At the dawn of the Internet Era, everyone is trying to make sense of cyberwar. So cue Winston Churchill: "The farther back you can look, the farther forward you are likely to see." Therefore, I dusted off Sun Tzu's
(????), the world's oldest and most revered guide to strategy, to find some advice for U.S. Cyber Command.
---
Chapter 1: Laying Plans. "The art of war is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected."
The U.S. Intelligence Community has one overriding aim: To prevent another Pearl Harbor. Through peacetime cyber espionage and proactive preparation of the battlespace for war, our hackers will try to prevent strategic surprise and catastrophic defeat, without harming the rule of law.
---
Chapter 2: Waging War. "A wise general makes a point of foraging on the enemy. One cartload of the enemy's provisions is equivalent to twenty of one's own."
Computer hackers steal legitimate credentials and operate as insiders within adversary camps. Further, the difference between espionage and attack is just a few keystrokes. So once the bad guys are inside your network – and they are in there somewhere – whom can you trust?
---
Chapter 3: Attack by Stratagem. "The best thing of all is to take the enemy's country whole and intact … supreme excellence consists in breaking the enemy's resistance without fighting."
This is the Holy Grail of cyberwar. Tanks, planes and ships are now rolling, flying and floating computers. Own their IT and waltz between them. However, new dangers include peacetime attacks on civilian infrastructure. Look at it this way: Cyberwars have no beginning and no end.
---
Chapter 4: Tactical Dispositions. "The general who is skilled in defense hides in the most secret recesses of the earth."
In cyberspace, there are no clear borders, as traditional geopolitical concepts like sovereignty, jurisdiction, deterrence and arms control are all under constant fire. At the technical level, remember that Ken Thompson, a Turing Award winner, showed that evil compilers can insert a backdoor into every program they generate.
---
Chapter 5: Energy. "One who is skillful at keeping the enemy on the move maintains deceitful appearances … He sacrifices something, that the enemy may snatch at it."
Cliff Stoll is the patron saint of cyber defenders. In 1986, he placed a honeypot account named "SDInet" on the UC Berkeley network. Foreign hackers took the bait, and the rest is history. Thus, a 75 cent accounting error led digital investigators across the Atlantic and into the Soviet Bloc.
---
Chapter 6: Weak Points and Strong. "That general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack."
Computers now manage everything from electricity to elections to the economy. Computers spin nuclear centrifuges and play AC/DC – occasionally at the same time. Hackers undermine hard power such as air defense and soft power like credibility.
---
Chapter 7: Maneuvering. "A clever general avoids an army when its spirit is keen, but attacks when it is sluggish and inclined to return."
"Advanced Persistent Threat" is an intelligence bureaucracy. All targets (foreign and domestic), including their friends and family, are fair game, day or night, while out shopping or on the toilet. State-sponsored hackers work in shifts and when they are on paid vacations, reinforcements step in.
---
Chapter 8: Variation in Tactics. "The Art of War teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him."
As soon as you connect a toaster to the internet, it will be attacked. Therefore, cyber defenders must capitalize on their greatest strength: Home-field advantage. Think security first. Design defensible systems. Educate. Red-team.
---
Chapter 9: The Army on the March. "Hilly country … aquatic grass … hollow basins … thick undergrowth … they must be carefully routed out and searched; these are places where men in ambush or insidious spies are likely to be lurking."
Even the NSA has been doxed. We don't know how they did it, but we do know that cyberspace has its own geography, including mountains and valleys, deserts and quicksand, on networks from the White House to Antarctica – all of which are somehow connected.
---
Chapter 10: Terrain. "The natural formation of the country is the soldier's best ally … shrewdly calculating difficulties, dangers and distances, constitutes the test of a great general."
The internet is a machine. Cyberspace is in the human mind. Cyber Command has named both physical and logical targets. This warfare domain is both a natural and an artificial world in which terrestrial proximity has lost some of its meaning.
---
Chapter 11: The Nine Situations. "Skillful leaders of old knew how to drive a wedge between the enemy's front and rear … to hinder the good troops from rescuing the bad."
The Christmas 2015 hack on Ukraine's electrical grid was a complex operation. The hackers replaced the target's computer firmware and took down its customer call center during the attack. In a digital assault, the cavalry may never arrive, or it might show up at the wrong address.
---
Chapter 12: The Attack by Fire. "There are five ways of attacking with fire … burn soldiers … burn stores … burn baggage trains … burn arsenals … hurl dropping fire amongst the enemy."
A computer hack is not an end in itself, but a means to a wide variety of goals, which may be known only to the attacker. Technically, the whole network stack is vulnerable. Geopolitically, humans are even more unreliable. And cyber arms control is unlikely due to challenges in definition and inspection.
---
Chapter 13: The Use of Spies. "To remain in ignorance ... is the height of inhumanity … the use of spies is called 'divine manipulation of the threads' … it is the sovereign's most precious faculty."
This is the Golden Age of Espionage: Worldwide connectivity, countless computer vulnerabilities and a shortage of cybersecurity expertise. There are few moral inhibitions to computer network operations because no one is immediately killed and it feels more like a video game than a traditional attack.
---
Reference: Quotes are from The Project Gutenberg eBook, The Art of War, by Sun Tzu (1994), translated by Lionel Giles in 1910.
Kenneth Geers (PhD, CISSP) is a senior research scientist at Comodo, a global innovator and developer of cybersecurity solutions. He is also a NATO CCD COE (Cyber Centre) ambassador, a non-resident senior fellow at the Atlantic Council, an affiliate at the Digital Society Institute of Berlin, a visiting professor at Taras Shevchenko National University of Kyiv in Ukraine, and an accomplished author. Kenneth spent 20 years in the U.S. government, with time in the U.S. Army, NSA, NCIS, and NATO, and was a Senior Global Threat Analyst at FireEye.
