The Art of Cyberwar | Part XIII | The Use of Spies

The principles:

“Knowledge of the enemy’s dispositions can only be obtained from other men.”

“However, spies cannot be usefully employed without a certain intuitive sagacity.”

“Be subtle and use your spies for every kind of business.”

“Hence, it is only the enlightened ruler and the wise general who will use the highest intelligence of the army for purposes of spying, and thereby they achieve great results.”

The Quiet After the Fire

After the smoke clears, the last weapon isn’t destruction; it’s knowledge. Sun Tzu closes his book here, not with conquest, but with insight. The general who knows through others, he says, wins without fighting. The one who fights without knowing spends blood buying what wisdom could have earned.

In modern form, intelligence replaces escalation. Information, verified and interpreted, is the ultimate force multiplier.

The Five Spies

Sun Tzu’s framework remains elegant and practical. He identifies five types of spies, each still alive and well in today’s cyber and geopolitical landscape.

  1. Local spies = insiders, collaborators, citizens.
    • Modern analogue: human intelligence, insider threat programs, whistleblowers, or local analysts embedded in culture.
    • Lesson: you can’t know an environment without someone who breathes its air.
  2. Inward spies – the enemy’s own people who provide insight.
    • Modern analogue: defectors, double agents, internal whistleblowers, or compromised insiders in adversary organizations.
    • In cyber: infiltration of adversary forums, threat actor telemetry, or behavioral analysis of attacker TTPs.
  3. Converted spies – enemy agents who have been turned.
    • Modern analogue: captured malware turned into indicators, enemy disinformation repurposed for exposure.
    • Intelligence and counterintelligence merge – data becomes self-revealing.
  4. Doomed spies – agents sent with false information, knowing they will be sacrificed.
    • Modern analogue: honeypots, decoy networks, misinformation campaigns used to draw out adversaries.
    • Lesson: deception has cost; calculate it.
  5. Surviving spies – those who return with verified knowledge.
    • Modern analogue: analysts who gather, vet, and integrate multiple data sources to produce actual intelligence.
    • Lesson: data isn’t knowledge until it’s interpreted and fed back into strategy.

The five together form a complete intelligence loop: gather, plant, deceive, sacrifice, verify.
Today, we refer to this as the intelligence cycle.

Information as the New Espionage

We live in an age where everything and everyone collects or steals your data. Apps harvest movement. Sensors record temperature and tone. Governments build databases so vast they blur into prophecy.

But the principle hasn’t changed: intelligence is not about having information – it’s about understanding what matters and when.

A terabyte of telemetry means nothing without discernment. One well-placed attacker can outperform a thousand firewalls.

Foreign Policy and the Failure of Insight

Throughout the 20th century, U.S. foreign policy often suffered from information abundance but a lack of the ability to interpret the intelligence it had gathered.

  • Pearl Harbor: a multitude of signals existed, but interpretation failed.
  • Vietnam: metrics replaced meaning – body counts masquerading as progress.
  • Iraq WMDs: intelligence distorted to paint a specific picture rather than inform decision-making.
  • Afghanistan: decades of data existed without a clear endgame, destroyed thousands of American lives, and wasted trillions of taxpayers’ dollars.

Each case proves Sun Tzu’s point: “If you know neither the enemy nor yourself, you will succumb in every battle.”

Intelligence was there, but self-awareness wasn’t. Knowing isn’t only about them; it’s about seeing what you refuse to see in yourself.

Cyber Intelligence: Seeing Without Touching

In cybersecurity, the “spies” are telemetry, sensors, analysts, and sometimes friendly adversaries.
Every alert, log, and anomaly is a scout’s report. But like all intelligence, its value depends on interpretation.

  • Local spies: internal logs and behavior analytics.
  • Inward spies: penetration testing, red-team operations, insider threat programs.
  • Converted spies: captured malware and attacker infrastructure repurposed for defense.
  • Doomed spies: honeypots, deception networks, and fake data seeds.
  • Surviving spies: analysts, threat-hunters, and intel-sharing alliances.

The objective is clarity without exposure, to see everything while remaining unseen. Fire consumes, intelligence illuminates.

The Moral Dimension of Knowing

Intelligence work carries moral weight. Spies, human or digital, trade in trust. Sun Tzu demands that the general handle them with the highest regard: reward them generously, guard them carefully, and never waste them carelessly.

The ethical parallel today is privacy. The line between intelligence and intrusion is measured in intent and restraint. Knowledge gathered without purpose is voyeurism. Knowledge used without reflection is manipulation.

Sun Tzu’s ideal: learn enough to prevent war, not to justify one.

Strategic Lessons for Leaders

  1. Listen to your scouts.
    Truth often arrives quietly, wrapped in discomfort. Leaders who dismiss dissent lose foresight.
  2. Reward information honestly.
    Transparency and gratitude feed the flow of truth; fear and ego choke it.
  3. Centralize interpretation, not collection.
    Many sensors, one mind – unified analysis, decentralized data.
  4. Balance secrecy with accountability.
    Intelligence held too tightly becomes blindness.
  5. Use information to avoid fire.
    The goal of knowledge is to make destruction unnecessary.

From Fire to Silence

The transition from Attack by Fire to Use of Spies is the book’s moral hinge. After escalation comes discernment; after destruction, discipline.

Sun Tzu understood what modern states and corporations often forget: Force is crude, information is subtle – and subtlety wins the wars that power cannot.

In cybersecurity, this is the move from reaction to anticipation. In foreign policy, it’s the evolution from aggression to diplomacy. In leadership, it’s the shift from command to comprehension.

The best security posture isn’t dominance – it’s awareness. The most powerful army is one that rarely fights.

Epilogue — The Quiet Art

The Art of War ends not with blood or banners, but with silence, a stillness that comes from mastery.

True security, like true wisdom, is invisible.
It doesn’t announce itself.
It doesn’t need to.

When you know yourself and your adversary, every threat is already half-dissolved. When you act only when necessary, victory becomes maintenance rather than spectacle. And when you can learn from what moves unseen, you stop fighting the same battles over and over again.

As Operation Aurora proved, a sophisticated cyber espionage campaign that quietly infiltrated major tech companies, the side with better intelligence rarely needs to escalate; quiet knowledge can outmaneuver brute force.

That’s the art of cyberwar – when you know yourself and your adversary, every threat is already half-dissolved. When you act only when necessary, victory becomes maintenance rather than spectacle. And when you can learn from what moves unseen, you stop fighting the same battles over and over again.

That is the final lesson of Sun Tzu, and of cyberwar:
Not destruction, but understanding.
Not conquest, but control of your own attention.
Not escalation, but insight.

Not noise, but silence.

The art is not in the fight, but in the knowing. Return always to the principle: “Knowledge of the enemy’s dispositions can only be obtained from other men.”

And, in the end, mastery is realizing you rarely need to fight at all.

Leave a comment