Re: In Defense of Offense

[Adam Shostack <adam () shostack org>]

On Mon, Sep 28, 2015 at 03:03:57PM +0000, Dave Aitel wrote:

| But one lesson from the week remains: The best defense in cyber is clearly an
| obviously unbeatable offense. Obama's successful Iranian and Chinese treaties
| both derive directly from decisive offensive cyber efforts. 
| 

Dave, I found this a very surprising statement from you.  Can you
elaborate on what a decisive offensive looks like in cyberspace?

In the physical world, that would entail a collapse of physical or
moral capability to continue fighting.  (I'm following Boyd here, if
you disagree, feel free to ignore the morale end of the equation.)

For example, a decisive offensive might entail the destruction of the
last spitfires, or breaking the supply lines on which Napoleon
relied.

I could see an Aramco-style attack, disabling the computers of a
division being a massive technical setback, but recoverable.  I could
see pwning the cvs server on which NSA stores Flame being a large
setback, and requiring rebuild of implant technology, but
recoverable. I have trouble seeing a decisive offensive, and more
trouble seeing one which has no visible "collateral damage" like the
lights being out in Maryland for a month.

Adam


-- 
Don't miss out on my news, which comes out roughly once a quarter.
http://adam.shostack.org/newthing.html

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave