By Dr Warren Doudle, Edith Cowan University
Throughout history we see examples of cunning tacticians and daring commanders who have used unconventional warfare to out-manoeuvre larger, better-equipped forces. The use of deception, the exploitation of the environment, psychological manipulation, and striking at weak points in an adversary’s defences have often turned the tide against seemingly impossible odds.
While technology, tools, tactics, and the protection of terrain have evolved, the foundations of these strategies remain consistent. Now in the 21st century, we can see these historical tactics recreated within cyber warfare. These strategies taken from the past have found new life in a digital world of hackers, firewalls, and zero-day exploits.
What can the battles of the past teach us about defending against modern cyber threats? To understand this, we can just look at some of history’s most inventive military manoeuvres and see how they parallel today’s cyber domain. SunTzu’s Art of War from the 5th century states “All warfare is based on deception.” This is a timeless principle that rings true today.
Luring the Enemy In
In a legendary battle dating back to 612 AD, on the Korean Peninsula, the defending army led by general Mundeok was vastly outnumbered by the Sui Dynasty’s army from China. Facing an overwhelming adversary, the general recognised that conventional warfare would lead to defeat due to the significant disparity in numbers, so he adopted a strategy of deception and attrition.
They engaged the Sui forces in minor skirmishes, faking retreats to lure them deeper into unfamiliar territory. This tactic thinned the Sui supply lines and exhausted their troops over the challenging terrain drawing them into the Salsu River.
The general then manipulated the river’s flow drowning the advancing force. By feigning retreat and carefully managing terrain, he tricked a much larger army into his trap, releasing a torrent of water at precisely the right moment. This example highlights how deception and environmental manipulation can cripple even the mightiest force.
In modern cybersecurity, defenders will deploy digital versions of this tactic. Using honeypots which are servers or applications deliberately designed to appear vulnerable in order to entice attackers to waste time and resources probing.
In the same way General Mundeok studied his opponent’s before springing the trap, cyber defenders watch, learn, and adapt their defences based on how attackers interact with these carefully baited systems. The time that is gained while hackers are probing a honeypot gives the security team time to understand their methods and strengthen real defences.
Funnelling the Enemy and Network Chokepoints
In 1297, Scottish rebels led by William Wallace and Andrew Moray won a stunning victory at the battle of Stirling Bridge by luring the English army onto a narrow bridge. The English, vastly outnumbering them and better equipped, were neutralised by terrain that favoured the defenders. With no ability to manoeuvre or reinforce the leading edge of the battle, the English were overwhelmed by an enemy they would have easily beaten on open ground.
This tactic has been replicated throughout history with other examples such as Germen tribes at the start of the century against the Roman Army using the forest paths to great affect wiping out over 25,000 legionaries to more recently Kokoda in Papua New Guinea where a vastly outnumbered Australian force used the terrain and narrow passage to delay and defeat a larger Japanese force.
The lesson we can gain from these examples is the power of using a chokepoint. In cyberspace, these chokeholds exist in the form of key network nodes, the points where data funnels through a single pipeline. By closely monitoring these bottlenecks, the cybersecurity professionals can spot and potential suspicious activity, catching intrusions early, and prevent any malicious traffic from spreading.
Wallace’s army proved that controlling the battlefield’s narrow passages can turn the enemy’s reliance on strength in numbers into weakness. Modern cyberspace defenders find that controlling digital chokepoints is just as critical.
Exploiting Unsecured Routes
In the 17th century, Dutch naval forces dealt a severe blow to English pride by sailing up the River Medway and catching the English fleet off-guard. The English never expected the enemy to come straight through what they wrongly assumed was a secure, controlled route.
The Dutch attack showed they were an innovative enemy with strong attention to detail they used extensive reconnaissance to discover a pathway which was overlooked.
Modern cyber attackers operate with the same mindset. They look for unguarded ports, outdated software, neglected IoT devices, or weak links in the supply chain. Any unsecured channel can serve as a direct line into critical systems.
Much like the Dutch navigating the Medway, hackers will find your weakest spot if you’re not vigilant. Strong cybersecurity means never assuming all approaches are covered. It demands constant vigilance, timely patching, network segmentation, and an awareness that attackers will take the path of least resistance to strike at your core assets.
Chaotic Distractions
In 1914, at the Battle of Tanga on the East African front, German forces facing a larger British-Indian invasion found a strange ally a swarm of angry bees. Anticipating the British landing, the German Commander Von Lettow-Vorbeck prepared his outnumbered forces by utilising the dense jungles and knowledge of the local terrain to his advantage.
As the British Indian troops advanced, the German forces orchestrated a series of ambushes including disturbing bee hives in dense vegetation. The African honeybees, known for their aggressive behaviour when provoked, swarmed the advancing soldiers, causing chaos and panic among the ranks. By disturbing beehives and provoking these natural attackers, the Germans sowed panic and confusion with the resulting chaos giving outnumbered defenders precious time and space to launch counterattacks.
Cyber attackers can create similar chaos through Distributed Denial-of-Service (DDoS) attacks. These assaults flood systems with meaningless traffic, distracting defenders and buying hackers time to slip through gaps elsewhere. Just as the panicked soldiers swatting at insects couldn’t focus on the real enemy, security teams scrambling to contain a massive DDoS attack may overlook a subtle intrusion on a different front. Recognising this tactic helps defenders stay calm, maintain broad visibility, and keep an eye on critical areas even amid a distracting crisis.
The Element of Surprise
In 1942, the British considered Singapore nearly impregnable. They fortified its coast heavily, believing any attack would come from the sea. Instead, the Japanese stunned the defenders by advancing overland through dense jungle terrain the British deemed impassable.
This unorthodox approach using bicycles in great numbers and small tracks through the jungle enabled the Japanese forces to hit the defences at the weakest point and well ahead of the projected time catching the British defences off guard.
In cybersecurity, this corresponds to zero-day vulnerabilities and unconventional attack vectors. Hackers exploit flaws that defenders never saw coming, turning supposedly secure systems into easy marks. The key lesson is to never to grow complacent because you never know what you can be hit with and when.
Constant scanning, threat intelligence, and penetration testing can keep defenders prepared for the unexpected. As shown a fortress can be stormed from the “wrong” direction quickly, so discovering new vulnerabilities is inevitable and what matters most is how quickly and effectively you can adapt.
Masters of Illusion
During World War II, the Allies fielded an entire unit dedicated to misinformation called the “Ghost Army.” Using inflatable tanks, elaborate soundscapes, and fake radio transmissions, they convinced the Germans that large Allied forces were gathering where none actually were. This ruse diverted enemy attention causing the redeployment of assets which helped protect the genuine troop movements. This was not the first time this was used in war with General Magruder successfully deceiving General McClellan’s force during the Peninsula campaign during the American Civil war in 1862 buying the South much needed time to consolidate and build defences.
Today, this art of illusion still thrives in the cyber world with high-tech deception tools helping defenders mislead adversaries. The use of fake systems filled with bogus data, false file structures, and misleading breadcrumbs guide hackers into digital dead-ends. By the time attackers realise they’ve been played, defenders have learned their methods and bolstered real systems.
Like the Ghost Army’s and Magruder’s clever subterfuge, cyber deception forces attackers to question every piece of information, sapping their confidence and slowing their progress.
Cultural and Psychological Vulnerabilities
Historically, some attacks targeted not just physical weaknesses but cultural or psychological ones. At the Battle of Pelusium in 525 BCE, one tale describes how the invading force of Persians drove cats and other animals in front of their advancing troops during the battle.
When faced with the prospect of harming these sacred creatures, the Egyptian soldiers hesitated to engage fully in combat. Understanding your opponent’s beliefs or biases can be as potent as any weapon if used correctly on the battlefield.
Cyber attackers also use psychology against their targets. Phishing emails appeal to curiosity, trust, greed, or fear thus luring victims into clicking malicious links or revealing passwords. Social engineering exploits human nature rather than code and defenders must recognise that people, not just machines, are the frontline. Regular training, clear policies, and an ingrained culture of healthy scepticism which is present in most IT staff can thwart even the most artful psychological ploys.
Guerrilla Tactics in a Digital World
From ancient rebellions to modern insurgencies, guerrilla warfare has always used stealth, surprise, and evasion to allow a small highly motivated group to cause a disproportionate effect on the battle space.
Smaller forces strike quickly, avoid prolonged battles, and disappear before the enemy can respond. When people think of unconventional warfare, they immediately think of GW. Cyber attackers can mirror these tactics by conducting hit-and-run operations, they find a vulnerability, exploit it to steal data or plant malware, and vanish before anyone notices.
To counter this, defenders need rapid detection capabilities. The faster a breach is identified; the less damage is done. Incident response teams, threat hunting, and continuous monitoring tools are today’s answer to a guerrilla fighter. Just as a commander must know the terrain as well as the enemy, security teams must understand the digital environment intimately and maintain agility in their defence strategies.
Overwhelming Defences
The Battle of Isandlwana, fought on January 22, 1879, during the Anglo-Zulu War demonstrates how coordinated multi-pronged assaults can bewilder a technologically superior enemy. Despite the British possessing advanced weaponry, the Zulu forces encircled their target using the “horns of the buffalo” formation, a traditional encirclement manoeuvre designed to envelop and overwhelm the enemy, overwhelming the opponent’s defences from multiple angles at once. This resulted in the more modern Army being defeated with spears and a loss of over 1300 men.
Modern attackers do the same by combining phishing, malware, ransomware, and zero-days to bypass defences. If one method fails, another may slip through. This forced complexity means security can’t rely on a single tool or tactic. It demands a layered, defence-in-depth approach, making it far harder for attackers to find that one unguarded door.
What do all these examples from ancient river ambushes to phony tank divisions have in common. They show that human conflict, at its core, relies on creativity, adaptability, and understanding the opponent. Today’s cyber warriors may never set foot on a physical battlefield, yet they are at war with a determined adversary. They will need to engage in the same kind of strategic thinking as generals of old.
Books by SunTzu, Musashi’s Book of Five Rings, and the more modern works by Stanley McChrystal and David Kilcullen should be as prevalent on bookshelves as cybersecurity publications. As technologies evolve and attackers get smarter, defenders must keep learning from the past, these lessons are essential for building resilient cyber defences.
In the end, unconventional warfare whether waged with swords and spears or keyboards and code demonstrate that ingenuity and bold action knows no era.
