Cyberspace: From Asymmetric Warfare Arena to Tool of State

Originally published by CXO REvolutionaries.

Written by Sam Curry, VP & CISO, Zscaler.

"In the midst of chaos, there is also opportunity."
-Sun Tzu

We are living in a world where cyber capabilities are a de facto strategic asset for nations, an integral part of their policy, and a critical tool in asymmetric warfare. Nowhere is this more apparent than in China, where cyber operations have been an official state policy for years, serving as a potent vector for data-driven warfare.

In the early cyber development phases, these asymmetric capabilities allowed China to punch above their weight class with a unified strategy for military and civilian infrastructure and both People's Liberation Army (PLA) and “reservist” corps. This later migrated to being arms-length from the government, but is now a full-fledged state tool, becoming a 21st century full peer in combined arms theory with other conflict tools. Look no further than the Russia-Ukraine conflict to see evidence of what this looks like in conflict.

China's advancements in artificial intelligence and machine learning have further catalyzed this shift. Its early data theft, in addition to unprecedented amounts of data gathered on its domestic population, now amount to a treasure trove for LLMs and learning sets.

During and following the Obama years, we saw a change in the Chinese national strategy. Deep, talented hacking continuing, and a both an outflux of talent from the government and a change in the nature of private sector, commercial cybercrime from within the country. This had the effect of a reduction in quantity, but also the deep hacking continuing and ultimately growing in sophistication and volume over the years. This strategic move makes sense as a further extension of policy by other means, for an anachronistic application of Clausewitz.

These advancements, and potentially others in cryptanalysis, have laid the foundation for a new phase of cyber warfare, one where semi-private entities are just as instrumental a state apparatus as any formal PLA or ministerial department. This approach is neatly summarized by the acronym DIME: diplomatic, information warfare, military, and economic options. These are the tools of the modern state. And China, like any state, is hungry for “optionality” (yes that’s a real word which means to have options) in all four. It requires them as surely as people need air, water, food and shelter.

However, China's approach to DIME is nuanced and sophisticated. We see it in the Belt and Road Initiative (BRI), a diplomatic and economic strategy with geopolitical implications. It's visible in naval and military expansion in the South China Sea, and it has become increasingly apparent over the last 15 years in the cyber domain, which is now a fully mature and developed set of tools for much optionality, including as an arm of symmetric warfare. This was in the domain of science fiction with books like 2034: A Novel of the Next World War by Ackerman and Stavridis or the most recent The White Sun War by Mick Ryan, but the funny thing about sci-fi is that the “fiction” part falls off much faster than it used to. These books are not old, but they are really not fiction anymore.

However, every action triggers a reaction. As economic pressures mount, spurred by concerns of BRI's sovereign debt defaults, constrained access to resources, and an impending deglobalization, China may lean harder on other DIME elements. This is especially plausible if diplomatic channels falter or the world order struggles, as it is doing right now. The recent Volt Typhoon attack on U.S. critical infrastructure is indicative of this shift. This cyber onslaught isn't a surprise but a logical progression of China's strategy under mounting pressure, including slowing economic growth and both internal and geopolitical factors. As we constrict one end of the balloon, the air rushes to expand the other.

We must anticipate a broader adoption of such tactics by global powers. This is the new normal. Our collective response needs to be proactive, not reactive. This is where the "defend forward" strategy comes into play. Defending forward is not about launching attacks; it's about acknowledging the inevitability of cyber warfare and preparing for it. Assume it’s happening, prepare now, and go hunting. It involves understanding threat actors and their tools, conducting diligent research, and using intelligence with a bias for action. It necessitates cross-sector and international collaboration.

Above all, it calls for incorporating techniques like large-scale analytics, computational statistics, and large language models (LLMs) in our cybersecurity operations. Be it in blue teaming (defense), red teaming (offensive testing), or purple teaming (a blend of both), LLMs are likely to be an indispensable tool in our cyber arsenal. I would say that this is a wake up call, but it’s really one of many. My hope is that people decide now to really doing the zero trust – the vulnerability minimization, the strong authentication, the defense forward, and more.

We're on the precipice of a new era, where cyber warfare intersects with global politics and economic realities. It's an era where Sun Tzu's wisdom rings truer than ever. Amid the chaos of this shifting landscape, lies our opportunity to adapt, to anticipate, and, yes, to defend forward.