Counting advantages: How defenders can gain primacy in cybersecurity domain


The current prevalent notion about cybersecurity is that the attackers hold a high ground and they have a lot of advantages. However, many experts and studies on cybersecurity are now focusing on how the advantages of the offenders can really be transformed into defensive superiority.

Some experts also believe that the offenders cannot generate superiority at all because the cyber terrain, unlike other physical terrains, is changing all the time and in order to gain a real superiority you need it to be static.

The fact that defenders can change the terrain owing to its malleable characteristics means that they can remove networks and do a lot many things, thus translating their ownership into hold and control. Also, defenders are much more familiar with the computer systems and the network than any other person.

Any of these advantages—the ownership of the terrain, the ability to change it (to remove, to stop, or to do anything you want) and the familiarity with the systems—can be used to regain some primacy for defenders. However, this is only a theory and the pertinent question to ask is how to implement it practically in order to convert these advantages into a cyber primacy?

The answer to this question could be Continuous Terrain Remodeling (CTR). It simply means that everything which could and should be done in order to constantly and continuously change, seize, remodel and reshape everything in your networks. It gives a definite advantage to defenders as the changing communication between networks does not allow the attackers to hold the terrain for a long time. If the communication is changed all the time, an attacker may penetrate and take the information but won’t be able to control it from outside.

CTR basically comprises two main aspects: technological and process management. The technological aspect includes Memory Technology Device (MTD) concept, which allows defense of moving targets. It allows a defender to move the target all the time so that the offender is not able to get hold of something. However, technologies alone are not enough to achieve the desired goal. It is the process management, the second aspect of CTR, which can decide where to deploy the technology, which technology to use, in which networks, how to control it, and how not to be trivial in preventing these technologies falling into the hands of the offender who may easily be able to identify and control it from outside.

However, before implementing any CTR technologies, we have to deal with the problems of scalability and maintaining enough stability in our systems while using such technologies. We also need to address the issue of how customers can use such technologies on their networks that are changing all the time.

The problem of IT managers is that they pursue the same objective as offenders’, i.e, they want the network to be stable all the time. But there is a need for a paradigm shift to understand that the networks should be changed continuously to gain an advantage over attackers.

Also Read: Cyber threats are induced with heterogeneous and complex technologies

There is also the need to understand that the only advantage that the defenders have is the ownership of the terrain and their ability to use CTR in order to gain some primacy. And it should not be ignored at any cost.