Hacking Cybersecurity Technology Innovation

Static vs. Dynamic Defense

John Ellingson
John Ellingson
a lock with keyhole on top of a radar image

The term “defense” evokes images like walls, moats, barriers, and shields. Maybe it is because for centuries there have been stationary targets to defend, and static defenses were built to defend them. It was the ground “we stood on” that was defended. Slogans like “Stand your ground” became part of the lexicon. Why is an ancient physical static defense strategy that resulted in the construction of the Great Wall of China being deployed to defeat the 21st Century dynamic digital attacks of on information systems?

When it came time to defend the emerging digital environment, concepts from the physical world were the status quo and were carried over into the digital environment. That status quo is a static defense.

 

Think for a moment: how fast is the brick that is used to build a wall? How fast is the electron that defends the digital environment? Even the fastest missile only moves at thousands of miles per hour. An electron moves at 186,000 miles a second! The attackers in the digital environment are much more agile and can change their tactics in microseconds. The defenders on the digital battlefield must move even faster in order to prevail.

A static defense, regardless of how strong, cannot prevail against an attacker whose agility and speed are orders of magnitude faster.

 

There is no better example of this than in the password/credential defense tactics deployed today. The status quo is still to employ stronger passwords, encryption keys, and credentials. Attackers simply ignore this tactic and instead use an agile approach to steal an existing key, no matter how strong, and log into the target rather than attempting a frontal static attack to break in.

Making static defenses “stronger” will not defeat this kind of attack. Being faster and more agile than the attacker is the only way to prevail. To defeat an attacker that is going to steal a password, encryption key, or credential, defenses must shift dynamically so that if (and when) security tools are stolen, they will not benefit the attacker. The challenge with this strategy is to create a dynamic defense without burdening ongoing operations.

Why has it taken so long to move from a static cyber defense to a dynamic cyber defense? The team at QWERX has analyzed that challenge and solved it with a simple answer. We would be delighted to demonstrate our patented dynamic defense solution for you.
John Ellingson

John Ellingson

Follow me on LinkedIn Follow me on LinkedIn

John Ellingson is the Chief Technology Officer at QWERX. John started his digital career with the Boeing Company working on the 747 aircraft in the late 1960s. He became a computer-literate attorney performing what is today known as forensic accounting. As the founding chairman of the ABA/YLD Subcommittee on Tax Treatment in Bankruptcy, John worked with the Congressional Joint Tax Committee to create the Internal Revenue Code Provision enabling the tax-free merger and acquisition of debtor corporations. This law became part of the Bankruptcy Tax Act of 1980. John had a national M&A practice in this area and obtained the first IRS Private Letter Ruling on this Code section. As a result of this practice, he observed a frequent element of white-collar crime in many bankruptcy cases, and he subsequently developed and patented a method to detect identity fraud. The product derived from that patent is still deployed at most retail banks throughout the U.S. today. This success started John on a path of protecting digital systems and identity management. He continued in this role with American Operations Corporation and ASM Research before founding infOsci LLC and later QWERX, Inc. John holds numerous method patents in digital system security. John was appointed to the United States Air Force Academy and medically separated before graduation. He holds a Bachelor of Science degree from the University of Wisconsin and a Juris Doctor degree from Seattle University. For 20 years John served as a liaison officer with the United States Naval Academy and the United States Military Academy. He also served on the Service Academy Selection Boards for two U.S. Senators.

Leave a Comment