In cyberspace, the game is rigged; a tiny group of elite “commandos” can easily inflict major damage on big, heavily defended targets. Their advantage has two major causes: system standardization, and a defensive trap I call the Maginot Mentality. This paper will be primarily focused on the second, while touching briefly upon the first.
In general, standardization is good, both for cybersecurity and general system administration. It facilitates deployment, patching, incident response, and other aspects of system administration. However, when a bad actor finds a vulnerability in a standard system, the exploit works on every instance of that system, from applications to operating systems.
Researchers and practitioners of cybersecurity have recognized this problem, leading to the development of moving target defense (MTD). The MTD mentality prizes agility over impregnability and seeks to avoid the security problems of standardization, a concept I would have considered an anathema not so long ago.