For China, hacking may be all about Sun Tzu and World War III

For China, hacking may be all about Sun Tzu and World War III

Summary: There are many other actors in the global cyberwar, from nation states to criminal organizations to hacktivist groups. Today, however, we're going to just focus on China vs. the U.S. It's a war both undeclared and unwinnable, but very, very real.


The People's Republic of China. The United States of America.

There are many other actors in the global cyberwar, from nation states to criminal organizations to hacktivist groups. Today, however, we're going to just focus on China vs. the U.S. It's a war both undeclared and unwinnable, but very, very real.

This weekend, we saw yet another report about China hacking American systems. This time, the Chinese attackers apparently managed to breach our weapon systems designs.

As our own Charlie Osborne reports, "Over two dozen weapon system designs were compromised...These systems are 'critical' to U.S. missile defenses, and also relate to military systems present on U.S. aircraft and ships."

I've talked at length about China. See a list of recent articles about China's troublesome behavior at the end of this article. Back in 2010, I asked, Is China gearing up to start World War III?

As I've had more time to study the behavior of the PRC, I've come to believe that China isn't necessarily gearing up to start World War III, but they are planning for how they might win it, should our two nations find ourselves in a shooting war.

Applying Sun Tzu's lessons

Sun Tzu was a Chinese military strategist thought to have lived around 500 years before the modern era, and widely credited with authoring one of the foundational texts on warfare, The Art of War.

There are many translations of Sun Tzu's wisdom, but for today's exploration, I'll use the MIT Internet Classics Archive version. Let's look at a few of the general's sayings, and then think about how they might apply to our current situation.

Sun Tzu said, "Though the enemy be stronger in numbers, we may prevent him from fighting. Scheme so as to discover his plans and the likelihood of their success." This is ideally applicable to cyberwarfare. China has conducted an ongoing, unrelenting campaign to penetrate our systems, both military and industrial. If that's not "Scheme so as to discover his plans," I don't know what is.

Sun Tzu said, "Rouse him, and learn the principle of his activity or inactivity. Force him to reveal himself, so as to find out his vulnerable spots." China's constant penetration attempts certainly show a pattern of behavior, particularly in helping them not to only identify our cybersecurity weaknesses, but once inside, the weaknesses of the systems our cybersecurity is tasked to defend.

Sun Tzu said, "Carefully compare the opposing army with your own, so that you may know where strength is superabundant and where it is deficient." This is another variation of the previous discussion. Sun Tzu strongly recommends understanding the strengths and weaknesses of the enemy, and China's espionage attempts in the cyber realm are undoubtedly giving them a better view into our strengths and weaknesses than any of our generals would like.

Sun Tzu said, "What enables the wise sovereign and the good general to strike and conquer, and achieve things beyond the reach of ordinary men, is foreknowledge. Now this foreknowledge cannot be elicited from spirits; it cannot be obtained inductively from experience, nor by any deductive calculation. Knowledge of the enemy's dispositions can only be obtained from other men. Hence the use of spies."

Sun Tzu actually defines five different types of human spies, but there's no doubt in my mind that if Sun Tzu lived in our times, he'd fully advocate cyberespionage. After all, a cyberpenetration doesn't require a human to enter a remote location, a hack can stay there for years without needing food or sleep, and nobody dies (or can be tortured to tell tales) if discovered.

Next, Sun Tzu and our reliance on advanced warfighting technology...

Topics: Security, Government, Government Asia, Government US, China


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Do you lock the door at home ?

    When it comes to internet security even the most basic rules of conduct are disregarded.

    Secure your internet gateways and give employees a strict set of rules on how to conduct. If you have (sub) contractors, make security audits and security checks on a regular basis.
    Stop that damn BYOD trend where every wacko hooks his iPad onto the network. Next, rethink commuting. It just adds another potential security hole : Remember all the laptops found in the subway ? Unsecure WIFI home networks used for logging into your company don’t do any good as well.
    Tell your managers & CEOs that opening unsolicited emails is not such a great idea and visiting raunchy websites from your office laptop is not that wicked.
    Upshot : Chinas behavior is condemnable but a good portion of guilt is placed on wanton indifference in US companies as well.
    • Good suggestion but ...

      Sorry for being so straight forward;
      in this micro managed world.. most of your managers are as dumb as a bat. So there goes ones theory. Whatever one says or opinioned will be recorded as their personal bible, rejected and later will be thrown back at you as his/her idea.
      So as long as you work for such idiots and such idiots will work for major fortune 100 companies across US and other part of the world then nothing will change and countries like china and other such countries will benefit from such idiots working for such companies.
    • Your luddite approach ignores the simple reality

      Hard to believe that you are serious? Just as we don't live behind a moat anymore, nor do we live in a strong room, organisations (CIO's and CSIO's) need to deliver technology solutions that allow the considerable productivity benefits of mobile devices (the BYOD you deride), with modern security practice (e.g. use MEAP, MDM etc.), with information controlled by an organisation-wide taxonomy. This isn't rocket science, but it requires an architecture and an organisation willing to change its practices. I would wager that over 80% of F1000 companys don't prevent senior executives (let alone other employees) sending "confidential" and "secret" documents to each other by email. Yet the technology to replace this highly insecure & risky behaviour has been in place for 10 years....
  • The good old days...

    The Internet has completely taken all the romance out of spying. What ever happened to microfilm exchanged between trench-coated agents in the dead of night? "007" has a nice ring to it, but's it's really weak as a password... :)
    • new tech

      Come on, in today's world nobody exchanges microfilms anymore, those are unreliable :)

      One would just stick a small USB thumb drive at the agreed exchange location (mailbox) and the other party will just "find" it there by accident. You get better bandwidth that way and as you could have as many copies as you wish quickly, it adds more redundancy.

      Not to say that will all this frequency pollution, you can simply broadcast that data all the time around and the other party can just collect whatever they need. Might be, the WW2 radio scanners should be reintroduced again :)
    • The new is saxier than the old

      For programmers, "007" style espionage is comparatively unromantic to the things you can do with the internet. However, some older school of people would not have the sufficient exposure to technology to appreciate that.
      Cynthia Avishegnath
      • Ah, the arrogance of the young!

        Such as those of us who have continuously created and enhanced technology since Goldfinger was released? I find as high a percentage of tech-savvy seniors as millennials. And the reason 007-style espionage is more romantic is that there is actual personal RISK. When a minor internet slipup makes you an AK-47/nuke etc. target let's talk again.
    • good old days

      Sneaker-net is still the only secure way to transfer data. That is how the almighty omnipotent Al Quaeda does it. There is no reason to have our power plants on the same network we use to deliver porn and cute kitten videos.
  • China wants to dominate without war

    China would prefer economic domination, which they are not far from. There is no way we can fight a war as we did a generation ago with massed forces and conventional airpower. And of course, nuclear warfare would end us all. So, their objective is to control data, and from there control the world economy. China does not want to destroy the U.S. That would disrupt their economy greatly. They want us to become like Great Britain, a former world power now relegated to second-tier status in the world.
    • Or, said in simpler words

      China wants to turn the US in an colony.

      Which it already is, by the way.
    • China ambitions

      They want to be able to defeat us in a conventional war, e.g. for Formosa Island. The environmental collapse will disrupt their plan.
  • Nah. We don't do that.

    Interesting that we get articles about others hacking us, but never hear of us hacking others.

    Are we so unsophisticated that we can't do what they do? Has no one in the U.S. ever read Sun Tzu? Are we incapable of applying the same tactics or less capable? Or is it just that we don't talk about it?

    Are our firewalls so pathetic that we can't stop a foreign hacker? What kind of Cracker Jack security do we design?

    As usual articles like this never tell the whole story. It's a great gambit to get more funding if you can pretend that throwing more money to the intelligence agencies will fix the questionable weaknesses. Fact is that it is a good tactic to appear weak and incompetent. Never let them know just how good you are and the byproduct is getting a bigger budget.

    One of the less desirable byproducts, aside from those who profit handsomely from war, is a continuing us versus them mentality. This contributes nothing to peace in the world, but what the heck - there is no profit in peace.
    • Spying

      All Industry Nation spy an each other, including friendly nation, like Israel spying on us. The not only spy on military system even more so on the industry. During the cold war I worked on computer system used in spy-station along the boarder between West and East German, ever 20 miles we had a station. Checking every phone call, radio transmission and radar system to control movement on the ground and the air of the military on the other side. The computer system in these day check for keywords and started the recording and checked by eastern language experts. No more 007 necessary.
      old mainframer
    • Ugh,

      this comment simply overstates the obvious. Of course the "Do as I say not as I do" mentality applies to espionage in general, right or wrong, it's the way it's going to be. If this article inspires even one cyber geek to take his skills to the level of helping with national security, I say a job well done. I'm sure Sun Tzu would also advise to create awareness for those of us who still have a patriotic standpoint on such matters vs. criticizing our own defenses and creating a negative perspective on the matter.
    • Funny thing about this article.It may be describing the US more than China

      "when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near"

      Who knows. People right here have just made the similar point I am about to.

      David Gewirtz makes it sound like we are the ones who are in reality far away and need to make it sound like we are near. Does that mean in reality David Gewirtz is making us sound far away because he knows thats what we need to do when we are in fact near?

      All that Gerwirtz seems to say is thatt China is using cyber warfare without mention of what the U.S. may in fact be doing. Which would sound like nothing. Is this just Gerwirtz following Sun Tzu's advice by following "when using our forces, we must seem inactive".

      Lets just look at what the whole Gerwirtz point of his article seem to be about:
      "If they were able to disrupt (or mislead) our systems, they would be able to almost completely negate our advantages."

      Well yeeeeeess. And if we are able to disrupt their systems we would make their position worse than ever. And if pigs grew wings and got some good practice in they may fly. Well woop dee doo.

      The thing here is that there MUST be a few things quite apparent.

      If David Gerwirtz knows this is going on its because the U.S. government knows its going on. I don’t care if you care for the current Whitehouse or not, that’s just reality. Reality also is, the President dosnt appear to be the sort who sits around waiting for someone to fly a jet into a building or two to wake him up. Somebody is taking some kind of action on this. COUNT ON IT. That’s not to say that all is likely perfection or everything is easily addressed and already taken care of. Likely not. But it dosnt seem to make any sense of any kind to simply say that the following:
      1. Country A has a technological edge of some significance over country B.
      2. Country B is quite aware of country A’s significant technological edge and to gain as much ground as possible, country B is using the lower technology they have to spy on country A.
      3. Country A is quite aware that country B is doing this.
      4. Despite country A’s current technological advantage over country B, and country A’s knowledge of how and where much if not most of the kind of spying in question is taking place, country A is somehow in dire straits because off this.

      This kind of logic begs many questions.

      1. Given country A knows this is going on, is there nothing much at all they can do to counter this?
      2. Dosnt country A do the very same kind of thing to country B in such a way to get further advantages over country B?
      3. Dosnt country A’s current significant technological advantages over country B count for anything in this kind of tug of war given the spying in question is of a technological nature to begin with????

      The whole problem with this article is it feels so horribly like only part of the story is being told. It actually feels like how this story would just be flipped on its head and told in China.
      In China it would be: “The U.S. is using the internet to spy on us! The U.S. is trying to increase their already unfair advantages over our military by hacking into all our important data bases! The U.S. is using the internet to set up subversive elements in our culture who are in place constantly reporting to them on every facet of our government, military and society! If the U.S. ever goes to war against us they will know what we would do before we do it and may be able to cause massive disruptions in our government and communications!”

      SO is this article by Gerwirtz really about one side…or the other, or both?

      Or is this just half an article about a subject that would be interesting if anyone here, including Gerwirtz, actually knew exactly what both sides were doing and could tell us all!
      • I wrote the above May 29 2013. Look at what we now know.

        Its amazing when one applies some common sense to an issue how it often points directly at the hidden issue that runs deep beneath the whole process.

        Now we know about the NSA, as a fact.

        Go back through what I wrote and think about the fact I knew nothing about the upcoming news at the time.

        No tin foil hat necessary. Just a little common sense.
    • Exactly!

      The national defense isn't here to defend the nation, it is here to allow military contractors and well connected cronies to make a bundle!
  • Ah, but Napoleon said...

    "You must not fight too often with one enemy, or you will teach him all your art of war." I'm sure the US has learned much from the Chinese hackers.
  • Be Relentless David

    Thank you so much for articles such as these, David. Without a "voice in the wilderness", to whom authorities actually listen *and respond*, America shall surely become a wilderness.
    Paul B. Wordman
  • Thanks

    No wonder I have insomnia. When will we wake up and elect real leaders to congress who will put America above personal interests.