From the thesis abstract: "The offense-defense balance is an indicator of the conflict dynamic in a system. Cyberspace is a domain where offense-defense costs are clearer than in the physical world. While there have been numerous comments about the current balance there has not been a study conducted. In this thesis, I use a heuristic model to show what the current theoretical balance point is, and what it was for two different case studies, Estonia in 2007 and Stuxnet. Based on the data, the cost of one dollar by the attacker spent on offense, the defender spends $1.32. When looked at from an aggregate perspective, using the data from the model, attackers to defenders, the disparity is significantly larger, with a one dollar to $131 cost ratio. The Estonia case study had a one dollar to $424 cost ratio, and Stuxnet had a one dollar to seven dollar ratio. This proposed model may provide a glimpse of what the current balance is for a specific system. Using this model, it may be possible to provide measures of effectiveness for modifications made to the system, which could help mitigate costs for cyber defenders."
Naval Postgraduate School, Dudley Knox Library: http://www.nps.edu/Library/index.aspx