Offense-Defense Balance in Cyberspace: A Proposed Model

Abstract

The offense-defense balance is an indicator of the conflict dynamic in a system. Cyberspace is a domain where offense-defense costs are clearer than in the physical world. While there have been numerous comments about the current balance there has not been a study conducted. In this thesis, I use a heuristic model to show what the current theoretical balance point is, and what it was for two different case studies, Estonia in 2007 and Stuxnet. Based on the data, the cost of one dollar by the attacker spent on offense, the defender spends $1.32. When looked at from an aggregate perspective, using the data from the model, attackers to defenders, the disparity is significantly larger, with a one dollar to $131 cost ratio. The Estonia case study had a one dollar to $424 cost ratio and Stuxnet had a one dollar to seven dollar ratio. This proposed model may provide a glimpse of what the current balance is for a specific system. Using this model, it may be possible to provide measures of effectiveness for modifications made to the system, which could help mitigate costs for cyber defenders.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2012
Accession Number
ADA582367

Entities

People

  • Patrick J. Malone

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Anti-Virus Software
  • Application Software
  • Case Studies
  • Computer Crime
  • Computer Programming
  • Computers
  • Cyber Defense Techniques
  • Cyber Warfare
  • Cyberattacks
  • Cybersecurity
  • Cyberspace
  • Cyberspace Operations
  • Employment
  • Information Security
  • Intrusion Detection
  • Network Protocols
  • Personnel Management

Readers

  • Computational Modeling and Simulation
  • Game Theory.
  • Government Contracting/Procurement.

Technology Areas

  • Cyber
  • Cyber - Legality in Cyberspace