SCP-8976 — SCP-8976 | Cost Breakdown

Read on SCP Wiki ↗

SCP-8976 Unknown ? low confidence

SCP-8976

Expected annual

$5.3M

One-time setup

$6.6M

Annual recurring

$5.3M

Personnel

Initial one-time buildout and contingencies are ~6.56M USD driven by hardened facilities, quarantine hardware, containment software and large escalation reserves; ongoing annual operations are ~5.27M USD driven by specialized personnel, research operations, legal/PR and software/backup costs.

🏗️ One-Time Capital Costs Total: $6.6M

Large Scale Escalation Reserve $2.5M

[#27] Contingency for worst-case network-wide sanitization, mass recovery, contractor mobilization and potential settlements (heavy-tail reserve).

Equipment $1.9M

[#1, #3, #4, #9, #16, #21] Dedicated quarantine cluster hardware (racks, servers, storage controllers), WORM/persistent storage setup, network isolation hardware and kill-switches, CCTV/ALPR cameras, compute accelerators (GPUs), and forensic acquisition kits.

Initial Research And Lab Setup $930K

[#5, #6, #17] Custom containment software / sandbox development and initial monitoring/telemetry deployment plus initial synthetic dataset generation tooling and lab-oriented setup.

Data Replacement Reserve $500K

[#14] Reserve for recreating/correcting corrupted or consumed datasets and stakeholder compensation (conditional but held as one-time reserve).

Facilities $300K

[#2, #28] Secure data center/hardened room setup (RF shielding, biometric access, raised floors, fire suppression) and end-of-program decommissioning/secure disposal.

Emergency Hardware Stock $300K

[#11] Reserve stock for rapid replacement hardware, spare parts and contractor rebuilds (one-time contingency reserve).

Security Clearances Initial $60K

[#19] Initial bulk program vetting / background checks / polygraphs for core team (one-time program-level cost).

Public Incident One Time Response $50K

[#26] Per-incident public transparency / false-flag / major PR takedown emergency budget (one-time per major incident reserve).

Incident Response One Time Per Incident Fund $20K

[#12] One-time per-incident immediate-response budget (external forensics/legal mobilization per incident).

🔄 Annual Recurring Costs Total: $5.3M/yr

Staff Wages $2.1M/yr

[#7, #8, #9] Salaries and benefits for malware/infovore research team (senior engineers, reverse engineers, data scientists), 24/7 NOC/SOC rotation staffing and on-site security guards.

Research And Monitoring $1.2M/yr

[#15, #17] Ongoing research program and experiments budget (grants, compute time, experiment supplies) plus synthetic dataset maintenance / licensing.

Cover Story And Legal $825K/yr

[#13, #26] Legal/regulatory engagement, PR suppression, cover-story maintenance and ongoing public-transparency management; fines/exposure included as conditional risk.

Insurance And Cyber Risk Financing $262K/yr

[#24] Premiums for specialized liability and cyber insurance to cover breaches, data loss and third-party claims.

Incident Response Retainer $175K/yr

[#12] Annual retainer for external digital forensics, national CERT / law enforcement liaisons and emergency contractors.

Software Licenses And Support $165K/yr

[#20] Enterprise software licenses and vendor support (virtualization, OS, DBs, SIEM, sandbox tooling).

Facilities Maintenance $150K/yr

[#2, #10] Facility lease/maintenance and energy & cooling (power and HVAC for quarantine cluster).

Siem Licenses Ops $90K/yr

[#6] Ongoing SIEM/licensing, telemetry retention and SOC tooling support and subscription costs.

Audits And Certifications $85K/yr

[#18] Third-party audits, compliance and per-person certification renewals.

Compute Maintenance $55K/yr

[#16] Maintenance, warranty/lease and refresh costs for GPU/accelerator infrastructure.

Archival Storage And Legal Hold $55K/yr

[#25] Long-term high-reliability archival storage and legal-hold retention for evidence and experiment logs.

Logistics And Transport $50K/yr

[#12, #23] Logistics, secure transportation and incidental cross-jurisdiction coordination costs; communications-blackout opportunity costs are conditional and handled in scenarios.

Training Drills $45K/yr

[#22] Regular tabletop exercises, drills and incident coordination training.

Offsite Backup Rotation $30K/yr

[#3] Recurring cost for WORM/offsite rotation media, tape/SSD vault rotation and offsite storage logistics.

Security Clearance Renewals $10K/yr

[#19] Ongoing vetting costs for new hires and periodic rechecks.

Supplies And Consumables $0/yr

[]

Communications Blackout Reserve $0/yr

[#23] Conditional opportunity cost for SCIPNET service outages — treated as episodic scenario expense, not baseline recurring.

⚡ Cost Scenarios

📊 Baseline (baseline) $5.3M/yr

86.0% probability / year

Normal operational year with no major incidents; routine containment, monitoring and research activities only.

steady_state_operations no_significant_breach controlled_research_activity

🚨 Minor Incident $5.5M/yr

12.0% probability / year +$200K vs baseline

Localized data-consumption incident affecting a subset of quarantined nodes requiring targeted recovery and legal/PR response.

localized_data_consumption single-site_infection minor_hardware_replacement

🚨 Major Breach $7.8M/yr

2.0% probability / year +$2.5M vs baseline

Multi-node infection or cross-site contamination requiring broad sanitization, substantial rebuilds, partner compensation and significant legal exposure.

multi_node_sanitization partner_data_loss regulatory_exposure

👥 Personnel 19 total

Role	Count	Notes
Research Scientist / Cybersecurity Engineer	8	[#7] Senior cybersecurity engineers, reverse-engineers, data scientists and systems engineers forming the malware/infovore research team.
NOC/SOC Operator	5	[#8] 24/7 on-call operations staff for monitoring, alerts and containment actions (rotational coverage).
Security Officer / MTF Agent	5	[#9] Physical security guards for access control, CCTV monitoring and site protection.
Site Director / Executive Staff	1	[#7, #13] Program leadership / liaison for legal and executive decisions.

📋 Confidence Notes

Costs are low-confidence due to SCP-8976's unknown capabilities, heavy-tail escalation risks, and wide parameter ranges in analyst notes; many costs are conditional on breach characteristics and dataset scope.

← SCP-8975 ↑ All SCPs SCP-8977 →