Rethinking CTI – Terms of War

The core terms and ideas of classical Chinese thought, as noted in the previous articles, give us the context of understanding for how the Chinese understood the world and their role in it. Understanding these concepts allows us to move further; away from general ideas and onto the crucial terminology for understanding The Art of War – and thus the applied benefits it brings to the InfoSec/CTI field.

Zhi (知) is knowledge, or rather realization. Whereas the Western philosophical “objective” knowledge of the thing known is suspended in a vacuum, zhi encompasses the relational nature of the subject and object of “realization,” and adds the element of “realizing” an action as a result.

In the Chinese model, “knowing” is a communal discourse; it is a combination of rhetoric and action, of saying and doing. To “know” the enemy, then, is to acquire a functional understanding of his particular circumstances while remaining sufficiently indeterminate so that he cannot gain an equal advantage, and to then authenticate this differential in battle. [1]

Realizing an action through its realization (zhi), also introduces a point of application for what it means to know something. The practical difference can be summed up as: “The enlightened ruler works with facts and discards useless theories.”[2] The actionable understanding of a situation is the practical form of knowing; it requires the ability to recognize and manipulate the full sum of circumstances to create a desired future. This emphasis on the utility of knowledge becomes a core principle in later war theories, as well as InfoSec/CTI environments, as “knowing the enemy” takes on the meaning of “knowing how to act with regards to the enemy and all relevant circumstances.”

Shi (势) is the central idea within the military manuals of classical China, and especially The Art of War. Ames notes that it is the means of “distinguishing the skillful manipulation of circumstances from brute force, and military wisdom from mere physical prowess.”[3] Shi represents a strategic advantage though the manipulation of circumstances, and stands in opposition to mere brute force. As with other terms, it is relational, encompassing both sides of the conflict and embodying the tension of the deadly contest as forces vie for the leverage needed to prevail over their opponents.

Shi is both the shape and the momentum that the encounter assumes – the tide of battle. It is the purchase and the leverage that gives troops the will to join the battle and to win it… A failure to cultivate shi will surely give the upper hand to the enemy… Shi is not a given; it must be created and carefully cultivated.[4]

In this sense, shi is related to shan (good), in its ‘utilization of potential in a given circumstance to bring about the most favorable outcome.’ Shi is heavily dependent on zhi (knowledge/realization) for the information it leverages into actionable strategy. However, it must be remembered that this knowledge encompasses not only the enemy, but all relevant information – including knowing yourself, knowing your resources and abilities, the terrain, conditions, timing, etc. As with the earlier issue of the TSA and underwear bombs, security measures after the fact do not give us a strategic advantage – in fact, they may give us a decisive disadvantage by focusing our efforts in the wrong place.

For our purposes, CTI is zhi, and provides the information security professionals with actionable information, which InfoSec is supposed to turn into shi, and thus provide meaningful and effective security.

Quansheng (全胜) is the supreme goal of war: the “complete victory.” Quansheng is not the result of the annihilation of the enemy; rather, it is a victory without the need for war. “It is to have one’s way in the situation, while at the same time, avoiding loss.”[5] This attitude is reflective of the classical Chinese pursuit of harmony and integration of the enemy, rather than their destruction. Where war inevitably leads to loss of life and destruction of property, and thus weakens the state, the ability to win – with no need for war and no losses – is the pinnacle of excellent (shan) strategy and utilization of circumstance.

Quansheng may seem like an unattainable goal, militarily or by InfoSec. While we will return to this idea in later articles, we can still point to the principle as an ideal to be sought, and note several examples of this principle working – where the use of zhi and shi have allowed military leaders to simply “win” without ever firing a shot. The humorous story of Chuko Liang serves to demonstrate. For InfoSec, working from a defensive perspective, quansheng is the ability to shut down attack before it can get started – akin to catching and patching a zero-day vulnerability before a hack can happen – and announcing the patch publicly – thus negating even the attempt at an attack.

These three concepts work in concert, to create both a system and its ideal function. Zhi provides actionable intelligence, which shi leverages to strategic advantage, and ideally results in quansheng – where victory is attained without harm. As we shall see in The Art of War, these concepts are the basis on which a successful approach to war, or rather InfoSec/CTI, is built.

In the next section, we will explore the ideas of effective security by several influential classical thinkers – including Xunzi and Han Feizi.


[1] Ames, Roger T., and Lau D.C. Introduction. In Sun Bin: The Art of Warfare. Albany: SUNY Press, 2003. Pg. 53.

[2] Han, Fei Tzu. Han Fei Tzu: Basic Writings. Translated by Burton Watson. New York: Columbia University Press, 1996. Pg. 128.

[3] Ames, Roger T., and Lau D.C. Introduction. In Sun Bin: The Art of Warfare. Pg. 47.

[4] . Ibid. Pg. 63

[5] Ibid. Pg. 83

1 thought on “Rethinking CTI – Terms of War”

Comments are closed.