Pages

18 February 2018

Can Ancient Chinese Military Strategy Bring Success in Cyber Conflict?

Drew Robb

Can Ancient Chinese Military Strategy Bring Success in Cyber Conflict?

Without an understanding of who the enemy really is, how they operate, and the many techniques they use to gain entry, successful defense is unlikely.

Sun Tzu, the Chinese military strategist and philosopher who wrote The Art of War, famously said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

Henry J. Sienkiewicz, former CIO of the US Defense Information Systems Agency, who is currently chief innovation and revenue officer for Secure Channels, says wisdom from Sun Tzu's ancient military treatise applies to the combat against cybercriminals today. Sienkiewicz explains the crossover in his book titled The Art of Cyber Conflict.

Take the concept of knowing the enemy. Many organizations fear the hacker or cybercriminal. They adopt defenses in the hope of thwarting them. Yet without an understanding of who that enemy really is, how they operate, and the many techniques they use to gain entry, successful defense is unlikely. Similarly, the axiom “know thyself” very much applies. Without a firm grasp of the organization’s security strengths and weaknesses, serious errors will be made in the battle to keep the bad guys out.

“I was asked to write what eventually turned into The Art of Cyber Conflict to address the gap between what is considered military doctrine and military tactics,” said Sienkiewicz. “What I came to realize was that the gap existed not just for the military and intelligence community, but for all organizations.”

Applying ancient Chinese warfare strategy and tactics to cyber conflict will be the subject of his Data Center World keynote titled The Art of Cyber Conflict on March 15 in San Antonio, Texas. Sienkiewicz says he will offer a conceptual framework necessary to help organizations understand and communicate the underlying threats of the current cyber environment. He applies many of the concepts and strategies outlined by Sun Tzu to operating and defending in cyberspace.

This session then goes beyond the day-to-day and offers tools to enable data center managers and security professionals to think strategically about how to recognize, remediate, and respond to threats. It demonstrates how Sun Tzu’s timeless framework for war can be implemented effectively to the cyber domain. Another of his axioms, “All warfare is based on deception,” for example, is the key to comprehending the mindset of the attacker. It is vital to know the many techniques of deception used by the enemy -- phishing, spearfishing, ransomware, and more -- as well as how these are constantly evolving.

But at the same time, techniques of deception must be applied by organizations to recognize impending attacks, lure the perpetrators into exposing their intentions, and catching them in the act. Cybercriminals after all are always probing for weaknesses. They may even slip inside the network perimeter and lie in wait for the right moment to strike. They seek maximum disruption or the biggest financial return possible. Sometimes they will infiltrate quietly and survey the enterprise for the juiciest targets. Data center professionals must become proactive in seeking out these threat actors, forcing them to play their hand and preventing serious damage.

Another axiom of Sun Tzu is, “Do not rely on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.” Sienkiewicz will arm attendees with the necessary strategic awareness and the most appropriate battle tactics to win the ongoing fight against cybercrime. He achieves this by relating each chapter of The Art of War to cyber conflict. He briefs attendees through the core axioms of the Chinese philosopher and strategist within the context of the data center. They leave with a firm grasp of the task at hand and renewed sense of what they need to do to protect their organizations.

As a long-term veteran of AFCOM, Sienkiewicz has participated in all facets of the technology environment. From the early days of the internet, to globally supporting companies and the military in a wide variety of conditions, he understands both legacy and cloud data centers. 

“Peer networking and education found within the AFCOM community made my team better,” said Sienkiewicz.

No comments:

Post a Comment