Sun Tzu and China's constant cyberattacks
Let's establish, at least for the sake of this discussion, that China is conducting cyber-exercises against the United States as a way to prepare for a possible, if mutually-undesirable war between our two nations.
Sun Tzu said, "A wise general makes a point of foraging on the enemy. One cartload of the enemy's provisions is equivalent to twenty of one's own, and likewise a single picul of his provender is equivalent to twenty from one's own store."
How might this apply to present day China? Well, this aphorism brings us full circle back to the beginning of the article, where I discussed Charlie's coverage of China's penetration into dozens of our weapons systems. Why should China invest in basic development of their own weapons systems when they can just forage through our research? In this way, China gains the benefit of our tax dollars and our innovative minds (our 21st century provisions) without having to use their own "provender" (meaning food in Sun Tzu's day, and Renminbi -- currency -- today).
The thing is, cyberwar isn't a one-time thing. When I first started exploring cyberwar, I thought the best analogy was a shooting war. However, as I've studied this over the years, I've realized it can most accurately be thought of as another modality of a cold war -- an ongoing push-me-pull-you of espionage, dirty tricks, and back-channel attacks. Sun Tzu described it this way: "In all fighting, the direct method may be used for joining battle, but indirect methods will be needed in order to secure victory."
Now, think about how hard it is to defend against a cyberattack, particularly something like a distributed denial of service (DDoS) attack. When defending against a DDoS (here's an incident report from one I dealt with back in 2009), you have to defend against thousands or millions of attackers, coming in from all directions.
By contrast, all the attacker has to do is find one weakness. One.
Once again, Sun Tzu described this strategy back in Cleisthenes' day: "The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; and his forces being thus distributed in many directions, the numbers we shall have to face at any given point will be proportionately few."
Sun Tzu continues, "Numerical weakness comes from having to prepare against possible attacks; numerical strength, from compelling our adversary to make these preparations against us."
Once again, sound familiar?
Where does this leave us?
So where does all this leave us? My analysis (and those of many of my colleagues in the national security community) believe China to be a threat, but more because they perceive us as threat than because they want a shooting war. Even so, the battle is already underway.
Virtually no IT manager or CTO hasn't had to deal with some sort of cyberattack, and while criminals make up the vast majority of Internet attack activity, China's constant forays into our networks and systems is something we just can't tolerate. These attacks need to be heeded as a harbinger of a possible weakness in our technology-first strategy.
Like the fictional members of the Battlestar Galactica universe, if we rely totally on our advanced, networked technology for our defenses, we may find ourselves completely at the mercy of the Cylons -- the very non-fictional Chinese -- if we ever do enter a shooting war.
That should keep you up at night. It sure does for me.
ZDNet Government's China coverage
- It's about frickin' time: US govt requires security review for Chinese tech purchases
- Questionable loyalties: the cybersecurity implications of buying system software from foreign companies
- Great Debate — Huawei: Should you put it in your data center?
- It might be time to throw some SALT on China
- State of the Union: Cyberthreat
- 14 global cybersecurity challenges for 2013
- Dear China: Cut out the sneaky spying shenanigans
- Researcher reveals ease of Huawei router access
- UK to probe Huawei, BT relationship
- Did Chinese security firm snag too many American security secrets before the barn door closed?
- In China, many younger military leaders view America as the ultimate enemy
- Is China gearing up to start World War III?
- Welcome to the new Cold War: China vs. the United States
- Dear Mrs. Clinton: whether you believe it or not, China is a threat to America
- U.S. finally acknowledges Chinese and Russian cyberthreat
- Video: Should Americans worry about a Chinese cyber-threat?
- Pace University forensics expert on China and cybercrime (exclusive video)
- Technology policy challenges faced by the U.S. Federal Government (video seminar)
- Deconstructing a nasty Chinese World of Warcraft phishing scheme
- Why the United States might pay China before we pay our own soldiers
- Also see: There are chapters covering China in my book, How To Save Jobs (free PDF download)
- And for balance, from ZDNet Asia: Dear America: Enough with the China-bashing already