The Defender's Dilemma
The "Defender's Dilemma" describes how those protecting a system are at a strategic disadvantage against attackers who only need to exploit a single weakness. Defenders must secure every front while attackers pick the weakest point, illustrated through cybersecurity and military examples.
Background
- Mark Ferraz is a technologist and writer who previously worked at Google and other tech companies, known for essays on strategy, security, and system design.
- "The Defender's Dilemma" is an essay (published on Ferraz's personal site) that examines a recurring strategic problem: the party trying to defend or preserve something (a system, a market position, a norm) is usually at a structural disadvantage against an attacker who only needs to find one weak point, while the defender must protect everything.
- This concept builds on ideas from security engineering, game theory, and military strategy — notably the "offense-defense balance" — and applies them to areas like cybersecurity, startup competition, and political institutions.
- The piece argues that defenders often compound their disadvantage by over-optimizing for efficiency or past threats, making them brittle against novel attacks. It explores how to mitigate this bias, but concludes that the dilemma is fundamentally asymmetrical and cannot be fully solved.