Growing up, a lot of my sci-fi reading focused on old classic works by Asimov, Clarke, Heinlein, Campbell, Pohl, etc. For some reason, I missed the 80′s almost completely. Specifically, I missed Ender’s Game until just this past month. So, I’ve been catching up. As of tonight, I’ve just finished “Ender’s Shadow”. My thoughts on the book (and series) overall are beyond the scope of this blog, but there was a series of passages early on that I think resonate closely with my last post here, and with my overall feeling that we need a real strategy for changing the odds on the cyber security playing field altogether instead of just building up defenses linearly. Let me know if you agree?
“He could come from anywhere – from anywhere all at once. So we run into the classic problem of defense, cubed. The farther out you deploy your defenses, the more of them you have to have, and if your resources are limited, you soon have more fortifications than you can man. What good are based on moons, Jupiter, or Saturn, or Neptune, when the enemy doesn’t even have to come in on the plane of the ecliptic? He can bypass all our fortifications. The way Nimitz and MacArthur used two-dimensional island-hopping against the defense in depth of the Japanese in WWII. Only our enemy can work in three dimensions. Therefore we cannot possibly maintain defense in depth..”
“So even if we intercept 99 of 100 attacking squadrons, he only has to get one squadron through to cause terrible destruction. We saw how much territory a single ship could scour when they first showed up. Get ten ships to us for a single day, and if they spread us out enough, they’d have a lot more than a day and they would wipe out our most important centers. “
“I don’t think there is a solution. There is no point in trying to defend at all. So the only strategy that makes any sense at all is an all-out attack.”
I’ll let you all think through the implications of these passages and get back to me.
On another, related, topic, I have a question: A lot of us are quick to reference Sun Tzu’s Art of War in cyber security, but I havent seen (or havent recognized – I might just be ignorant here) many attempts to use known historic, strategic war/battle thinkers in our industry much beyond Sun. Is there anything else – or anyone else – we should be looking at from a classic “war” perspective that we’re not already? Who? Why? Who/What am I missing? Is it relevant to ask?