Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon Says Cyberattacks Can Count As Act of War

Posted by Soulskill on from the now-we-can-invade-anybody dept.

suraj.sun tips news that the Pentagon has decided computer sabotage originating from another country can be classified as an act of war. "The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to US nuclear reactors, subways or pipelines as a hostile country's military." This news comes only days after the Chinese military admitted the existence of a team of cyberwarriors. "The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the US can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military."

40 of 282 comments (clear)

  1. so what? by Anonymous Coward · · Score: 2, Insightful

    anything is an excuse to go to war. since when did they need to specify?

    1. Re:so what? by dkleinsc · · Score: 2

      They don't need to specify a reason, but coming up with BS excuses is a nice boost to civilian morale. It's a prestigious line of work with a long and glorious history: Remember the Maine!

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    2. Re:so what? by Tr3vin · · Score: 2, Funny

      Because teenager with LOIC doing DDoS == enemy combatant. GITMO will soon be filled to capacity with chan-tards perhaps?

      And those prisoners thought water-boarding was bad...

  2. treason, too. by petes_PoV · · Score: 5, Interesting

    If attacking an american military installation via the internet is deemed an act of war, then surely exposing it on such a vulnerable network in the first place must count as treason. I mean, who would knowingly place such a valuable (and apparently, easily accessed) facility that's so vital to the defence of the country, in such danger of attack in the first place?

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    1. Re:treason, too. by c6gunner · · Score: 4, Insightful

      If dropping a nuke on the Pentagon is deemed an act of war, then surely placing it in such a vulnerable location in the first place must count as treason. I mean, who would knowingly place such a valuable (and apparently, easily accessed) facility that's so vital to the defence of the country, in such danger of attack in the first place?

    2. Re:treason, too. by bipedalhominid · · Score: 2

      Slaver stasis field, wow. Been awhile on that reference. I was gonna just call you a troll for using the slavery word till I remembered Ring World and the Man Kzinti Wars. Went something like this, de-acceleration we don need no stinking de-acceleration. Accelerate all the way there, turn on the stasis field and let the General Products hull take the hit. Might turn a considerable part of the land side into heat but, WTH we got there quick.

      --
      This aint Daytona and you aint Dale Earnhardt. So stop trying to draft on Interstate 40.
  3. What's the difference? by Errol+backfiring · · Score: 4, Insightful

    The USA fights anything with military force. Be it international justice, drugs, terrorists or whatever.

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:What's the difference? by drinkypoo · · Score: 2

      The USA fights anything with military force.

      Especially shortages of pork.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Stuxnet worm by Anonymous Coward · · Score: 2, Insightful

    Things that America does don't count though, right?

  5. Not a new question by N1AK · · Score: 4, Insightful

    The internet hasn't changed the fact that if someone doesn't want to be tied to an 'attack' they can make it hard to tell it was them, or even look like it was someone else.

    Chinese hackers using systems located in Russia to hack NSA assets is just as hard to 'prove' as China launching a Russian made ICBM from a submarine disguised as Russian in a location the Russians would likely use etc. Unless the person who attacks you basically tells you they did it to your face (and even then potentially) you're making a judgement as to what happened based on evidence.

    1. Re:Not a new question by mlts · · Score: 2

      Bingo. I have seen many companies with hacked computers used as launching points for attacks.

      If someone coming from a .pk host launched an attack that blew out a bunch of transformers in India, how can one prove that it was someone from the ISI who did it, or a compromised host, and the real culprit is some kid in a basement who wants to see India and Pakistan exchange nukes? There is no certain way to tell.

  6. Call me... by symes · · Score: 3, Insightful

    Call me daft, by all means, but for some reason I am incredulous that critical systems should be vulnerable to cyber attack. It just feels like something went very wrong at the design stage to allow this to happen. But then I'm not a developer...

  7. The United States by bill_mcgonigle · · Score: 4, Insightful

    Continually at War with some group, product, or idea since 1941.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  8. USA & Israel is in war against Iran? by ad454 · · Score: 4, Insightful

    The USA & Israel jointly developed the Stuxnet worm and launched it against the Iranian nuclear facilities:

              http://en.wikipedia.org/wiki/Stuxnet

    In the first documented and well-confirmed act of cyber-warfare, does this mean that both the USA and Israel have declared war against Iran, and that Iran would be in its rights to strike back at targets in both countries and kill people there?

    Gee, this is all we need, yet another war on top of Afghanistan, Iraq, and Libya.

    1. Re:USA & Israel is in war against Iran? by c6gunner · · Score: 2

      In the first documented and well-confirmed act of cyber-warfare, does this mean that both the USA and Israel have declared war against Iran, and that Iran would be in its rights to strike back at targets in both countries and kill people there?

      There's no such things as "rights" when we're talking about nations. They can do whatever the hell they want, and so can any other nation. The prudent ones tend not to act in a way that'll get them anhilliated.

    2. Re:USA & Israel is in war against Iran? by slimjim8094 · · Score: 2

      Well, yes that probably should've been considered an act of war. It did as much damage as a few dozen bombs would've and I'm sure they wouldn't have liked that.

      Having said that, it's hard to prove - the point in TFS - and they're not stupid enough to fight the US unless they have to.

      I was just saying this the other day - cyberattacks can be as damaging as tactical bomb raids (generally without human casualties though). If a nasty targeted worm got into the C&C systems? Definitely an act of war by its creator, though I'd be more worried about the fact that they weren't hardened.

      It's a question of scale, though. Where do you draw the line? If the Russians flew in and blew up a useless bit of our forest, we'd fight back - but mostly because they invaded our airspace with military planes, not so much the damage done. But do you consider a cyberattack a foreign military invasion, or do you concern yourself only with the damage attempted/done? If somebody gets a worm onto the Dept. of Agriculture's secretaries' machines, I find it hard to believe we'd go to war.

      It's distressingly rare nowadays, but people are still capable of judgement. I cautiously trust the government to make appropriate judgement calls on this.

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
    3. Re:USA & Israel is in war against Iran? by c6gunner · · Score: 3, Insightful

      I think many people would disagree.

      I think many people are retarded. So what?

      If the US decides to invade Canada tomorrow for no reason whatsoever, who's going to stop them? What do you imagine the international community will do?

      Even in the case of Iraq, the UN didn't want to do anything except write strongly worded letters. If you think international laws are actually enforcable, you're a fool.

    4. Re:USA & Israel is in war against Iran? by wiredog · · Score: 2

      It hasn't been proven that the US and Iran created Stuxnet... Provenance is a problem the article you didn't read points out.

      --

      Best Slashdot Co
    5. Re:USA & Israel is in war against Iran? by argStyopa · · Score: 4, Insightful

      1) I'm not sure that you can assert "Wikipedia" as sufficient casus belli. "Some guy somewhere (we're not sure who) said you attacked us, this means war!"

      2) There are two levels to the article's question, both of which are directly relevant:
      - first, there's the question of 'what's worth war?' - a question that has been asked from the beginning of time, and for which there is no hard and fast answer, because it depends entirely on the context. The fact is that all countries leave this line vague, as a deterrent to any opponent ever coming close. Is shooting down another country's plane an act of war? What if they were flying close to your borders spying on you? How about axe-murdering some of your soldiers? (http://en.wikipedia.org/wiki/Axe_murder_incident). None of these led to war, but can you imagine the repercussions if the US stated categorically that such actions posed no risk of war?
      - second, there is a significant risk of disinformation in real life, probably an order of magnitude greater in cyberops. The burning of the Reichstag is the first example that comes to mind, but history is littered with cat's paw, false flag, or other disinformation operations meant to convince one state that another is attacking it. If the Stuxnet virus contained comment code in Yiddish, or even "Copyright 2004(c) Israel Cyberwarfare Unit", many, many gullible people would take that as proof-positive that "the jews did it!", even though a sensible person would be dubious that the real culprit would be quite so stupid (unless, of course, it's a double-blind, but you can go a long way down that hallway if your tinfoil hat is planted firmly enough).

      My point is that it's clear that a cyber attack could be an act of war. Stating so is only marginally useful as a way to give yourself some diplomatic flexibility if you detect such an attack. "Insisting on more clarity" is at a minimum silly, unreasonable, and wholly misunderstands the context of why such statements are made. At worst, it's just another disingenuous political attack.

      --
      -Styopa
    6. Re:USA & Israel is in war against Iran? by c6gunner · · Score: 2

      Tell that to Serbia. International law is enforced, just against the "lesser" countries, not against the US or Israel.

      What happened to Serbia over Kosovo was a travesty; it had nothing to do with international law. It's no wonder that such bullying tactics aren't used against the US or Israel - they only work against nations which can't effectively defend themselves.

      What happened in the Balkans in the early 90's was a peacekeeping mission - it also had little to do with international law. Similar peacekeeping missions were attempted between Israel and various neighboring states in the past, and were generally just as ineffective.

  9. Terrorist vs. Act of War by SeeSp0tRun · · Score: 2

    So if a citizen of China, Russia, or Zimbabwe originates a successful (or even mildly irritating) attack against the US government, they will see it as an act of war?
    I didn't read TFA, but looks like them terrists can spark a war by simply hacking via *name your country here* proxy.

    Let's say that isn't even the case, does the Pentagon think that an international cyber attack is going to just come from an address registered to chinacyberwardivision.cn?

    This seems shaky at best to declare war on phantoms... then again it falls right in line with the last decade.

    --
    Something witty.
    1. Re:Terrorist vs. Act of War by SeeSp0tRun · · Score: 2

      I never thought of it as being akin to the Balkan Powder Keg...
      I hope the Black Hand doesn't have computers!

      --
      Something witty.
  10. So can raids by SEAL Teams by whoda · · Score: 2

    What about SEAL Team 6 invading Pakistan?

    1. Re:So can raids by SEAL Teams by bsDaemon · · Score: 3, Informative

      Clearly, you don't get how double standards work.

    2. Re:So can raids by SEAL Teams by ad454 · · Score: 3, Insightful

      What about SEAL Team 6 invading Pakistan?

      Personally I think that any country that hides and shelters a terrorist that kills thousands and thousands of the civilians would be considered an act of war. Pakistan should consider itself lucky that its only got a small slap on the wrist by the USA navy seals.

    3. Re:So can raids by SEAL Teams by mldi · · Score: 2

      America shelters george w who sent more americans to their death than osama did. if an iraqi strike force came in and struck bush, burial at sea, and all, would anyone have a right to say peep?

      Nobody forced anybody to sign up for any branch of the military. They were all consenting adults that knew full well of what they might be getting themselves into. As much as you might not like George W., it's petty and ignorant to compare him to the leader of the largest terrorist organization ever in known history.

      --
      If you aren't suspicious of your government's actions, you aren't doing your job as a responsible citizen.
    4. Re:So can raids by SEAL Teams by Anonymous Coward · · Score: 2, Interesting

      JSOC and Pakistan have a kind of rules of engagement that if the US knows of an high level terrorist in Pakistan they can "invade" but it must be ABSOLUTELY certain of the address. Address, not street or vicinity, but address. In the agreement Pakistan would disavow any knowledge. This agreement has been in place for a number of years.

      The source is below but can be found in numerous places on the web.

      Source: http://bit.ly/kC9G7q (pages 166 & 167)

  11. Rumors on both Internets by tepples · · Score: 3, Informative

    The military has its own private network for the real important stuff.

    Hence the comment in 2004 by then President Bush about "rumors on the internets that we're going to have a draft". He was referring to the public Internet, the Armed Forces internet, and any organization using an internet on 10.*.

  12. Simple plan by bjourne · · Score: 2

    Step 1: Declare computer attacks an act of war Step 2: Claim any entity you don't like is "hacking" you Step 3: Since "hacking" is all technical mumbo jumbo it doesnt matter if you can't prove shit. The president would never lie, would he? Step 4: Bomb the shit out of whoever the bad guys de jour are. Step 5: Shitloads of profit for the military industry, not so much for those who are footing the bill.

    --
    Football Odds
    1. Re:Simple plan by thijsh · · Score: 3, Insightful

      Better yet, the first time some incredible fuck-up happens that causes widespread damage and/or death and its even remotely related to computers (like anything nowadays) it can be declared an act of war by any entity. If something like the three mile island incident would happen today they would probably blame Iran or 'the terrorists'.

  13. So the west has officially declared war... by Jabrwock · · Score: 2

    on Iran? Stuxnet was a deliberate attack on Iran's nuclear infrastructure.

    --
    Magic doesn't work in my presence. My power of disbelief is too strong.
  14. How on Earth... by diewlasing · · Score: 4, Insightful

    ...can a foreign power do damage to "nuclear reactors, subways or pipelines" via a cyber attack? Seriously, I want to know, this is not a rhetorical question. Are their computer systems connected to an outside network or is there a someone on the inside (a la Stuxnet)?

    1. Re:How on Earth... by Anonymous Coward · · Score: 5, Informative

      1) It is all on the internet
      2) SCADA systems, which are the control systems for everything from AC ducts to coolant pump controls on nuclear reactors, have major security vulnerabilities and they are plugged directly into the network via ethernet or wireless
      3) These systems were designed and implemented by the lowest bidder

      That's how.

      This goes for pretty much every current control system in every power plant, water treatment plant, nuclear reactor, spill way, switching station, airport, train, medical center, etc...

  15. Defense contractors? by wfstanle · · Score: 3, Interesting

    The real problem is defense contractors that have all sorts of classified material on their computers. We could spent billions on defense related R&D and some third rate country might get that data and even might destroy our copy of the data while they are at it. Or even better, put a hidden bug in the design that will cause us grief when we try to use it in battle. (Of course, it could remain inactive until it is activated by an enemy.)

    1. Re:Defense contractors? by losfromla · · Score: 2

      not very likely, although since computers are actually made in china, a timed virus in one of those might be a problem.

      --
      Only I can judge you.
  16. The real crime is within... by geekmux · · Score: 2

    ...our Military itself, and the fact that they repeatedly fail computer security audits year after year. Perhaps conversely it should be considered an act of Treason to perpetuate the lack of security around our critical systems, and hold those accountable who are refusing to spend the money to resolve the issues.

    Yeah, I know I'm not the popular guy here asking the Government to actually spend MORE money, but some things need blatant and obvious attention, and allowing our country to go to war because their Windows 98 systems got hacked isn't the answer. I promise that any re-work of computer systems will be cheaper than any war we're pushed (or choose) to engage in. We've pretty much proven than beyond any doubt with the last decade worth of war on terror.

  17. killer drones on way to Anonymous homes right now by peter303 · · Score: 2

    And you thought you knew what your kids were doing in their bedrooms at night.

  18. An example of US sponsored terrorist by Anonymous Coward · · Score: 3, Interesting

    Personally I think that any country that hides and shelters a terrorist that kills thousands and thousands of the civilians would be considered an act of war. Pakistan should consider itself lucky that its only got a small slap on the wrist by the USA navy seals.

    You mean like this guy? This is a guy as bad as Osama, but he just happens to cooperate with the CIA and with "US interests". There are 100s of deaths directly linked to him including bombing of a passenger airliner.

    http://en.wikipedia.org/wiki/Luis_Posada_Carriles

    So is this a little inconvenient truth? Or do you stick with your assertions?

  19. Old News, But Raises An Important Subject by jjp9999 · · Score: 2

    This is interesting, but the premise of the story is old news. There were reports on this when the White House report came out came close to two weeks ago. Some relevant quotes: Countries “have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace ... When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country." http://joshuaphilipp.com/2011/05/us-faces-a-long-road-in-implementing-new-cyberstrategies/ Also, the Chinese regime openly announced its cyberwarfare command back in July 2010, and it's cyberwarfare units have been known about as early as 2003. A relevant quote: "The stated missions of the new cyber base appear to complement the PLA's information warfare (IW) units, which the PLA has been developing since at least 2003. The PLA's IW strategy was largely spearheaded by Major General Dai Qingmin, then-director of the PLA’s electronic warfare department (Fourth Department), who advocated a comprehensive information warfare effort (Wall Street Journal, November 1, 2009)." http://www.jamestown.org/single/?no_cache=1&tx_ttnews%5Btt_news%5D=36658&tx_ttnews%5BbackPid%5D=7&cHash=4b1746fecc Adding to this though, it will be interesting to see how much the U.S. actually enforces its new cyberstratey, given that government networks and critical infrastructure are almost constantly hit with cyberattacks from state actors. Back in 2007, Netwarcom was already saying cyber conflicts with China was already at the level of "campaign-style, force-on-force engagement." http://www.grc.com/sn/files/FCW_on_%20Cyber_Warefare.pdf

  20. Proportional Damage is Key by Koreantoast · · Score: 2

    I think the key point to keep in mind is that the attacks have to be proportional to that of a traditional conventional military attack. The Pentagon isn't going to drop a cruise missile on some kid because he launched a DDoS attack on a .mil website; that's about the equivalent to that same kid spray painting a recruitment office at night or at most getting a bunch of friends to protest in front of it. They're talking about serious and substantial attacks, the sort that brings down the power grid and blows up infrastructure for which things like Stuxnet merely represent the tip of the iceberg. These sorts of attacks aren't going to be launched by junior accidentally from the basement but are sophisticated and coordinated efforts by governments and organized movements that are deliberately out to destroy and possibly take life.