In cyberwar, having a good offense is not the same as having a good defense. It is much more dangerous. The current call to cyber-arms permeating Washington is a serious problem. The purveyors of cyber-offense and "active defense" seem to not understand the role that proactive defense through security engineering can play in averting cyberwar.

Cyber-information systems control many important aspects of modern society, from power grids, to transportation systems, to essential financial services. They sample air quality, spy on people, track movement of fissile materials, enable remote-controlled bombing, manage hardware and software supply chains, facilitate billions of dollars in fraud each year, form the core of massive botnets that can take giant corporations offline, predict weather events, and allow split-second financial trades that move world markets. Our dependence on these systems and their inherent complexity and interrelated nature is not well-understood by the "non-geeks" who make both policy and business decisions. This makes for a real and present danger of cyber-exploit. That's because a majority of these essential systems are riddled with security vulnerabilities.

As such, our reliance on these vulnerable systems is a major factor making cyberwar inevitable. The cyber-environment is target-rich and easy to attack, and even weak actors can have a major asymmetric impact. Billions invested in detective and reactive controls do not seem to have measurably