For China, hacking may be all about Sun Tzu and World War III

Summary:There are many other actors in the global cyberwar, from nation states to criminal organizations to hacktivist groups. Today, however, we're going to just focus on China vs. the U.S. It's a war both undeclared and unwinnable, but very, very real.

Sun Tzu and China's constant cyberattacks

Let's establish, at least for the sake of this discussion, that China is conducting cyber-exercises against the United States as a way to prepare for a possible, if mutually-undesirable war between our two nations.

Sun Tzu said, "A wise general makes a point of foraging on the enemy. One cartload of the enemy's provisions is equivalent to twenty of one's own, and likewise a single picul of his provender is equivalent to twenty from one's own store."

How might this apply to present day China? Well, this aphorism brings us full circle back to the beginning of the article, where I discussed Charlie's coverage of China's penetration into dozens of our weapons systems . Why should China invest in basic development of their own weapons systems when they can just forage through our research? In this way, China gains the benefit of our tax dollars and our innovative minds (our 21st century provisions) without having to use their own "provender" (meaning food in Sun Tzu's day, and Renminbi -- currency -- today).

The thing is, cyberwar isn't a one-time thing. When I first started exploring cyberwar, I thought the best analogy was a shooting war. However, as I've studied this over the years, I've realized it can most accurately be thought of as another modality of a cold war -- an ongoing push-me-pull-you of espionage, dirty tricks, and back-channel attacks. Sun Tzu described it this way: "In all fighting, the direct method may be used for joining battle, but indirect methods will be needed in order to secure victory."

Now, think about how hard it is to defend against a cyberattack, particularly something like a  distributed denial of service  (DDoS) attack. When defending against a DDoS (here's an incident report from one I dealt with back in 2009), you have to defend against thousands or millions of attackers, coming in from all directions.

By contrast, all the attacker has to do is find one weakness. One.

Once again, Sun Tzu described this strategy back in Cleisthenes' day: "The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few."

Sun Tzu continues, "Numerical weakness comes from having to prepare against possible attacks; numerical strength, from compelling our adversary to make these preparations against us."

Once again, sound familiar?

Where does this leave us?

So where does all this leave us? My analysis (and those of many of my colleagues in the national security community) believe China to be a threat, but more because they perceive us as threat than because they want a shooting war. Even so, the battle is already underway.

Virtually no IT manager or CTO hasn't had to deal with some sort of cyberattack, and while criminals make up the vast majority of Internet attack activity, China's constant forays into our networks and systems is something we just can't tolerate. These attacks need to be heeded as a harbinger of a possible weakness in our technology-first strategy.

Like the fictional members of the Battlestar Galactica universe, if we rely totally on our advanced, networked technology for our defenses, we may find ourselves completely at the mercy of the Cylons -- the very non-fictional Chinese -- if we ever do enter a shooting war.

That should keep you up at night. It sure does for me.

ZDNet Government's China coverage

 

Topics: Security, China, Government, Government : Asia, Government : US

About

In addition to hosting the ZDNet Government and ZDNet DIY-IT blogs, CBS Interactive's Distinguished Lecturer David Gewirtz is an author, U.S. policy advisor and computer scientist. He is featured in The History Channel special The President's Book of Secrets, is one of America's foremost cyber-security experts, and is a top expert on savi... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.