Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Cyber Command Discloses Offensive Cyberwarfare Capabilities

Posted by samzenpus on from the decker-brigade dept.

MojoKid writes "Earlier this week, the newly minted head of the United States' Cyber Command team and NSA head General Keith Alexander told assembled lawmakers that the U.S. has created an offensive cyberwarfare division designed to do far more than protect U.S. assets from foreign attacks. This is a major change in policy from previous public statements — in the past, the U.S. has publicly focused on defensive actions and homegrown security improvements. General Alexander told the House Armed Services Committee, 'This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we're creating are for that mission alone.' This is an interesting shift in U.S. doctrine and raises questions like: What's proportional response to China probing at utility companies? Who ought to be blamed for Red October? What's the equivalent of a warning shot in cyberspace? When we detect foreign governments probing at virtual borders, who handles the diplomatic fallout as opposed to the silent retribution?"

2 of 136 comments (clear)

  1. Re:Han Solo fired first. by amicusNYCL · · Score: 3, Informative

    Stuxnet, discovered in 2010, was hardly the first salvo to be fired.

    http://en.wikipedia.org/wiki/Titan_Rain
    http://www.time.com/time/magazine/article/0,9171,1098961-1,00.html

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  2. Focus on offensive capabilites is misguided by GODISNOWHERE · · Score: 5, Informative

    Ralph Langner (the guy who figured out Stuxnet was designed to attack Iran) has been critical of the US's policies of focusing on offensive capabilities while largely ignoring or grossly underfunding defensive capabilities. He wrote a op-ed in the NYT about this. Hereis his rebuttal to Obama's executive order on critical infrastructure cyber security.

    One of the problems with cyber defensive security is that too many companies use "risk assessment", which is inappropriate for security concerns. This is because risk assessment assumes that you are aware of all possible vulnerabilities and what impact these vulnerabilities will have, which is impossible. It is too easy for companies to use a risk assessment model as an excuse for not spending any money on their security, because the costs of security show up on a balance sheet while the benefits do not.