Saturday, May 14, 2011

Game theory demands more than just defense

Friday's WSJ story [p.A5] on the White House "bipartisan" effort to pass a cybersecurity bill needs the proper metaphor. Given the vitriol and strong emotion against Sony in the last little while, the best metaphor that should be applied is game theory. Simply put, to focus absolutely on defense is to guarantee you'll lose. There's no deterrent. No real incentive for the invading team to hold back resources for protection of their own home base. True, it takes a three-to-two attacker-to-defender ratio to generally assure victory, but good defense is not sufficient to win the game. Because you don't win unless you actually attack the enemy. Unless, like a Washington politician, you declare that your testicles pummeled the attacker's feet until they were bloody stumps on which the enemy could no longer walk.

So my simple question on this glorious Saturday just before I take off on a 58-mile bicycle ride that climbs 3300 vertical feet over four mountains is, "When the heck are the geniuses in Washington going to wake up?"

POSTSCRIPT:  Here is the 58-mile elevation profile of today's bicycle ride. We beat each other up rather badly, and hit heavy rain all the way from the tallest peak until we got home. I had a lot of time to think about cyber warfare. At about mile 24 we even rode by the future site of America's cyber warfare defense facility. I remember thinking to myself, "Man, I hope they can work on some offensive capability there, too!"
During the ride, I remembered what guru Peter Drucker once wrote in his seminal book on Management (I'm paraphraising what I remember, since I read this book 38 years ago and cant seem to Google the exact quote): "It cannot be part of your business strategy that your people will always be smarter than those of the competition. That strategy will inevitably fail." I now change that just a little, but it still rings true: "It cannot be part of your strategy that you will succeed by only playing defense, because the enemy needs to destroy that defense just once."

Come on, team! We need government-level resources applied to crafting…The Perfect Virus. I've even suggested who could run the project.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?