For decades military strategists have studied and refined what they call the “principles of war.” Drawn from the long history of armed conflict, these guidelines encapsulate the things that often lead to battlefield success. They are not immutable laws—bold commanders sometimes ignore them and get away with it. But they reflect the accumulated wisdom of warfighting, including things like concentrating combat power at the decisive place and time; the value of directing every military operation toward a clearly defined, decisive and attainable objective; and the need to seize, retain and exploit the initiative, among others. Every budding military planner and strategist learns them.
Yet while these principles apply to conventional warfighting, today the American military is grappling with a new form of conflict: cyberwar. As former U.S. government official Richard Clarke described it, cyberwar involves “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” Since two of America’s most important potential adversaries—China and Russia—have extensive cyberwar capabilities, mastering this rapidly changing and extraordinarily complex form of conflict is vital for U.S. national security. So having an agreed-upon set of cyberwar principles would be useful to guide policymakers and develop cyberwarriors.
Some military writers have attempted to apply the traditional principles of war to cyberwar, but it seems more useful to start with a blank sheet of paper to begin discussion and debate about what should constitute the principles of cyberwar. As a first cut, I propose the following five for consideration.