Moving Target Techniques: Cyber Resilience through Randomization, Diversity, and Dynamism

Overview: The static nature of computer systems makes them vulnerable to cyber attacks. Consider a situation where an attacker wants to compromise a remote system running a specific application. The attacker need only find one vulnerability in a local copy of that application. Since all copies of that application are identical and static, the attacker can leverage that vulnerability to exploit the application on a remote machine. Worse yet, the same vulnerability can be exploited to attack thousands or millions of other machines that run the same application. Also, since the internals of the system changes little over time, the same attack is likely to succeed for a long time. The situation is exacerbated by the fact that any reconnaissance information collected on the system by the attackers will also be valid for a long time. This creates an imbalance in favor of attacks.