Contest success functions

In his foundational article on the subject, Jervis suggests that there are two ways to describe the relative ease of offense and defense.⁹ First, there is the relative efficacy of investments used to conduct attacks and investments used to defend against attacks. Second, there is the advantage that one gains by being the actor who moves first in a conflict.

Most subsequent analyses of the concept have focused on only the first of these two components. Glaser and Kaufman argue that the oft-ignored second component, ‘first-strike advantage,’ ought to be separated out as an analytically distinct concept.¹⁰ We accept this suggestion and place our focus on the efficacy of investments.

The offense-defense balance is then a partial characterization of the relationship between offensive investments, defensive investments, and attack outcomes. Before attempting to give the concept a more precise definition, we find it useful to first describe what a more complete characterization would entail.

Let A be a measure of a potential attacker’s investments. Let D be a measure of a potential defender’s investments. Let S be a measure of attack success. Then we can consider a function F(A,D) that describes, for any pair of investments, the degree of success that the attacker can expect to achieve. $E\left[S\right]=F\left(A,D\right)$

This function is a generalization of two-player contest success functions (CSFs) that economists sometimes use to study competition and conflict. We will therefore adopt the name.¹¹

There will typically be more than one plausible measure that can be used to describe the outcome of an attack. For instance, for an attempt to seize territory from another state, one might use the area of territory captured, the economic value of the territory captured, or simply a binary variable that represents whether or not the attack was a ‘success.’

Broadly, there are also three varieties of measures one can use to describe investments into a conflict. First, one can use a measure of the resources invested into the conflict. Second, one can use a measure of the capabilities invested into the conflict. Third, one can use a measure of the utility lost through investments into the conflict.

Consider the case of a ground invasion. The two actors’ investments could be measured in dollars spent, in Armored Division Equivalents (ADEs), or in the utility cost. As there are trade-offs associated with each, no measure is universally more useful than the others. For instance, utility lost is often the quantity most relevant to strategic analysis, but is hard to measure. By contrast, dollars spent is easier to measure, but may require additional assumptions to be theoretically relevant.

Metrics of the offense-defense balance

The most common metric for the relative efficacy of offensive and defensive investments is the minimum investment ratio that would allow the attacker to achieve a particular degree of success. One example of this approach is provided by Lynn-Jones:

Another example is provided by Glaser and Kaufman:

To extend these definitions to cover additional forms of conflict, such as cyberattacks, one can simply replace their conquest-specific language. Roughly, this is the approach taken by many authors who discuss the ‘cyber offense-defense balance.’¹⁴ One can also extend them to cover non-monetary measures of investment.

However, even with such modifications, these definitions are not sufficiently general. They contain strong implicit assumptions about the forms of the contest success functions that underlie conflict.

First, Lynn-Jones’ definition implies that there is some absolute investment ratio that is necessary and sufficient for victory. If $3 million in offensive investments is just enough to offset $1 million in defensive investments, then, given that the ratio is the same, it follows that $6 million must be just enough to offset $2 million. Glaser and Kaufman’s definition manages to avoid this assumption, by fixing the ratio to a particular level of investment made by the defender. Although they do not highlight this point, their definition transforms the offense-defense balance from a constant to a function of what the defender invests.

Both definitions also contain a second implicit assumption, that success is a binary variable and that investment levels produce success deterministically. While this may often be a useful simplifying assumption, there are also many cases where it is inappropriate. An attempt to disrupt another country’s infrastructure with cyberattacks, for instance, might be most naturally described in the language of uncertainty and degrees of success.

To remove this limitation, we offer the following metric as a generalization of these authors’ conceptions of the offense-defense balance. For a given contest success function F and threshold of expected success S*, we define the ratio-for-success R_S∗ as a function of the defender’s investments. $R_{S^{\ast }}(D)\equiv \frac{D}{min\{A:F(A,D)=S^{\ast }\}}$

This represents the ratio of the defender’s investment to the minimum offensive investment that would allow the attacker to secure some expected level of success. A larger value corresponds to an easier attack. Beyond a reversal of the numerator and denominator, the Glaser and Kaufman definition represents a special case of the ratio-for-success metric, for a binary CSF characterizing the success of a ground invasion and a success threshold set at certain success (S^∗ = 1).¹⁵

Ratio-for-success is not the only metric one can use to assess the relative efficacy of offensive and defensive investments. For instance, Van Evera notes that, in the context of conquest, another useful metric might be ‘the probability that a determined aggressor could conquer and subjugate a target state with comparable resources.’¹⁶

We introduce success-from-a-ratio as a generalization of this additional metric, to cover other varieties of attack, non-binary success functions, and various degrees of comparability. For a given contest success function F and investment ratio R^∗, success-from-a-ratio F_R∗ describes how well the attacker can be expected to do when the defender’s investment is R^∗ times its own. $F_{R^{\ast }}(D)\equiv F\left(\frac{1}{R^{\ast }}\ast D,D\right)$

We regard ratio-for-success and success-from-a-ratio as complementary metrics, describing closely related aspects of the offense-defense balance. Ratio-for-success answers the question: ‘What ratio of investments would allow the attacker to expect a certain level of success?’ Success-from-a-ratio answers the question: ‘How successful could the attacker expect to be if there was a certain ratio of investments?’

Background

In this case, an attacker attempts to move ground forces into a defender’s territory. Once inside, the attacker may attempt to pursue a number of possible objectives, such as conquest or liberation. The defender, in turn, attempts to prevent the attacker from successfully penetrating too deeply or from achieving its objective.

Both actors have a range of possible strategies to choose from. Analysis is simplest, though, if we make the assumption that the defender adopts a forward defense. This means that the defender places a large portion of its forces close to its border, with the aim of preventing the attacker from penetrating its territory to any significant depth. When the defender adopts a forward defense, the attacker must break through some section of the defensive line in order to advance.

It is widely held that defenders hold a natural advantage in combat. This advantage has a number of sources, including the fact that one is naturally more vulnerable when advancing than when remaining behind cover. Its practical significance is that the attacking force must typically achieve a much greater concentration at a single point to break through. A longstanding rule-of-thumb sets the necessary concentration ratio at 3-to-1.¹⁸

Although there are a number of ways an actor can make investments to improve its prospects for success, we will focus specifically on investments that increase the size of ground forces. We are interested in how scaling up the sizes of both ground forces will affect the attacker’s ability to break through.

The first analyst to consider this question in significant depth was Liddell Hart, who concluded that greater force levels could significantly benefit the defender.¹⁹ His argument was that there was some force-to-space ratio necessary to provide sufficiently unbroken coverage of a front. Below this force-to-space ratio, the attacker could easily break through by concentrating its forces along weak points or gaps in the defensive line. Other analysts, particularly Mearsheimer, later extended and popularized Hart’s work on the topic, often with a focus on estimating the size of the defensive force necessary to repel a Soviet invasion of NATO countries.²⁰

To our knowledge, Biddle et al. provide the most in-depth analysis of the role of force-to-space ratios in determining the outcomes of ground invasions.²¹ They present a complex model, involving several dozen parameters, which predicts that increasing force levels above a certain point will diminish the attacker’s ability to capture territory. On the other hand, increasing force levels will bolster the attacker’s ability to capture territory when force levels are sufficiently low. In our terminology, the model predicts OD-scaling.

To isolate the core mechanism behind this prediction, we now present a significantly simpler model of a ground invasion.

An idealized model

We consider a contest success function in which the output is the expected size of the ground force that is able to penetrate the defensive line. The inputs are the total sizes of the attacking and defending ground forces. Possible units include simple headcounts or Armored Division Equivalents (ADEs), which adjust for the quality of each force.

S ≡ Size of force that breaks through the defensive line

A ≡ Initial attacking force size

D ≡ Initial defensive force size

Our choice to use the size of the force that penetrates the defensive line as a measure of success reflects the view that, across a wide range of scenarios, it is a reasonable proxy for the attacker’s ability to achieve its objectives. Its ability to capture territory or to attack remaining defenders from the flanks and rear, for instance, will typically increase with S. In this case we treat the attacker as attempting to maximize the expected value of S and the defender as trying to minimize it.

We accept the standard assumption, discussed above, that the attacker must establish a greater local force concentration to break through. We also accept the standard assumption that there is a limit to how densely a force can fruitfully concentrate at a particular point. Beyond a certain concentration, combatants and vehicles will face risks from collateral damage to one another, increase the expected effectiveness of enemy artillery, and limit each other’s mobility.

Then, to produce an idealized model, we add four simplifying assumptions. First, we assume that breaking through at a given point requires complete attrition of the defender’s forces at that point and that each side’s losses grow linearly with the initial size of the other’s force. Second, we assume that points on the front are homogeneous: they do not vary in limits on force concentration, defensive advantage, or other such factors. Third, we assume that reinforcements do not arrive during battles. Fourth, we assume that the defender cannot anticipate where the attacker will strike and that, given this fact, both sides distribute their forces optimally.²²

We show in our appendix that a Nash equilibrium is for the defender to distribute its forces evenly across the points, while the attacker distributes its forces to achieve the maximum practical concentration at as many points as possible.

Let N be the number of points along the front where the attacker might strike. Let B be the force concentration ratio required to break through and M the maximum practical force concentration. Then, as shown in our appendix, the contest success function is given by the following expression: $E[S]=\sum _{i=1}^{N}max\left\{0,max\{0,min\{M,A-M\ast (i-1)\}\}-B\ast min\{M,\frac{D}{N}\}\right\}$

Figure 1 presents a graphical depiction of the function for a representative set of parameters. Figures 2 and 3 present the relevant scaling effects more clearly, by depicting success-from-a-ratio for an equal investment ratio and ratio-for-success for a threshold of one unit of penetration. Clearly, OD-scaling is observed.

How does the offense-defense balance scale?

All authors

Ben Garfinkel & Allan Dafoe

https://doi.org/10.1080/01402390.2019.1631810

Published online:

22 August 2019

Figure 1. The CSF for our idealized model. The chosen parameters correspond to 10 possible points of attack, a 2:1 force ratio requirement for achieving breakthrough, and force size units normalized to the maximum concentration level at each point.

Display full size

How does the offense-defense balance scale?

All authors

Ben Garfinkel & Allan Dafoe

https://doi.org/10.1080/01402390.2019.1631810

Published online:

22 August 2019

Figure 2. Success-from-a-ratio for our idealized model, for an equal investment ratio.Parameters same as above.

Display full size

How does the offense-defense balance scale?

All authors

Ben Garfinkel & Allan Dafoe

https://doi.org/10.1080/01402390.2019.1631810

Published online:

22 August 2019

Figure 3. Ratio-for-success for our idealized model, for a threshold of one unit. Parameters same as above.

Display full size

We can explain the basic mechanism responsible for OD-scaling in this case by focusing on success-from-a-ratio and considering what happens as investments increase. Initially, the attacker can use surprise to achieve much higher degrees of force concentration at a small number of points. These differences in concentration allow the attacker to break through the defender’s lines. For some time, higher force levels will also enable larger breakthroughs. However, given that space is finite, the defender will eventually begin to saturate the front by achieving close to the maximum concentration at a large number of points. This will place increasingly strict limits on how different the two actors’ patterns of concentration along the front can be. Since defense is also locally superior – in the sense that the defender has a natural edge in battles where concentrations are equal – the attacker’s capacity to break through must decline too.

In our appendix, we consider each of the assumptions used in this simple model in turn. We find that although they are highly idealized, it appears to be the case that reasonable adjustments to the assumptions, for instance to allow for reinforcement dynamics and a more realistic attrition law, do not challenge the basic mechanism described here. The more complex Biddle et al. model also arrives at the same conclusion.

Case study: Normandy landings

The Allied invasion of France in the Second World War provides a useful illustration of the dynamics discussed above. In this case, the Allied forces entered France from the sea rather than over land. However, this distinction does not imply any significant change to the abstract model.

First, it was the case that the Normandy landings depended heavily on the Allies’ ability to exploit superior force concentrations at the points where they landed.²³ They were able to achieve the necessary concentrations by creating uncertainty about their chosen landing points, including by running a protracted disinformation campaign, which forced the German military to spread its forces out between a larger number of plausible landing points. However, even with the benefit of a lopsided local force ratio, the inherent difficulty of amphibious landings caused the Allies to struggle and suffer several times greater casualties. In addition, despite being spread between five beaches and arriving in multiple waves, the Allies also appeared to be approaching the maximum useful levels of concentration – suffering from congestion issues, particularly, on Sword Beach.

A counterfactual version of the Normandy landings with much higher force levels on both sides could have allowed the German forces to more comfortably defend each of the landing sites they considered plausible. On the other hand, a counterfactual version with much lower force levels could have prevented the Allies from landing a large enough force to achieve their objectives on the mainland.

Background

A cyberattack is an attempt to exploit another actor’s computer systems. A cyberattack may be associated with a number of possible objectives, including stealing confidential information, disrupting the availability of a service, or damaging connected physical objects and infrastructure.

One particularly noteworthy class of cyberattacks involves the exploitation of zero days, or software vulnerabilities that are unknown to developers and users of the software. A wide range of political actors, including national governments and criminal organizations, are believed to stockpile knowledge of zero days for potential use in future offensive operations. For instance, the American/Israeli Stuxnet attack on the Iranian Natanz nuclear facility exploited four distinct zero days for the Windows operating system.²⁴

We can regard any party attempting to acquire zero days for a particular system as an attacker and the set of parties with an interest in patching vulnerabilities, collectively, as the defender. An attacker acquires a zero day, then, when it discovers a vulnerability that the defender has not.

Since both attackers and defenders benefit from discovering vulnerabilities, we can ask about the effect of scaling up their discovery capabilities. In fact, this question is far from hypothetical. We should want to know, for instance, whether ongoing projects to develop more effective vulnerability discovery tools are more likely to empower attackers or defenders.

Only a small literature has examined scaling effects. One relevant but inconclusive empirical debate considers whether publishing software source code – which is a useful resource for anyone hoping to discover vulnerabilities – tends to overall benefit attackers or defenders more.²⁵ A related debate considers the returns to defensive vulnerability discovery. Rescorla claims that any vulnerability discovered by a defender is unlikely to have been rediscovered by an attacker.²⁶ (The most sophisticated analysis of vulnerability rediscovery to date, although also not conclusive, supports this claim.)²⁷ From this, he argues that defensive investments have only a minimal effect on an attacker’s ability to acquire zero days; scaling up investments would strongly favor the attacker.

We now present a simple model that, while consistent with Rescorla’s analysis for sufficiently low investment levels, ultimately predicts OD-scaling.

An idealized model

We consider a contest success function in which the output is the expected number of zero days that the attacker acquires over a given window of time. The inputs are quantities of effort devoted to vulnerability discovery over this time.

S ≡ Zero days acquired by attacker

A ≡ Attacker effort

D ≡ Defender effort

For our idealized model, we make three simplifying assumptions. First, we assume that there is no correlation between the vulnerabilities the attacker discovers and the vulnerabilities the defender discovers. Second, we assume that no new vulnerabilities are introduced over the period of time under consideration. Third, we assume that, until all vulnerabilities are discovered, the number of vulnerabilities each actor discovers grows linearly with effort.

Now, let N represent total number of vulnerabilities in the defenders’ systems. In addition, let the units of effort be normalized so that one unit of effort corresponds to one expected discovery. Then, as shown in our appendix, it follows that the contest success function takes the form: $E[S]=min\{N,A\}\cdot \frac{N-min\{N,D\}}{N}$

Figure 4 presents a graphical depiction of the function. One can see that increasing investments tends to benefit the attacker when investment levels are low and tends to benefit the defender when they are sufficiently high. Figures 5 and 6 show this phenomenon more clearly, depicting the scaling of success-from-a-ratio, for an even investment ratio, and ratio-for-success, for a threshold of one zero day. For both metrics, we observe OD-scaling.

How does the offense-defense balance scale?

All authors

Ben Garfinkel & Allan Dafoe

https://doi.org/10.1080/01402390.2019.1631810

Published online:

22 August 2019

Figure 4. The CSF for our idealized model, for a case with 10 vulnerabilities.

Display full size

How does the offense-defense balance scale?

All authors

Ben Garfinkel & Allan Dafoe

https://doi.org/10.1080/01402390.2019.1631810

Published online:

22 August 2019

Figure 5. Success-from-a-ratio for our idealized model, for a case with 10 vulnerabilities and an even investment ratio.

Display full size

How does the offense-defense balance scale?

All authors

Ben Garfinkel & Allan Dafoe

https://doi.org/10.1080/01402390.2019.1631810

Published online:

22 August 2019

Figure 6. Ratio-for-success for our idealized model, for a case with 10 vulnerabilities and a threshold of one expected zero day.

Display full size

Why, intuitively, does the model predict OD-scaling? The underlying mechanism is essentially the same as in the ground invasion case. We again focus on success-from-a-ratio and consider what happens as D increases.

Initially, due to randomness, the two actors are unlikely to discover precisely the same vulnerabilities. When their investments begin to increase from nothing, the attacker will therefore tend to find some vulnerabilities that the defender does not. However, given that the number of vulnerabilities is finite, the defender will eventually begin to achieve saturation by finding very large portions of them. This will place increasingly strict limits on how different the sets of vulnerabilities discovered by the two actors can be. Since defense is also locally superior – in the sense that any vulnerability the attacker and defender both discover does not become a zero day – the expected number of zero days must eventually begin to shrink too.

In our appendix, we consider each of the assumptions used in this simple model in turn. We again find that although they are highly idealized, it appears to be the case that reasonable adjustments to the assumptions, for instance to allow for correlations between discoveries and diminishing returns on effort, do not challenge the basic mechanism described here.

Case study: Automated vulnerability discovery

The above analysis can also help us to understand the significance of ongoing work on automated vulnerability discovery.

Currently, manual testing and inspection still consistently allow actors to discover vulnerabilities that automated tools cannot.²⁸ However, there has recently been some noteworthy progress in adapting techniques from the field of artificial intelligence to the problem of vulnerability discovery.²⁹

One obvious question is whether we should expect this progress, if it continues, to favor offense or defense. To answer this question, let us consider again our simplified model. If we take investments to be in units of vulnerability discovery capability, then we can interpret improvements in the efficiency of discovery tools as increases in the two actors’ investments. Our model suggests that, all else being equal, these increases will tend to benefit attackers up until some point where they become large enough to benefit defenders.

However, all else might not be equal. One especially relevant possibility to note is that the vulnerabilities discovered by highly optimized tools might be more correlated than the vulnerabilities that are discovered in a more ad-hoc manner by humans today. Our robustness analysis, included in the appendix, shows that an increase in the correlation between discoveries would favor the defender.

In all, the short-term impact of increased automation is ambiguous. There appears to be at least one factor favoring the attacker and at least one other factor plausibly favoring the defender. A more thorough analysis would attempt to weigh these factors against each other, perhaps on the basis of data about discovery correlations between automated tools. The long-run impact will also depend on just how effective these tools can become. If they ever become efficient enough to allow defenders to discover significant majorities of the vulnerabilities in their systems, outpacing the rate at which new vulnerabilities are introduced, then the picture would seem to decisively favor defense.³⁰

The model

In this model, there is some attack surface that can be thought to consist of discrete attack vectors. By making investments the attacker and defender can increase their coverage of these vectors, each up to some maximum coverage level. The manner in which the actors’ investments produce patterns of coverage is determined by their respective investment functions. Each attack vector is furthermore associated with a local contest success function, which maps the two actors’ coverage levels to offensive success at that point. Finally, there is an aggregation function that maps the values of all of the local contest success functions to the overall success of the attack.

The invasion and cyberattack models as special cases

The idealized models introduced above to study ground invasions and cyberattacks can be understood as special cases of this more general model.

For our ground invasion model, the attack surface is the set of points that make up the defensive line. Local coverage levels A_i and D_i represents how large a force each actor has concentrated at each point i. For all points, and both actors, the maximum coverage level is some constant N. The defender’s investment function converts investments into equal levels of coverage across the points. The attacker’s investment function converts investments into maximum coverage of as many points as possible. The local CSF F_i(A_i,D_i) indicates how large of an attacking force breaks through at a given point. It is based on a linear attrition law, with B being the local coverage ratio necessary to break through. $F_i(A_i,D_i)=\left\{\begin{array}{c}{A}_i-B\ast D_i,A_i>B\ast D_i\\ 0,otherwise\end{array}\right.$

The aggregation function adds up the values of each of the local CSFs to find S, the total size of the attacking force that breaks through. This then implies the global contest success presented above.

For our vulnerability discovery model, the attack surface is the set of software vulnerabilities in the defender’s system. Coverage is a binary variable that represents whether or not each actor has discovered the given vulnerability. For all points, and for both actors, the maximum coverage level is 1. The actors’ investment functions convert investments into coverage of random and uncorrelated sets of vulnerabilities. The local CSF indicates whether or not a given vulnerability becomes a zero day. For a particular point i and local coverage levels A_i and D_i, it is given by: $F_i(A_i,D_i)=\left\{\begin{array}{c}1,A_i>D_i\\ 0,otherwise\end{array}\right.$

The aggregation function adds up the values of the local CSFs to find S, the total number of zero days the attacker acquires. This then implies the global contest success function presented above.³¹

A common mechanism for OD-scaling

Both of the special cases just described have a number of common properties. These properties are jointly sufficient (although not necessary) to produce OD-scaling.

• Local defense superiority: When the defender provides maximum coverage of any given attack vector, the output of the associated local CSF is approximately zero.

• Defensive saturation: Above some level of investment, the defender provides maximum coverage of all attack vectors.

• Gap exploitation: For some lower level of investment, the output of at least one local CSF is likely to be non-negligible. This is the result of the attacker’s coverage of the associated attack vector substantially exceeding the defender’s.

• Aggregative success: The output of the global CSF is approximately zero if the outputs of all local CSFs are approximately zero. It is also non-negligible if the output of at least one local CSF is non-negligible.

Together local defense superiority, defensive saturation, and aggregative success imply that the output of the global CSF will be approximately zero when investments are sufficiently high. Before saturation occurs, however, gap exploitation and aggregative success imply that the output of the global CSF will be non-negligible.

Success-from-a-ratio begins at zero. As the investment level grows, it rises to some non-negligible value. Ultimately, it must decrease toward zero again. OD-scaling occurs.

Missile attacks

In this case, the attacker attempts to destroy a target by striking it with missiles. In turn, the defender attempts to protect the target by destroying the attacker’s missiles. To make the case more concrete, we will take the target to be a warship and the defender to be relying exclusively on surface-to-air missiles.

We can conceptualize the attack vectors as non-overlapping trajectories by which the attacker’s missiles can hit the ship. Furthermore, we can conceptualize the attacker and the defender as covering the same vector if a projectile launched by the defender follows a trajectory that leads it to intercept one of the attacker’s missiles. Investments are measured in units of missiles.

The local CSFs indicate how many missiles associated with a given attack vector hit the ship, over a fixed period of time. They exhibit local defense superiority, since a missile that is intercepted will not reach its target. In addition, consistent with aggregative success, the global CSF indicates the total number of missiles that hit the ship.

In this case, gap exploitation occurs due to the inaccuracy of defensive systems. In particular, each surface-to-air missile has some non-zero chance of following a trajectory that does not lead it to intercept the intended offensive missile. This means that, as total investments scale up, the expected number of offensive missiles that fail to be intercepted will initially increase.

This somewhat abstract argument is consistent with models that have been developed in the missile defense literature. For instance, Washburn and Kress present a simple single-round model in which the defender distributes its missiles evenly among the offensive missiles, each defensive missiles has some probability P of hitting the intended offensive missile (and no probability of hitting any other), and each offensive missile has some probability Q of hitting the target if it is not destroyed first.³² Let A and D be the number of missiles launched by the two actors. Then, making the mathematically convenient assumption that $\frac{D}{A}$ is an integer, we show in our appendix that the expected number of missiles that hit the target is given by: $E\left[S\right]=Q\ast A\ast {\left(1-P\right)}^{D/A}$

This expression implies offensive scaling. The associated function for success-from-a-ratio, F_R∗(D) = Q ∗ D ∗ (1–P)^R∗, increases linearly with D.

The key remaining question, then, is whether the property of defensive saturation holds. This property would seem to imply that, for sufficiently high investment levels, the defender could create a virtual wall of missiles around the ship. In this case, the model just described would cease to be appropriate, as all trajectories that an offensive missile could take would lead to interception.

However, the plausibility of defensive saturation is questionable. Even if the defender possessed an essentially unlimited supply of surface-to-air missiles, it seems that the need to prevent these missiles from interfering with one another and the need to avoid fratricide would be key limiting factors.³³

In short, in contrast with the primary two cases considered above, it seems likely that missile defense presents a case of purely offensive scaling with regard to the number of missiles used by both sides.

Drone swarm attacks

In this case, a large number of drones launched by an attacker attempt to navigate close enough to a target to damage it with short-range munitions. The defender attempts to destroy the drones before they can get in range of the target. For instance, Allen and Chan consider a scenario in which an attacker directs millions of cheap kamikaze drones at an aircraft carrier battle group.³⁴

This variety of attack is speculative. The only military drone swarms known to be in development, such as the US Department of Defense’s Perdix systems, are not designed to carry munitions.³⁵ However, some analysts predict that, as the technology progresses, the possibility of using large swarms to destroy targets will become irresistible.

Individually, drones offer a number of advantages over human combatants or manned vehicles.³⁶ Since they do not need to carry or protect a human passenger, they can be especially long-ranged, fast, small, cheap to produce, and expendable. To the extent that they exhibit autonomy, they can also process information to make decisions much more quickly. Acting together, though, their advantages can multiply. For orders-of-magnitude less than the cost of, for instance, a modern fighter jet or warship, a well-coordinated swarm of drones may be able to overwhelm the defenses of a target, dividing its attention and forcing it to expend its ammunition. Even if individual drones are not especially sophisticated or deadly, a large swarm may still have a very high probability of destroying its target.

Although a number of possible defenses against swarming attacks have been proposed, we focus on the case where the counter-swarm is the primary line of defense and ask what the impact of growing swarm sizes would likely be.³⁷

At first glance, this case is structurally quite similar to missile defense, with individual defensive drones attempting to destroy individual offensive drones before they can reach the target. However, the potential ability of drones within a swarm to coordinate their movements closely with one another, hover within a fixed region of space, and defend against multiple attacking drones sequentially suggests that defensive saturation is more plausible than it is in the missile defense case.

Ultimately, it is plausible but far from certain that swarm defense will eventually present another case of OD-scaling with regard to the number of drones used by both sides.