Slashdot Mirror
US Cybersecurity Plan Includes Offense
z4ns4stu writes "Shane Harris of the National Journal describes how the US government plans to use, and has successfully used, cyber-warfare to disrupt the communications of insurgents in Iraq. 'In a 2008 article in Armed Forces Journal, Col. Charles Williamson III, a legal adviser for the Air Force Intelligence, Surveillance, and Reconnaissance Agency, proposed building a military "botnet," an army of centrally controlled computers to launch coordinated attacks on other machines. Williamson echoed a widely held concern among military officials that other nations are building up their cyber-forces more quickly. "America has no credible deterrent, and our adversaries prove it every day by attacking everywhere," he wrote. ... Responding to critics who say that by building up its own offensive power, the United States risks starting a new arms race, Williamson said, "We are in one, and we are losing."'"
Who needs a botnet when you have a labotomized group of internet hooligans who only need a target worth harassing?
Well, why wouldn't it include an offense? If someone is putting videos of nutjobs cutting the heads off of people, we damn well ought to be able to take their servers down.
Hoist Number One and Number Six.
This makes complete sense to me. History is replete with examples of leaders who did not learn to exploit new technology, new fields of battle, and paid the price for it. Expanding your capabilities to use and defend against attacks in information technology is just an extension of the principle of finding a bigger stick.
Scientists point out problems, engineers fix them
altslashdot.org: The future of slashdot.
"America has no credible deterrent, and our adversaries prove it every day by attacking everywhere,"
Well that's just it you can't build a razor wire wall and laugh as people cut themselves trying to get through it. It seems to me the first mistake to be made is to treat a digital front as if it was a front in an actual war. All you're doing it guarding secrets most often, or sometimes vital services. Best way to protect them is physical separation from civilian networks. I know my friend who does communication translation for the military works on a network where they mirror a hand full of sites (wiki among them) every week and host them in house simply because having the network connected to the internet at large is just to risky.
To me, this is reminiscent of our arms race with the Soviet Union. Military officials were convinced that the Soviets were always one step ahead of them the entire time, even though the only time they got to a technology before us was the launch of Sputnik, which wasn't really a military achievement anyway (we were all decades behind spy satellites or something like SDI). If they didn't think the Soviets were building something better than what we had (which would have been supported by their intelligence gathering) they never stopped using that argument to support large standing armies and rapid technological arms buildup.
And when the USSR collapsed, we learned that the entire time they had been at least two steps behind us.
My opinion is that our infrastructure is in such disrepair that if hostile powers had the capability of cyperterrorism, they would have to practice extreme restraint not to use it to put the entire nation in a blackout for a month. If that means they're waiting for a combined-arms assault, then offense is not going to help us when our "military botnet" doesn't have any electricity to run on.
The recent scare about cyberterrorism causing blackouts in Brazil, only to find that those blackouts were more likely due to natural causes in a poorly maintained electrical grid, supports my point.
I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
I have friends working for the Navy who are taking > 6 months just to order a fscking desktop computer.
I doubt the DoD is capable of pulling this off.
so how does the average citizen "prepare" for this cyber warfare? just get the latest OS patches or sumthin?
A job for Bill Gates, smartest man in the world. Only he can catch Osama Bin Laden and keep the world safe for democracy. Isn't this all sounding like the story line to a bad movie?
From TFA
Bush's authorization of "information warfare," a broad term that encompasses computerized attacks, has been previously reported by National Journal and other publications. But the details of specific operations that specially trained digital warriors waged through cyberspace aren't widely known, nor has the turnaround in the Iraq ground war been directly attributed to the cyber campaign. The reason that cyber techniques weren't used earlier may have to do with the military's long-held fear that such warfare can quickly spiral out of control. Indeed, in the months before the U.S. invasion of Iraq in March 2003, military planners considered a computerized attack to disable the networks that controlled Iraq's banking system, but they backed off when they realized that those networks were global and connected to banks in France.
In traditional warfare, going after your enemy was easy. Your leader tells you where to go, and you go there. One loads up on supplies, munition, and guns. In the face of cyberwarfare, however, things get messy. A lone soldier with a laptop can cross be anywhere in the world causing problems. Hell, he could be sitting in your very country's back yard and you might not even have a clue. Or, in TFA's case, the splash damage ends up screwing up critical, tangentially connected systems.
Sucks to be the military division that has to track, attack, and manage the diplomatic border issues regarding hackers during times of war.
"America has no credible deterrent, and our adversaries prove it every day by attacking everywhere,"
And who's to blame for that?
The goverment allowed hundreds of thousands of IT jobs to be shipped overseas, we no longer have the labor resources to secure our domestic infrastructure. The government allowed private businesses to copyright and patent everything, there's no further incentive for innovation from the private sector in this country. We wind up spending what limited resources are available for R&D reinventing the wheel constantly. Because we've handed so much control over to multinational authorities like ICANN, we no longer can impliment policy decisions. Where is IPv6? We're facing a resource shortage, but not only that, IPv6 provides for much wider deployment of encryption, and yet here we are dragging our feet. Why is that?
If this were any kind of a priority, I think we'd see the government making an honest and sincere effort to fix some of these problems. But they aren't. Which tells me that cybersecurity "problems" are a paper tiger. There won't be any changes until a few thousand people die from a "cyber-terror" attack. Our government has always been reactive in nature -- preferring to procrastinate and delay until after the bomb explodes, and then swoop in to justify its relevance and 35% tax rates.
#fuckbeta #iamslashdot #dicemustdie
...proposed building a military "botnet," an army of centrally controlled computers to launch coordinated attacks on other machines.
Dear Terrorist:
I am a Jihadist in Nigeria with $10 million and if I put it into a bank, those infidel Americans will freeze it. If you send me $5,000 to open an account in the Cayman Islands, I will put you in for half!
Or the other one:
Dear Terrorist:
Do want a LARGER penis? With a LARGER penis, you'll be more of a man and be able to take out those infidel Americans! Buy V1@gr4 from us! We will make you BIGGER and STRONGER! Allah be praised!
or:
Make BIG MONEY selling AK-47s from home! Make even more with IEDs!
Kill Americans!
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
I love when commments get modded down simply for expressing an opinion the moderator doesn't like.
Did you guys really expect no offensive strategies? I think nerds on this site need to get real about the real world.
In ten or twenty years USA won't be a country worthy of attacking
You must be too young to remember - that was a popular 70s meme, with the US being the new Roman Empire on its way to an accelerated collapse.
Don't count the US out until you can count 10. Maybe the reason for its endurance is that the US is really never just one nation of one people.
;-)
:-P
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
Mr President, we must not allow a script-kiddie gap!
A military botnet? No problem; just throw all the federally owned computers in to another one, I'm sure Conficker doesn't mind sharing...
There is only so much you can do on the defensive. The US has been fairly defensive in protecting the IT infrastructure of our society and our government networks. As everyone knows, you can only keep someone out for so long before they finally figure out how to get through. The best way to keep your networks protected is by eliminating the threat. The old adage "a good defense is a great offense" holds true till this day.
That line of thinking may piss off the peacenicks and the neo-marxists, but anyone who has ever had to deal with a chronic problem of coming under attack from foreign entities with no recourse, knows that the available solutions are just as bad as the problem (having back bone providers hobble foreign ISP's access results in reduced commerce). The internet is the modern "ocean" of the colonial period. Pirates like to hide in lawless (or hostile to the target) regions for protection. I dont think these internet pirates should be provided any different protection than the pirates of the Caribbean.
20th century Marxism is not progress...
No country would start a war with the USA. Not now or in twenty years. Just look at the USA's "defense" budget compared to the rest of the world _total_.
They're like "that survivalist guy with a whole basement full of guns, ammo, grenades and a rocket launcher or two". It'll be suicide to go up to his house with a BB gun and shoot at it.
If anyone wants to hurt the USA they'd have to do it more sneakily - so there's no obvious target for their nukes, cruise missiles, bombers etc.
Same goes for this "cyberwarfare" thing. A massive concerted attack from your country against the USA will just get you bombed.
The US media likes to make noise about China/<bogeyman of the day> launching cyberattacks on US servers. The fact is, if the Chinese Gov was really involved, the US Gov will just call the Chinese ambassador in, and say: "Hey stop that now". But really which government is going to do that? If my government wanted to start a war with the USA - cyber or otherwise, a real act of patriotism would be to shoot the idiot leader(s) who came up with that idea.
The attacks are mainly from a bunch of script kiddies or criminals. If the US Gov is really serious about reducing the attacks they should just go follow the money/control channels, and jail the people responsible if they're in the USA (won't surprise me if many are actually from the USA- after all Sanford Wallace is in the USA, and the BlueHippo thing was in the USA ).
This is all very ironic, as I mention here:
http://listcultures.org/pipermail/p2presearch_listcultures.org/2009-November/005991.html
So, the US military, once again, in a tremendous burst of irony, is developing ways to create artificial scarcity on the network of abundance. And they are justifying this to have new ways to further harm the people upset about being harmed by the illegal and immoral US invasion of Iraq.
"Illegal, Immoral Invasion of Iraq to Carve up the Middle East"
http://www.mediamonitors.net/abdullahvawda16.html
So, one illegal and immoral act begets another. One artificial scarcity begets another. One arms race, fueled by war profits, begets another.
http://www.lexrex.com/enlightened/articles/warisaracket.htm
How do we resolve this seemingly intractable problem?
Mutual security?
http://www.beyondintractability.org/audio/morton_deutsch/?nid=2430
Intrinsic security?
http://en.wikipedia.org/wiki/Brittle_Power
Humor? :-)
http://www.humorproject.com/doses/default.php?number=1
Jacque Fresco comments on some of this, as far as the problems of way being profitable, as I note here:
http://groups.google.com/group/openmanufacturing/msg/3b7889054e4b4317
So, after the US military gets all these shiny new cyberweapons, who are they going to use them against next? Who will be the next people labeled "insurgents"? Or goaded into it by suffering from other military-enforced artificial scarcities?
Anyway, people ask me why I don't just post to a blog, and prefer to use email, and that's part of it. All web archives and other websites may be taken out once that "arms race" really gets going and military doctrinal TINA rules: "There is no alternative (but to destroy everything)".
Generally, a core theme of what I write is the irony of post-scarcity technology like computers and robots or nuclear power in the hands of people still thinking in terms of scarcity, like fighting over products or oil instead of producing products with robots and producing energy with nuclear power or solar power made using advanced materials. Example:
http://listcultures.org/pipermail/p2presearch_listcultures.org/2009-November/005929.html
http://listcultures.org/pipermail/p2presearch_listcultures.org/2009-November/005498.html
As I mention in that last one, for an example of post-scarcity thinking, I think our taxes would go *down* if as I proposed here, everyone in the USA who wanted one was given a "free" safer luxury electric car:
"Why luxury safer electric cars should be free-to-the-user"
http://groups.google.com/group/openmanufacturing/msg/09eb7f4c973349f2?hl=en
Basically, defense costs, pollution mediation costs, and medical costs would all go down enormously, thus lowering taxes.
More ironically, it turns out, it takes more electricity to make a gallon of gas than for an electric car to go the same distance, according to this:
http://www.evnut.com/gasoline_oil.htm
"So I can get 24 miles in my ICE on a gallon of gasoline, or I can get 41 miles (at 300wh/mile) in my RAV4EV just using the energy to refine that g
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Shouldn't this be in the "no-shit-sherlock" department?
Do you have ESP?
http://www.theregister.co.uk/2003/03/10/one_printer_one_virus_one/
Hoax or incredible cover-up?
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
Another ironic example is the post by chance directly before this one, entitled: "Perfectly Logical"
http://tech.slashdot.org/comments.pl?sid=1443966&cid=30098058
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Don't count the US out until you can count 10. Maybe the reason for its endurance is that the US is really never just one nation of one people.
Discussions of exceptionalism aside, you must find the term "homeland" (as in "Homeland Security") as inappropriate (even funny) as I do.
...US military should rob foreign banks, too?
Contrary to the popular belief, there indeed is no God.
Discussions of exceptionalism aside, you must find the term "homeland" (as in "Homeland Security") as inappropriate (even funny) as I do.
I fucking hate it and it's nothing short of the modern equivalent of Der Fatherland.
I'd find it funny but for the clodhopping jerks in the our country (the US) that somehow _relate_ to it.
I blame the religious right.
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
Isn't this fairly similar to how that short-story got started? The major governments of the world start building up their computers for war, only for each system to eventually link itself to the others and become an emergent A.I.? Granted, the computers in the story were for running real-world warfare, not cyber-attacks, but still...
how about "cease your cyberattacks or we unplug your country from the internet"
Tsunami -- You can't bring a good wave down!
It's "das Vaterland".
Just saying.
Thanks, but I translated that into fake-German-in-old-WWII-movie-speak, in hopes that any homeland-lovers reading that would wake up. ;)
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
We get paid by every single big criminal out there.
We have decades of experience.
We are the best in the world.
We wish you goood luck! ^^
Greetz,
Your Russian hacker community.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
This has cropped up on slashdot before. Can't find the article, but it was more hand-wringing about the vulnerabilities of the American network infrastructure to enemy attack.
Granted, the nature of the Internet is to provide information access from any point in the world, and because of that it can be so easily exploited, commandeered, or broken. But I believe if the $hit ever hit the fan and the Tubes were threatened, those of us who hack and build and kludge the Code would come to its defense. Hundreds of thousands strong, I would wager a citizen-soldier army of l33t coders could well defend this country from its script-kiddie foreign enemies.
All your botz are belong to us.
The fact is, if the Chinese Gov was really involved, the US Gov will just call the Chinese ambassador in, and say: "Hey stop that now".
And then he could reply: "no, and stop bothering us or we'll just start devaluating your currency so much, you're gonna be ruined".
You were speaking about the huge size of the US defence budget, yet it won't help much if most of your equivalently huge debt is owned by a foreign country.
set up trap banks / have a way to take cash back so if they take ours down we can stop them for makeing it big time off of that.
Yeah, it's probably not going to be pretty when China starts calling in its markers and pushes the US. the the breaking point (either a domestic or international one).
"nothing comes close", etc Uh huh
http://news.bbc.co.uk/2/hi/middle_east/4794829.stm
http://www.globalsecurity.org/military/world/russia/at-14.htm
Tanks are the new battleships, mostly obsolete when being used against any medium equipped adversary on up. Good for intimidating natives carrying rifles, once they have access to anything better, tanks are just multi million dollar targets
It might be a wee bit early to go claiming endurance.
The US has been a superpower for less than 60 years, and has existed for less than 250 years.
The Roman Empire, which you mentioned, and most of history's other great civilizations, were around for rather longer.
http://rutube.ru/tracks/1262945.html?v=0a1269577834d4909cf8402da05d89eb
there goes your abrams, merkava, chieftain, whatever
Seriously? You really think it's a wee bit early to attack the idea that the US will be of no consequence within two decades?
The Roman Empire, as I mentioned it, was in comparison to our stated decline and decadence in the 70s.
I never said - nor even got in the neighbor of saying - or predicting - how long the US would endure. All I said was that I question less than 20.
If you're gonna snipe, pick words, concepts or sentiments that I actually express as a target.
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
"proposed building a military "botnet," an army of centrally controlled computers to launch coordinated attacks"
wait no obligatory skynet tag?
No need for the hair trigger there. I was _agreeing_ that this near jingoistic reverence that all things western are superior can be negated with obvious examples of Russian tech. That's all, nothing more. And for that matter, Soyuz is still bringing them up and getting them down. And AKs are still functioning when M-4s jam up.
When I saw "offense" I envisioned a couple crackers in Eastern Europe getting a drone launched Hellfire missile up the rear. Oh well.
No country would start a war with the USA. Not now or in twenty years. Just look at the USA's "defense" budget compared to the rest of the world _total_..
Um, wake up we are at war on several fronts.
We have organized entities trying to kill us. ( perhaps not overly effective to date, but that isnt the point )
We have organized countries trying to crush our economy.
How do YOU define war?
---- Booth was a patriot ----
What about what PLA leaders have published in regards to Information Warfare and ("Informationized Warfare")?
A good starting point is Unrestricted Warfare. See: http://en.wikipedia.org/wiki/Unrestricted_Warfare for links to a PDF version.
--
"This is another type of war, new in its intensity, ancient in its origins—war by guerrillas, subversives, insurgents, assassins; war by ambush instead of by combat; by infiltration, instead of aggression, seeking victory by eroding and exhausting the enemy instead of engaging him. It requires in those situations where we must counter it a whole new kind of strategy, a wholly different kind of force, and therefore a new and wholly different kind of military training."
John F. Kennedy
USMA Graduation Speech, 1962
If you haven't noticed, during that period of time the US *HAS* followed in the steps of the Roman Republic. Not precisely in lock-step, but close. I hope that there's enough play that we escape the horrendous Marius vs. Sulla civil war, but the democracy of the country has declined severely during this period. The presidency has become more imperial. The orders of the president are less subject to question. Etc.
OTOH, now that the US has defeated it's last major enemy (Russia....for some reason China doesn't count. Probably because they defeated us financially without our even noticing it. They own so much US debt they could sink us totally if they ever wanted to take the hit. But they probably won't. I did say there was a lot of play in the model.) the country seems to be collapsing. It's not for lack of military spending, either. We waste more money on the military than most countries spend. (I don't count all military spending as waste. But lots of it is.)
There are differences. E.g., the computer games that are our substitute for the arena, don't actually injure anyone. And they encourage a level of direct participation rather than mere voyeurism. If we go to virtual reality, this level of engagement will increase. But that isn't what killed the Roman Republic. The excesses of the arena happened mainly after the transition to the Empire, though they'd certainly been building up during the later days of the Republic.
What we have is the decay of the power of the common people, and the concentration of power into the hands of a few aristocrats. One of the basic tools of that in the US is the division of political parties into two, and an election system that practically guarantees that the winner will be one of those two. That means that anyone sufficiently wealthy can purchase the loyalty of BOTH candidates before the election. Since there are only two real contenders, it's not even a gamble. And the bribery laws have sufficient loopholes that anyone who is knowledgeable can bid for the vote of an office-holder. It's dangerous for the inexperienced, though. This serves to concentrate power in those who are wealthy enough to buy both sides, and, after them, the politicians and, after them, those with enough money and skills to "convince" the office-holder.
This has long been a problem, but it's become much worse since the 70's. And one of the vehicles of this was a decision by the FCC that networks weren't required to offer equal time to all candidates.
It's possible that the net could reform this, but my bet would be that the laws are instead somehow changed to provide more benefit to those currently in office. And to maintain the expense of campaigning.
It's quite possible that there won't be any dramatic assassination followed by a usurpation as was involved in the shift from the Roman Republic to the Empire, but that didn't really change anything. That merely consolidated changes that either had already happened or were already well in motion. (Note that at first the Imperial mantel was not hereditary, an Augustus initially had to share power with two other co-rulers.)
We've come a long way towards the transition in a shorter period than I had expected. We certainly did it a lot faster than the Romans did. But the signs of the collapse are writ large for those to see who can.
OTOH, the Imperial period of Rome wasn't a bad period for those who stayed out of politics. (Well, and weren't enemies of Rome.) The politics got a lot bloodier, but the lot of the common folk didn't become much worse until quite a bit later.
However, it's worth noting that the Imperial period of Rome was considerably shorter than the Republic was. And it wasn't invaders that destroyed Rome, they merely delivered the final coup, it was internal dissension. Various powerful groups fighting against each other without regard for law or custom striving for ultimate power. If you don't see the roots of that in the here-and-now, you're being willfully blind.
I think we've pushed this "anyone can grow up to be president" thing too far.
That's not what I said. I said, and I quote, "It might be a wee bit early to go claiming endurance." You said, and again, I quote, "Maybe the reason for its endurance is that the US is really never just one nation of one people."
The US is far too young to have shown much "endurance" and certainly too young to need explanations like because it "is really never just one nation of one people."
If the US makes it, in recognizable form, to the magic thousand years that all the big empires seem to aim for, THEN you can start looking for the something special that the US has and all the others lacked.
You don't have a clue what you are talking about. China would only hurt themselves if they tried to start dumping their US treasury holdings, and of course since they peg the yuan to the dollar they would kill their exports. In any case the US is already devaluing the dollar tacitly.
And the US defense budget would have no affect on the strength of the dollar. That is just rubbish.
Please take some time to read up on current events before spouting off your uninformed nonsense.
Hmm... Let's think about this.... at the following addresses we have openly discussed articles about Chinese, or potentially Chinese government linked hacking, cracking, etc.
http://www.nytimes.com/2007/12/09/us/nationalspecial3/09hack.html
http://www.chinaherald.net/2009/08/patriotic-hacking-of-australian.html
http://www.thedarkvisitor.com/category/china-russia-links/
http://www.secureworks.com/research/blog/index.php/2009/01/04/chinese-hackers-talk-hacking/
We also have folks noting significant vulnerabilities in Chinese systems.
http://news.bbc.co.uk/2/hi/technology/8094026.stm
Finally, and probably most importantly the USAF and others discuss US intent to pursue cyberwarfare using elements of airborne ISR.
http://www.aviationweek.com:80/aw/generic/story_generic.jsp?channel=awst&id=news/02145p04.xml&headline=Pictures%20Give%20Insights%20Into%20Stealth%20Projects
http://www.nytimes.com/cfr/world/slot1_20080227.html
http://gentleseas.blogspot.com/2007/10/suter-jamming-our-good-guys.html
http://defense-update.com/features/2008/may08/suter_v.htm
I'd observe that although the Col mentioned in the root article indicates that we are in a war (and we probably are). He probably underestimates the work the US has done, or is doing. Probably for good reasons. Although there is a need for rather creative, smart, potentially even otherwise anarchistic folks, there are some common things which can be done without deploying these very "precious" and scarce resources as uniformed troops.
One other aspect of the discussion is the typical conspiracy theorist nutcases (including with less negativity the ACLU, EFF, EPIC, etc.) who feel that just because some entity of the federal government can use something against a US citizen in some constitutionally prohibited way, that they will. (The Big Brother Syndrome)
Energy Parity. It stands true now.
They already have both CNA (computer network attack) and CND-AR (computer net defense, attack response). Have for ages.
> yet it won't help much if most of your equivalently huge debt is owned by a foreign country.
Yes, the US Gov owes trillions to other countries BUT that debt is payable in US dollars.
There's a big difference between the US Gov owing somebody lots of US dollars, and you owing somebody lots of US dollars.
You can't legally create US dollars or have your left hand lend your right hand US dollars out of thin air.
The US Gov can. They can create US dolalrs, or lend themselves US dollars.
If the US dollars get devalued, it does not hurt the US Gov as much as it hurts China or other countries that are holding net positive amounts of US dollars, or are owed lots of US dollars. The USA is not like Zimbabwe. Hardly anyone outside of Zimbabwe holds Zimbabwe currency or is owed large amounts of Zimbabwe currency.
Imagine if somebody owes you lots of US dollars, and they are suddenly worth a lot less and can no longer even buy you a loaf of bread. Who does that hurt more? You or the person who owes you?
And the real scenario is that person who owes you money can actually print US dollars too.
So guess who is the one really in deeper shit. It should be obvious that China will want the "show" to go on.