Sun Tsu and Cyber War

Posted on February 14, 2017 by Bahram Yusefzadeh, Chairman

facebook twitter google linkedin

Posted In:
Cybersecurity Cyber war

Sun Tsu and Cyber War

Posted on February 14, 2017 by Bahram Yusefzadeh, Chairman

Strange as it may seem, a book written in the 5th century BC offers insight that may help turn the tide of battle in the cyber war waged by nearly every organization, every day.


News coverage in leading cyber security industry publications continues to report on better cyber defenses, new detection technologies, cyber hunting within the network, new investments in cyber defense centers, and more. That’s all good! Cyber defenses must remain a top priority for every organization and new detection and defensive tactics are vital to combating the relentless cyber onslaught we are experiencing.


At the same time, industry news documents countless data breaches and new malware weaponry that is even more difficult to detect and remove. One example of this is the rise of anti-forensic malware techniques and memory-based malware (what Kaspersky Labs calls MEM:Trojan) that removes itself from the hard drive but leaves part of itself in memory with a payload, making its detection extremely difficult. Add to this, new tunneling malware that utilizes Windows standard utilities like “SC” and “NETSH” and you get the idea - malicious cyber actors are hard at work.


So the cyberwar continues… but something isn’t quite right.


Until this point, it seems the “battle” is more accurately a “siege” – one where corporations continue to create higher defensive cyber walls while the attackers continue to add rungs to the siege ladders used to breach those walls. Unfortunately, a siege is a battle of attrition – a slow protracted event often characterized by heavy losses. And so it is in cyber war.


Perhaps it’s time to move from a siege mentality to one that incorporate an offensive posture that strikes back!


Imagine a consortium of corporations, cybersecurity businesses, and top-level government security agencies working together to change the dynamics of the current cyber-siege mentality. Together, these members could work collectively at launching retaliatory measures on the perpetrators of cyber attacks and the hosting services that cyber criminals use to facilitate their attacks. Acting together, this consortium could pool resources and threat intelligence to develop swift retaliatory tactics and cyber weaponry that could effectively strike back in a timely manner.


The current process of gathering evidence for criminal prosecution and multi-national inter-agency cooperation in order to shut down cyber criminals, responds at speeds much slower than the attackers. In fact, the current process takes so long to complete (sometimes years) that many millions of attacks and countless breaches can occur before the perpetrators are effectively shut down. While we should not abandon a legal approach to shutting down cybercriminal operations, it should be just one process in a growing portfolio of tactics that effectively deter or eliminate cyber attackers.


The bottom line is, we need to consider new ways we can achieve timely and powerful responses to cyber attacks. Building higher cyber walls and equipping our businesses with better detection tools alone, will not keep pace with the growing onslaught of cyber attacks. We need to create new strategies and tactics that deter cyber attacks through the use of timely, effective countermeasures that place our attackers, the service providers, and their accomplices at risk.


Sun Tzu the Chinese general, military strategist, philosopher, and author of The Art of War, a widely influential work of military strategy, wrote: “Invincibility lies in the defense; the possibility of victory in the attack.”


The war on cybercrime will continue to march forward and the importance of defensive strategies to prevent cyber breaches will undoubtedly continue to evolve and remain an important element in that war. But, as in 5th century Chinese warfare, the possibility of victory against cyber attackers rests in the attack. Undoubtedly, the time has come to change the tide of battle against the legions of cyber criminals and state sponsored cyber attacks and we possess the talent and resources to accomplish this.


The larger question before us is whether we have the will and the determination to make it happen.