[sheensleeves]

Offense and defense are asymmetric in computer security just as they are in physical security. Offense has the advantage since defense is a thin skin around complex entropy waiting to pop.

I think that the relevant essay is George Orwell, "You and the Atomic Bomb." Just as the 2nd amendment is obsolete due to modern military hardware, privacy is dead if an APT wants in.

Not that I know.

[EthanHeilman]

That is because you have framed offense and defense in that way. If a resourceful attacker's only goal in life is to get access to a particular file on your network connected laptop, the attacker will win. Generally this is not the case, the attacker often wants to:

1. remain undetected over a long period of time, 2. in the face of detection they wish to preserve their anonymity, 3. not be fooled by misinformation, 4. not reveal anything of greater value to them than the value of the file, 5. not open themselves up to reprisals.

This is much harder. While the defender doesn't win short term, a resourceful defender can make the costs to the attacker high enough that future attacks are deterred, the attacker loses, or even that the defender gains more from the attack than they lose. For instance Google in responding to Chinese penetrations via technical, economic, governmental and diplomatic avenues has increased Google's credible deterrence, punished some of the people responsible and increased Google's reputation in the realm of security.