U.S. Military Grapples With Cyber Warfare Rules

A number of readers have written to us with a report from Reuters regarding the US Military and cyber-warfare. The context is that the reason the US military did not crack into any of the Serbian boxes because the rules of war are still so murky in that area. What do you folks think? Anything goes? Or should we have a special section added to the Geneva Conventions?Update: 11/08 09:33 by H :Thanks to spartan for a better story on the subject.

Rules of war?

[BradyB]

War is war isn't it. It is the killing of people or industries to make the other side bend under the pressure of your forces. Cyber-warefare should be no different. Cyber-warefare in my opinion wouldn't be nearly as costly in human lives and wasted dollars. Hacking is a lot cheaper than sending boat loads of Marines to another country.

Re:Rules of war?

[hadron]

No. War is not war. The Geneva convention, which was noted in the article, is often obeyed, sometimes even by both sides in a conflict. Even without this, it is generally frowned upon to bomb civillians or residential areas.

"Cyber-warfare" is essentially useless today : the group being attacked can disconnect their systems, and genuine military systems have no business being connect to a public network anyway.

Re:Rules of war?

[avij]

..wouldn't be nearly as costly in human lives and wasted dollars.

However, consider that cyber-warfare might have larger effects than "regular" warfare. You seem to think that it's only the U.S. folks who could cause some serious trouble by means of hacking.

Not so. If someone "from the other side" hacked into NYSE or some other important business site, it might have catastrophic effects to your economy. And it'd affect everyone's life, not just those poor troops that were sent some 10000 miles away from home..

Re:Rules of war?

[QuMa]

>"Cyber-warfare" is essentially useless today : the group being attacked can disconnect their systems, and
>genuine military systems have no business being connect to a public network anyway.

Not really. As long as I can still get some form of targeted virus into their system, be it through a infiltrant, or a floppy they use in both machines (ARGH), they're still in trouble.

Re:Rules of war?

[hadron]

Good luck finding a bootsector virus that works on two different CPU architectures.

Re:Rules of war?

The military obviously is going to be unplugged and have their computers in hardened bunkers that are immune from herf attack.

Civilian connections on the other hand may well be connected to the net before during and after military operations commence. This offers a wealth of possibilities in terms of information gathering and disinformation propagation....

Obviously it equates to money well spent and lives saved.

Re:Rules of war?

It seems to me that if the US military wanted to crack an enemy's computers, they would go right ahead and do it. The US has been known to make an exception to the "rules" of war in the past. did anybody read the echelon article less than a week ago?

Re:Rules of war?

[tallbloke]

The whole point is that the purveyors of high-tech weaponry at international arms bazaars wouldn't want potential multi-million dollar clients to get the idea that their hi-tech equipment could be easily compromised by crackers, (or more likely, the people selling the gear who would retain bypass codes into the systems, just in case they were turned against their country of origin).

Wake up and smell the napalm....

Re:Rules of war?

[Luis+Casillas]

War is war isn't it. It is the killing of people or industries to make the other side bend under the pressure of your forces.

Actually, the use of indiscriminate military force against civillian targets (which your description seems to imply) is illegal in any country that has signed and ratified the Geneva convention, like the US has.

---

Re:Rules of war?

I am not Anonymous coward, I just forgot my password !!! First of all, they (NATO) never told truth about this war. From the beginning. It was not Kosovo it was that they wanted bases throughout Serbia. Read Annex II of so called Ramboullet Agreement. Second, we Serbs are known as talented programmers. Thanks to you know who, the autoher of our economic 'miracle', we have exported 300.000 programmers throughout entire world (including myself and my wife), and still Serbian teams win by a rule all international informatics games. As NATO continues to lie, do not forget that during war, our crackers have downed, stopped many NATO sites, including CNN (!?) etc. In the same time they tried, but did not manage to break ours !!! But, they tried !!! Enough said ! sinisa@mysql.com MySQL developer

Re:Rules of war?

[QuMa]

Who said they have to be different architectures? They just said different, not connected networks. And anyway, one machine would already be infected/0wned/whatever, so you could have it write a boot sector virus to the disk for the other one. But you don't need asm. How about perl? A bit on the slow side, but it could work. Or shell scripts? I know of at least one .bat virus (Ok, it wasn't very successfull, but it would only have to infect 1 other comp).

Re:Rules of war?

[MrSparckle]

>Actually, the use of indiscriminate military >force against civillian targets (which your >description seems to imply) is illegal in any >country that has signed and ratified the Geneva >convention, like the US has.

Illegal? Laws? Who cares when it comes to war! Don't get me wrong I hate war, but Americans are so obsessed with all their laws, patents, intellectual property, they just take for granted these things are just.
Take the ingenius law that says Medical Helicopters can't carey weapons (then they get used for target practice during the Vietnam war because the gurilas knew they couldn't shoot back.)
My point is you should always question laws...and that not all laws are just (some aren't even the least bit logical)

No habla

The context is that supposdly they did not cracking into Serbian military service ...
Somone please send Hemos through English 060 again!

Re:No habla

that goes to prove that you are not trying hard enough. look where hemo's lack of english got him. where did all the proper spelling get you?

Re:No habla

Yeah, but Hemos went to Hope, which explains it all :)

Re:No habla

[jd]

Nononono! It's not his fault. A squad of crack mice, from the higher dimensions (and recently guests on Magrathea) were testing their new cyber-warfare expansion pack for Windows 98 on Earth (which is, in fact, a mega-computer), and Hemos' brain got caught in the backwash from the mangled computational matrix.

Re:No habla

It got me to the point where I can afford to just read ./ all day and post off topic stuff!
Besides, everything is spelled correctly, he just used the wrong words!

Re:No habla

That's too bad, he should have gone to WMU!

Re:No habla

That's the plight of the modern-day illiterate moron in a world filled with spell-checking.

Hemos needs grammer lessons..

someone please correct hemo's bad grammer.

Re:Hemos needs grammer lessons..

You mean "grammar," right?

Moron.

Did USA sign GC?

[PhilHibbs]

Did the USA ever get around to joining the Geneva Convention?

Re:Did USA sign GC?

Yes, the USA did sign the Geneva convention back after World War II. However, like the Geneva convetion's really paid attention to. =)

Hmmm...

[Max+Planck]

I don't see how taking out a power plant by cracking their network is any different than taking it out with a well-placed missile. At least no one is killed this way.

I'm very interested to know the specifics of their plans. With my limited knowledge of the military objectives of the war, I wonder what they targeted with the "cyber warfare" division that would have hurt teh civilian population more than the missiles aimed at their power plants. Every target for a good crack I can think of would be a military institution. And wasn't there an article a while back about how unstable the entire Yugoslav network was, because of the power outages that the bombing created? It seems to me that the commercial (civilian) network was already disrupted, so even if they had to compromise the commercial network, it wouldn't have done more damage.

Or am I missing something?

Re:Hmmm...

[TheCarp]

Hurting civilian populations is how a war is won.
You make the war so hard on the people, that they
can no longer suport their countries war effort.

The only REAL advantage of cracking machines is to gain strategic information or to disrupt communications.

Taking out a power plant is silly, they can get it
back online too easy. Much better to bomb it to
rubble.

Re:Hmmm...

[arivanov]

I don't see how taking out a power plant by cracking their network is any different than taking it out with a well-placed missile. At least no
one is killed this way.

I doubt that "no one is killed" if you take out by any means one of the mission crytical systems in the "Tcarna Voda" Nuclear Fascility. More likely a few thousand killed at least.


Besides the rant thanks god they had some "outdated information" on buildings in belgrade, not on power plants...

Re:Hmmm...

> I don't see how taking out a power plant by > cracking their network is any different than > taking it out with a well-placed missile. At > least no one is killed this way.

the difference is that with a cyber-attack, their systems are down, but the power plant still exists. it can eventually get back online. with a well-placed missile...no more power plant.

i'm not saying i agree with it, but im sure thats how its looked upon. i think cyberwarfare will be used as a first strike operation in the future. take their defenses offline, then launch the missiles. they have no way to defend against them...not that it seems they do now.

tyler
trevlix@yahoo.com

Re:Hmmm...

[Kartoffel]

Taking out a power plant is silly, they can get it back online too easy. Much better to bomb it to rubble.

It depends on how you take it out. Simply turning it off probably won't do any realy damage and only forces the plant to go to the trouble of restarting. From a dead stop, a coal or oil fired power plant can get back on the grid generating power in about half a day.

To take the plant offline permanently you'd have do some real damage. Here are a few random ideas:

1. Cut the supply of lube oil to the turbine's bearings. Steam turbines and generators rotate on large bearins that need a constant supply of cool, pressurized oil. Bearing surfaces are integral to the rotor. Wreckin a bearing neccesitates taking the entire turbine/generator offline for several months, minimum.

2. Modulate steam flow to overspeed or underspeed the turbine. Running at the wrong speed may cause harmonic vibrations to damage and shake apart the generator and/or turbine. In addition to the ovbious hazards of overheating and blowing up the generator won't be producing electricity at the required 50 or 60 Hertz. Dumping a couple megawatts of 70 Hz AC into the grid is sure to mess things up, or at least force the plant offline

3. Screw up the fuel supply into the boiler. It might be possible to dump too much fuel into the boiler/burner/whatever and melt it. Modern boilers operate very near the melting points of the materials they're made from. An extra hundred dergees could be enough to wreck it.

Personally, I'd target the bearings first. Be forewarned that most bearings have elaborate temperature and vibration sensors that will trip the turbine (shut it off) if it overheats or starts to run roughly.
**Disclaimer - all of this is purely hypothetical. Don't go out to your local electric company and blow it up! **

Re:Hmmm...

[evilandi]

Max Planck wrote: I don't see how taking out a power plant by cracking their network is any different than taking it out with a well-placed missile. At least no one is killed this way.

So how do heart monitors work in the USA then?

In Europe ours use electricity.

--

Re:Hmmm...

[cmarkn]

If the power plant is blown up with a missile, it stops making electricity.
If the power plant's operating software is cracked, it stops making electricity.
The difference is the cracking itself doesn't kill the guy running the plant. The bomb does.
Either way, the hospital with the heart monitor is supposed to have an emergency generator, and having the power plant shut down from either cause would qualify as an emergency.

Declared?

[Stonehand]

Was it actually a declared war? I honestly don't remember any such vote by Congress...

In any event, I'd think the (im)practicality would be more of a consideration than ethics. There's little reason that their defense infrastructure would allow, say, Telnet access from the rest of the world even if it were based on TCP/IP; hence, (physically) attacking would be the main way to DoS...

...concerning ethics, by the time you're committed to airstrikes and launching cruise missiles, it's a little late to be worrying about the whether you're being "nice" to their computers.

Re:Declared?

[BenHmm]

ethics are indeed an odd reason to cite in these circumstances - the problem here though is one of targetting: bombing any target has a risk of killing civilians whether a missile is smart or not (though, that smartness depends on the operator...ask the Chinese about their embassy)

If the effects of any military cracking can be limited to military targets (and not knocking out the power to a children's hospital for example) then maybe it is MORE ethical (and certainly cheaper) than conventional warfare.

US Preparation

[edibleplastic]

I think that this article serves to illustrate the fact that even though we did not use cyber-warfare in this war, this form of attack will most definately be used in the future, and the US should prepare for it. There should be major studies done on how the US is vulnerable to these kinds of attacks. What would happen, for instance, if the stock market were attacked? Or the satellite networks of the major telecommunications providors? Or the local power grids? And that's not even taking into consideration all of the military and government systems like GPS.

Now, I'm sure that the most vital systems are very very well protected, but I think it is essential to consider this as a potential venue of attack. If we look at these systems in this light, we may find that they are less secure (or the country on a whole is less secure) than we had imagined.

all is fair in love and war

[josepha48]

Supposedly all is fair in love and war. If this is true then sure crack them. I am sure that some of these countries are not going to pay any attention to the Geneva convention anyway. If some wacko takes over a country what does he care about the Geneva convntion any way (not necessarily the case here). Making rules governing cracking and 'war time computing' part of teh Geneva convention is only going to hurt thoses that would abide by the Geneva convention.

THe end result is going to be that countries like the US would not go out and crack another country but another country may try to crack the US. Who gets hurt ? The US for abiding by some new rule somone wants to make.

People run redlights, not accidentally, but on purpose here in DC. WHen a light turn red, there are usually 4 to 6 cars that go thru it. Even after trafic has started moving into the intersection I have seen someone runs a red light, and in some cases cause an accident. When people cannot obey a simple law such as running a red light how do you expect a country not to hack another country. We as a race have become a discusting creature. No respect for our selves or our planet or each other. Why do you think that there are so many shooting in the US lately, so many little countries that have there goverments chagned each month, and so much pollution. We just don't give a F***.

Moderate -1
flames > /dev/null

send flames > /dev/null

Re:all is fair in love and war

[hadron]

If someone claims to have higher moral standards than another, then that first person actually has to uphold them, otherwise they are being hypocritical.

Re:all is fair in love and war

[jd]

If people have less respect for each other, that is the time for those who DO care to increase their respect of others, and work on improving how they treat & see others.

How else are those who don't respect to learn different, unless they see different and see that that difference is giving others an advantage that intolerence, abuse and misuse do not?

I'll give an example. Sun Tzu, in is (in)famous "Art of War", makes it clear that destroying infrastructure is a Bad Idea, and hurts the attacker as much as the atacked. His theories are time-tested and are still largely accepted today. But do you think he learned that good treatment was a strength, in war, through only seeing abuse? Nope. There's no way he could have seen the advantage unless it had been shown, in some form or other.

What does this mean? It means that "all is NOT fair in love and war", and that the only way to get that across to more violent cultures is to demonstrate the innate superiority of true decency.

Re:all is fair in love and war

[josepha48]

I agree with what you are saying, and in theory it works. How do you get thru to someone that is not listening anyway. How do you communicate to someone like Sadam Husan?

send flames > /dev/null

Re:all is fair in love and war

[jd]

The same way you communicate with an alchoholic or any other terminal addict. You isolate, totally, whilst demonstrating the alternatives.

Actually, Saddam Hussain is an excellent example of WHY the destructive approach doesn't work, except for the destructive. He put all the soldiers most likely to rebel or desert on the front line, where the Americans could drop cluster bombs on them. In short, America footed the bill for Saddam's political security.

This is not to say that something shouldn't have been done. It did. And given the alternatives available at the time, the Allies did the best job they could have done, IMHO.

However, the fact remains that it had largely the opposite effect to the one the Allies wanted, precicely because their efforts were as destructive as the person they were trying to replace.

Re:all is fair in love and war

[Kartoffel]

from an actual fortune-cookie-fortue:

"If we both agreed about everything, one of us would be unnecessary"

Re:all is fair in love and war

Although the US Army did use Sun Tzu 7 principles of war and added two more I was trained to wage total warfare on the enemy. We were trained to us artilery on an objective, stay on the objective for no more than a few seconds and then pull back, leaving the enemy wounded. As the enemy counter attacked we would hit the objective with artillery again, killing the attackers and the wounded that we left behind.

We now practice total war. There is no such thing as a civilian in a modern country. Everyone is now a combatant. If you make a supply that the military uses then you are considered a combatant.

About the only service that a modern military force doesn't need is hair dressing. They need food, electricity, fuel, shoes, weapons, roads, vehicals and clothing.

How many of your friends are factory workers? How many work in gas stations? How many of them make or use items in their everyday jobs that the military could use against us?

All of these people are targets in total warefare and many of them will be killed before the first soldiers are killed.

Re:all is fair in love and war

[sopwath]

Anything that saves or even just protects the lives of US service men and women should be used in times of war. One soldier's life should be enough to make 'cyber warfare' a viable tactical advantage. If a downed computer system keeps the enemy (whoever that may be) from shooting bullets, then I'm all for it.

Re:all is fair in love and war

I'll give an example. Sun Tzu, in is (in)famous "Art of War", makes it clear that destroying infrastructure is a Bad Idea...

This is true. However, if one were to use CW correctly he would only temorarily deny the enemy from using the infrastructure at key times while he conducted warfare in more traditional ways in the affected area. In this way, infrastructure is not destroyed, a kinder, gentler form of war, if you will.

Re:all is fair in love and war

I'll give an example. Sun Tzu, in is (in)famous "Art of War", makes it clear that destroying infrastructure is a Bad Idea...

This is true. However, if one were to use CW correctly he would only temporarily deny the enemy from using the infrastructure at key times while he conducted warfare in more traditional ways in the affected area. In this way, infrastructure is not destroyed, a kinder, gentler form of war, if you will.

Re:all is fair in love and war

[jafac]

You're not a humanist, are you?

I wish I had a nickel for every time someone said "Information wants to be free".

Re:all is fair in love and war

[netlooser]

This point of view i agree with. I have a problem though.

The US officailly will not kill or assasinate another countries leader mainly because of the threat of retribution. Our president is probably one of the easiest targets for any radical to assasinate.

With this in mind, if we start using cyber-warfare, what do we do then when other countries counter attack. It has already been show that Government and Military boxes on the internet are far from secure.

Once we open that door we could be in for a seroius problem.

I say, until cyber-warfare does become a popular tactic with other countries we should just leave it alone.

just my two cents

Re:all is fair in love and war

[Luis+Casillas]

How do you communicate to someone like Sadam Husan?

First of all, you don't give him weapons and cheer when he massacres Kurds, like the US did in the 80s.

---

Re:all is fair in love and war

[radja]

or a bill clinton for that matter.. it's not like the US has a perfect record on human rights.. far from it..

//rdj

This is tough!

[jd]

On the one hand, anything which reduces physical death and destruction can't be a bad thing. On the other hand, computer warfare & electronic warfare are quite capable of these, too.

IMHO, this needs to be taken one step at a time, and should be inclusive, rather than exclusive. (ie: anything NOT explicitly permitted should be forbidden. That prevents people trying to sneak round restrictions.)

Also, there should be one overriding rule - computer warfare or electronic warfare for the explicit purpose of inflicting higher casualties than could be reasonably & legitamately achieved otherwise, casualties in groups not otherwise deemed legitamate targets, or caualties in any group for the purpose of inflicting terror, should ALWAYS be prohibited and a war crime.

In other words, DoS attacks on things like hospitals, emergency services and nursaries should be a BIG no-no. Mangling power-station computers would be reasonable, unless the place it supplies is in the middle of a 30' snow-drift, and heat is all that's keeping everyone alive, or a terrible heat-wave, where even a momentary failure of air conditioning would kill 3/4 of the civilian population.

Military RADAR systems would also make for a reasonable target. Blinding it, rather than blowing it up, would spare lives, whilst having much the same effect. Shutting down civilian RADAR, or interfering with it, for the purpose of causing jet airliners to collide or crash, should get any commander who chose such a tactic suspended over a crocodile pit by their big toes.

Re:This is tough!

But bombing hospitals and nurseries is standard U.S. practice (see: guatemala, nicuragua, etc.). We could try holding up the treaties we are already signatory to, and regularly violate (geneva, OSHA, U.N. charter). But that's probably just silly. Theoretically, the underlying principles of the Geneva Convention should probably just be extended. For example, no shuting down Nuclear plants, to cause meltdown, because that could cause irreperable harm to both sides (it was for these reasons that gas and biological weapons were banned).

I think I would have understood if better if...

[1010011010]

Hemos had formed complete sentences, etc. Can you guys edit stories once they go up? If you can, please run this on through the dehemosizer.

No longer "All's fair in love and war"

[nevets]

Living in a country that is "sue" happy, this does not surprise me any. Although I do agree with the defense department. It could have been very costly if the bank's software had been corrupted. Remember, who puts up the bill of repair after the war is over. Usually the one that wins!?! I also believe that this was a PR decision as well. We (the US) already have enough bad PR that it probably would not look good if we bankrupt a country as we destroy it physically.

Steven Rostedt

Cyberwarfare decreases the amount of 'oops'

I can understand the hesitancy for launching in a full scale "cyberattack". First, it's untested in a military setting. It's not like the US/NATO/KFOR's half-assed effort at attack of Slobbo was going to include cracking attempts. Second, I'm all for the part of "rule of war", where they'd have to limit their efforts to actual military targets. That's sort of the real point of cyberwarfare. But a question that I have is collateral damage: how much would a military attack hurt civilians? I'm all for cracking and all that stuff in 21st century warfare, but by topping a power grid to affect the military of our "enemy", would that screw civilians more? And even if we used cyberwarfare vs. bombs, we'd still find a way to hit the Chinese Embassy.... Daddycakes

CyberWarfare is ok by me

[Sensei^]

If it keeps people safe from going to war face to face and risking their lives im for cyberwarfare.

Using cyberwarfare can keep events like Pearl Harbor from happening again.

Sensei

Re:CyberWarfare is ok by me

[Kartoffel]

Using cyberwarfare can keep events like Pearl Harbor from happening again.

I guess so... but in another age the attack on Pearl Harbor was just as revolutionary as "cyber warfare" is today.

Pearl Harbor was the first coordinated, preemptive, carrier-based attack in the history of the world, AFAIK. It was a spectacular success (for Japan). In the attack on Pearl Harbor the Japanese Navy targeted US Military targets exclusively. Nearly all of the civilian casualties were the result of US anti-aircraft shells falling back to earth in downtown Honolulu.

Staying on top of the Next Big Thing(tm) is a good way to win wars. Japan thought they had the US beat, but America came back with better intelligence (INDIGO, ULTRA, etc.) and unstoppable infrastructure and logistics.

Bad Gramar

[TheCarp]

The concept of "Bad Gramar", like "Bad Spelling"
is nothing more than a concept of fools who feel
a need to have a rule for everything.

IMHO As long as the point gets acrosss...then
it is correct.

Re:Bad Gramar

[rebrane]

Agreeing not does me!

Re:Bad Gramar

The concept of proper syntax and precise communication is nothing more than a conspiracy by smart people to gain even more knowledge.

It must be stopped!

Re:Bad Gramar

Shut up, Yoda.

* SLAP *

Re:Bad Gramar

[rascharles]

No, that is not the case. There is a reason for the rules of grammar and spelling. We have these rules to aid in clear communication. Sloppy usage of the English language, or any human language for that matter, is just as bad as sloppy usage of Perl, C++ or any other programming language. I would wager that any programmers reading this site who found improper syntax or even nonstandard idioms in another's source code would then have lesser regard for the author of the code. Clarity and precision are essential. Often clarity of language can be directly linked to clarity of thought.

Re:Bad Gramar

[Luis+Casillas]

The concept of "Bad Gramar", like "Bad Spelling" is nothing more than a concept of fools who feel a need to have a rule for everything.

Not quite. "Good grammar" is actually a good thing when you have a language spoken by hundreds of millions of people all over the world. A good grammar for a language tries to pick out those modes of expression in a language which are as good as possible for you to convey your message to the widest possible audience.

IMHO As long as the point gets acrosss...then it is correct.

You are absolutely right on this. But this is supposed to be the point of grammar-- getting the point across, despite geographically or socially diferring uses of the same language. For example, about 400 million people speak Spanish all over the world. Every country has its own local dialect(s), but there is a general grammar that all the language academies in each Spanish-speaking country agree to. I can follow the recommendations of the Spanish Language Academy in writing stuff, and I don't really have to worry too much about it being understood in, say, Chile.

But I can see where you're coming from. I too really hate arrogant assholes who get a trip out of humiliating people for their grammar.

---

GC?

[japhar]

My knowledge of law is relatively limited, but from what I've read of it, the geneva convention was designed to protect the civilian population and ensure 'humane' treatment of war prissoners (3 hots and a cot and all that good stuff). Cyber-warfare has absolutely nothing to do with either of those cases. If a powerplant is hacked, the only way that affects the civilian population more than say a missile is if the hack causes a meltdown. Power outtages are a fact of war, the means, when comparing cyber-warfare to regular warfare would seem to be more in accordance with the GC when using hacking in any case, as this would avoid any loss of life.

Re:GC?

[JavaNPerl]

The Geneva Convention also covers what is ethical to use as weapons in a war, there have been some weapons developed which the U.S. does not use because they were not considered ethical by the Geneva Convention. If I remember correctly this is why the U.S. did not adopt flechette rounds (multiple small dart projectiles in a single cartridge) for the M-16A2. They were considered cruel because entry wounds were often very hard to see and they bent upon impact making them hard to remove without causing further damage, like trying to remove fishing hooks. I also recall an experimental weapon which looked for optical devices and shot a laser at them and could consequently blind people which was scrapped because it was believed that the weapon would never be deemed ethical. I think that if you can blow it up, you should be able to hack it. Computer viruses would probably fall into the unethical region since it would be hard to control who they infect.

Re:GC?

[jafac]

I saw a 20/20 episode where some US helicopter pilot was ordered to "chase-off" a suspected Soviet spy-ship, and they used some kind of experimental laser on him, which fried his retinas. The damage wasn't immediate. He returned to base, and later, got severe pain and swelling symptoms, and now he can see, but not good enough to drive, let alone fly. He's extremely light sensitive, has severe headaches, and the vision is degrading further over time.

Nasty weapon.

I wish I had a nickel for every time someone said "Information wants to be free".

US made the right choice

The rules of warfare exist mainly to protect the individual and to keep channels open so that it can end.

What the US feared, had it employed it first, was retaliation. Ie, not only are there are unspoken conventions between adversaries, but there is also a scale of escalation that each side is familiar with, with escalation consequences. In the Gulf War, it was a case of "Saddam, use WMD and we'll toast Baghdad."

That said, I'd say they made the right choice. Whilst the USA is the undisputed military hegemon of the turn of the century, it also presents the biggest sitting target for this type of warfare, by a considerable margin.

I bet we'll hear reports of substantiated cyber'warfare' in the next few years though, directed against the USA. As an ally, admiror and patriot, I sincerely hope that America has its act together by then.

war is stupid, but...

[Xkill_]

they should have at least the common decency to not interfere with industry or technology critical to the civilian population. I know this would never happen, (especially with regards to the US style of war where anything goes) but it would be nice to know that civilian hospitals etc would not become targets.

Of course unless there is a communist threat. :P (this last comment was a joke, mocking the utterly stupid policies of the US toward democratic ideas)



"The importance of using technology in the right way has never been more clear."

Re:war is stupid, but...

[PigleT]

If there's one thing I've always seen the 'Net as immune from, it's the idea of "war" ever hitting it. From the first day I ever posted to Usenet, there's only ever been talk of "flames", not of "getting my government to employ me to hack yours" or anything.

Thought: some people think there's more to a "website" than a collection of HTTP-delivered objects, particularly HTML, gifs and jpegs. (The idea of "page layout" as distinct from content, where the object of the page is to /do/ things rather than view them, comes in here.) A lot of "hacked site" reports are basically graffiti of index.html files.
At what level does the idea of "cyber warfare" fit in with this?

ISTM it's all talk of "warfare" and "targetting" and "computers" and "websites" and "guidelines" and all sorts of crap, but nothing actually interesting about how or what might be done.

Anyone remember having Computer Usage Guidelines at University? ;)

Re:war is stupid, but...

[Stonehand]

Hrmmmm.

The communications infrastructure might be a reasonable target. There's the one-way methods (typically state-controlled broadcast media, used for spreading propaganda and mobilizing people), and the two-way methods (phones, radio, computers...).

If you can disable the first -- which might very well require a physical attack -- then you might increase uncertainty among the civillians.

If you can disable the second, you may be able to hamper such things as civillians reporting information to their government (civillian spotters warning about inbound aircraft, say, in the event that radar's being jammed/bombed; or reporting troop movements in the event of an actual invasion); orders from the government outside (such as summoning staff who aren't on-base for whatever reason, and any logistics that aren't completely w/n military lines), and so forth.

I'm figuring that radio communications can be triangulated, and the phone grid either hit physically (exchanges generally don't run away), or flooded. Network communications tend to go on leased phone lines, as well, so that may be a 2-for-1: voice/data.

In theory, one could nail enough communications infrastructure to make confusing and isolating an opposing force much easier...

Re:war is stupid, but...

[Bob+Ince]

ISTM it's all talk of "warfare" and "targetting" and "computers" and "websites" and "guidelines" and all sorts of crap, but nothing actually interesting about how or what might be done.

Indeed. And the quote in the Reuters article doesn't exactly inspire confidence that "One Senior Military Officer" (TM) has much of a clue either:

"We went through the drill of figuring out how we would do some of these cyber things if we were to do them."

These Cyber Things. Ah, yes, right. Good old US Army. They'll save us from the commies and their deadly website cracks. Or something.

--
This comment was brought to you by And Clover.

All is fair in love and cyberwar.

[joefission]

The Geneva Conventions only apply to the losers of a war. Ever hear of a US War Criminal being tried and convicted? Me either.

Why would cyberwar be any different?

Re:All is fair in love and cyberwar.

[Stonehand]

Lt. William Calley.

'nuff said.

Re:All is fair in love and cyberwar.

We won the Vietnam war?

Re:All is fair in love and cyberwar.

Conflicts that the US did not "win":

• The War of 1812
• The American Civil War
• The Alamo
• Korea
• The Bay of Pigs
• Vietnam

Re:All is fair in love and cyberwar.

[Mr.+Slippery]

Conflicts that the US did not "win": The War of 1812 ...

The British stopped impressing American sailors, which was what the war was about. While the British burned parts of DC, they didn't get to the shipyards of Baltimore (for which, as a patron of Fells' Point bars, I am grateful); it was, in fact, the Battle of Baltimore that inspired Francis Scott Key to write "The Star-Spangled Banner."

The U.S. sucessfully asserted its national sovereignity, which I think has to count as victory.

Re:All is fair in love and cyberwar.

[itachi]

In fact, the US also trounced the British at the battle of New Orleans several days after the war was over (but news hadn't gotten to N.O. yet)


itachi

Here's a thought...

[Captain+Sarcastic]

This whole idea of informational warfare is rather like having a couple of groups fighting on a rope bridge, hacking away at the ropes to knock the other side's people off. The problem is that whenever you do such a thing, the rope bridge is going to come out of it in the worst shape.

If we start using info-weapons on each other, we run a serious risk of destroying the advantages we have gained from such things as the internet. This genie needs to stay in the bottle!

Re:Here's a thought...

[./]

Since when did any major innovation in war technology stay in the bottle? Agreed, it should, buuuuuttt Warmongers won't go for this:

Me can swing club. Him can throw heavy rock. Oh *&@$@!!

What about gunpowder, biological warfare, and nuclear warfare? Why should cheap, sneaky, and very effective tactics go unused in this the ineffectively protected electronic age?

How long before People With Dangerous Intentions start thinking ''if bored people with scripts can easily deface government and military computers, what can a ruthless moral outrage propel me to do? Muahahahahaha!!''

better than murder...

[DQuinn]

Hell, if a hostile force depends on computing technology to destroy and kill, then can we please knock that out first before going in and ripping people apart with explosives?

I think that the 'rules of war' should state that the war _begins_ with computer warfare.

This is also the sort of thing Janes needs to use

[CormacJ]

Consider this:

The army hack into the electrical system, and shut down the power to a city.

A hospital in the city has a generator failure as a result and several babies and patients on life support die.

Has this violated the Geneva Convention rules on war?

The problem here isn't so much the rules as the results of a cyberwar attack. A cyberwar attack can be much more far reaching than people think.

A cyberwar attack can sometimes take out a specific target, eg a TV station, but in many cases the results of the attack can't be so easily planned for.

Many computer systems are configured with triggered-backups and inter-networked with other systems so that these respond in a certain way if a failure occurs.

Going back to my electrical example, what if the main power computer system is linked to a computer in a nuclear power plant that polls it to see if it needs to up the load to take care of a demand. If the software was buggy (and in Eastern Europe, this could very well be the case) the reactor could overload before someone realises and you have a second Chernoybl.

For a cyberwar attack to succeed you need to have a complete picture of the target. Only when you have a complete picture can you decide to attack or not. This is why the military rely so much on satellite and air imaging systems - they need to know exactly what is being hit. Without a clear picture you can take out a target and not realise that you just started a firestorm.

Targeting skills...

[Doofus]

Based on the military's excellent intelligence regarding the Chinese embassy (I'll stipulate that the 'accident' might not have been such, but let's leave that aside for the moment), what makes any of us think their ability to target electronic infrastructure would be any better?

In fact, this is one of the primary reasons they didn't try anything - the military was too unsure of

a)platforms
b)topology/interconnectedness of military and civilian networks

to try any major cracks.

Even if the Yugoslavian infrastructure was as built out as ours and western Europe's, the military still would have the same intelligence problem - how do we know that taking out this power plant/military air control/petroleum product distribution depot won't also take out the hospital/school/apartment building next door?

The unknowns make cyberwarfare difficult to justify _in a situation like Yugoslavia_ where our intelligence is probably lacking. Unfortunately, regions with similar or lower levels of electronic sophistication are going to harbor those against whom we would probably like to use remote methods such as this. Of course, we can always look at the Subcontinent for another set of examples....

s%\./%/\.%

Force of habbit from not having . in my path :P

Military ethics: the definition of an oxymoron

[substrate]

I can't think of anything ethical about war, though I will concede that war is sometimes required. I always feel a bit queasy when the military or politicians mention ethics though:

Targeting civilians is ethical, we're at war with the entire country not just the military or its leaders, besides they are probably aiding the war effort.

Targeting a specific person, say the resident dictator in charge is unethical. Heaven forbid this causes an assasination attempt against one of our leaders. Better to do a bombing run against a city and worry about terrorist acts.

Embargos are ok even though they almost exclusively impact civilians. Few of the upper caste ever go hungry despite very restrictive embargos.

Looking at ethics from my narrow viewpoint any hacking attempts that the military is capable of would be unethical. All they should be able to do is harm civilian companies since any important military operations should not be directly connected. Destabilizing the economy would harm civilians long before it'd harm the military.

Rules of war - a joke

[TheCarp]

This is silly. During times of war there are
no "Rules". The rules of war (like the "Geneva
Circlejerk") are simply rules that the nations of
the world apply to punish the country that lost the war, after the fact.

Has there ever once been a warcrimes trial against
a country that WON a war? I have never seen any.

My personal feeling is that troops should NEVER
EVER be sent to a foregin land, unless the country
sending them is committed to TOTAL warfare.

When I think of how war should be fought, I think
of Sherman's "March to the Sea" and burning
Atlanta to the ground - of course...I also think
war should be used only as a last resort, and
only as a reaction to a direct threat (which of
course means I would have been against the
US-Confederate War of 1861 inb the first place)

Just Do It

[osterby]

The Allies weren't plagued with doubt about cracking into the Nazi lines of communications and control. Just because those lines are now more sophisticated, doesn't make it more or less ethical to do so. If cracking a box saves lives then the military has a duty to do it. Furthermore, the military has an obligation to defend itself from a similar attack, especially with our tech-heavy weapon systems. It's just that in this country we expect them to do so without compromising domestic rights and freedoms in the process. The question becomes, should they crack your box to learn some scant bit of information about a Serbian box?

US and international regulation?

[foul]

I think that as long as the US army is the one benefiting most from hi-tech communications the US governement will be most reluctant on the subject of international regulation.

But with the things are going now it's clear that control over- and rapid reduction and analysis of data of the battlefield will be crucial in any future war. No wonder Russia has tried to gather support for a United Nations resolution calling for new international guidelines, considering the state of its armed forces.

"The Rules"

[BootHead]

In the wake of the recent media attention to the "cyber-warfare" issue, one would assume that the world leaders are a bit worried about the reality of the situation. The economic giants of this rock we live on all depend on their information systems. This has put much power in the hands of machines. This, in turn, has put much power into the handfull of people who can operate these machines without threatening national security.

So what is to stop someone from taking advantage of that? The Geneva Convention cannot stop these cyber-attacks. Hell, if the "enemys" of the superpowers can't play by "the rules" set out regarding human lives, what makes anybody think they will play fair when it comes to cracking into wepons databases? The rules of war are indeed changing, but that still does not mean certain parties are all of the sudden going to start playing by them. If anything, IMHO, it will make things worse.

So, they really bother...

[guran]

Now the rules of war always seem to have a little caveat: "The above doesn't apply if:
a)you can get away with it.
b)you are in really deep shit"

Frankly I think that their reason for not using cyber attacks is that they were afraid that others would use the same methods back. And BTW: malicious tampering with your system is a major pain in peace-time, but compared to a couple of tomahawk missiles it is not much. Even more so if one of them is aimed at your main server.

Cyber terrorism is a nice way for the little guy to mess with the big guy, but the big guy has oh so many meaner ways to mess with the little guy. If, for example, M$ wants to get at Joe Hacker, they don't go changing his homepage. They use lawyers (if you didn't know:).

Now of course there are a number of semi-secret government agencies around the world who, I'm sure, are glad to spread a little havoc upon their enemies du jour from behind a keyboard. but that is a completly different matter

Telephone Sandwich

Four real please monkey sausage.

What about yours, Mr. Perfect-GrammEr?

[Luis+Espinal]

someone please correct hemo's
bad grammer.
^^^^^^^^^^^
It is always amusing to see a self-appointed intellectual stumble on his own "grammer" (I mean gramar, or is garma or karma?) horrors, I mean errors. Me Tarzan, you Jane. Me want banana, you check your grammer. Ugh ugh, unga munga.

Besides, Hemos' mistake is a spelling one. It has nothing to do with grammar. However, I guess you cannot tell (or know) the difference.

Let's bomb the hospitals

[Jon+Peterson]

Is it wrong to bomb hospitals? Is it better to hack the hospital records so that all blood-type and allergy information is corrupt?

Is it better to bomb sewage treatment plants so that the people die of disease, or is it better to hack the computers so that sewers are allowed to overflow into the streets?

Cyber-warfare is just another step in the attempted sanitisation of war. We already know that if you maim someone with a cruise missile it's OK, but if you maim them with a machete then you're war criminal. Good to know that morality is linked to military technology.

Presumably in 20 years while our brave lads kill the enemy with computers from underground, we'll be condeming the atrocity of indiscrimate killing by out-dated Serbian smart bombs.

So let's hear it for war-by-wire. Why travel to far away places, meet interesting people and kill them when you can just kill them, eh?

P.S. I use Serbia only as a recent example of 'hi-tech good low tech bad' reporting in the news. I have no particular view on who was/is right or wrong in that war.

Re:Let's bomb the hospitals

[PD]

Sanitization of war??? Are you living in another galaxy?

The history of war in this century has been one of increasing messiness. In WWI, probably 10 actual military people were killed for every 1 civilian. In WWI, it was probably about 1 military person for every 1 civilian (remember the Russians lost millions of soldiers). Then later in Korea and Vietnam, the tables turned, and the civilians suffered horrendously more than the militaries.

Before we introduce any more weapons into the wars we fight, we've got to consider how these can be targeted. It's bad enough when military people die. It's even worse when innocents and non-combatants die.

Re:Let's bomb the hospitals

[Shotgun]

No, in wartime you never bomb the hospitals. Hospitals represent a drain on the enemy resources.
Did you know that the M16 rifle (the main weapon carried by US infantry) is not designed to kill? It is designed to maim. It is much easier for an enemy soldier to fight when surrounded by dead friends than when surrounded by wounded friends who are crying out in pain. The poor soldier has to make a decision to keep fighting or to try to save his wounded comrade. If he chooses the former, he will have a sneaking suspicion in the back of his head that someone will pay him the same honor. If he chooses the latter and carries his wounded comrade off the battlefield, you've reduced the enemy's number by two and the enemy now has a wounded soldier that it must heal. A dead comrade is a martyr, and the only burden on the enemy is that they have to dig some holes.

Open Season

[BrianH]

One thing that's important to consider when discussing cyber-warfare is the potential for psychological warfare against the people. In WWII civilian populations were routinely bombed to scare the hell out of the enemy civilians. The thought was that if you scared them enough, they wouldn't go to work the next day (and if you killed enough of them, you got the same result). People who won't or can't work aren't contributing to the enemies war machine. In our age of "enlightened warfare", bombing civilian populations is out of the question, but cyber-warfare gives us the ability to wage psychological warfare against them once more.

As the article pointed out, the worlds increasing dependency on computers gives cracking enemy data networks the potential to shut down power grids, telephone networks, TV stations, data lines, railroad switches, and bank accounts without dropping a single bomb. What would have happened in Belgrade if we'd locked the bank accounts to every Serbian in Yugoslavia, and then shut down the electrical grid and telephone systems for good measure? There would have been rioting in the streets, and that would have been a good thing for us! It could have pressured the Yugoslav government to return to the discussion tables sooner or even resulted in the overthrow of Milosovic. The panic that would have ensued would have convinced them to end the war, and end it quickly. After they returned to the negotiation table, we could have easily restored civilian bank accounts and utilities.

Now, I realize that in the case of Yugoslavia this couldn't have actually happened...they weren't computerized enough. But what about the next war? Should we be willing to give up a good weapon just to soothe that geek instinct that says "killing computers is wrong"? If attacking an opponents computer systems could mean saving real human lives on both sides, I say crack away!

Hype over substance

[jalefkowit]

"Cyber-warfare" is hype run amok, a solution in search of a problem. There is absolutely no way in which this new buzzword redefines military operations. I'd be amazed if you can even get two "cyber-warfare experts" who can agree on what it means, much less what its alleged ramifications are.

Let's start with the least ridiculous definition: "cyber-warfare" as hacking into essential systems to pilfer critical data. How dumb do you have to be to connect systems with critical/classified data to the public Internet? The best defense is not encryption -- it's taking the box off the worldwide network! That's why US Dept. of Defense policy is to disconnect all classified systems from the Internet -- any gains you get from connectivity are more than outweighed by risks. Now, this isn't to say that you won't get lucky and find an important system that's connected externally (in fact, it looks like DoD may have been just this stupid), but counting on your enemy to be completely stupid does not a strategy make.

The next level of "cyber-warfare" is supposedly hacking to disable critical commercial systems, like computers controlling nuclear power plants or hydroelectric dams. These may be less secure than government systems, but the irony is that the countries we're most likely to fight -- Iraq, North Korea, etc. -- are also the least likely to have sophisticated computers controlling these systems. They're much more analog than that. Sure, there are countries have these kinds of systems, but those countries -- England, France, Germany, Japan -- are the ones we're least likely to fight!

There's some history here that I think is pertinent. In the 1930s, the US was one of the few countries in the world that was developing a strategic bombing plan for the event of war with Germany. The Army Air Corps did extensive economic and sociological research and decided that the bombing plan should be centered around knocking out the German electric grid. The reason? Because the American electric grid was highly centralized and therefore vulnerable to air attack! It turned out, when war came, that the German system was nothing like ours; it was more decentralized and thus less vulnerable. But the point is that the planners had made the mistake of being trapped in their own experiences rather than looking hard at the enemy -- they were planning to war against themselves. That's behind the fallacy of cyber-warfare too: "cyber-warfare" is most useful against a highly networked, information-age economy -- in other words, against the U.S. In the wars we're likely to fight, though, cyber-warfare will be about as useful as lobbing spitballs. I just hope that nobody has to get killed before DoD figures that out.

-- Jason A. Lefkowitz

Re:Hype over substance

[mochaone]

Your analogy comparing the US'electrical grid to the internet is flawed, and thus your conclusion that the US is highly susceptible to cyber-warfare is inconclusive.

True, the US' (and Canada, as they are joined together) electrical grid, as seen in the shutdown of the northeastern sector of 1965, can allow widespread failure when any point is overloaded. The internet was designed from the bottom up to circumvent this problem. You can blow up half the US but the internet will still work. We can thank Van Cerf for that.

Re:This is also the sort of thing Janes needs to u

[jamesbulman]

The problem with this is that there is no such thing as the "surgical strikes" that the media are so in love with. Just as with conventional weaponary, cyberwarfare can produce collateral damage. What is the difference between bombing the power station and hacking it? War is messy and there will always be collateral damage.

Say What

[Red_Storm_Rising]

There are no rules when it comes to war. And unfortunitly when you try to civilize it it becomes a tea party. NIZHNEVARTOVSK, R.S.F.S.R

Who needs war?

[MikeFM]

Why do we need war anyway? If they can follow international laws on what they can and can't do in war why can't they solve their problems through such laws also? Can we get these people some Q3 to take their over aggressive behavior out on? I know as many foreign people as U.S. citizens so why on earth would I want to fight them? There are few countries I don't know somebody in and I don't feel I'm unique in this way. We all have gotten used to ignoring the international line so when will our politicians do the same? *sighs*

Re:Who needs war?

[lari]

We haven't all gotten used to ignoring the international line. Some of us, maybe. And again, this is probably linked to class, education, etc... The US has a strong isolationist streak. Unlike most nations in Europe, etc. the United States a) shares borders with only two countries and b) has most of its population living at quite some distance from its borders. In regards to a), neither Canada nor Mexico gives the impression that the US needs to beware of any potential threat of attack, and thus should try to keep on its 'good side.' This is in fact a big deal.

The sentiment, well-expressed by Dennis Leary as "we got the bomb," that we can take on the rest of the world and win, or at least destroy our opponent, is still alive and well. US adventures in military intervention haven't made people think "Hmm, maybe we're not invincible" so much as they've made people want to abandon what they perceive as helping out some foreign group and take care of themselves. There is NOT a particularly significant amount of international involvement for most Americans on a personal level. Most people don't meet significant numbers of foreigners, or even immigrants, as children or teenagers; international travel still carries a bit of a price tag; and by adulthood, maybe those of us who work white-collar-style jobs or with MNCs will be in fairly frequent contact with non-Americans, in a working if not a personal relationship. But Joe Q. Smith, who manages the McDonalds franchise downtown, probably won't in any significant way. And isn't that what our politicians are trying to represent?

Rules ?

[waterwingz]

As the famous line in the movie Butch Cassidy and the Sundance Kid goes : "Rules ? In a knife fight ?"

Did they get it right for once?

[lari]

The impression that I get from this article is that the Pentagon was all set to go ahead with it... a crack squad at the keyboards, plans in place, when they realized that (surprise, surprise) they didn't know what was going to be the end result, what else this could impact, the political/social/etc. ramifications. Kind of like when the bombs dropped on Hiroshima and Nagasaki. Kind of like the defoliation in Viet Nam and Cambodia. Kind of like the use of depleted-uranium shells in Iraq.

But they didn't do it. I think I might be proud of that. Granted, their bombing campaign has caused environmental damages that it'll take easily 100 years to try to correct... and granted, I have issues with a lot of other things in US foreign policy and US actions. But still...

If anything happens in terms of an international document on this, odds are it won't be an add-on to the Geneva convention. It'll be an independent document, more like the CWC or the Nuclear Test Ban Treaty. And I wouldn't be surprised if it gets held back in committee until shortly after it was originally scheduled to go into effect. Thank you, Mr. Helms.

Reprisal on US Commercial Systems

[CrusadeR]

I think the greater (and unspoken) DoD concern would be inviting reprisals on critical US commercial systems.

IMO, the Pentagon is probably hoping that the lack of any offensive information warfare activity on their part will prevent, for example, Serbia from actively trying to bring down the electronic keystones of the US economy. The fact that no one from the Administration or the Defense Dept. brought this up during the air campaign (and even during the deployment of K-FOR) tends to make one wary about the private sector's vulnarabilities to such attacks.

That being said, the new IW hawks in the Pentagon are likely overstating the military's weakness in this area to bilk our friends on Capitol Hill out of more defense funding; funds I would personally much rather see go to shoring up critical commercial systems... as an info-warfare-style attack on the markets, large businesses, etc. will probably be difficult to recover from in the short-term, and be far more costly to US leadership and prosperity.

Re:Reprisal on US Commercial Systems

[Kintanon]

IMO, the Pentagon is probably hoping that the lack of any offensive information warfare activity on their part will prevent, for example, Serbia from actively trying to bring down the electronic keystones of the US economy

Yeah, just wait until some 2nd world country manages to DoS Slashdot and take credit for it. Two hundred thousand angry geeks will have reduced their entire information infrastructure to a smoking pile of toaster parts within seconds.

Kintanon

On the GCs...

[Stonehand]

Here's a site that includes the Geneva Convention relative to the Protection of Civillian Persons in Time of War, in addition to other interesting documents.

And you believe them? They just want to sell guns.

[Thiarna]

If the US succesfully used 'cyberwarfare' do you think theyd tell us about it? The main use would be espionage, and if they were any good nobody in Serbia would know, they are not going to put up a hacked webpage and tell 2600.

So why the statement? Because it is possible that (very small) conflicts start at the level of cyberspace, and theres the tiniest possibility they stay there. If that happens the winners are the civilians, and the losers are the western arms dealers.

Re:Maybe Babelfish for Hemos?

[rjreb]

Using the Hemos-to-English selection, Babelfish returned "The context is which has it supposdly made not becoming not broken in the military service of Serbian"

So cut him some slack... He made more sense the translation did...

Re:This is also the sort of thing Janes needs to u

[Kintanon]

The army hack into the electrical system, and shut down the power to a city.

A hospital in the city has a generator failure as a result and several babies and patients on life support die.

Has this violated the Geneva Convention rules on war?



The same thing applies if the drop a couple of bombs on the power plant as well though. And the military regularly bombs power plants during conflicts. The difference is that it's a lot easier to rebuild the computer network than it is to rebuild the actual power plant. cyber warfare is 'nicer' than conventional warfare.

Kintanon

Relevant Geneva Convention Articles

[CormacJ]

Geneva Convention of 1949
The convention deals mainly with the protection of innocents and prisoners.

Articles 12 & 13 deals with protection of wounded and sick
Articles 19 to 23 deals with protection of hospitals and medical units
Article 33 deals with protected buildings

All these could be accidentally affected by a cyberwarfare attack and put the attacker in violation of the geneva convention and liable to a war crimes trial.

Take article 19 as an example:
Art. 19. Fixed establishments and mobile medical units of the Medical Service may in no circumstances be attacked, but shall at all times be respected and protected by the Parties to the conflict. Should they fall into the hands of the adverse Party, their personnel shall be free to pursue their duties, as long as the capturing Power has not itself ensured the necessary care of the wounded and sick found in such establishments and units.
The responsible authorities shall ensure that the said medical establishments and units are, as far as possible, situated in such a manner that attacks against military objectives cannot imperil their safety.
Shutting off power to a city could affect a hospital and put the attacker in violation of the convention. If you are trying to make yourself be seen as the force of good, then this would hurt your credibility a lot. This is also why hospitals were given so much press during war.

The convention is drafted so that many things are already protected even under cyberwar. But I do think it needs to be extended to include protection of certain forms of attack.

Re:Relevant Geneva Convention Articles

Destroying a power plant would be a war crime only if you shut the power down for the expressed purpose of killing patients in a hospital. As long as the Army shuts down a power plant for the purpose of reducing the capabilities of the enemy then this is perfectly acceptable.

This article only covers the treatment of captured medical service personel and wounded. And of course we see to it that all captured prisoners get great treatment, makes getting more prisoners much easier.

Re:Relevant Geneva Convention Articles

[dillon_rinker]

Let me quote the relevant bit here...
The responsible authorities shall ensure that the said medical establishments and units are, as far as possible, situated in such a manner that attacks against military objectives cannot imperil their safety
In other words, it is the responsibility of the defender to see to it that the hospital does not become a militaryt target. Hospitals are not given blanket protection; otherwise, every combat unit could becalled a "medical unit" and be protected by this treaty.

If you place a garrison of armed troops in your hospital, then I am justified in using whatever force is neessary to destroy those troops. If the hospital is destroyed in the process, that's too bad, but my attack on the hospital does not necessarily violate the Geneva Conventions. Which the United States is not a signatory to, by the way, though it has agreed to abide by them.

So if you use a power plant to power your military installations, that power plant is a valid military target. If your hospital is powered by the same plant, then you didn't plan very well, because you situated you medical establishments and units in such a manner that attacks against military objectives CAN imperil their safety.

Feel free to point out factual errors...

I say go for it and reward it.

[quecojones]

In the next conflict, the US should go for it and try to crack the other country's systems. Hell, it should even offer a prize (lots of cash--tax free :) to the hacker that brings down a specific system (some are more important than others). The offer should go out to hackers world wide. Think about it... the US can offer (US)$1,000,000 to the guy (or gal) that brings down the other country's military network, or something.

Cyberwarfare ain't a "crack this box" competition

[karb]

If it keeps people safe from going to war face to face and risking their lives im for cyberwarfare.

Cyberwarfare, at this moment, serves a similar purpose to electronic warfare, psycho-warfare, and heck, even air warfare.

They are side-issues that influence the main battle, i.e. getting what you want, typically liberating a stretch of physical real-estate. Students of the Yugoslav conflict know that our control of the air had very little to do with our tactical control of the ground. Yugoslav ground units were well hidden, and very few were destroyed. In support of ground forces the air force would have been much more deadly. But if your opponent only needs to hide to win, don't count on winning from the air.

It's very unlikely that cyber-warfare could so cripple an opponent that their military would withdraw. Look at the sanctions we put on Iraq and Bosnia. The effects were certainly worse than any the effects of any cyber-warfare we could have waged. Yet, neither backed down without a show of military force.

There's a saying from the cold war, that goes something like "It doesn't matter if you shoot every MiG out of the sky if you come back to base and find the Soviet lead tank commander drinking beer in the officer's club." Same thing with cyber-warfare. It's just another helpful tool that will not obviate the need for real actual combat.

Hypocrasy

[Shotgun]

(I hope I spelled that right) This is completely ridiculous. When you declare war, you have decided that you're going to go to another country and kill their people. THAT IS A CRIME. 'but it's OK if we only kill soldiers, but they are fighting back' What's the difference between a guy who will shoot you and a guy who will try to help the guy who will shoot you by providing him with food, shelter, ammunition, medical care, etc? If I kill the farmer that feeds the soldier, want that make it easier to kill the soldier by demorallizing him? It's war, and it's not meant to be pretty. That's why I get pissed off that our lame Congress allows that President to conduct war without their formal declaration of war. If war cannot be justified to enough people in Congress, it shouldn't be carried out. If it is justifiable, then everything the enemy has is a target. Pandering around the enemy so that people at home aren't upset by what they see on TV only gets our men killed. War is the ultimate sanction. It is ugly and unwarranted in almost every case. (The Balkan crises could have been solved much better by using the billions spent on bombs to build cities for the displaced refugees. The groups are seperated, and the aggressors look silly as they are left out of the windfall.) However, once war is decided upon every method available should be used to hurt the enemy in order to save our men. Anything else is tatamount to treason.

Geeks before Leathernecks!

While Understatement=="Hmmm...", the mind-numbing hypocrisy of the U.S. "military" junta proceeds apace.

Now, the pentagon is trying to plead, We were such humanitarians! What hypocrisy! It [pentagon] advised commanders to apply the same [humanitarian] ``law of war'' principles to computer attacks that they do to the use of bombs and missiles, the Post said. These call for hitting targets that are of military necessity only, minimizing collateral damage and avoiding indiscriminate attacks.

The totality of our bombing practice, from 30,000 feet, on this population was aimed against their schools, hospitals, roads and bridges, convoys of refugees, and irrigation systems, civilian power plants and automobile plants. As to actual military infrastructure attacked, we took out exactly 13 tanks, and exactly not one airport, fighter plane or missile defense/radar system. This was a total economic and infrastructural attack against women and children of Kosovo: like waco, only on a bigger scale.

To me, the fact that "the pentagon," or whoever pulls the strings at that brain-dead humanity-dead war-crimes bureau, specifically refused to deploy cyber warfare against the Serbian military, which could have been specifically targeted so as to leave adjacent civilian infrastructure such as schools, hospitals, roads and bridges in tact, only serves as additional proof that the bombing was intentionally aimed at the innocent people of Balkans regions, and not the remnants of a runaway Yugoslavian military. In fact, by blocking commercial traffic on the Danube, all our military did was transfer additional economic and political control of a Harvard-educated IMF-banker-turned-politician, named Milosovec.

Now, as the typically sever Balkan winter sets in, without roads, bridges and power, many more will die from simple lack of food and shelter. Yah Marines.

In fact, cyberwarefare is the only ligitimate first deployment of military action in a war. This might make the Marines mad. The concept of Geeks before Leathernecks! is unacceptable to them. Where's the fun if there's no blood on the beaches, they cry.

Re:Geeks before Leathernecks!

what a load of nonsense. You take all propaganda that supports your cause and believe it. Why did we use million dollar tomahawks if our bombing was against the populous and not the military? We could have simply dropped iron bombs from B-52s WW2 style, it would have been a hell of a lot cheaper, just as safe, and it would have destroyed more schools and hospitals. It's one thing to argue that all war is inhumane, but to single this one out as particularly bad is ludicrous. Like everything else you spew your conspiracy militia based facts are completely mistaken. We flew no lower than 15,000 feet, not 30,000 We destroyed several yugoslavian fighter planes, both in the air and on the ground. We attacked power plants with bombs which spewed carbon fibers, thus just overloading systems and not destroying infrastructure. If your still convinced that the us military is a bunch of bloodthirsty savages you should do a search for concrete bombs we're dropping in iraq to avoid civilian casualties

Cyber Warfare

[Vania]

Cyber Warfare just may be the cheapest and most sure way to case nuclear power station & nuclear weapon explozion on the enemy's territory - enormous civilian casualities seems anavoidable too. There is nothing out there to force you hand in the matter, but the precedent would have a tendency to spread. In this kind of warfare the most technically advanced and the best armed countries all but inevitably shall prove to be most vulnerable ones. I wont expect 'em to actually approve this development.

We don't wanna' go there yet

[davie]

The U.S.A. have little to fear in the way of invasion--we can still count on two large bodies of water to make a direct assault on our shores too costly to consider. In the cyberwar context, however, we cannot count on any natural geographical barriers, and we may be at a significant disadvantage because of our dependence on less-than-secure technology and our "Cover Your Ass at All Costs" corporate and government cultures. The Information Superdirtroad leads right to the back door of almost every mission critical institution and enterprise in this country and, as slashdot readers know, few of those doors are securely locked.

I think it would be wise of our military to refrain from cyberwar until the overall quality of security on corporate and government networks is improved. We can count on the military to defend us against an attacking force on the ground, but on the 'net, we're all on the front lines and it's every man for himself.

Re:We don't wanna' go there yet

[mochaone]

Invasion may not be so important, now that it is has been reported that the Soviet Union may have buried nuclear bombs and radio equipment in caches around the country during the 1960's. Belgium has reported finding radio caches on its soil recently.

I'll try and find link to the article.

Re:We don't wanna' go there yet

I agree that we don't want to "go there yet" but I strongly suspect it's where we're going to be dragged anyway.

I mean, we can bomb Iraq over and over again. The smartest thing they could do in retaliation would be a major EMP bomb in the middle of Manhattan.

Let's face it, if you took out all the computer systems in Iraq it wouldn't cost nearly the damage to their economy as taking out all the computer systems in Manhattan would cause to us.

Check your "facts"

[joefission]

Nice try, but incorrect. Lt. William Calley was convicted in a Court Martial for violating the UCMJ. He wasn't convicted of a war crime.

You can read all about it here.

Re:Check your "facts"

[Stonehand]

...but the purpose was nominally the same, no?

An individual helping to lead a massacre of a village wasn't looked upon too kindly by authorities who'd be under pressure if they didn't prosecute and convict. Not that this seems to happen with heads of state...

True, 'tho, it's pretty rare for anybody from a superpower or former superpower to get nailed thusly.

Re:Check your "facts"

[mochaone]

No, it's not "nominally the same". You attempted to point to a US serviceman who had been tried/convicted for War Crimes, as defined by the Geneva Conventions. Someone presented factual evidence that showed you were incorrect. The serviceman was not convicted of War Crimes, nor was his trial held under the auspices of a War Tribunal, as laid out in the Geneva Conventions.

This isn't horse shoes, buddy. You were wrong.

Re:Check your "facts"

[joefission]

...but the purpose was nominally the same, no?

Doubtful, IMHO. I'm not familar enough with the context of the court martial. However, I'm quite sure that this incident wasn't an isolated one. Why the case was brought as an example when others were ignored is unknown to me. Probably more to do with Army politics than any pressure from foreign governments.

Let's see... kill humans and wreck the environment

[gregm]

Or hack some computers. Come on.... that's just silly. War is war and it's hell. Of course they're going to crack. I would in second... unless of course I was afraid of pissing off the enemy and forcing them to crack me back. Cracking could be the one real leveler of the global playing field. It would only take a few really sharp Serbs to play havock with the entire US network. The bigger the country the more security holes in their networks.

Pretty soon these crackers that keep getting busted will be trained in a secret underground facility in Viriginia and will become truly elite.

murky ground

[Hard_Code]

Hmm...counter to the article's statement, I think computer or "cyber" warfare, is a type of warfare that makes most sense NOT being practiced by purely military organizations. In the case of the United States, it would appear to me that such warfare would be the realm of agencies like the CIA, NSA, not a military division like the Army, Navy or Air Force. Cyber warfare is more insidious, requires more care, precision and stealth, is more controversial and prone to scandal, and I think probably would be the realm of spooks, and /intelligence/ organizations, not GIs. Computer warfare in general is a very touchy subject...consider the day when everybody is connected through a pervasive global network (well, that's almost the picture today). Cannot an act against a piece of the global network be considered an attack on all parties? How can it be localised? This is probably something that needs to be discussed and written down in one of those rules of war agreements.

Re:murky ground

[Didian]

Yes, for goodness sake, we can't have Beetle Bailey conducting CyberWarfare.

Really. The military intelligence arm is full of trained professionals who understand the impact of warfare of all types on a society. They have war colleges that study cyberwarfare, not only how to attack, but how to defend. These intelligence warriors can integrate a cyber attack with other more conventional types of warfare. They can coordinate the strike times to make most effective use of limited resources. They can deny service just when it is worst for the enemy.

The last thing we need is civilian organization grabbing turf during a war. Keep one leader for all efforts and then (theoretically at least) the right hand will know what the left is doing.

Leave warfare to those who are paid (albeit not very well) do to it. They are highly trained and dedicated men and women who are more deserving of your respect than the above shows.

--
"You despise me, don't you?"

Re:And you believe them? They just want to sell gu

If that happens the winners are the civilians...
It is very likely that civilians will also lose.

Watering down the GC

[Mainusch]

The Geneva Convention is very important. Loading it up with nonsensical "protections" serves only to dilute it, and make it less credible. Nerve gas deserves to be banned. Hacking the enemy's computers does not.

WRT the concept that this kind of "attack" would invite similar reprisal, I say that we are already a target of opportunity for every nutcase out there. They need no further excuse to attack us.

Re:Watering down the GC

[cmarkn]

I agree with what you say, with one extension: the use of gas in warfare was banned not because it deserves to be banned, but because it was a remarkably ineffective weapon. True, it made gruesome casualties of those it did affect, but it was very difficult to make those casualties where and when you wanted them, which defines an effective weapon.
Perhaps gas warfare succeeds without being used simply by making enemy troops lug around their gas masks and waste precious training resources learning how to use them.

The Pentagon Document

[DrPsycho]

Bit of an odd one here...

The article mentions the actual document the Pentagon produced, "An Assessment of International Legal Issues in Information Operations.".

Would anyone know how someone such as myself would be able to get their hands on such a report? It sounds downright fascinating, even though I would anticipate it being a generally dry legalistic read.

Come on...

[ColonelNorth]

I suppose there are two options.

1. Break into the machines, and do as we will.
-or-
2. Drop a big bomb on said machine, which is certainly more destructive and more annoying to an admin.

Since option 2 is already used, there is no excuse for not being able to use option 1 and save a couple bombs.

Re:Come on...

[anonymous+cowerd]

> Drop a big bomb on said machine, which is
> certainly more destructive and more annoying
> to an admin.

Maybe to some admins. I can't tell you how many times I've wished someone would drop a bomb on my server. Sometimes I think maybe it would be best if I weren't present at the moment of impact; but there are lots of other times when I just don't care. Yeah! A big bomb. But then I hate all these fscking computers.

Yours WDK - WKiernan@concentric.net

War is ugly, but necessary sometimes.

[Lord+Kano]

>>they should have at least the common decency to not interfere with industry or technology critical to the civilian population.

You can't win a war merely be destroying the military of your enemy. You have to create as much of an uproad amongst it's own people as possible. When a government loses the backing of it's people it's easier to beat.

>>it would be nice to know that civilian hospitals etc would not become targets.

I agree with you here 100%. Hospitals shouldn't ever become targets unless they're being used by the military in a strategic sense.

>> this last comment was a joke, mocking the utterly stupid policies of the US toward democratic ideas

The US outlasted the USSR. Appearantly those ideas were not all that stupid huh?

LK

Re:War is ugly, but necessary sometimes.

[jafac]

Ultimately, warefare is more about economic might than military might. Over the decades that the US and USSR fought the "cold war", maybe a few shots were fired, definately a lot of proxies suffered (Afghanistan, Nicaragua, Viet Nam, . . the list really goes on and on), but in terms of direct US-USSR troop conflict, not much action - but the US (NATO) won, because we had the economic power to manufacture enough missiles to scare the bejeezus out of them, and cause them to manufacture just as many missiles, which caused their weaker economy to fizzle.

Thats why you cut power lines, bomb factories, blockade ports, etc.

I wish I had a nickel for every time someone said "Information wants to be free".

Re:War is ugly, but necessary sometimes.

[Lord+Kano]

>>Ultimately, warefare is more about economic might than military might.

I'd consider the two equally important.

>>the US (NATO) won, because we had the economic power to manufacture enough missiles to scare the bejeezus out of them, and cause them to manufacture just as many missiles, which caused their weaker economy to fizzle.

I disagree as it respects to your soley financial reasons for the USSR's failing. The socialist system of government doesn't work because people have no incentive to give any extra effort. People won't work as hard if they get the same compensation as if they do "just enough".

In the US and most of the free world working extra hard gets extra benefits for you.

Our different peoples were fed propaganda from our respective governments. I remember seeing a video back in high school about life inside the USSR, and school children no older than 9 or 10 rambled on and on about how "Reagan" wanted to have a war with them and their heroic government was keeping him at bay.

It's about morale. Cutting power lines, destroying factories & foundries, and the like are designed to eliminate the enemy's ability to produce weapons and demoralize their population.

After all two atomic bombs forced Hirohito to surrender, but there were Japanese soldiers found on pacific islands YEARS later who didn't know that the war was over because they had not lost their morale.

LK

Re:War is ugly, but necessary sometimes.

[Xkill_]

I never said that the USSR had policies any better than that of the US. But then again the two are alot more similar than you realize. They are both greedy systems based on acquiring as much wealth as you can. However the US justifies it by a free market's empty promises and with a big military keeping the underdeveloped countries docile and submissive, while the USSR justified it with a closed market and empty promises and a big military keeping the underdeveloped countries docile and submissive. do you see the similarities? besides look at the USSR now, they are all jobless and poor as a result of a new free market... oh wait, i forgot let me re-phrase that. They are all poor except the beaurocrats, the corporate executives and military generals.

"The importance of using technology in the right way has never been more clear."

Problems with hacking the enemy

[crypie]

Something that hasn't been mentioned yet is that one of the biggest problems with hacking into a system is that once you do it, there's a good chance the enemy will know you did it and fix the holes. In a similar way, military planners have to decide whether it's better to blow up that communications link or leave it up because the enemy is talking across it. Sometimes it may be better to look at a computer and not actually do any damage. Or maybe put a backdoor in for a time when we really need it..... And yes, there are a lot of tricky legal hurdles. Yes, I think the biggest fear is that it opens the US infrastructure up for a lot of nastiness. Despite what many of you may believe, even the spookiest of spooks have a lot of legal guidelines they are "supposed" to follow. We need to get this cleared up because there's no point in having a weapon you're not prepared to use, well maybe nukes, but that's a whole different discussion.

Re:heart monitors

I understand there is a serious question about whether power plants can be considered "legitimate military targets" given the civilian services which depend on them. But it must surely be considerably quicker and easier to repair things following some bit-twiddling than following a couple of tons of high explosives coming through the roof.

Do not on others...

[icing]

It would not believe that unwritten codex is stopping an army from applying a new technology. That would be quite naive, IMHO.

I see the example from WWII as more relevant where none of the involved parties dared to use the (nerve) gas weapons on the battlegrounds. Since noone had a defense against those, noone wanted to start the usage.

Even though the U.S. military might be quite protected from cyberwarfare, a lot of the civilian US installations like banks, insureance, government, etc. is probably not. Serbian or Serbia supporting knowledgable people could have easily attacked the US in a counterattack. In the end systems everywhere would be going down (or could not be trusted any longer) without anybody knowing the attacking party.

In this light, the decision of the US not to use this new kind of weapon is wise. The reason they give to the press is lame...

Microsoft will continue to innovate.

[smithdog]

Microsoft will continue to innovate.

Load of rubbish...

to all of you who think Pentagon can hack into a Serbian nuclear reactor: do you really think mission-critical systems like that are connected to the Internet, or to any other network? Hah. The military may use civilian structures like telephone networks for communications, if it saves them trouble, but making that big switchboard in Belgrade crash won't stop military comms. Good old-fashioned electronic warfare like jamming ack-ack radars is much more concrete than fantasising about hacking into a top secret military computer on which the whole Serbian army would rely... heh.

ridiculous

[Fooknut]

not only can they not hack into a military network, but this would inevitably lead to warfare on the US front, our own government with all its huge resources penetrating and hacking into the computer networks and systems of US citizens. I am glad they didn't do it. it would set a dangerous example for the future military. The laws need to be VERY clear before they go this route.

Re:ridiculous

Hell, they already monitor everyone connected to the internet using echelon. So why shouldn't they hack the enemy too?

Re:This is also the sort of thing Janes needs to u

[El+Kevbo]

Let me repost part of the Geneva Convention that has already been posted (it's relevant):

Art. 19.

The responsible authorities shall ensure that the said medical establishments and units are, as far as possible, situated in such a manner that attacks against military objectives cannot imperil their safety.

In other words, placing your military bases and hospitals on the same power grid won't prevent anyone from attacking that power grid.

Another point that has been raised often in this discussion(often thinly veiled) is a perceived bloodthirstiness and lack of morals in the military. C'mon, these are people just like you and me. They have a distasteful, but very necessary, job to do. They don't enjoy pulling the trigger anymore than you enjoy the 2 am phonecalls to come in and reboot the server.

I'm not a Linux user so I am very careful when reading or commenting on articles relating to Linux. How about some of ya'll doing the same when you're not too familiar with the topic at hand (How many active duty military or veterans are active Slashdot readers?)?

Rant concluded. Enjoy the rest of your day.

We Got the Bomb

: Oh, look at me, I'm an otter! I'm cute. Don't eat me.

: OK, you're cute and friendly. You may go. Next?

: mooooo!

: You're a fscking baseball glove, get in the back of the truck!

The reason *is* lame--here's my theory.

[Bobzibub]

I remembered at the beginning of the war, the US was playing up the cyber-war stuff. They were openly talking about attacking Milosovich's (sp?) foreign bank accounts.
Suddenly they went into silent mode. I bet it happened when the diplomatic notes arrived from countries which held those accounts: 'Attacking our banks is attacking *our* countries--what kind of allies are you?'

Then the US Military thought: hmmmm... Maybe its not such a good idea after all.

Law for War?

The only laws that apply in War are the laws of physics.

We can kill people...

But we don't want to break into their computers, because that might be wrong...

What the hell kind of pansies do we have working the the cyber warfare division?

Break into those computers. I want the enemy to see Uncle Sam looking out at them from every terminal.

I want to see green lights in all directions at every intersection.

I want their money so screwed up that no one ever figures out where it all went.

I want every web server they own screaming the truth about what these counties do to their own people.

What we can't crack I want taken out with denial of service attacks.

I want the Army to own their computers.

If the US Army can't do this, then maybe I need to organize a few other senior system analyzers and take some vacation the next time the US army goes to war...

We did engage in cyber-warfare

[jluros]

Actually, we did wage cyber-warfare against serbia. Those carbon bombs that we launched over their power stations had a two-fold purpose. The superficial purpose was, of course, making the cities dark so that we could bomb targets more easily. This is silly, however, because they would have turned off all the city lights anyways. The meatier reason for putting their power grid on the fritz is because their military uses some sort of computer networking over powerlines. I no longer have the source for this... I read it on one of the main news sites.

We were already killing the power grid

[shaldannon]

Nato planes were dropping spools of carbon monofilament which short-circuited the power lines. If we're going to go ahead and do that, why not save the jet fuel, the wear and tear, and the potential loss of men and material involved in air runs by simply cracking into the power station and shutting it down (or re-routing the voltage flows from different plants down the same lines, thus shorting those out)?
On the subject of collateral damage, any shorts in the power grid have the potential for damaging computer hardware attached to the grid. For example, when a lighting storm hit our area of the southeast US some months ago, I lost a nic and nearly lost a mobo. If you're crossing wires (monofilament, cracking, ...) and shorting them, then the result is the same, including potential collateral damage.


Who am I?
Why am here?
Where is the chocolate?

What if the US indeed violated the convention?

[Virtual_Raider]

Reading these comments regarding possible do-s and
do-nots, I came up with a question. Let's suppose for the sake of argument that the US declared war on some unpopular and troublesome country. Let's think Irak invading Kuwait again.

Imagine that the militrary use their cyberwarfare capabilities in some way that effectively violates the "laws of war". Is there an effective way to force american criminals of war to face a trial? I mean, in most cases, the not so well regarded "help" of the USA is used to enforce compliment of international law, because it's huge power.

Would the other countries in the NATO or the UN security counsel have the power to take those criminals before justice should the US government chose not to hand them? Given they current and apparent concern with not breaking the law, that may seem unlikely, but it's also widely known that "Northamericans have no friends, only interests".

Just random paranoid and off-topic thoughts :)

Cyberwarfare opposed by Russia? Why?

[spartan]

I find it perfectly acceptable for our country to participate in Cyberwarfare. In fact, we already can do, in the physical world, that which may be attainable through an over-the-wire attack.

• We have missles which can shut down power grids, either temporarily or permanently (an infrastructure attack). Why not just shut it down over a network?
  
• We have missles which can cause the enemy to see 15 aircraft coming in to attack, when in fact, a missle sent the signal(good deception techniques) and we are attacking elsewhere with F117s. Why not just send the signal over the wire or even better, alter the system to be disfunctional?
  

The objective in warfare (before Clinton anyway), was to fight and win. Now, with the continued advent of Operations Other Than War and limited objective warfare, Cyberwarfare seems to be an even more attractive option, given the relative costs in human suffering (by Soldiers, Airmen, Sailors and Marines of the United States and their families). The risks involved in such operations are much greater since the objective is not to totally annhilate the enemy, but to pacify him and then co-exist within the same physical space for an undetermined period of time and with ill-advised rules of engagement. Would you want to be on the ground then, or have a family member or friend out risking their lives? Or would you rather reduce the need for it through an over-the-wire attack?

Now, I'm not advocating Cyberwarfare to the extent that we isolate and shut down mission critical equipment in hospital facilities by shutting down a power grid, but if we engage such targets with munitions anyway, wouldn't it make sense to engage the target at lower cost and risk to human life of our nation and forces?

An argument that I've seen presented is that we are more dependent on information infrastructure than other nations so we ought not to provoke other nations by using the same. In the USA, we have a rather decentralized information infrastructure, highly redundant systems, and data backup performed for all critical systems. I would argue that even if another nation were able to attack us, it would not take that long to recover.

Now, Russia was also mentioned in the article and you'd have to pay some attention to the fact that they strongly oppose the use of Cyberwarfare. Why is this? Could it be that they have a very centralized information infrastructure, very few redundant systems and cannot regularly perform data backup? I would think this to be the case.

Anyway, our own government, having developed the most sophisticated military technology in the world is already the number one target for hostile "cyberwarfare" attacks. Just because they have occured during a time when we are not actively engaging an enemy does not mean that it does not happen, or that it does not constitute "cyberwarfare".

Whenever in warfare, there is a chance to use a supporting weapon such as mortars, artillerly, etc... we have what is known as pre-plotted targets that can be used as a point of reference to speed up the engagement process at a critical time of need. Some (or many) of you may be aware of the many different scenarios the military develops and prepares appropriate contingency plans. Do you think that the NSA does not already have solutions plotted to shut down as many critical systems throughout the world as possible should the need ever arise to do so? These are the targets of tomorrow. It brings about a whole new meaning to "pushing the button".

Information Warfare, Cyberwarfare, etc... was started a long time ago and it is here to stay. We are already under attack and will continue to be attacked since we have superior technology that many others want, and that some other nations have already obtained from us.

uhm...duh!

[Tesseract]

we are talking about a state of war, right? then win dammit! This namby pamby wishy washy crap is what got our asses kicked in Vietnam...Yes, try to minimize civilian casualties. BUT, is the best way to do that to NOT use weapons that will end the conflict in the fastest, most efficient way? It takes your average person several days to die of starvation, but only a couple of minutes to die by bullet wound...

how do you defend against counter attacks!?

Cyberwar can be initiated at any time by atleast a single individual. Therefore the cyberware counter-attack will be just as deadly, more so to the US, since we're a bigger cyber target. Seems sorta foolish to start a cyberwar, knowing the counter-attack can come from any _friendly_ country, from any disgruntled relative of any civilian suffering from cyberattack from the US. I dont see any country with an economy dependent on mass communication able to 'win' by using cyberwar.

US bashing and rules of war

The Geneva Convention was meant to prevent brutalization and torture of POWs, and to prevent civilians from being butchered by things like nerve gas, mustard gas, concentration camps... parts of wars that target the already helpless. The only exception to the rules regards 'revolutionaries' and people from countries that are not recognized.

Therefore, unless you are using information warfare to accomplish the exact same thing that you could with conventional weapons against an enemy that is not already subjugated, you might be breaking the spirit of the treaty, if not the actual letter.

The main reason why the US didn't use informational warfare heavily was because informational warfare is an act of terrorism, not an act of war. Very few military systems (mobile SA-series systems and TU-series tanks) can be affected by online 'DoS' attacks, as compared to more conventional ECM, or a good old-fashioned HEX/HEAT warhead. And unlike Iraq, we didn't have to worry too much about medium-range missiles hitting our allies.

The US did not want to harm the citizens of a foreign country: if we did, we have a lot better ways to do it, just ask Cuba. And unlike the european 'powers', we don't like it when people butcher people, unless it's in Asia, and that's because they have turned it into an art form.

And the US is old-fashioned in their threat-supression tactics. We prefer using a hand-grenade to a reset button. It works, and it looks cool on the 6-o'clock news.

Another reason Cyberwarfare sucks

If Cyberwarfare is adjucated as acceptable behaviour then what are the weapons of war? There are two very dangerous possibilities. First, the Mercury article noted that civilians could not participate. The army (at least in the US) attracts from the bottom third of high school graduates. The average score for a recruit is in the 37th percentile of those that take the ASVAB, the vast majority of whom _don't_ go into "the service". This could suck ass, because the geeks have to come from somewhere, and that somewhere will be a draft.

Concievably worse, the weapontry of war, including more rudimentary hardware and softwere products could be classified as munitions, and thus be restricted from export or purchase. The Govenment could ban Back Orifice! I am yet to see an example of Government or Military regulation of geekdom has provided anything but hassle from pointy haired types.

Will

Good luck kids!

[gad_zuki!]

Here's to the hope that the military drafts a few thousand script kiddies, realize their IRC skills are useless and makes them pick up a gun. Good luck in the front, kids!

cyber warfare is not "hacking"

[eclectic9]

cyber warfare is not typical "hacking"/"cracking" as many of you see it. you do not just telnet half way around the world or dialup to some Nuclear power plant (although you can do that to Houston Lighting and Power :-) and do a DoS attack that causes a kernel panic and shuts down the power grid.

cyber warfare is fought on many different battle fields, and in many ways we have been fighting cyber wars for quite a while. do a little reading on the Navy war game where a US Navy ship was taken over and one of it's missles launched in a cyber warfare attack, you'll get an idea of how these things work. cyber warfare involves things like:

• Radio/Radar Jamming, EMF Disruptions, other DoS attacks. we've been doing this for a long time.
• Stealing proprietary technology that missles, ships, et. al. are controlled with and using it to attack/compromise the enemy.
• Compromising physical technology/network access points to further attack/manipulate the enemy.
• Disruption of electronic banking systems (freezeing foreign assets, disabling systems, stealing money)
• It also involves all kinds of technologies, rarely the Internet. i.e. Spread Spectrum, VHF, UHF, Satellite, GSM (and cell protocols), other radio frequencies, etc...
• any typical act of war (propaganda, disabling supply lines and communications, spying, etc...)

the biggest advantage any attacker could gain by using cyber warfare IMHO would be to steal proprietary knowledge, information, and war plans.

remember that cyber warfare is not a *new war*. war is war and cyber warfare is a means to an end. CW is just new ways of doing the things that war has always done, even since the days of King David or Sun Tzu.

Re:cyber warfare is not "hacking"

I think that what most of us are talking about is internet based cyer-warefare or atleast having to do with information stored on computers, not so much the technology warfare as a whole that you seem to be talking about

Re:cyber warfare is not "hacking"

[eclectic9]

acts of war where the internet is the only medium seems a bit short-sighted to me.

Re:cyber warfare is not "hacking"

[Toojays]

The Gulf War was supposedly the first "cyber" war, I've got a book called "The First Information War", which is basically a really boring collection of military reports about the way Iraq was basically "blindfolded" by the Allies during the war, with many of the methods you've described.

I would think that the book is definetly incorrectly titled though, as the Second World War was certainly an information war, and intelligence agencies carried out activities akin to the cr/hacking discussed here. For example, at Station M in Canada, documents were faked with impecible accuracy (right down to the straw used to make the paper and the typewriters used to type them), and used for various acts of war. There isn't much difference between the Ultra intercepts obtained by breaking the Enigma code, and modern forms of "cyber warfare".

It is believed that letters faked by the Nazis and "leaked" to Stalin resulted in him having almost half of his officers executed before World War II. This is hardly different to hacking into a computer and changing records to have soldiers arrested/fired/whatever, it's just a matter of whether it can be done without being detected.

Come again?

[Rares+Marian]

I really hope you're being sarcastic. War has always been a game of keeping the citizenry busy and distracted though sometimes (very often) every one including the lead players get their hands dirty and everyone is left in fucked up position.
"Computers should be ... tools... (siglim 120 chars)" Like cars... to the office no more no less.

Vulgar displays of power...

[ronfar]

These types of cracks, "taking things out," seem far less effective to me than the more subtle uses of information warfare. I'm talking about a really old form of information warfare (used, among other wars, during World War II to crack the German and Japanese code). In other words, you infiltrate your enemies communications network and use that information to see where they are vulnerable, and use that to strategically plan an attack. If you use your hackers to take out their power grid, are you warning them to improve their security?

off topic

[itachi]

No, it was a moderate success. After all, the Japanese fleet failed to sink any of the US PacFleet carriers. This, in turn, led to US victory at Midway, and eventually, the war (arguably). One of the major Japanese goals with Pearl Harbor was to nail the US carrier fleet. In that regard, the attack failed.


itachi

Re:off topic

[Kartoffel]

You're right. I sort of simplified a discription of the war in order to make the comparison between Pearl Harbor and modern 3rd-wave warwafe.

The US Navy was very lucky to have its carriers out to sea on the day of the attack. In 1941 it was not yet apparent to the US admiralty how imporant carrier aviation would be in the upcoming conflict. If Japan had found the carriers as well as the battleships the war may have taken a very different course.

Certainly Midway was a major turning point in the war. I would also like to nominate the point at which the US cracked the Indigo cypher. The exact date is still classified, AFAIK. Enigma was declassified back in the 1970's but for some odd reason Indigo is still locked down tight. Wacky.

Thoughts on Cyber-warfare

[philodox]

I myself am a member of the Marine Corps, and have a couple of things to say from a military standpoint in order to supplement some of the posts that I have read on here so far. The first point is on the "declaration of war." Even though the United States did not officially declare war on Serbia, we can still send in troops as a "policing" action. Although I must say that the conflict that we had with Serbia may have extended a bit beyond that, the President can send in troops and have them there for (I believe, please correct me if I am wrong) up to 6 months before any official declaration of war is needed. Such was the case with President Bush and the beginning of Operation Desert Sheild/Storm. Marines are constantly being sent in to foreign countries to police the area, although ground troops didn't arrive in Serbia until after most of the conflict had been resolved. In regards to the Geneva Convention, many of the articles are taught to us in basic training as the "9 Rules of War," which basically amounts to not hurting civilians, taking care of those wounded weither friend or foe, not to harm enemy medical personnel, how to treat prisoners of war, etc. Now if our country were to engage in cyber-warfare by disrupting power, transportation, and other systems, and as long as it doesn't directly or indirectly violate any of the Rules of War or articles in the Geneva Convention, it should be used. Anything that will help our troops accomplish the mission with the least amount of casualties should be used. In addition, I don't think any of the "cyber-warfare units" that are out there would openly "attack" a system that would affect the civilian population; likely targets would probably be military related, such as radar systems, military communication systems, and the like. In response to the "Geeks before Leathernecks" post, and myself being both a Geek and a Leatherneck, I see no problem whatsoever with attacking a foreign country's electronic/military infrastructure in order to make our job easier =). I can't speak for all Marines, but personally I would welcome the thought that the enemy would be hindered when we enter the country and possibly engage in combat - whatever advantage we can get, we should exploit, especially if it means the men in my unit will come out alive.

re: innate superiority of true decency

[zerone]

Who knows how much NATO spent to force Milosevic out of Kosovo? Billion$, right? Wouldn't that money (or even a small part of it) have been far more effectively invested in providing decentralized communications access to the *people* in Kosovo/Serbia? Likewise in Iraq? Fighting fire with fire causes a tit-for-tat vicious spiral of suffering and resentment. Better douse it with water. "Bombing" civilians with uncensored bits will empower people to topple their oppresive despots better, cheaper, faster.

As it stands, NATO taxpayer dollars/euros now finance isolation policies that kill thousands of children every month, in the case of Iraq, from sewage-born infestation, malnutrition, exposure etc. Slow and painful. The US domestic propoganda machine ignores this, prefering to focus tv attention on finger wagging at that bad-boy "Sadaam" and his "weapons of mass destruction".

But asking the doublespeaking largest-arms-dealer-in-the-world named Uncle Sam to demostrate real decency may be unrealistic, in light of his past behavior. Still, you gotta thank Arpanet for the Internet:)

war has rules?

[imperfect+being]

quick comment today:
Since when did anyone including the US government strictly follow the "rules of war?" War is war is war. nobody plays fair. people fight to win, and i find it difficult to belive that any government who is routinly dropping munitions that injure and kill civilians on a regular basis is going to get sqeamish about taking down a network.

Then again... it would be the kind of bassackwards double standard beuracratic crap the US gov has become famous for.

Thank you and goodnight,

beauty of the internet

[idioMac]

One of the things that make the internet such a wonderfull place is it's freedom. Another is the posibility of viable static or passive defenses.

And if a fourteen year old suburbanite script kiddie can have a chance to crack a major corporation, then why not some hostile military?
It shouldn't make a difference. If they've got their security act together, there oughtent be a reason to deny the opportunity to attack.

Since when to do rules apply?

How can the U.S. government make the claim, with a straight face, that they were trying to abide by a set of "rules"?!?

The U.S. and U.K. blatanly ignored "rules" governing the destruction of cultural monuments, churches, hospitals, medicine factories, and of course, plenty of innocent civilians. This, of course, was not just on Mad Madeleine Albright's crusade against Serbia, but in nearly every conflict the U.S. has ever been engaged in.

The U.S. considers itself "above the law" in these areas, and if you believe for one minute that the U.S. didn't do everything they could to topple what little the Serbs had left after years of U.N. occupation, then you are a fool. And this means "cyber-warfare", biological/chemical warfare (depleted uranium weapons were used extensively in the U.S.'s genocide in Serbia), and of course, psychological warfare.

Welcome to America.

Re:Since when to do rules apply?

[radja]

ofcourse the uranium wasn't intentionally used as a chemical weapon, it was just convenient to use it, because the stuff is fairly heavy. heavy means it has more kinetic energy at the same speed (K=0.5*m*v^2) and thus better penetration into thick armour, like tanks.

//rdj

My opinion

Yes, cyber warfare, like artillery virages, like massive air raids, like tanks is a part of a modern day battle field. You can trace it back all the way to WWII, when RAF and USAAF would drop alluminum strings to blind the German radar. Cyber warfare must have its rules. It should be fine to crack a system which controlls a SAM site or an artillery battery, saving countless lives of your pilot, but you should not shutdown a hospitals' power suply system, or remove a pro-enemy site, just like you dont go around bombing schools and raping civilians, when you are conducting air raids and taking control of a terroritory, respectively.

Of course all war is hell and should be avoided, whether its in suburbs of Stalingrad or at the shell prompt.

English != Source Code

[Stephen+"The+Carp"+C]

I AM a programmer.

There is quite a differnece between speaking
english and writting PERL.

YThe human mind is quite capable of picking
up on meanings from context and all sorts
of things.

The simple fact is that English can be pretty
damned "Bad" and break alot of the ruls, and
still be understood.

In perl I can't just start using a new function
and have the language figure out what the
function is suposed to do and do it from context.
Humans can, fo rthe most part.

If I say "Witch store are you going to?" yes I
used the "wrong" spelling for the word "Which"
but...does that mean you didn't understand it?

I don't know about you, but I know a few people
who are not native english speakers, and who
have pretty horrid english grammar (mostly I
imagine as a result of their native language not
containing certain verb tenses and things like
that) yet...I have no trouble conversing with them

little irks me more than to see someone make
a valid statment on a topic, then see people
degrade into attacking the grammar or spelling
of the words and sentances used, rather than
contributing anything usefull.

If all a person has to say is "Duh, you spelled it
wrong your an idiot" or "duh you left your
particple dangling"....then in the words of
Red Green "Then you have nothing to say, just
shut up"

Re:And you believe them? They just want to sell gu

[Thiarna]

Between conventional war and cyberwar ordinary citizens are likely to come off best from cyberwar. Obviously no war is the best for everyone, so you could say that is the only way civilians win.

CyberWar rules

[Stanleverlock]

Dear friends, Believe it or not War is fought by the Rules. The U.S.Military learned it's lesson in Vietnam about not following the rules of Land warfare. Today's most current example of not following the rules of land warfare is in Checheneya. There the Russian Army is delibertly targeting Civilians. The result is is horrendous casaulties among those poor people. If you go and attack computer system that causes Unnecessary civilian casualties without effecting Military targets, you are committing a War Crime. Even attacking Civilians Computer systems that help the millitary opens up to many grey areas of War Crimes. But there are still lots of options open to the creative military hacker. If you don't think that the pentagon isn't studying all those attacks that are being made on it now, sober up. WE are watching an opening into a new Arms Race.

eWarfare ~= Real Warfare

[uncledrax]

Well.. understandable, but what happens when all the civilian power stations, taken over by the miliatary becauses theres got hacked, get hacked? Then the civilian population becomes effected.... Or, what happens when the military takes over the civil air stations and use them, then they become military targets.. Hospitals loose power (generators only last so long), airports loose power = crashes, homes with power means people will become sick from spoiled foods, drink contaiminted water, etc.. War is War.. the GC is designed to prevent the killing of people for the sake of killing people... regardless both the military and civil populations suffer in a warring faction, the question is to what extent..