Most scholars and policymakers claim that cyberspace favors the offense; a minority of scholars disagree. Sweeping claims about the offense-defense balance in cyberspace are misguided because the balance can be assessed only with respect to specific organizational skills and technologies. The balance is defined in dyadic terms, that is, the value less the costs of offensive operations and the value less the costs of defensive operations. The costs of cyber operations are shaped primarily by the organizational skills needed to create and manage complex information technology efficiently. The current success of offense results primarily from poor defensive management and the relatively simpler goals of offense; it can be very costly to exert precise physical effects using cyberweapons. An empirical analysis shows that the Stuxnet cyberattacks on Iran's nuclear facilities very likely cost the offense much more than the defense. The perceived benefits of both the Stuxnet offense and defense, moreover, were likely two orders of magnitude greater than the perceived costs, making it unlikely that decisionmakers focused on costs.

中文翻译：

---

什么是网络攻防平衡？概念、原因和评估

大多数学者和政策制定者声称网络空间有利于进攻；少数学者不同意。关于网络空间攻防平衡的笼统主张是错误的，因为这种平衡只能根据特定的组织技能和技术进行评估。平衡是用二元术语定义的，即价值减去进攻行动的成本和价值减去防御行动的成本。网络运营成本主要取决于有效创建和管理复杂信息技术所需的组织技能。目前进攻的成功主要是由于防守管理不善和进攻目标相对简单；使用网络武器施加精确的物理效果可能非常昂贵。一项实证分析表明，Stuxnet 对伊朗核设施的网络攻击很可能使进攻成本远高于防御成本。此外，Stuxnet 进攻和防御的感知收益可能比感知成本高两个数量级，因此决策者不太可能关注成本。