM/File-Integrity Monitoring licensing, cloud ingestion and vendor support.
Psych Hr Support $125K/yr
[#17] Counseling services and insider-risk behavioral monitoring for affected staff.
Supplies And Consumables $60K/yr
[#22] Replacement tapes, drives, HSM maintenance parts, consumables and hardware refresh cycle (annual).
Training Refresher $50K/yr
[#14] Annual refresher training delivery and awareness campaigns.
Pki Hsm Maintenance $40K/yr
[#6] Ongoing PKI/HSM maintenance, key custodianship, rotations and audits.
Logistics And Transport $0/yr
[]
Cost Scenarios
📊 Baseline (baseline) $7.8M/yr
84.0% probability / year
Normal year with routine monitoring, no major incidents.
routine archive changes flagged and resolved no safety-critical alterations detected
🚨 Minor Incident $8.3M/yr
12.0% probability / year +$550K vs baseline
Isolated altered files discovered that require targeted response, forensics, and limited PR/legal work.
isolated but sensitive document alteration staff-reported anomalies requiring investigation
🚨 Major Incident $9.9M/yr
3.0% probability / year +$2.1M vs baseline
Widespread archival corruption or alteration of operational documents requiring large-scale revalidation and legal/PR response.
alteration of containment/operational orders widespread integrity failure across multiple archives
🚨 Catastrophic Breach $13.8M/yr
1.0% probability / year +$6.0M vs baseline
Safety-critical or public-exposure event driven by altered instructions, requiring emergency remediation, wide-scale replacement, and major contingency spending.
safety-critical instruction alteration public leak requiring large-scale containment and remediation
👥 Personnel 28 total
Role Count Notes
Security Officer / MTF Agent 4 [#18] Four guards to staff secure archive rooms and physical access control (per note: 4guards).
Research Scientist 5 [#11] Senior and mid-level researchers assigned to anomalous behavior research; headcount reflects portion of dedicated research team budget.
Research Assistant / Junior Researcher 6 [#11] Graduate-level and junior research staff supporting experiments, data labeling, and controlled tests.
Engineer / DevOps (Crawler) 3 [#3, #4] Engineers to run, tune, and maintain crawlers/diff engines and respond to monitoring alerts.
Digital Forensic Analyst 3 [#4, #10] Analysts to investigate flagged changes and perform technical forensics.
Records Archivist / QA 4 [#19] Archivists and QA staff to validate archives, re-sign documents, and handle disputes.
Administrative Staff 2 [#13, #15] Admin support for coordination, oversight, and records compliance tasks.
Medical Officer / Counselor 1 [#17] On-call or embedded counseling/HR representative for staff support and liaison with psych services.
📋 Confidence Notes
Analyst notes provide line-item ranges and clear mapping to technical and staffing needs, but uncertainty remains due to unknown frequency/severity of anomalous edits, possible overlap of vendor/tech integrations, and scope sensitivity (what documents can be affected). Mid-range estimates used where ranges were broad.
← SCP-6473 ↑ All SCPs SCP-6475 →