Summary
Every battle is lost or won in the dark.
Not because the enemy is stronger – but because you can’t see them.
Generals call it the fog of war: the chaos, the half-truths, the missing signals that twist decisions. Cybersecurity faces the same fog: you can’t defend what you can’t see.To understand why visibility decides outcomes, look no further than where the idea began – the battlefields of the past.
What is ‘fog of war’?
To paraphrase Carl von Clausewitz (19th century Prussian general and military theorist): war is a mess.
Leaders act under pressure, half-blind, guessing through the smoke. That truth hasn’t changed for what today’s defenders face: hidden attackers, scattered signals, and visibility slipping away.
“War is the realm of uncertainty; three quarters of the factors on which action is based are wrapped in a fog of greater or lesser uncertainty.” — Carl von Clausewitz, On War [1]
Fog of war across history
Deception: The oldest weapon in the world
Sun Tzu said it centuries ago: all warfare is based on deception [2]. The core idea is simple: know your enemy. Stay unseen.
Every spy, every signal, every shadow play was built on that rule.
Technology promised clarity, but brought chaos
Each new tool claimed to clear the fog. Railroads, telegraphs, radios – each and every one extended command.
And every one added new failure points [3].
World War I proved it: more comms didn’t simplify war; it multiplied confusion. More reach, more weak spots to exploit.
Fake armies and phantom signals
Before D‑Day, the Allies ran Operation Fortitude. Inflatable tanks, fake radio and double agents. Fifteen German divisions waited for an attack that never came. The fog of war isn’t just not knowing – it’s also believing the wrong thing.
The Secret Weapon of Signals Intelligence
Breaking Enigma changed the game [5][6]. Churchill called Bletchley Park his ‘secret weapon’: it gave the Allies a window into German plans.
Intelligence didn’t erase risk, but it did speed up decisions – and that speed saves lives.
From knowing to doing
John Keegan, a British military historian, said intelligence only matters when you can act on it [7]. Alfred Price, an aviation historian, showed how radar worked in the Battle of Britian because it linked straight to fighter control [8]. At Pearl Harbor, the warnings were there – but scattered, unused.
Information without action keeps the fog in place.
Speed Over Perfection
Colonel John R. Boyd turned this into doctrine [9]. Teams that observe, orient, decide and act faster, force the enemy to react. That same OODA loop defines modern war, as well as cyber defense today.
Speed wins. Perfection loses.
The Parallel in Cybersecurity
Cyber defense is modern warfare. The battlefield moved, but the same laws apply: see first, move fast, strike precisely.
Visibility is the modern high ground
In war, whoever sees first, wins. In networks, visibility gives you that high ground. Unified sight across identity, endpoint, network and cloud removes blind spots [3].
Scouts and counter-recon
Your threat intel and hunts are scouts. Send them ahead to find where the enemy is, then run counter-recon: spot behavior early and cut it off. MITRE’s ATT&CK is your shared map – it keeps every team reading the same terrain.
Connect signals before you act
The Allies never relied on a single intercept [5][6]. Neither should you. Correlate identity, endpoint and network data. Look for behavior, not just indicators.
Intelligence only matters when it drives the right action [7].
Speed beats certainty
Tempo often decides outcomes. Pre-approve bold moves for known threats. Tie detections to automation so containment happens in minutes, not meetings. If your ‘Observe and Orient’ doesn’t lead to a faster ‘Decide and Act’, fix the loop [9][11].
Assume deception
Operation Fortitude shows that what you see can’t always be trusted [4]. In cyber that can mean fake logins, decoy processes or poisoned updates. Assume the enemy is shaping your view. Detection means nothing if deception wins first.
Instrument and measure visibility
Don’t just watch alerts – measure what you can actually see. Map every software update path, every identity federation, every third-party connection.
Know who can reach what, and track it like a battlefield metric: coverage of critical assets, mean time to visibility for new systems and the share of privileged actions tied to a person.
Those numbers tell you how much fog remains [10][1].
Key Takeaways
Fog of war is timeless. Clausewitz saw it first [1]; history keeps proving him right. Whether on land or in code, the fight is the same – uncertainty rules.
The mission isn’t to erase the fog. You can’t. But you can thin it.
Use intelligence to see. Use analysis to decide. Use speed to strike.
See first, decide fast and deny adversaries freedom to move.
[1] Clausewitz, Carl von. On War. Princeton: Princeton University Press, 1984.
[2] Sun Tzu. The Art of War. Oxford: Oxford University Press, 1971.
[3] Van Creveld, Martin. Command in War. Harvard University Press, 1985.
[4] Levine, Joshua. Operation Fortitude. London: Collins, 2011.
[5] Winterbotham, F. W. The Ultra Secret. London: Weidenfeld and Nicolson, 1974.
[6] Hinsley, F. H., and Alan Stripp, eds. Codebreakers. Oxford: Oxford University Press, 2001.
[7] Keegan, John. Intelligence in War. New York: Knopf, 2003.
[8] Price, Alfred. The Hardest Day: 18 August 1940. London: Arms and Armour Press, 1988.
[9] Boyd, John R. Discourse on Winning and Losing. Maxwell Air Force Base, 1987.
[10] Cybersecurity and Infrastructure Security Agency (CISA). “Alert (AA21‑008A): Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise.” January 8, 2021.
[11] Boyd, John R. “Patterns of Conflict.” U.S. Air Force, 1986.
