cyber tuesday logo smaller

The supreme art of war is to subdue the enemy without fighting.

– Sun Tzu

Sun Tzu, noted Chinese general and philosopher, is widely perceived as a master military strategist.  He is known for authoring The Art of War, a treatise on military strategy and tactics that has survived the test of time, having been written roughly 2,500 years ago. In recent times his philosophy for managing conflict has been embraced by such notables as Chinese communist leader Mao Tse-Tung and North Vietnam’s Ho Chi Minh. The U.S. military also educates its officers in Sun Tzu’s teachings, and his philosophy has become a popular topic among business leaders. Thus, it may be instructive to look at the US/China cybersecurity challenge through his eyes.

Chinese premier Xi Jinping is scheduled to travel to Washington to meet with the President next week.  In advance of his visit, there’s much written and said about Chinese hacking, and considerable speculation that the White House may adopt some economic sanctions against China. The White House has publicly stated that the President will raise the issue with the Chinese premier, and in a sign that China is taking the matter very seriously, Meng Jianzhu, secretary of the Central Political and Legal Affairs Commission of the Communist Party of China, came to Washington to participate in a series of high-level meetings to prepare the way for the premier’s visit, and in all likelihood to try to reduce the possibility that the issue could be embarrassing for Xi Jinping. In the aftermath of the visit, China’s state-run Xinhua News Agency reported that the U.S. and China had reached agreement on important cybersecurity concerns.

Regarding the expected sanctions, the Washington Post reported that an administration official said “ The expected sanctions move will send two signals…It sends a signal to Beijing that the administration is going to start fighting back on economic espionage, and it sends a signal to the private sector that we’re on your team. It tells China, enough is enough.”

Interestingly, the Administration seems to have accepted the argument made by Director of National Intelligence James Clapper that the attack on the Office of Personnel Management, which is widely believed to have been carried out by the Chinese, and which has spurred many calls for retaliation, should be seen as a legitimate form of government espionage.  This argument suggests that there is an evolving murky standard which permits some forms of hacking and should prohibit others. Unfortunately there is scant evidence that there is widespread accord among nations as to what that standard is and allows.

Subduing the enemy without fighting is a concept that has particular value during this period of escalating cyber warfare. How the United States rises to the conceptual challenge will have profound implications for our economic well-being in the coming decade. Next week we may get some insight about how this challenge will play out in the near term.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

September 15, 2015