Throwing The Sun Tzu Baby Out With The InfoSec Bathwater

Throwing The Sun Tzu Baby Out With The InfoSec Bathwater
Throwing The Sun Tzu Baby Out With The InfoSec Bathwater 

By Jeffrey Carr
The Firewall
July 6, 2010

Steve Tornio and Brian Martin just published a 5,000 word rant [1] 
against anyone who dares utter the name Sun Tzu in connection with 
information security. According to Tornio and Martin, Sun Tzu - the 
principal strategic authority who's seminal work has served to guide 
China's military and civilian leadership for 2500 years, is "not 
relevant to modern day InfoSec" because "information security is not 
warfare (leaving aside actual warfare, of course".

That's a pretty huge stipulation considering that the People's Republic 
of China has been heavily invested in information technology R&D to 
revolutionize both its Armed Forces and its civilian infrastructure 
simultaneously for the past 20 years or so. The same is true for the 
Russian Federation (sans Sun Tzu, of course).

I'd love to hear either of these two gentlemen discuss where they make 
the distinction between InfoSec for the enterprise versus InfoSec as an 
"expression of warfare by other means" (to paraphrase Clausewitz) or 
their thoughts on the implications of China's recent reorganization of 
its defense and civilian funding for priority IT research through one 
agency, thus making it easier to persist the illusion of plausible 
deniability while further blurring the line between civilian and 
military technology.

Then we come to your assessment of Sun Tzu's advice regarding knowing 
your enemy:



Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit 

Site design & layout copyright © 1986-2014 CodeGods