[Dailydave] In Defense of Offense

Adam Shostack adam at shostack.org
Tue Sep 29 16:55:57 EDT 2015

On Mon, Sep 28, 2015 at 03:03:57PM +0000, Dave Aitel wrote:

| But one lesson from the week remains: The best defense in cyber is clearly an
| obviously unbeatable offense. Obama's successful Iranian and Chinese treaties
| both derive directly from decisive offensive cyber efforts. 

Dave, I found this a very surprising statement from you.  Can you
elaborate on what a decisive offensive looks like in cyberspace?

In the physical world, that would entail a collapse of physical or
moral capability to continue fighting.  (I'm following Boyd here, if
you disagree, feel free to ignore the morale end of the equation.)

For example, a decisive offensive might entail the destruction of the
last spitfires, or breaking the supply lines on which Napoleon

I could see an Aramco-style attack, disabling the computers of a
division being a massive technical setback, but recoverable.  I could
see pwning the cvs server on which NSA stores Flame being a large
setback, and requiring rebuild of implant technology, but
recoverable. I have trouble seeing a decisive offensive, and more
trouble seeing one which has no visible "collateral damage" like the
lights being out in Maryland for a month.


Don't miss out on my news, which comes out roughly once a quarter.

More information about the Dailydave mailing list