For China, hacking may be all about Sun Tzu and World War III
The People's Republic of China. The United States of America.
There are many other actors in the global cyberwar, from nation states to criminal organizations to hacktivist groups. Today, however, we're going to just focus on China vs. the U.S. It's a war both undeclared and unwinnable, but very, very real.
This weekend, we saw yet another report about China hacking American systems. This time, the Chinese attackers apparently managed to breach our weapon systems designs.
As our own Charlie Osborne reports, "Over two dozen weapon system designs were compromised...These systems are 'critical' to U.S. missile defenses, and also relate to military systems present on U.S. aircraft and ships."
I've talked at length about China. See a list of recent articles about China's troublesome behavior at the end of this article. Back in 2010, I asked, Is China gearing up to start World War III?
As I've had more time to study the behavior of the PRC, I've come to believe that China isn't necessarily gearing up to start World War III, but they are planning for how they might win it, should our two nations find ourselves in a shooting war.
Applying Sun Tzu's lessons
Sun Tzu was a Chinese military strategist thought to have lived around 500 years before the modern era, and widely credited with authoring one of the foundational texts on warfare, The Art of War.
There are many translations of Sun Tzu's wisdom, but for today's exploration, I'll use the MIT Internet Classics Archive version. Let's look at a few of the general's sayings, and then think about how they might apply to our current situation.
Sun Tzu said, "Though the enemy be stronger in numbers, we may prevent him from fighting. Scheme so as to discover his plans and the likelihood of their success." This is ideally applicable to cyberwarfare. China has conducted an ongoing, unrelenting campaign to penetrate our systems, both military and industrial. If that's not "Scheme so as to discover his plans," I don't know what is.
Sun Tzu said, "Rouse him, and learn the principle of his activity or inactivity. Force him to reveal himself, so as to find out his vulnerable spots." China's constant penetration attempts certainly show a pattern of behavior, particularly in helping them not to only identify our cybersecurity weaknesses, but once inside, the weaknesses of the systems our cybersecurity is tasked to defend.
Sun Tzu said, "Carefully compare the opposing army with your own, so that you may know where strength is superabundant and where it is deficient." This is another variation of the previous discussion. Sun Tzu strongly recommends understanding the strengths and weaknesses of the enemy, and China's espionage attempts in the cyber realm are undoubtedly giving them a better view into our strengths and weaknesses than any of our generals would like.
Sun Tzu said, "What enables the wise sovereign and the good general to strike and conquer, and achieve things beyond the reach of ordinary men, is foreknowledge. Now this foreknowledge cannot be elicited from spirits; it cannot be obtained inductively from experience, nor by any deductive calculation. Knowledge of the enemy's dispositions can only be obtained from other men. Hence the use of spies."
Sun Tzu actually defines five different types of human spies, but there's no doubt in my mind that if Sun Tzu lived in our times, he'd fully advocate cyberespionage. After all, a cyberpenetration doesn't require a human to enter a remote location, a hack can stay there for years without needing food or sleep, and nobody dies (or can be tortured to tell tales) if discovered.
Next, Sun Tzu and our reliance on advanced warfighting technology...
Sun Tzu and America's reliance on advanced technology
America has long relied on its advanced technology to win wars. In both the Iraq wars, America "owned the night," by being able to operate, fly, and attack with absolute clarity in pitch darkness. Our competitive advantage has been our technology, and we've baked fly-by-wire, computer-based navigation, and digital targeting into most of our warfighting systems.
I'm not going to go into each of our battle platforms here, but the key point is that regardless of which combination of battlespace strategies we're using, all of them now rely heavily on digital networks.
In that context, keep in mind what Sun Tzu said 2500 years ago: "All warfare is based on deception...Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near."
Imagine a situation where China is actually in a shooting war with the United States. If they were able to disrupt (or mislead) our systems, they would be able to almost completely negate our advantages.
Those of you who are science fiction fans will remember the reason the Galactica was still able to fight, when the other ships in the Colonial Battlestar fleet were rendered useless. Because the older Galactica had been turned into a museum piece, it hadn't been fitted with the new networking technology that linked the other 119 Battlestars in the fleet. When the AI-based Cylons attacked, they infiltrated the newer network systems, and effectively disabled the defenses of the majority of the fleet before the first shot was fired.
Now, think of that in the context of this Sun Tzu maxim, "The skillful leader subdues the enemy's troops without any fighting; he captures their cities without laying siege to them; he overthrows their kingdom without lengthy operations in the field." Sun Tzu repeats over and over the idea that once you get to shooting, you've given up your advantage. His entire strategic treatise is fighting the war before you fight the war.
Sound familiar? It sure seems like China is engaging in this cyberwar strategy using the Sun Tzu playbook.
The Chinese fascination with war with America
There is no doubt that most of China's aging leadership would prefer we don't engage in a shooting war. The country has been investing hugely in building infrastructure and raising its citizenry out of abject poverty -- most funded through our purchases of their goods and services.
A shooting war would both cut off their largest means of income and damage the infrastructure they've worked so hard to build.
Even so, there's an almost morbid fascination among Chinese citizens and younger leaders with the possibility of war with America. Foreign Policy recently ran a fascinating article (might be behind a paywall) about the Chinese obsession with military fantasy novels.
According to Foreign Policy, many articles showcase an animosity to Japan with World War II-themed plots. However, there's also a growing number of ebook military thrillers showcasing future battles between the United States and China.
Interestingly, the Chinese government censors any fiction where there's warfare with another non-fictitious nation, so most of these battle thrillers are published outside of normal channels and distributed online.
To be fair, the existence of military thrillers pitting the U.S. against China can't be taken as evidence of the country's overall desires. After all, I've been a huge fan of the Tom Clancy thriller for decades, and just because he often pitted America against other nations doesn't mean I'm an advocate for armed conflict with those nations. They were just great reads.
That said, in 2010 I did run a story entitled, In China, many younger military leaders view America as the ultimate enemy. In that, I discussed how the younger generation of leaders is uncomfortable with the United States and both their reliance on our purchasing and our reliance on their willingness to lend, along with some vast culture clashes.
The point here is not that China has any expressed desire for war with the United States. However, it is important to note that there is the awareness that such an event is possible, even if not necessarily probable.
Given that such an event -- no matter how unlikely -- might happen, China's cyberprobes against the United States begin to make sense from a big picture, decades-long perspective. And that brings us to China's constant attempts to gain access to our networks and systems.
Next, Sun Tzu and China's constant cyberattacks...
Sun Tzu and China's constant cyberattacks
Let's establish, at least for the sake of this discussion, that China is conducting cyber-exercises against the United States as a way to prepare for a possible, if mutually-undesirable war between our two nations.
Sun Tzu said, "A wise general makes a point of foraging on the enemy. One cartload of the enemy's provisions is equivalent to twenty of one's own, and likewise a single picul of his provender is equivalent to twenty from one's own store."
How might this apply to present day China? Well, this aphorism brings us full circle back to the beginning of the article, where I discussed Charlie's coverage of China's penetration into dozens of our weapons systems. Why should China invest in basic development of their own weapons systems when they can just forage through our research? In this way, China gains the benefit of our tax dollars and our innovative minds (our 21st century provisions) without having to use their own "provender" (meaning food in Sun Tzu's day, and Renminbi -- currency -- today).
The thing is, cyberwar isn't a one-time thing. When I first started exploring cyberwar, I thought the best analogy was a shooting war. However, as I've studied this over the years, I've realized it can most accurately be thought of as another modality of a cold war -- an ongoing push-me-pull-you of espionage, dirty tricks, and back-channel attacks. Sun Tzu described it this way: "In all fighting, the direct method may be used for joining battle, but indirect methods will be needed in order to secure victory."
Now, think about how hard it is to defend against a cyberattack, particularly something like a distributed denial of service (DDoS) attack. When defending against a DDoS (here's an incident report from one I dealt with back in 2009), you have to defend against thousands or millions of attackers, coming in from all directions.
By contrast, all the attacker has to do is find one weakness. One.
Once again, Sun Tzu described this strategy back in Cleisthenes' day: "The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few."
Sun Tzu continues, "Numerical weakness comes from having to prepare against possible attacks; numerical strength, from compelling our adversary to make these preparations against us."
Once again, sound familiar?
Where does this leave us?
So where does all this leave us? My analysis (and those of many of my colleagues in the national security community) believe China to be a threat, but more because they perceive us as threat than because they want a shooting war. Even so, the battle is already underway.
Virtually no IT manager or CTO hasn't had to deal with some sort of cyberattack, and while criminals make up the vast majority of Internet attack activity, China's constant forays into our networks and systems is something we just can't tolerate. These attacks need to be heeded as a harbinger of a possible weakness in our technology-first strategy.
Like the fictional members of the Battlestar Galactica universe, if we rely totally on our advanced, networked technology for our defenses, we may find ourselves completely at the mercy of the Cylons -- the very non-fictional Chinese -- if we ever do enter a shooting war.
That should keep you up at night. It sure does for me.
ZDNet Government's China coverage
- It's about frickin' time: US govt requires security review for Chinese tech purchases
- Questionable loyalties: the cybersecurity implications of buying system software from foreign companies
- Great Debate — Huawei: Should you put it in your data center?
- It might be time to throw some SALT on China
- State of the Union: Cyberthreat
- 14 global cybersecurity challenges for 2013
- Dear China: Cut out the sneaky spying shenanigans
- Researcher reveals ease of Huawei router access
- UK to probe Huawei, BT relationship
- Did Chinese security firm snag too many American security secrets before the barn door closed?
- In China, many younger military leaders view America as the ultimate enemy
- Is China gearing up to start World War III?
- Welcome to the new Cold War: China vs. the United States
- Dear Mrs. Clinton: whether you believe it or not, China is a threat to America
- U.S. finally acknowledges Chinese and Russian cyberthreat
- Video: Should Americans worry about a Chinese cyber-threat?
- Pace University forensics expert on China and cybercrime (exclusive video)
- Technology policy challenges faced by the U.S. Federal Government (video seminar)
- Deconstructing a nasty Chinese World of Warcraft phishing scheme
- Why the United States might pay China before we pay our own soldiers
- Also see: There are chapters covering China in my book, How To Save Jobs (free PDF download)
- And for balance, from ZDNet Asia: Dear America: Enough with the China-bashing already