Is the best defense a strong offense in cybersecurity?

Summary: The US government appears to assume that — as with nuclear war — “the best defense is a strong offense” Cybersecurity expert Emilio Iasiello asks if this makes sense with cybersecurity, given the difficulty of identifying the attacker (attribution) and striking back at them (often amorphous non-state actors).


Complacency in Cyberspace May Be Our Biggest Vulnerability

By Emilio Iasiello
Posted at Dead Drop (of the LookingGlass Cyber Threat Intelligence Group)
2 December 2015. Posted with his gracious permission.

The volume of cyber incidents that have impacted the United States has caused more than just economic damage, it has become so mainstream that it has become a daily reality and accepted course of action.  A recent article posed the question if advanced persistent threat activity – a sloppy term that refers to suspected nation state or nation state-sponsored cyber operations – has become the new normal.  The sheer volume and magnitude of cyber espionage activity attributed to these groups has escalated to such a degree that they are ceasing to instill the same concern as they did just a few years earlier.

The problem is that the frequency of these events, the escalating damages and data stolen, and the lack of the perpetrators suffering any real consequences is causing calls to improve cyber security procedures to fall on deaf ears.

Instead of focusing on trying to actually improve security, which means having dedicated professionals engaged in daily activities of mitigating cyber threats, we seek to develop advanced cyber weaponry and instill a cadre of “cyber warriors” to take care of the bad guys.  There seems to be growing support for this hacking-back approach as part of a cyber war pre-emption plan to bolster our cyber defenses.  The idea is that while it is generally believed that the United States has advanced cyber weapons, until they are actually deployed, their deterrence value won’t be realized.  In other words, when a bully sees how hard we punch, he may move on to someone else.

However, such an approach, while aspirational, is actually limited.  The diverse threat actor landscape consists of various levels and numbers of state and non-state actors. And while it may make sense on a political level to go after those individuals who conduct high-profile attacks that steal millions of dollars or puts millions of personal identifiable data at risk, improved cyber weaponry at the national level cannot be leveraged by most organizations and individuals.

Read more


Will we repeat our mistakes in the Middle East & lose, or play defense & win?

Summary:  The West’s post-9/11 wars in the Middle East have run down, but our involvement in Syria’s civil war and the attacks by radical Islamists in American — and the far larger Paris attacks — have begun a new phase in this clash of civilizations. Before we attack, repeating the mistakes of the past 15 years, let’s consider an alternative strategy: play defense, and win.

Nike, goddess of victory
Goddess of Victory. Emanuel Lakozas at DeviantArt.



  1. A hegemon’s dilemma.
  2. How to eat soup with a knife?
  3. Who is attacking? Who is defending?
  4. Our response: attack!
  5. A better way: defend.
  6. Other posts in this series.
  7. For more information.

(1)  A hegemon’s dilemma

In chess, a zugzwang means that you believe that all moves weaken your position. It often results from a lack of imagination, an inability to break free from one’s patterns of perception and analysis.

Hegemons often see themselves as in a zugwang, where change itself threatens to their status as #1. For example, Britain responded poorly to Germany’s aggressive aspirations in the decades before WWI, rather than seeking to integrate them into a growing and prosperous multi-polar 20th century.

America’s major 21st century challenge might be cultural as well as geopolitical, as fundamentalist Islam challenges not just American dominance in the Middle East but the West’s cultural supremacy. We’ve reacted to the resulting insurgencies by waging war — treating fundamentalist Islam as an evil ideology, like the NAZI’s. With the usual perversity of events, we’ve succeeded only in toppling secular regimes (Afghanistan, Iraq, Libya, and perhaps Syria), who are replaced by Islamic regimes) — and setting the region afire.

To find a better solution let’s look at T. E. Lawrence’s Seven Pillars of Wisdom (1922), a handbook for insurgents written during the Arab Revolt of WWI.

“The Turks were stupid; the Germans behind them dogmatical. They would believe that rebellion was absolute, like war, and deal with it on the analogy of war. Analogy in human things was fudge, anyhow; and war upon rebellion was messy and slow, like eating soup with a knife.”

We have been “stupid and dogmatical” in our wars since 9/11, dealing with these insurgencies “on the analogy of war.” We are like the pitiful fool “eating soup with a knife”, spilling most of each attempt.

Does America have so few strategic options that we must, in effect, attempt to eat soup with a knife? Lawrence wrote about his experience fighting with locals waging a successful insurgency. American hawks see it as advice for doing the opposite — fighting insurgencies in foreign lands.

The hawks ignore the simple truth of Lawrence’s insight: you cannot eat soup with a knife unless you first change the situation.

Read more

After Paris: will we think first, or just repeat what’s already failed?

Summary: The call goes out just as it did after 9/11: kill, kill, kill — more evidence that we’ve learned nothing from our expensive post-9/11 wars that have set the Middle East aflame. So we’ll double down on stupid, testing to see if our great power can overcome our blindness, arrogance, and ignorance.  {1st of 2 posts today.}

River of Blood

First we begin with the myth-making, just like after 9/11, as in this by Zalmay Khalilzad (senior official in Bush Jr’s administration) in the National Interest

Under President Obama, America maintained robust policies on homeland security and counterterrorism, but adopted a passive and reactive approach to transforming the region. The administration withdrew from Iraq, provided minimal support to the opposition in Syria, and allowed safe havens to emerge after toppling the Qaddafi regime in Libya.

Khalilzad relies on our amnesia about recent history (much like Republicans blaming Obama for the slow response to Katrina). Bush signed the SOFA that ejected us from Iraq; Obama expanded our wars in Afghanistan, Yemen, and Syria; there was no support in the US for the massive intervention necessary to stabilize Libya after Gaddafi; etc.

On this foundation of fiction hawks build their case for a more intense and wider war. Some are coy about the specifics, as in this typically vague bluster from Mitt Romney: “Obama must wage war on the Islamic State, not merely harass it” — not saying what actions America must take.

Other voices are explicit: “We can’t stop the Islamic State with a ‘Desert Drizzle’“, David A. Deptula (General, USAF, retired; dean of the Mitchell Institute for Aerospace Studies), op-ed in USA Today.

“We have it within our capacity to destroy the Islamic State leading to the elimination of their sanctuary for terror. However, to do so will require moving beyond the current anemic, pinprick air strikes, to a robust, comprehensive use of airpower — not simply in support of indigenous allied ground forces, but as the key force in taking down the Islamic State.”

Read more

The Cult of the offense returns: why we’re losing the long war, & how to win

Summary: We cannot escape history. It offers lessons to guide us. It’s deployed as propaganda to mislead us. Successful strategy requires distinguishing between the two. Our long war, so far a series of defeats, provides examples of both. We can do better in the future if only we’d pay attention.

“As we shall show, defense is a stronger form of fighting than attack. … I am convinced that the superiority of the defensive (if rightly understood) is very great, far greater than appears at first sight.”
— Clausewitz’s On War, Book 1, Chapter 1.



  1. The Cult of the Offense Returns.
  2. The allure of a losing strategy.
  3. Learning from the Revolution.
  4. For More Information.
  5. Clausewitz gets the last word.


(1)  The Cult of the Offense Returns

A reader brought to my attention Nothing Less than Victory: Decisive Wars and the Lessons of History by the late scholar John David Lewis (2010). It’s an excellent example of history as political propaganda, of the kind Victor David Hanson deployed to build support for our defeats in Iraq and Afghanistan (e.g., Carnage and Culture: Landmark Battles in the Rise to Western Power). The genre uses cherry-picked examples overlaid with moralism, telling a story made convincing by lavish use of historical detail to tell one side of the story.

Lewis advocates unceasing belligerence to our foes, always attacking. It’s a commonplace in history, often leading to ruin. It’s become the geopolitical strategy of American neoconservatives, ignoring lessons from American history about the frequent superiority of defense over offense.

De l’audace, encore de l’audace, toujours de l’audace et la Patrie sera sauvée!” (Audacity, more audacity, always audacity and the Fatherland will be saved!)

— George Danton in a speech to the Assembly of France on 2 September 1792. He was the first President of the Committee of Public Safety. The radical Jacobins on the Committee took his advice, sent him to the guillotine for “leniency” to the enemies of the Revolution, and audaciously soaked the Revolution in blood — wrecking it.

Read more

The Best Defense Is a Strong Defense. Never Fight a Land War in Cyberspace.

Summary: Why defense experts obsess about the relative advantages of different military hardware (e.g., the A-10 vs the F-35), the US has unleashed the tools of cyberwar on Iran. We can expect more in the future, begun by friends and foes. So let’s learn the rules. Today Marcus Ranum explains the nature of attack and defense in cyberwar, and the advantages of each.  {@nd of 2 posts today.}

Cyber Warriors


My 2014 presentation “Never Fight a Land War in Cyberspace” compared key elements of warfare in the real world with warfare in cyberspace, exploring the interchangeability of tactics and strategy in those domains. I expected that “cyberwar” would have similar underlying principles as regular war, but found that “cyberwar” bears no resemblance to warfare at all — tactically or strategically. Of course it fits in the overall grand strategy of conflct and power, but our tendency to reason by analogy breaks down quickly here.

In this series I will lift some of the main themes from that presentation and give them the more detailed explanation they deserve.

I will use two terms as shorthand.

Cyberwar“, which I do not think is a real thing, as shorthand for “conflict in cyberspace” — which I consider real. This series continues my attempt to explain why “cyberwar” is not a useful concept; unfortunately, the term has taken on a life of its own. Caveat Emptor.

Topological warfare” as shorthand for the idea of warfare that is bound to a real-world existence. The real-world-ness of topological warfare is the basis for what we know as military strategy and tactics; it’s an environment in which armies have to eat and cannot move at light speed, etc. The topological nature of warfare deeply penetrates virtually all of our thinking about strategy and tactics.

“The Best Defense is a Strong Offense”

Read more

The US Army brings us back to the future, returning to WWI’s “cult of the offense”

Analogies are fudge, as TE Lawrence says.  Esp historical analogies, since every era is unique.  We use them anyway, mining the past for comparisons to help us better understand the present.  While analogies cannot be accurate (different times are incomparable), they can illustrate aspects of the present that we might otherwise overlook.

This sketch looks at one element of America’s grand strategy.   Like the great powers before WWI, we love the offense.   Pre-emptive warfare and fighting on foreign soil are the bread and milk of our military thinking.   Future generations might consider this daft, just as we consider daft the WWI “cult of the offense.”

America, today

Brilliant, charismatic figures like John Nagl take us back to the future.  As I explain in Nagl gives a profoundly wrong vision for the US military (22 June 2008), he gives us a clear and appealing vision, but one that is deadly wrong IMO.  Only a first rate mind could have conceived it something so attractive and yet destructive — like this (FM note:  this section was slightly expanded on 13 Feb):

In the twenty-first century, wars are not won when the enemy army is defeated on the battlefield; in fact, there may not be a uniformed enemy to fight at all. Instead, a war is only won when the conditions that spawned armed conflict have been changed.

… The soldiers who will win these wars require an ability not just to dominate land operations, but to change entire societies — and not all of those soldiers will wear uniforms, or work for the Department of Army.  The most important warriors of the current century may fight for the US Information Agency rather than the Department of Defense.

 Decisive results’ in the twenty-first century will come not when we wipe a piece of land clean of enemy forces, but when we protect its people and allow them to control their territory in a manner consistent with the norms of the civilised world. Thus victory in Iraq and Afghanistan will come when those nations enjoy governments that meet the basic needs and garner the support of all of their peoples.

John Nagl (Lieutenant Colonel, US Army, retired), in his review of Brian McAllister Linn’s book, The Echo of Battle – The Army’s Way of War, RUSI Journal (April 2008).  Note:  the link to his review is at the Small Wars Journal, posted courtesy of the RUSI Journal.

This is the core theme of counter-insurgency theory, COIN.  FM 3-24 is its handbook, showing how to use social science terminology and analytical frameworks to manipulate foreign societies. This will likely fail on several levels, as the goal of  ending the “conditions that spawned armed conflicts” is beyond our means (we can “change” conditions, just not consistently for the better).

Read more