ICIT Fellow Perspective - Moving Target Defense: “Staying Ahead of the Enemy”

Essay Authored by Don Maclean, ICIT Fellow and Chief Cyber Security Technologist, DLT

In cyberspace, the game is rigged; a tiny group of elite “commandos” can easily inflict major damage on big, heavily defended targets. Their advantage has two major causes: system standardization, and a defensive trap I call the Maginot Mentality. This paper will be primarily focused on the second, while touching briefly upon the first. In general, standardization is good, both for cybersecurity and general system administration. It facilitates deployment, patching, incident response, and other aspects of system administration. However, when a bad actor finds a vulnerability in a standard system, the exploit works on every instance of that system, from applications to operating systems. Researchers and practitioners of cybersecurity have recognized this problem, leading to the development of moving target defense (MTD). The MTD mentality prizes agility over impregnability and seeks to avoid the security problems of standardization, a concept I would have considered an anathema not so long ago. MTD also seeks to eliminate the attacker’s economic advantage by ensuring that if a bad actor compromises one system, the resources they have expended will not apply to the next. Instead, attackers must continually re-create the wheel to attack multiple systems and each exploit has no value on the black market since it is not generically usable. This paper will look at the most recent developments in the arena of moving target defense, ranging from approaches that exist only in theory to commercially available products. The goals are to:

• Define key terms and provide a broad taxonomy of MTD

• Specify a set of evaluation criteria to assess current MTD technologies

• Enumerate and assess MTD technologies using these criteria

Download the Full Essay