Rethinking CTI – Actionable Classical Terminology

The terminology we’ll introduce here functions as the critical set of ideas that arise from the previously noted dao and interrelated nature of Chinese language. These ideas are important for us, because they help us to understand and follow the overarching concepts later on. The Chinese characters are included for disambiguation.

He (和) is perhaps the most important of all pertinent terminology, and means ‘harmony.’ More than that, it represents the center of a complex web of relations, a center that all other encompassed elements are related to, and one that establishes the appropriate attitudes, positions, relations, and meanings of these relations. This web extends from each individual alike, and on that scale represents the narrowest scope of relations. On a greater level, the family becomes the center that contains a number of such individuals; then the community containing a number of families; then the region containing the communities; all the way to the Emperor, who is at the center of the broadest scope of this network, and to whom relate all things and relations within the land. When this complex web is in good order, all things lie in their proper place. If any peripheral segment of the web is out of order, it can be repaired or replaced. However, if the center of this web is twisted, the whole web becomes tangled.

 [A]t the core of the Classical Chinese world view is the cultivation of harmony – a specifically “center-seeking” or “centripetal” harmony. This harmony begins from what is most concrete and immediate – that is from the perspective of any particular human being – and draws from the outside in towards its center.[1]

A good visual for this concept is a simple spider-web.

For InfoSec purposes, he gives us applied version of what the dao explains theoretically. Just as with the web, every strand is related to every other strand – every problem, solution, concept, defensive and offensive measure, system, etc. should all be understood as part of a single continuum – not as independent and unrelated variables to be manipulated independently.

Li (礼) is commonly translated as “’ritual,’ ‘rites,’ ‘customs,’ etc. Unlike the modern idea of ritual, often representing hollow social conventions, the Chinese notion is closely intertwined with what it means to be human. Ritual is the, “social grammar that provides each member with a defined place and status within the family, community, and polity,”[2] where “achieving harmony (he) is the most valuable function of observing ritual propriety (li).”[3]

This “social grammar” has any number of expressions in the modern world: corporate hierarchy, InfoSec teams, hacker collectives, etc. What is crucial for our examination, is that li creates a series of protocols, which determine behavior, and occur in the context of the larger picture. We often imagine such protocols to be somewhat arbitrary, and thus fail to grasp them fully – meaning that we fail to understand the world from the perspective of others – which creates a great deal of problems.

Yi, (义) is best understood as meaning “right,” “duty,” moral,” and “morality.”[4] However, because of the English moral connotations of such terms, the term is better understood as “appropriateness.”[5] Yi is closely related to Li, in that the appropriate behavior is informed by ritual propriety and the ritual is understood by its propriety.

People act in a way that they perceive to be “best.” By understanding why an action is chosen as “best,” we get a glimpse into the mind of individuals and organizations. This kind of glimpse can give us a lot of information about hacking targets and methods – we would not expect Greenpeace hacktivists to attack other conservation groups, for example.

De (德) is a type of virtue or power, related to the particular circumstances and potential, not absolute morality. It is doing the best with what one has, encompassing both what one has and what one does with it. It also refers to “moral potency,” as an exemplary embodiment of following the dao.[6] Confucianism emphasizes the ruler as a moral exemplar whose actions reflect the dao, and inspires others to emulate his example – thus guiding all to the dao. “Governing with excellence (de) can be compared to being the North Star: The North Star dwells in its place, and the multitude of stars pay it tribute.”[7]

De functions as a way of creating a role-model for others. In InfoSec settings, this may be the type of security we want to emulate, the kind of leadership we want to achieve, etc. For hackers, especially hacktivists, the same role-model idea is what inspires new people to join the cause, or hack for glory, or hack for money. The success and growth of organizations is often based on the exemplary embodiment of success by others.[8] The key, again, is the big picture understanding of how these individuals and groups understand li – in terms of what actions are morally desirable, and what options within that field are the best (yi).

Shan (善) is commonly understood as “good.” However, it lacks the Western moral absolutist connotations. Instead, it means the full utilization of one’s potential in given circumstances. It may perhaps best be understood through its antonym è (恶), meaning ‘evil,’ or rather the failure to utilize potential and thus base, and ugly. Thus, a burned dinner is ‘evil’ because all the ingredients necessary for a good meal were present, and were wasted; a broken family is ‘evil,’ because it had the potential to be a supportive structure for all its members. Conversely, a good meal and harmonious family are ‘good’ in the sense that they reflect the full utilization of what is at hand.

This apparently moral terminology is not at all moral in the Western sense. Instead, it is all about the best option in context. Taking your whole system off-line in response to a DDoS attack is subpar, and would be considered “evil.” Taking your whole system off-line in response to Stuxnet, to keep the entire facility from going Chernobyl, is an excellent move. Context makes all the difference. The best use of resources also depends on our goal – if we’re trying to cook dinner, but make excellent dog food instead, the result is “evil” because our actions did not lead towards our goal.

We can combine this terminology into a single concept. Shan actions are the “best” option by being the most “appropriate” (yi). We know what is “appropriate” by understanding “ritual propriety” (li). By doing all three, we become exemplars – de, and thus become role-models and a major part of the harmonious picture – he. All this is possible only when we act in a way that considers the context and relations of all things – dao.

The picture of a simple spider-web was useful for getting the general idea across, but the reality on the ground is usually much messier, and looks something like this:

To drive home the point of context and inter-relatedness, consider the following: In the web, there are individual strands, cross-sections, anchors, etc. but all these elements are relational. On their own, the individual strands have no meaning. But, if we consider definitions as relational (instead of individual), then every strand and point of the web has clear meaning in relation to the whole.

It would be silly to try to define the order, relations, and values of any one individual strand of the web, without reference to the rest of the structure. But, by understanding the whole structure first (in general terms), we immediately gain the knowledge of the various individual parts, and how they should be – based on the concept of the web, its purpose, etc. In this way, the dao provides the understanding of the whole structure first, which then allows all other concepts to be derived as individual strands of the dao.

In the next article, we’ll consider a few terms from the classical Chinese war theory.


[1] Roger T. Ames. “Preface.” In “Sun-tzu: The Art of Warfare.” In The Book of War. Edited by Caleb Carr, 9-69. New York: Modern Library, 2000. Pg. 45.

[2] Ames, Roger T., and Henry Rosemont. “Introduction.” In The Analects of Confucius. Pg. 51.

[3] Confucius. The Analects of Confucius: A Philosophical Translation. Translated by Roger T. Ames and Henry Rosemont. New York: Ballantine Books, 1999. Pg. 74.

[4] Ames, Roger T., and Henry Rosemont. “Introduction.” In The Analects of Confucius. Pg. 53.

[5] Ibid. 54

[6] Ames, Roger T., and Tzu Huai-nan. The Art of Rulership: A Study in Ancient Chinese Political Thought. Honolulu: University of Hawaii Press, 1983. Pg. 2.

[7] Confucius. The Analects Pg. 76.

[8] This principle is also found in terrorist recruitment propaganda – where a success of an operation is taken up as a way to demonstrate excellence and inspire emulation. The same can be said of copycat criminals; only the successful criminals get emulated by others.