And he had a helmet of brass upon his head, and he was armed with a coat of mail…greaves of brass upon his legs, and a target of brass between his shoulders… [And David] took thence a stone, and slang it, and smote the Philistine in his forehead…and he fell upon his face to the earth.

—1 Samuel 17

Some 3,000 years ago, Goliath took the field of battle securely armed and prepared for hand-to-hand combat. He then fell victim to perhaps the world's most famous remote attacker. David exploited an advantage in striking distance to strike one of Goliath's few exposed vulnerabilities. And had he missed, David would have surely launched the other four stones he held before Goliath could have closed the distance to engage. As Malcolm Gladwell noted in his 2013 book David and Goliath: Underdogs, Misfits, and the Art of Battling Giants (Little, Brown and Company), it was not a fair fight. Goliath was at a disadvantage because he did not understand the asymmetry of the encounter.

To understand the success of computer attacks and the failure of computer security, you must move beyond thinking in terms of a specific event or security failure and understand the properties of the space. To read the news, you would think that every time a company divulges its customers' personal data, exposes sensitive internal e-mails, or loses the design to yet another advanced weapons system, that the compromise was inevitable. This attitude is lazy.

Warring technologies have historically ...