Slashdot Mirror
Should the US Go Offensive In Cyberwarfare?
The NYTimes has a piece analyzing the policy discussions in the US around the question of what should be the proper stance towards offensive cyberwarfare. This is a question that the Bush administration wrestled with, before deciding that the outgoing president didn't have the political capital left to grapple with it. The article notes two instances in which President Bush approved the use of offensive cyberattacks; but these were exceptions, and the formation of a general policy was left to the Obama administration. "Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
Why? Just contract /b/ to do all the dirty work for you.
It could be the Blackwater of Online Warfare.
Those who believe the Internet is private,
find their privates are on the Internet.
What the US should do is stop connecting 'computers' to the Internet that can so easily be hijacked in phishing/malware/spam attacks.
Starting in 2002 we gave away our dominance in software technology to other nations. The policy of China was to subsidize tens of thousands of students studying in the computer sciences. In 2002 American companies subsidized this policy of China by shipping over American jobs so that Chinese students could gain the necessary and hard to obtain experience of working on real systems. American programming jobs were shipped to India, China, and Russia and subsidized these nations in their ability to build expertise in software technology.
Now very few American students are enrolled in the computer sciences departments of America to provide the expertize necessary for threats to American computer systems, while other nations have tens of thousands that can obtain all of the benefits of software technology. American students will not enroll in the computer sciences when the policy of America is simply to ship programming jobs overseas. Now many American systems are dependent upon offshore foreign programmers. There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.
The reality is that major American system may have already been compromised by bribes to offshore foreign workers to insert malicious code into the American systems where they have direct access. Hollywood movies show complex schemes and supposedly sophisticated attacks to access computer system when the reality is that you can simply walk in the front door with a bribe and have complete access. It is meaningless to protect these systems from attacks over the internet when they may already have been seriously compromised.
=Smidge=
Is it just my observation, or is eldavojohn an idiot?
If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
no.
"If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.
I can just imagine the streaming video of masked men slowly lowering a powered-up motherboard into water while yelling "why did you portscan us?"
The US military should comport itself online similar to how it handles the distinction between government and civilian targets in physical battles. That means the US military should regard all Chinese and Russian systems as open, hostile targets of opportunity the way that those governments treat everyone else. However, the US military should refuse to use its resources for the betterment of the US economy, unless that is something like stealing Russian jet designs and handing them quietly over to Lockheed or Northrop Grumman to analyze.
Let's stop kidding ourselves that these countries are only responding to us. There are plenty of people who foolishly believe that the Russians and Chinese are only engaging in an arms race to keep up with us because they're "afraid of us." Bull. Fucking. Shit. Like hell they're scared of us. The reason they're doing this is obvious to anyone who has studied their history. For centuries they've been imperialists and aggressors, and now a young country has finally kicked them to the curb. It's a pride issue, not a national security issue. The moment we accept that is the moment we'll finally come to grips with what we're really dealing with here.
Conflict always been part of our history. War will always be with us. The lunacy that leads people to believe in progress to negate that is the same lunacy that has lead to the economic mismanagement that resulted in the Great Depression, the millennial bubble and our current fiasco. Basic facts about war, foreign policy and economics will always be with us.
At least, not until provoked, and then only at resources demonstrably being used in actual operations against the US.
The reason is that we don't want politically motivated cybervandalism to be legitimized.
This is what I had against the whole neo-con "spread democracy" program. I'm all for spreading democracy, but it won't work unless you spread the values and institutions necessary to make democracy work. One of those is freedom of thought and expression. It makes no sense to promote democratic government in a country where you are conducting psyops campaigns and are complicit in or actually performing suppression of free speech.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
As a former fed IT staffer and military specialist, our policies were always to be proactive. Resting is never a good place to be when an attack hits. Obama (and the rest of our NATO nations) need to have their own cyber-warfare military units to respond to any potential threat. With our economies being tied closer and closer each year to the internet, its now along the same lines of our need for energy and needs to be guarded as such.
Besides, I would rather these units proactively dismantle bot-nets, spynets, and spam-nets to protect our infrastructure than to constantly force the private companies to deal with the criminal and 'not-so-criminal-china-warfare' tactics going on today.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
Seriously, if any military official takes more than two seconds to realize that it is clearly insane and has not learned one thing from our struggles in Iraq and Afghanistan. Alienating the populace of a nation like that has no benefit and is outright counterproductive. An attack on civilians like this works only in the context of strategic, conventional total war. We haven't fought a conventional war in 50 years. For any foreseeable conflict that U.S. could be involved in, it would be only sane to scrap the idea of attacking civilian infrastructure of any kind, information infrastructure included.
I got a catholic block.
Just because you don't read about it doesn't mean it doesn't exist.
You seriously think the country with the worlds largest and longest established sigint program doesn't use it for offensive purposes?
They will take a look at it as soon as they finish playing with their airplanes.
Nothing prepares you for war like lots of practice.
Todos mis movimientos están friamente calculados
Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.
I agree. And just like the atomic bomb, exactly two of these might ever be used in actual warfare.
Think it through:
1) North Korea kills several power plants with cyberweapons.
2) US kills North Korea with conventional weapons.
Sure, if you're Estonia or Georgia you may have problems. You don't have one of the most powerful military forces in the world at your disposal. But here in the US we have all sorts of muscle that we use against people that we feel are misbehaving.
In fact, I doubt highly that we would prevent such an attack were the enemy foolish enough to launch one.
Stop an excuse to go to war? This nation? I think not.
A related but more general question: When people talk of bits of infrastructure being connected or disconnected from the Internet, are they talking about the presence of direct, layer 3 connectivity (can I ping the airport's tracking systems?), any layer (if I hack the contracting company's intranet can I view aircraft positions through a series of proxies and application layers?) or actual electronic disconnection from the Internet (can you get only get in via getting your man on the inside the tweet the secrets from his cell)? Distributed infrastructural systems communicate Somehow...
This was about Arlen Specter.
We will lose that offensive.
We are the ones who come up with copy protections and it takes some kid in Scandanavia a few hours to crack it.
We will quickly be destroyed by the cyber armies of 13 year olds with 22 hours of sunlight and Mountain Dew in their grasp.
The price is always right if someone else is paying.
Retaliation against a real world country because one, a few or several of the attacking parties were doing the final/traceable connection from there could not be very fair, and could show how close is militar intelligence with absolute stupidity.
Even if could be attacks lauched by other countries government internet addresses, but how you separate government willing to do that attack from some individuals there just checking the waters without autorization?
What is worse, what were the biggest internet attacks till today in general? From Morris worm to Conficker, passing thru all the spam in the middle, all were done by individuals and groups not related with government. There was the cyberattack to Estonia (?) some years ago, that was done more by individuals than from a government.
With nuclear bombs at least you have them enclosed in silos, military security, isolated. You need a small army to try to get one if not get disabled before. But a clever kid could take for its own benefit (from turning it to you or launching a big attack at your name) your entire botnet from the safety of his home.
But i have to agree that the 1st cyberattack from America was a big success. Crippled most of the computers of the world, caused lots of damages to other countries and still is active doing its work. But still, you cant say for sure if was launched by the government or Microsoft Corporation.
As an American, I think I already am pretty offensive to most people on the Internet.
Moral questions aren't a luxury, unless you're playing a zero sum game. Most nations aren't, they're a necessity, if only out of self-interest. If a nation proves it's rabidly amoral, doesn't follow the rules of war that have developed over the past few hundred years, they also better hope they don't need allies.
Or did everyone already forget ECHELON? Or does it only count if you actively break into other systems, rather than only intercept everyone's personal, business and political Internet communications?
And it would really surprise me if they didn't break into other systems yet. It's not like they first asked for public approval for ECHELON before starting to set up and use it.
Donate free food here
Israel's policy, which America supports, is that firing a missile into a block of flats full of civilians is okay, if they think a terrorist is in the building. The attack is not aimed at the civilians, they just happen to be there. I'm sure the same mindset would apply in this case.
We did ALOT!
We gave craploads of money to teachers unions and then made high school easy to pass without learning anything so the teachers did't look to bad
We passed onerous environmental and labor laws encouraging companies to abandon the US.
We ran around and screamed and yelled that everyone should be coddled and no one should be fired.
We did alot. We are getting exactly what we paid for.
We have strong unions getting massive benefits at the cost of the consumer and the citizen. Because smartly, the businesses pass on the true costs of what we wanted right back to us. If you don't like what you got, then look at us. Not "Evil big business".
Why is it so hard to only have politicians for a few years, then have them go away?
Richard Clarke spoke at my campus about a month ago and addressed this question. His claim was that United States needs to put forth some doctrine of cyberwarfare deterrence for the same reasons it did with nuclear warfare. His argument was that because of how dependent on computers the world is, cyberwarfare, a relatively unknown beast, has the same potential for the mutually assured destruction that nuclear weapons are capable of.
For example if you read the Geneva Conventions, you find that various places are "off limits" for war. Hospitals and religious places would be the big ones. The rules say you need to take care not to attack them. However, there's a flip side to the rule: You also need to take care not to use them for military purposes. So if there's a church and it is used by people as a church, no problem, that church is off limits. However if an army decides to set up shop in there are use it as a base, it just became fair game.
This happened in WWII. The Nazi's took over a monastery since it had a good position for messing with shipping in the Mediterranean. They figured that the allies wouldn't bomb it, since it was a Christian religious structure, and as with many monasteries, it was designed rather like a fortress making an infantry assault impractical. Ya well, they were wrong on the not bombing account. the place was reduced to rubble. Not something that anyone really wanted to do, but it became a valid military target when it was being used to host attacks.
Now the situation in Palestine is obviously not identical, but it is similar. While a group of houses is manifestly a civilian setup and thus not a legitimate military target, it changes if those houses are used to house fighters, weapons and launch attacks.
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the telephone network?
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to radio receivers?
And so on.
You gotta communicate with 'em SOMEHOW. Are you proposing the banking system, the hospitals, and the military all SEPARATELY (and each individual organization within each group SEPARATELY as well) dig up the country and run their own private network? (And harden it against manhole-divers with bolt cutters while they're at it?)
"The Internet" and other networks sharing infrastructure (and potential vulnerabilities) is the current communication utility. It's time to stop wringing hands about how foolish it is to actually use it and join those working on how to do so safely and reliably.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Which, like it or not, is treated very differently. There is a tacit agreement among nations that spying isn't a cause for war. Many nations try to spy on each other and while the spys themselves have little to no protections, the spying itself doesn't result in major stir ups. Remember that not long ago Aldrich Ames, a CIA counter-intelligence officer, was convicted of spying for the Russians. While he went to prison for it, the US certainly didn't go to war with Russia, or for that matter even get mad and impose sanctions or the like. Heck for that matter Russia has even refused to release the identity of the bank account that has $2 million of money for Ames because they argue he rightfully earned it and it shouldn't be subject to seizure by the US.
It is just accepted as part of the game. Intelligence gathering is something all nations try to stop when it is against them, but they don't go and start wars over it. So if you want to start a cyber war with the US over their intelligence gathering, well then you might not like the result as that is a major change in the rules.
"We passed onerous environmental and labor laws encouraging companies to abandon the US."
Nonsense. We passed sensible environmental laws, which just about everybody in the developed world today finally recognizes are necessary. The developing countries have environmental policies that they know are not long-term viable, which they allow in the name of industrialization. But it is generally acknowledged that they are creating a global problem.
"We ran around and screamed and yelled that everyone should be coddled and no one should be fired."
Again, where do you get this "WE" shit? I, and most people I know, were against this trend.
"We did alot. We are getting exactly what we paid for."
No... if you are including yourself in that "WE", then I am paying for a lot of crap that YOU did. I am not and was not part of this "we"!!!
"We have strong unions getting massive benefits at the cost of the consumer and the citizen."
Since when? Are you stuck in the 70s? Name a union that hasn't suffered a lot in the last couple of decades. States have passed "right to work" laws, and most of the industries that were strongly unionized are sucking hind tit right now. Get with the times, man.
"If you don't like what you got, then look at us. Not "Evil big business"."
Nope. I made my point and I'm sticking by it. I was not part of this "we". Nor were most people I know. Union reps, maybe. CEOs, maybe. Not me. Not my friends. And I wrote my congresscritters to express my displeasure at laws that contributed to the problem. So once again... there is no "we". You, maybe.
"The American economy pressured them to do it. They reduced costs for goods sold to American consumers*, because their consumers demanded it, and they returned increased profits to their (primarily) American investors."
That's not "the American economy". That's corporate greed. The economy per se did not change, but corporate policies (and the laws governing them) did. QED. "The problem with free trade is that its benefits are disparate and hard to quantify (e.g. an extra 0.5% on GDP annually, slightly lower inflation), while its downsides are specific and easy to see (a closed factory)."
Nonsense. The overall benefits and downsides are fairly easy to measure: how is our economy doing? (I am not referring to the financial markets here.) Trade deficits continued and increased; costs of goods (lumber, for just one obvious example) affected by "free trade" actually increased, which means inflation actually increased; lost jobs were not adequately compensated for by equivalent cash inflow; intangible costs (global pollution, etc.) has increased, which adds to our cost, and so on. While individual effects may be hard to measure, it is easy to see that the "free trade" agreements have had an overall adverse effect on our economy.
None of this was necessary. U.S. corporations were doing just fine, in general, before the outsourcing and "free trade" began. As evidence of this, keep in mind that if the corporations had not been doing relatively well, they would not have been big enough to take their manufacturing elsewhere, anyway!
There are always some troubles; this is not a perfect world. But "free trade" was one of the biggest economic debacles of the century, and (as I described in another post above), "we" did not cause it.
We did ALOT! (sic)
WHO gave "craploads" to teachers unions? Those vastly over paid teachers? Or are you claiming some secret back door from the government because THAT would be worth a laugh. The people we do know got a crap load of money were the banks, investment companies, etc., who have spent the last 20 years sending their back office operations, research departments, telemarketing and customer service offshore.
You scream about letting the market work but when it does, you don't like it. You complain about taxes, pay the teachers dirt and wonder why you didn't get wonderful results. Oh, wait! You have "studies" showing that increased school budgets don't bring better results. Amazing, just amazing how that argument is never used against CEOs and investment bankers. Boo hoo, if we don't pay them enough the best and brightest will run off to Dubai!
You blame some poor schnook doing their best for 35k/yr because they can't compensate for the sins of parents who pass on to their kids the attitude that the "piece of paper" is the only important thing. Or a society that wholly devalues and is embarrassed by academic achievement. Or the array of ipods, text messaging, facebook, and other trivialities that mommy and daddy buy for their precious offspring and allow them use without consequence.
You set up and continue a dysfunctional system of local schools supported largely by community property taxes so that the difference between going to a public high school in Bethesda, MD and Washington, DC is comparable to going to school at Choate Academy and a village in Angola. And then you bemoan 50% drop out rates and the that 2/3rds of school children can't find their state on a map.
Yeah, blame it on the teachers unions. That's really where the problem is.
We passed onerous environmental and labor laws encouraging companies to abandon the US.
Right those nasty workers and their unions again. Imagine them wanting to work in places with basic safety measures and living in communities that aren't poisoned by their employers. Because, oddly enough, it NEVER seems to be the CEO's house that sits atop the toxic waste dump.
We have strong unions getting massive benefits at the cost of the consumer and the citizen.
Oh Lordy, do I EVER know what you mean! Who would have thought that 7% of the private sector that belongs to unions could cause SUCH problems. My god, they show up in doctor's offices now! You just can't get reservations at Spago anymore. And skiing at Vale, well don't get me started!
Leave the gun, take the cannolis.
WWII destroyed the British Empire, ruined all of Eastern Europe, and devastated Japan. You want to fight another one like that? Are you nuts? I suppose that telling Americans that war is not a good idea is a waste of effort: They never had to fight a real war on their soil. But let's agree for the sake of argument that killing people because they live somewhere is wrong. Let's agree that raping people is wrong. Let's agree that starving people is wrong. If you don't want to fight a war under those rules, you probably shouldn't start one. Furthermore water and electricity are most certainly not military targets, nor are ports or factories not related to military industries.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
that's what russia and china do
there is no need to encourage them, merely track them and get out of the way of any of their initiatives. and when the shit hits the fan and another government complains, the government can play dumb: it really wasn't their doing, there's no financing or chain of command. the only crime is one of omission: watching someone do something wrong and not stopping them. the nationalist partisans steer clear of their own nation's computers out of fealty (perhaps protecting them too), they obediently report to the government any stupendous finds (nuclear plant blueprints, warfare plans, etc.) simply for the renown, and in times of great duress, are predisposed to fall under the umbrella of government control. all at the same time, they are complete free of cost, and of the highest technical proficiency and motivation. their motivation is simply passion
this is already happening, for years. before 9/11 there was the hainan island incident:
http://en.wikipedia.org/wiki/Hainan_Island_incident
this spy plane bump and crash brought american partisans and chinese partisans at full war online. how do i know this? because one of my windows boxen in new york at the time got hacked. its front page was replaced with the chinese flag and the text "fuck poisonbox! hacked by chinese". i traced the attacking ip to a technical college near beijing. who is poisonbox? i researched it: he was an american partisan hacker(s) laying waste to various chinese servers at the time
i found an article about the proceedings still online from that era:
http://attrition.org/security/commentary/cn-us-war.html
there is no debate here, it's already happening, done by partisan hackers, in loose affiliation with their governments and the government's turning a blind eye to the hijinks
someone out there, perhaps reading this comment, has the makings of a great book or movie, with years of hardcore cyberwarfare already under their belt. they could be in any number of countries where ultranationalism rages (turkey, greece, israel, pakistan, india, etc.)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
It's a spambotand scareware downloader.
Best Slashdot Co