Tag: ethics

The Art of CyberWar | Part XII | Attack by Fire

The Principle: When you use fire to attack, you must be prepared for the wind.
— Sun Tzu

The Nature of Fire

Fire is decisive. It consumes, clears, and purifies, but it also spreads beyond intention. Sun Tzu treats fire as both a weapon and a warning. It can destroy an enemy’s stores, flush troops from cover, and sow panic, but he cautions that those who ignite must control the wind, or the flame will turn back.

In today’s language: escalation is easy, judicious control is hard.

Fire is unbridled energy without patience. It is force unbound. And every era finds its own version of it.

The Five Fires

Sun Tzu names five types of fire attack, each with a direct modern analogue:

  1. Burning soldiers in their campDisrupting people directly.
    • In cyber: targeting individual accounts, identity systems, or human processes.
    • In policy: attacking morale or legitimacy through propaganda or sanctions that hit civilians.
  2. Burning storesDestroying logistics.
    • In cyber: supply-chain attacks, ransomware on infrastructure.
    • In statecraft: economic blockades or precision strikes on fuel, transport, or data centers.
  3. Burning baggage trainsBreaking the flow of resources.
    • In the cloud: DDoS, bandwidth throttling, or disrupting APIs that feed dependent systems.
    • In foreign policy: disrupting trade routes or financial systems to strangle supply.
  4. Burning arsenals and magazinesTargeting capability itself. A modern example: the 2014 Sony Pictures hack, in which wiper malware destroyed not only data but also the ability to operate, crippling the company’s digital arsenal and serving as a stark warning about escalation risk. Another hallmark example: Stuxnet (2010), which physically crippled Iranian centrifuges, showing that digital “fire” can leap into the physical world.
    • In digital: destroying code repositories, zero-day leaks, and wiper malware.
    • In war: targeting industrial bases, weapons stockpiles, or satellite networks.
  5. Burning the enemy’s armyDirect annihilation.
    • The catastrophic option, physical or digital scorched earth.

Each carries the same risk Sun Tzu warned of: heat spreads.

America’s Century of Fire
Throughout the 20th century, U.S. foreign policy repeatedly learned and forgot this lesson.

  • WWII: strategic firebombing of Tokyo and Dresden, the atomic bombings of Hiroshima and Nagasaki, tactically decisive, highly questionable morally.
  • Vietnam: napalm, Agent Orange – the war’s imagery consumed America’s moral capital as surely as the jungle burned. Devastating to the local population and our own troops.
  • Desert Storm & Shock and Awe: firepower became performance, televised precision, hiding the longer political firestorm and over-commitment of our resources to highly specious ends.
  • Sanctions & Cyber: modern equivalents – economic or informational fire meant to distract, mislead, or coerce without bullets, still spreading collateral damage.

Each use of fire achieved an objective, yet each left embers that smoldered for decades.

Sun Tzu would call that victory without wisdom.

Digital Flame

In cyberspace, fire is code that destroys. The world learned this with Stuxnet, NotPetya, WannaCry, and countless destructive campaigns. They burned quietly, jumped borders, and torched billions in collateral damage. WannaCry (2017) swept the globe in hours, crippling hospitals, shipping, and businesses—making clear that digital fires can cause humanitarian consequences.

Cloud fire spreads faster than any fuel; a single misconfigured credential can ignite an entire ecosystem. Because dependencies are invisible, contagion is immediate. A wiper designed for one network cripples dozens more; an exploit posted online becomes a global inferno in hours.

Fire is the easiest attack to ignite and the hardest to contain.

Rules for Using Fire

Sun Tzu’s cautions translate cleanly:

  1. Control the wind. Understand the environment – network topology, public opinion, and global law. Fire turns on those who don’t map their dependencies. NotPetya (2017) began as a targeted disruption but, due to dependencies and lack of containment, rapidly spread worldwide, demonstrating why “controlling the wind” remains critical in cyber conflict.
  2. Use the right conditions. Don’t ignite in drought. If tension is already high, socially and economically, the situation will escalate.
  3. Prepare relief efforts. Have recovery plans before striking. Burn only what you can rebuild. After World War II, the Marshall Plan rebuilt war-torn Europe, demonstrating that post-conflict relief shapes both legitimacy and future stability. In 2021, the Colonial Pipeline ransomware attack forced the rapid restoration of critical infrastructure; companies with effective recovery plans minimized chaos and reputational fallout.
  4. Know the cost of smoke. Collateral damage is visibility: reputational, legal, and diplomatic.
  5. Do not rely on fire to win the war. Fire wins battles but breeds resistance.

In short: destruction without reconstruction is self-immolation.

Morale, Leadership, and Control

A general’s job isn’t only to unleash power; it’s to sustain the will that wields it.
Fire exhausts armies. Soldiers fighting amid smoke need clear purpose, rations, and rest.

Sun Tzu demands that the commander ensure his troops are fed, disciplined, and respected so that they fight even in dire moments.

In modern organizations, the same holds: leaders who push teams through endless “incident fire drills” without rest destroy readiness. Respect sustains endurance.

Discipline without compassion breeds burnout; compassion without standards breeds chaos. Balance is command.

Deception, Propaganda, and Manufactured Heat

Every effective campaign uses perception. Propaganda creates the illusion of fire where there is none, or conceals weakness behind the smoke of strength. The ancient principle survives in every medium: shape belief, shape behavior.

  • States convince citizens of a constant threat: War is peace. Freedom is slavery. Ignorance is strength,and the historical manipulation line, “Who controls the past controls the future: who controls the present controls the past.
  • Companies market vulnerability to sell security.
  • Attackers simulate breaches to force reactions.

Fire doesn’t only burn, it solidifies and blinds. The wise strategist uses deception to conserve energy, not to irreparably manipulate trust.

Never lose sight of this: truth is a finite resource. Burn it, and nothing grows afterward.

Fight Only When Necessary

War, Sun Tzu reminds us, is terrible. Mr. Lee added, “It is well that war is so terrible, or we should grow too fond of it.” That’s the heart of this chapter: the seduction of power. Fire feels decisive, satisfying, purgative. That’s why restraint is the highest discipline.

In cybersecurity, it means choosing containment over retaliation. In policy, it means diplomacy before bombing. In leadership, it implies correction before firing squads of blame.

Every unnecessary blaze consumes future strength.

Calculation Before Ignition

Fire is the last stage of calculation, not the first. The general who wins has already counted everything: fuel, wind, timing, morale, and escape.

In modern form:

  • Map dependencies before deploying destructive countermeasures.
  • Assess public and legal consequences.
  • Coordinate allies and containment plans.
  • Pre-position humanitarian or restoration resources.

Fire launched without calculation simply becomes arson.

Cybersecurity Playbooks for Fire Scenarios

1. Contain Destructive Malware (Wiper Fire)

  • Disconnect affected systems immediately.
  • Activate offline backups; rebuild from clean images.
  • Communicate fast, silence breeds rumor.
  • Forensics after containment, not before.

2. Respond to Supply-Chain Fire

  • Freeze code releases; verify signatures.
  • Segregate affected components; rotate secrets.
  • Coordinate public disclosure and patch windows.

3. Counter Disinformation Blaze

  • Pre-draft communications for false narratives.
  • Verify sources, issue simple factual statements.
  • Avoid panic amplification, don’t fuel the fire.

4. Plan for Strategic Retaliation

  • Establish legal oversight for counter-operations.
  • Define thresholds: attribution confidence, proportionality, and reversibility.
  • Keep diplomatic channels open even during the heat.

Fire is part of war, but the goal is to end fires faster than they spread.

Ethics and Aftermath

Fire makes headlines; rebuilding never does. Yet the moral credit of a nation, or a company, depends on what follows destruction, relief, restitution, and transparency, turning survival into legitimacy. The Marshall Plan after WWII showed that true victory is measured by the ability to restore and build anew, not just destroy. Sun Tzu closes this chapter by warning that a commander who burns recklessly endangers his own state.

That warning scales perfectly to global networks: a destructive exploit today may torch tomorrow’s allies.

Bridge to Chapter XIII | The Use of Spies

Once the fire burns out, what remains is smoke, which conceals movement. Which leads us back to our opening principle: “When you use fire to attack, you must be prepared for the wind.” Next: how to “see without burning” or, the art of intelligence, deception, and misdirection on the modern battlefield. (Think Operation Fortitude, the WWII deception that enabled D-Day by fooling the enemy without a shot being fired.) Sun Tzu ends his book not with force but with intelligence. He knew that knowledge prevents the need for fire in the first place.

“After the flames, gather information from the ashes.” The next and final lesson, The Use of Spies, is about seeing without burning, learning through observation, infiltration, and trust. Fire wins battles; intelligence prevents wars.