Tag: ethics

The Art of Cyberwar | Part XIII | The Use of Spies

The principles:

“Knowledge of the enemy’s dispositions can only be obtained from other men.”

“However, spies cannot be usefully employed without a certain intuitive sagacity.”

“Be subtle and use your spies for every kind of business.”

“Hence, it is only the enlightened ruler and the wise general who will use the highest intelligence of the army for purposes of spying, and thereby they achieve great results.”

The Quiet After the Fire

After the smoke clears, the last weapon isn’t destruction; it’s knowledge. Sun Tzu closes his book here, not with conquest, but with insight. The general who knows through others, he says, wins without fighting. The one who fights without knowing spends blood buying what wisdom could have earned.

In modern form, intelligence replaces escalation. Information, verified and interpreted, is the ultimate force multiplier.

The Five Spies

Sun Tzu’s framework remains elegant and practical. He identifies five types of spies, each still alive and well in today’s cyber and geopolitical landscape.

  1. Local spies = insiders, collaborators, citizens.
    • Modern analogue: human intelligence, insider threat programs, whistleblowers, or local analysts embedded in culture.
    • Lesson: you can’t know an environment without someone who breathes its air.
  2. Inward spies – the enemy’s own people who provide insight.
    • Modern analogue: defectors, double agents, internal whistleblowers, or compromised insiders in adversary organizations.
    • In cyber: infiltration of adversary forums, threat actor telemetry, or behavioral analysis of attacker TTPs.
  3. Converted spies – enemy agents who have been turned.
    • Modern analogue: captured malware turned into indicators, enemy disinformation repurposed for exposure.
    • Intelligence and counterintelligence merge – data becomes self-revealing.
  4. Doomed spies – agents sent with false information, knowing they will be sacrificed.
    • Modern analogue: honeypots, decoy networks, misinformation campaigns used to draw out adversaries.
    • Lesson: deception has cost; calculate it.
  5. Surviving spies – those who return with verified knowledge.
    • Modern analogue: analysts who gather, vet, and integrate multiple data sources to produce actual intelligence.
    • Lesson: data isn’t knowledge until it’s interpreted and fed back into strategy.

The five together form a complete intelligence loop: gather, plant, deceive, sacrifice, verify.
Today, we refer to this as the intelligence cycle.

Information as the New Espionage

We live in an age where everything and everyone collects or steals your data. Apps harvest movement. Sensors record temperature and tone. Governments build databases so vast they blur into prophecy.

But the principle hasn’t changed: intelligence is not about having information – it’s about understanding what matters and when.

A terabyte of telemetry means nothing without discernment. One well-placed attacker can outperform a thousand firewalls.

Foreign Policy and the Failure of Insight

Throughout the 20th century, U.S. foreign policy often suffered from information abundance but a lack of the ability to interpret the intelligence it had gathered.

  • Pearl Harbor: a multitude of signals existed, but interpretation failed.
  • Vietnam: metrics replaced meaning – body counts masquerading as progress.
  • Iraq WMDs: intelligence distorted to paint a specific picture rather than inform decision-making.
  • Afghanistan: decades of data existed without a clear endgame, destroyed thousands of American lives, and wasted trillions of taxpayers’ dollars.

Each case proves Sun Tzu’s point: “If you know neither the enemy nor yourself, you will succumb in every battle.”

Intelligence was there, but self-awareness wasn’t. Knowing isn’t only about them; it’s about seeing what you refuse to see in yourself.

Cyber Intelligence: Seeing Without Touching

In cybersecurity, the “spies” are telemetry, sensors, analysts, and sometimes friendly adversaries.
Every alert, log, and anomaly is a scout’s report. But like all intelligence, its value depends on interpretation.

  • Local spies: internal logs and behavior analytics.
  • Inward spies: penetration testing, red-team operations, insider threat programs.
  • Converted spies: captured malware and attacker infrastructure repurposed for defense.
  • Doomed spies: honeypots, deception networks, and fake data seeds.
  • Surviving spies: analysts, threat-hunters, and intel-sharing alliances.

The objective is clarity without exposure, to see everything while remaining unseen. Fire consumes, intelligence illuminates.

The Moral Dimension of Knowing

Intelligence work carries moral weight. Spies, human or digital, trade in trust. Sun Tzu demands that the general handle them with the highest regard: reward them generously, guard them carefully, and never waste them carelessly.

The ethical parallel today is privacy. The line between intelligence and intrusion is measured in intent and restraint. Knowledge gathered without purpose is voyeurism. Knowledge used without reflection is manipulation.

Sun Tzu’s ideal: learn enough to prevent war, not to justify one.

Strategic Lessons for Leaders

  1. Listen to your scouts.
    Truth often arrives quietly, wrapped in discomfort. Leaders who dismiss dissent lose foresight.
  2. Reward information honestly.
    Transparency and gratitude feed the flow of truth; fear and ego choke it.
  3. Centralize interpretation, not collection.
    Many sensors, one mind – unified analysis, decentralized data.
  4. Balance secrecy with accountability.
    Intelligence held too tightly becomes blindness.
  5. Use information to avoid fire.
    The goal of knowledge is to make destruction unnecessary.

From Fire to Silence

The transition from Attack by Fire to Use of Spies is the book’s moral hinge. After escalation comes discernment; after destruction, discipline.

Sun Tzu understood what modern states and corporations often forget: Force is crude, information is subtle – and subtlety wins the wars that power cannot.

In cybersecurity, this is the move from reaction to anticipation. In foreign policy, it’s the evolution from aggression to diplomacy. In leadership, it’s the shift from command to comprehension.

The best security posture isn’t dominance – it’s awareness. The most powerful army is one that rarely fights.

Epilogue — The Quiet Art

The Art of War ends not with blood or banners, but with silence, a stillness that comes from mastery.

True security, like true wisdom, is invisible.
It doesn’t announce itself.
It doesn’t need to.

When you know yourself and your adversary, every threat is already half-dissolved. When you act only when necessary, victory becomes maintenance rather than spectacle. And when you can learn from what moves unseen, you stop fighting the same battles over and over again.

As Operation Aurora proved, a sophisticated cyber espionage campaign that quietly infiltrated major tech companies, the side with better intelligence rarely needs to escalate; quiet knowledge can outmaneuver brute force.

That’s the art of cyberwar – when you know yourself and your adversary, every threat is already half-dissolved. When you act only when necessary, victory becomes maintenance rather than spectacle. And when you can learn from what moves unseen, you stop fighting the same battles over and over again.

That is the final lesson of Sun Tzu, and of cyberwar:
Not destruction, but understanding.
Not conquest, but control of your own attention.
Not escalation, but insight.

Not noise, but silence.

The art is not in the fight, but in the knowing. Return always to the principle: “Knowledge of the enemy’s dispositions can only be obtained from other men.”

And, in the end, mastery is realizing you rarely need to fight at all.

The Art of CyberWar | Part XII | Attack by Fire

The Principle: When you use fire to attack, you must be prepared for the wind.
— Sun Tzu

The Nature of Fire

Fire is decisive. It consumes, clears, and purifies, but it also spreads beyond intention. Sun Tzu treats fire as both a weapon and a warning. It can destroy an enemy’s stores, flush troops from cover, and sow panic, but he cautions that those who ignite must control the wind, or the flame will turn back.

In today’s language: escalation is easy, judicious control is hard.

Fire is unbridled energy without patience. It is force unbound. And every era finds its own version of it.

The Five Fires

Sun Tzu names five types of fire attack, each with a direct modern analogue:

  1. Burning soldiers in their campDisrupting people directly.
    • In cyber: targeting individual accounts, identity systems, or human processes.
    • In policy: attacking morale or legitimacy through propaganda or sanctions that hit civilians.
  2. Burning storesDestroying logistics.
    • In cyber: supply-chain attacks, ransomware on infrastructure.
    • In statecraft: economic blockades or precision strikes on fuel, transport, or data centers.
  3. Burning baggage trainsBreaking the flow of resources.
    • In the cloud: DDoS, bandwidth throttling, or disrupting APIs that feed dependent systems.
    • In foreign policy: disrupting trade routes or financial systems to strangle supply.
  4. Burning arsenals and magazinesTargeting capability itself. A modern example: the 2014 Sony Pictures hack, in which wiper malware destroyed not only data but also the ability to operate, crippling the company’s digital arsenal and serving as a stark warning about escalation risk. Another hallmark example: Stuxnet (2010), which physically crippled Iranian centrifuges, showing that digital “fire” can leap into the physical world.
    • In digital: destroying code repositories, zero-day leaks, and wiper malware.
    • In war: targeting industrial bases, weapons stockpiles, or satellite networks.
  5. Burning the enemy’s armyDirect annihilation.
    • The catastrophic option, physical or digital scorched earth.

Each carries the same risk Sun Tzu warned of: heat spreads.

America’s Century of Fire
Throughout the 20th century, U.S. foreign policy repeatedly learned and forgot this lesson.

  • WWII: strategic firebombing of Tokyo and Dresden, the atomic bombings of Hiroshima and Nagasaki, tactically decisive, highly questionable morally.
  • Vietnam: napalm, Agent Orange – the war’s imagery consumed America’s moral capital as surely as the jungle burned. Devastating to the local population and our own troops.
  • Desert Storm & Shock and Awe: firepower became performance, televised precision, hiding the longer political firestorm and over-commitment of our resources to highly specious ends.
  • Sanctions & Cyber: modern equivalents – economic or informational fire meant to distract, mislead, or coerce without bullets, still spreading collateral damage.

Each use of fire achieved an objective, yet each left embers that smoldered for decades.

Sun Tzu would call that victory without wisdom.

Digital Flame

In cyberspace, fire is code that destroys. The world learned this with Stuxnet, NotPetya, WannaCry, and countless destructive campaigns. They burned quietly, jumped borders, and torched billions in collateral damage. WannaCry (2017) swept the globe in hours, crippling hospitals, shipping, and businesses—making clear that digital fires can cause humanitarian consequences.

Cloud fire spreads faster than any fuel; a single misconfigured credential can ignite an entire ecosystem. Because dependencies are invisible, contagion is immediate. A wiper designed for one network cripples dozens more; an exploit posted online becomes a global inferno in hours.

Fire is the easiest attack to ignite and the hardest to contain.

Rules for Using Fire

Sun Tzu’s cautions translate cleanly:

  1. Control the wind. Understand the environment – network topology, public opinion, and global law. Fire turns on those who don’t map their dependencies. NotPetya (2017) began as a targeted disruption but, due to dependencies and lack of containment, rapidly spread worldwide, demonstrating why “controlling the wind” remains critical in cyber conflict.
  2. Use the right conditions. Don’t ignite in drought. If tension is already high, socially and economically, the situation will escalate.
  3. Prepare relief efforts. Have recovery plans before striking. Burn only what you can rebuild. After World War II, the Marshall Plan rebuilt war-torn Europe, demonstrating that post-conflict relief shapes both legitimacy and future stability. In 2021, the Colonial Pipeline ransomware attack forced the rapid restoration of critical infrastructure; companies with effective recovery plans minimized chaos and reputational fallout.
  4. Know the cost of smoke. Collateral damage is visibility: reputational, legal, and diplomatic.
  5. Do not rely on fire to win the war. Fire wins battles but breeds resistance.

In short: destruction without reconstruction is self-immolation.

Morale, Leadership, and Control

A general’s job isn’t only to unleash power; it’s to sustain the will that wields it.
Fire exhausts armies. Soldiers fighting amid smoke need clear purpose, rations, and rest.

Sun Tzu demands that the commander ensure his troops are fed, disciplined, and respected so that they fight even in dire moments.

In modern organizations, the same holds: leaders who push teams through endless “incident fire drills” without rest destroy readiness. Respect sustains endurance.

Discipline without compassion breeds burnout; compassion without standards breeds chaos. Balance is command.

Deception, Propaganda, and Manufactured Heat

Every effective campaign uses perception. Propaganda creates the illusion of fire where there is none, or conceals weakness behind the smoke of strength. The ancient principle survives in every medium: shape belief, shape behavior.

  • States convince citizens of a constant threat: War is peace. Freedom is slavery. Ignorance is strength,and the historical manipulation line, “Who controls the past controls the future: who controls the present controls the past.
  • Companies market vulnerability to sell security.
  • Attackers simulate breaches to force reactions.

Fire doesn’t only burn, it solidifies and blinds. The wise strategist uses deception to conserve energy, not to irreparably manipulate trust.

Never lose sight of this: truth is a finite resource. Burn it, and nothing grows afterward.

Fight Only When Necessary

War, Sun Tzu reminds us, is terrible. Mr. Lee added, “It is well that war is so terrible, or we should grow too fond of it.” That’s the heart of this chapter: the seduction of power. Fire feels decisive, satisfying, purgative. That’s why restraint is the highest discipline.

In cybersecurity, it means choosing containment over retaliation. In policy, it means diplomacy before bombing. In leadership, it implies correction before firing squads of blame.

Every unnecessary blaze consumes future strength.

Calculation Before Ignition

Fire is the last stage of calculation, not the first. The general who wins has already counted everything: fuel, wind, timing, morale, and escape.

In modern form:

  • Map dependencies before deploying destructive countermeasures.
  • Assess public and legal consequences.
  • Coordinate allies and containment plans.
  • Pre-position humanitarian or restoration resources.

Fire launched without calculation simply becomes arson.

Cybersecurity Playbooks for Fire Scenarios

1. Contain Destructive Malware (Wiper Fire)

  • Disconnect affected systems immediately.
  • Activate offline backups; rebuild from clean images.
  • Communicate fast, silence breeds rumor.
  • Forensics after containment, not before.

2. Respond to Supply-Chain Fire

  • Freeze code releases; verify signatures.
  • Segregate affected components; rotate secrets.
  • Coordinate public disclosure and patch windows.

3. Counter Disinformation Blaze

  • Pre-draft communications for false narratives.
  • Verify sources, issue simple factual statements.
  • Avoid panic amplification, don’t fuel the fire.

4. Plan for Strategic Retaliation

  • Establish legal oversight for counter-operations.
  • Define thresholds: attribution confidence, proportionality, and reversibility.
  • Keep diplomatic channels open even during the heat.

Fire is part of war, but the goal is to end fires faster than they spread.

Ethics and Aftermath

Fire makes headlines; rebuilding never does. Yet the moral credit of a nation, or a company, depends on what follows destruction, relief, restitution, and transparency, turning survival into legitimacy. The Marshall Plan after WWII showed that true victory is measured by the ability to restore and build anew, not just destroy. Sun Tzu closes this chapter by warning that a commander who burns recklessly endangers his own state.

That warning scales perfectly to global networks: a destructive exploit today may torch tomorrow’s allies.

Bridge to Chapter XIII | The Use of Spies

Once the fire burns out, what remains is smoke, which conceals movement. Which leads us back to our opening principle: “When you use fire to attack, you must be prepared for the wind.” Next: how to “see without burning” or, the art of intelligence, deception, and misdirection on the modern battlefield. (Think Operation Fortitude, the WWII deception that enabled D-Day by fooling the enemy without a shot being fired.) Sun Tzu ends his book not with force but with intelligence. He knew that knowledge prevents the need for fire in the first place.

“After the flames, gather information from the ashes.” The next and final lesson, The Use of Spies, is about seeing without burning, learning through observation, infiltration, and trust. Fire wins battles; intelligence prevents wars.