Share these talks and lectures with your colleaguesInvite colleagues
Moving target defence: Economics and asymmetry
In cyberspace, warfare is asymmetric. It takes only a small army of well-trained hackers to inflict major damage on a much larger adversary. Ironically, the inequity stems from standardisation. When bad actors find a vulnerability in a popular application or operating system, they can exploit it on millions of systems, yielding exponential reward for linear effort. The hacker’s advantage, then, is economic rather than technical. Unless and until we reverse this dynamic, the adversary will have the advantage. Moving target defence (MTD), also called polymorphic defence, has the potential to diminish the enemy’s asymmetric advantage. This paper surveys the major MTD technologies currently on the market and under development, with special attention to dynamic runtime environments. In particular, it explores how each technology might reverse, or at least mitigate, the economic leverage the enemy now exerts when discovering and exploiting vulnerabilities.
The full article is available to institutions that have subscribed to the journal.
Don Maclean is Chief Cyber Security Technologist for DLT and formulates and executes cyber security portfolio strategy, speaks and writes on security topics, and socialises his company’s cyber security portfolio. He has nearly 30 years’ experience working with US federal agencies. Before joining DLT in 2015, he managed security programmes for numerous US federal clients, including DOJ, DOL, FAA, FBI and the Treasury Department. This experience allowed him to work closely with the NIST Risk Management Framework featured in this paper, and to understand its strengths and weaknesses. In addition to CISSP, PMP, CEH and CCSK certificates, he holds a BA in music from Oberlin College and Conservatory, an MS in information security from Brandeis Rabb School, and is nearing completion of his second Bachelor’s in mathematics. An avid musician, he organises a concert for charity every year, and has been known to compete in chess and Shogi (Japanese chess) tournaments, both in person and online.