Offense-defense balance in cyberspace: a proposed model
Loading...
Authors
Malone, Patrick J.
Subjects
Offense
Defense
Cyberspace
Cyberattack
Cyberdefense
Estonia
Stuxnet
offense-defense balance
Defense
Cyberspace
Cyberattack
Cyberdefense
Estonia
Stuxnet
offense-defense balance
Advisors
Denning, Dorothy
Date of Issue
2016-12
Date
Dec-12
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The offense-defense balance is an indicator of the conflict dynamic in a system. Cyberspace is a domain where offense-defense costs are clearer than in the physical world. While there have been numerous comments about the current balance there has not been a study conducted. In this thesis, I use a heuristic model to show what the current theoretical balance point is, and what it was for two different case studies, Estonia in 2007 and Stuxnet. Based on the data, the cost of one dollar by the attacker spent on offense, the defender spends $1.32. When looked at from an aggregate perspective, using the data from the model, attackers to defenders, the disparity is significantly larger, with a one dollar to $131 cost ratio. The Estonia case study had a one dollar to $424 cost ratio, and Stuxnet had a one dollar to seven dollar ratio. This proposed model may provide a glimpse of what the current balance is for a specific system. Using this model, it may be possible to provide measures of effectiveness for modifications made to the system, which could help mitigate costs for cyber defenders.
Type
Thesis
Description
Series/Report No
Department
Defense Analysis (DA)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.