 My co-author Roman Ilyev and I hope that this work will help others begin to develop further mathematical models, further formal ways of thinking about the implications of cyber technology to take advantage of another's computer system. You need to think about the trade-off between should you use it as soon as possible before they fix it, or should you wait until the stakes are really important for a really important event where you can get maximum benefit. This paper is an effort to begin to make a small step toward understanding the strategic implications of cyber technology. We have a little mathematical model that helps you make that calculation. We employ two new concepts, what we call stealth and persistence. So an example of stealth, the American and Israeli attack on the Iranian centrifuges called Stuxnet sped up and slowed down the centrifuges of the Iranian nuclear program. It also included a component that would tell the control room that the centrifuges were going at exactly a constant correct speed, and so that was designed to be stealthy so that they wouldn't notice that this vulnerability was being exploited. Persistence is the idea that if you don't use it, it'll take a long time for them to discover, and therefore you can wait until the stakes are very large before you use it. Even in common pieces of software like internet browsers, when vulnerabilities are discovered and corrected, it's often found that they've been there for months and sometimes even years, and that demonstrates that those kind of vulnerabilities are pretty persistent. And these two characteristics determine when's the best time to exploit a resource for surprise.