<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle">P {
        MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
</head>
<body fPStyle="1" ocsi="0">
<div style="direction: ltr;font-family: Century Gothic;color: #000000;font-size: 10pt;">
<p>My take on what Dave is saying is that things like reliable exploits, malicious scripts, etc are not cyber weapons per se, not any more than a bullet is a weapon. It is only when the bullet becomes part of a "system-with-intent", does it become "weaponized".
</p>
<p> </p>
<p>I think I see the difference, and when you look at things from that level of abstraction, threats and how you mitigate appear differently. Example: countering the institutional actor (e.g. the "system-with-intent" in this case) will yield better degradation
and denial response than merely detecting and armoring yourself from any "bullets" being fired.
</p>
<p> </p>
<p>However, this begs the question, what do you do when your institutional adversary is not a Swedish Server Farm, but a state actor not easily degraded?</p>
<p> </p>
<p>Perhaps an over-simplification, but I couldn't resist chiming in.</p>
<p> </p>
<p>D.</p>
<p> </p>
<p> </p>
</div>
</body>
</html>