For IR scholars writing on offense/defense balance, SolarWinds has major points:

1) One good/great team hacked one company and gained access to thousands of others including *extremely* hard targets. If you measure o/d by dollars or resources spent, take notice...
2) Comp science literature exhaustively discusses at least 12 reasons why attackers have the advantage. EG, this classic paper on monocultures: https://cryptome.org/cyberinsecurity.htm

Be sure to cite this literature & not just IR journals
3) It is possible (want to workshop this) the current Internet dynamics creates overall conditions of attacker advantage but that that plays out different in specific engagements. This condition can change over time.

This might reconcile the two views...
4) Consider the lived experience of cyber practitioners. Yes, as IR scholars the idea is that your tools give you deeper insights. But find ways to listen to that experience (which is generally our getting pwned year after year for decades) & include it
In short, regardless of which side of O/D balance you come down on, there's a lot to learn from SolarWinds & other massive Internet vulnerabilities and incidents
You can follow @Jason_Healey.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.