​The Art of War - Cyber Security

Sun Tze wrote this book of learning many centuries ago. But is appears more relevant in the modern age than we imagine. In one corner with have the Russian Cyber Military Unit, with the Syrian Electronic Army, in the next corner the PLA Unit 61398, North Korean Bureau 121 and Israel Unit 8200.

That’s already five (5) corners and we haven’t talked about the USA yet.

The US Homeland Security, Department of Defence have been leaders in the USA and now they are building a National Guard Cyber Force. It seems that the US Airforce is also positioning themselves to take some leadership in this crowded space.

While our friends in the north in Singapore are taking up the cyber security challenge and they have setup a new Cyber Security Agency. Australia appeared to be just focused on investment in Submarine Technology. But it recently announced $30 million funding through to establish a Cyber Security Growth Centre (CSGC).

Is this just HYPE?

But how bad is the problem? Is this really all hype or is this really a concern?? It was reported by the Former NSA Director Mike McConnell that: “China has hacked every major corporation” in the USA.

In recent months the ABC and Bureau of Meteorology have both been hacked by our friends from the north. The reality is that we can’t keep the bad guys out, so we have to know quickly when they get in and take action.

So it’s war…….and this time the actors are governments that are involved and attacking corporations. Unfortunately when the war has not been officially declared we can be naïve to the goings on and assume someone else is affected.

Getting myself and my team ready for this, what do I need to do?

Read more: Americans, Romanians most willing to pay ransomware fees – but not for work files

Some 2016 reading

Let me suggest that you start by reading the Art of War 孫子兵法 , this is an old and ancient military treatise attributed to Sun Tzu. There are 13 chapters covering different aspects of warfare, military strategy and tactics. Even my old friend (only joking) Donald Rumsfeld has read this book and I’m sure has adopted the learning.

Some of the key chapters have some really insightful points that have real applicability to the cyber warfare that you as CISO and Security Leaders will have to deal with. Here are some of my favourites:

“Supreme excellence consists in breaking the enemy's resistance without fighting”

Read more: Without discipline, the open-source dream can become a security nightmare

Particularly chilling when I think about this point.

“All warfare is based on deception”

“Hold out baits to entice the enemy. Feign disorder, and crush him”

Read more: C-suite executives overconfident and underincluded when it comes to data security

Makes me think about Malware and how this gets into an enterprise.

“If he is secure at all points, be prepared for him. If he is in superior strength, evade him.”

“Attack him where he is unprepared, appear where you are not expected.”

Now, all those vulnerabilities that are documented and have an action plan. Don’t seem to be so well managed or off the radar.

“To secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself.”

“In battle, there are not more than two methods of attack--the direct and the indirect; yet these two in combination give rise to an endless series of maneuvers”

Read more: ​Do you have an Insider Threat Program?

This makes me think about how we have to engage the broader enterprise in the cause. In the absence of tackling this we can be easily defeated.

“So in war, the way is to avoid what is strong and to strike at what is weak.”

“Therefore, just as water retains no constant shape, so in warfare there are no constant conditions.”

Our work is never done, building big castle towers will not deter the enemy, as there is always another way in. The enemy is constantly morphing just like water and we all understand the damage that can come from just small leak!

Today we have Advanced Persistent Threats and tomorrow this will change into another model.

World War Three?

Yes, it probably true that this has already started. There are various players on this field and also ISIS. Interestingly it appears that Anonymous has declared war on ISIS and is also already fighting them.

Just recently Anonymous claimed credit for stopping an ISIS attack.

This is where cyber world meets the physical world.

Join the CSO newsletter!

Error: Please check your email address.

Tags North Korean Bureau 121​The Art of WarRussian Cyber Military UnitSun TzeDavid GeeUS Homeland SecurityCSO Australiacyber security

More about AdvancedBureau of MeteorologyDepartment of DefenceNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts