2014 Information Dominance Essay Contest Second-Place Winner, Sponsored by HP
In the 16th century, renowned chess player Ruy López de Segura advised to “place the board so that the sun is in your opponent's eyes.” In cyberspace, why do we not position our “chessboard” accordingly? The Department of Defense’s current approach to cyber defense cedes the perpetual, strategic advantage to intruders, while significantly disadvantaging our own defenders. Our defense-in-depth methodology, when accurately, thoroughly, and consistently applied, can provide an arguably sufficient protection against most unsophisticated hackers and known exploit techniques, but it is an unsustainable strategy of attrition warfare against more advanced and persistent cyber actors. Even a well-instrumented, continuously monitored network with seasoned defenders who rapidly deploy countermeasures and mitigation tactics eventually will fail to repel the most knowledgeable attackers. This inevitable defeat occurs because calculating hackers take the time to study the static defense-in-depth architecture of their targets.