Pentagon Says Cyberattacks Can Count As Act of War 282
suraj.sun tips news that the Pentagon has decided computer sabotage originating from another country can be classified as an act of war. "The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to US nuclear reactors, subways or pipelines as a hostile country's military." This news comes only days after the Chinese military admitted the existence of a team of cyberwarriors. "The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the US can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military."
well of course! (Score:2, Funny)
Re: (Score:2)
If the pentagon attacks itself, it will also feel its wrath!
Mwaahahahaha!
Re: (Score:2)
Re: (Score:2)
so what? (Score:2, Insightful)
anything is an excuse to go to war. since when did they need to specify?
Re: (Score:2)
Exactly.
The real question is whether the USA wants to go to war. They'll find an excuse anyway for blaming the other.
And I seriously doubt that a single 'act of cyber war' will lead to military retribution against a sovereign nation. It might if the sovereign nation is rather insignificant... but it's not gonna happen if it's China, India or Russia... and hopefully not of it's any allied country, like the one I happen to live in.
Re: (Score:3)
They don't need to specify a reason, but coming up with BS excuses is a nice boost to civilian morale. It's a prestigious line of work with a long and glorious history: Remember the Maine!
Re: (Score:2)
The War On Terror was used to justify internal spying and the eradication of checks and balances on the Executive Branch.
The War on Cyber Terror will be used to justify controls on the Internet.
Re: (Score:2)
The War On Terror was used to justify internal spying and the eradication of checks and balances on the Executive Branch.
The War on Cyber Terror will be used to justify controls on the Internet.
This sounds like another page out of that "How to Run a Government" handbook that George Orwell wrote (1984). This is the bit about keeping the country in a perpetual state of war.
Re: (Score:3, Funny)
Because teenager with LOIC doing DDoS == enemy combatant. GITMO will soon be filled to capacity with chan-tards perhaps?
And those prisoners thought water-boarding was bad...
Re: (Score:2)
GITMO will soon be filled to capacity with chan-tards perhaps?
Well, damn, you just changed my mind. I now *support* the Pentagon on this. :-)
Utterly reasonable (Score:2)
It's utterly reasonable, although it's going to be exceptionally difficult to separate government actions from those of civilians. Who wants to bet that this will, sooner or later, be used as an excuse for invasion?
Re: (Score:2)
when it is used as an excuse for invasion, let's do the invasion right. let's actually subjugate invaded territory to our rule and claim all of it's resources as our own. no more half-ass shit.
Half-assing it is more profitable for those in charge. They don't have to take over or even address the actual problems in the region; they just bomb it flat and then declare that they shall take the contract to rebuild it in their image.
treason, too. (Score:5, Interesting)
Re: (Score:2)
Rumors on both Internets (Score:4, Informative)
The military has its own private network for the real important stuff.
Hence the comment in 2004 by then President Bush about "rumors on the internets that we're going to have a draft". He was referring to the public Internet, the Armed Forces internet, and any organization using an internet on 10.* [google.com].
Defense contractors? (Score:4, Interesting)
The real problem is defense contractors that have all sorts of classified material on their computers. We could spent billions on defense related R&D and some third rate country might get that data and even might destroy our copy of the data while they are at it. Or even better, put a hidden bug in the design that will cause us grief when we try to use it in battle. (Of course, it could remain inactive until it is activated by an enemy.)
Re: (Score:2)
not very likely, although since computers are actually made in china, a timed virus in one of those might be a problem.
Re: (Score:2)
Re:treason, too. (Score:5, Insightful)
If dropping a nuke on the Pentagon is deemed an act of war, then surely placing it in such a vulnerable location in the first place must count as treason. I mean, who would knowingly place such a valuable (and apparently, easily accessed) facility that's so vital to the defence of the country, in such danger of attack in the first place?
Re: (Score:2)
Flamebait? Really? I consider this a valid criticism of the OP's absurd post.
Any building, utility, transportation or other critical infrastructure, even a computer network will have certain vulnerabilities for which steps must be taken to mitigate risks. Simply accusing one of treason simply because there are risks is a little over the top donchathink?
Re: (Score:2)
Re: (Score:2)
You have to draw a reasonable line somewhere.
Anything not encased in a Slaver stasis field can be considered vulnerable.
What's the difference? (Score:5, Insightful)
Re: (Score:3)
The USA fights anything with military force.
Especially shortages of pork [wikipedia.org].
Re: (Score:2)
The United States of America possesses the mightiest, most lethal fighting force in the history of the human civilization. If anything, I think they have been too restrained in their application of military force. I would favor more preemptive and swift action to prevent future attacks like this coming cyberwar
Unfortunately, they don't seem to be able to pay for it - when it is in action at least. More military actions in the past would have probably resulted in a financial meltdown, where the US would not even be able to pay the interests on their debt.
Re: (Score:2)
Stuxnet worm (Score:2, Insightful)
Things that America does don't count though, right?
Re: (Score:2)
This. Relatedly, anything Israel does (with or without America) is just defending itself.
Not a new question (Score:5, Insightful)
Chinese hackers using systems located in Russia to hack NSA assets is just as hard to 'prove' as China launching a Russian made ICBM from a submarine disguised as Russian in a location the Russians would likely use etc. Unless the person who attacks you basically tells you they did it to your face (and even then potentially) you're making a judgement as to what happened based on evidence.
Re: (Score:3)
Bingo. I have seen many companies with hacked computers used as launching points for attacks.
If someone coming from a .pk host launched an attack that blew out a bunch of transformers in India, how can one prove that it was someone from the ISI who did it, or a compromised host, and the real culprit is some kid in a basement who wants to see India and Pakistan exchange nukes? There is no certain way to tell.
Call me... (Score:4, Insightful)
Call me daft, by all means, but for some reason I am incredulous that critical systems should be vulnerable to cyber attack. It just feels like something went very wrong at the design stage to allow this to happen. But then I'm not a developer...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Thus, there needs to be a way to administer firmware updates and software security patches. That selfsame way (whether that is wifi, USB, serial bus, or dip switches controlled by smoke signals) is always a vector for malware.
Re: (Score:2)
True but there are ways to mitigate risk. Software that is easily modifable is a good start. Software that actually enforces security is another.
the DOD should be using something like a harden version of SELinux where you have to get permission to open your email on any machine that wasn't expressly assigned to you.
Re: (Score:2)
The United States (Score:5, Insightful)
Continually at War with some group, product, or idea since 1941.
USA & Israel is in war against Iran? (Score:5, Insightful)
The USA & Israel jointly developed the Stuxnet worm and launched it against the Iranian nuclear facilities:
http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org]
In the first documented and well-confirmed act of cyber-warfare, does this mean that both the USA and Israel have declared war against Iran, and that Iran would be in its rights to strike back at targets in both countries and kill people there?
Gee, this is all we need, yet another war on top of Afghanistan, Iraq, and Libya.
Re: (Score:3)
In the first documented and well-confirmed act of cyber-warfare, does this mean that both the USA and Israel have declared war against Iran, and that Iran would be in its rights to strike back at targets in both countries and kill people there?
There's no such things as "rights" when we're talking about nations. They can do whatever the hell they want, and so can any other nation. The prudent ones tend not to act in a way that'll get them anhilliated.
Re: (Score:2)
"They can do whatever the hell they want, and so can any other nation".
I think many people would disagree.
http://www.un.org/en/law/index.shtml [un.org]
Re:USA & Israel is in war against Iran? (Score:4, Insightful)
I think many people would disagree.
I think many people are retarded. So what?
If the US decides to invade Canada tomorrow for no reason whatsoever, who's going to stop them? What do you imagine the international community will do?
Even in the case of Iraq, the UN didn't want to do anything except write strongly worded letters. If you think international laws are actually enforcable, you're a fool.
Re: (Score:3)
Tell that to Serbia. International law is enforced, just against the "lesser" countries, not against the US or Israel.
What happened to Serbia over Kosovo was a travesty; it had nothing to do with international law. It's no wonder that such bullying tactics aren't used against the US or Israel - they only work against nations which can't effectively defend themselves.
What happened in the Balkans in the early 90's was a peacekeeping mission - it also had little to do with international law. Similar peacekeeping missions were attempted between Israel and various neighboring states in the past, and were generally just as in
Re: (Score:3)
Well, yes that probably should've been considered an act of war. It did as much damage as a few dozen bombs would've and I'm sure they wouldn't have liked that.
Having said that, it's hard to prove - the point in TFS - and they're not stupid enough to fight the US unless they have to.
I was just saying this the other day - cyberattacks can be as damaging as tactical bomb raids (generally without human casualties though). If a nasty targeted worm got into the C&C systems? Definitely an act of war by its cr
Re: (Score:3)
It hasn't been proven that the US and Iran created Stuxnet... Provenance is a problem the article you didn't read points out.
Re:USA & Israel is in war against Iran? (Score:5, Insightful)
1) I'm not sure that you can assert "Wikipedia" as sufficient casus belli. "Some guy somewhere (we're not sure who) said you attacked us, this means war!"
2) There are two levels to the article's question, both of which are directly relevant:
- first, there's the question of 'what's worth war?' - a question that has been asked from the beginning of time, and for which there is no hard and fast answer, because it depends entirely on the context. The fact is that all countries leave this line vague, as a deterrent to any opponent ever coming close. Is shooting down another country's plane an act of war? What if they were flying close to your borders spying on you? How about axe-murdering some of your soldiers? (http://en.wikipedia.org/wiki/Axe_murder_incident). None of these led to war, but can you imagine the repercussions if the US stated categorically that such actions posed no risk of war?
- second, there is a significant risk of disinformation in real life, probably an order of magnitude greater in cyberops. The burning of the Reichstag is the first example that comes to mind, but history is littered with cat's paw, false flag, or other disinformation operations meant to convince one state that another is attacking it. If the Stuxnet virus contained comment code in Yiddish, or even "Copyright 2004(c) Israel Cyberwarfare Unit", many, many gullible people would take that as proof-positive that "the jews did it!", even though a sensible person would be dubious that the real culprit would be quite so stupid (unless, of course, it's a double-blind, but you can go a long way down that hallway if your tinfoil hat is planted firmly enough).
My point is that it's clear that a cyber attack could be an act of war. Stating so is only marginally useful as a way to give yourself some diplomatic flexibility if you detect such an attack. "Insisting on more clarity" is at a minimum silly, unreasonable, and wholly misunderstands the context of why such statements are made. At worst, it's just another disingenuous political attack.
Re: (Score:2)
Kaspersky Labs concluded that the sophisticated attack could only have been conducted "with nation-state support"[18] and it has been speculated that Israel and the United States may have been involved.
Considering Iran is the one making those claims, and also since Iran pretty much blames everything on the West and Israel, it's pretty bold of you to conclude Stuxnet was created jointly by the USA and Israel from that statement from the Wikipedia article you linked up.
Re: (Score:2)
And your proof is?
Hey, he knows what he knows!
Terrorist vs. Act of War (Score:2)
So if a citizen of China, Russia, or Zimbabwe originates a successful (or even mildly irritating) attack against the US government, they will see it as an act of war?
I didn't read TFA, but looks like them terrists can spark a war by simply hacking via *name your country here* proxy.
Let's say that isn't even the case, does the Pentagon think that an international cyber attack is going to just come from an address registered to chinacyberwardivision.cn?
This seems shaky at best to declare war on phantoms... th
Re: (Score:2)
I never thought of it as being akin to the Balkan Powder Keg...
I hope the Black Hand doesn't have computers!
So can raids by SEAL Teams (Score:3)
What about SEAL Team 6 invading Pakistan?
Re:So can raids by SEAL Teams (Score:4, Informative)
Clearly, you don't get how double standards work.
Re: (Score:2)
Re:So can raids by SEAL Teams (Score:4, Insightful)
What about SEAL Team 6 invading Pakistan?
Personally I think that any country that hides and shelters a terrorist that kills thousands and thousands of the civilians would be considered an act of war. Pakistan should consider itself lucky that its only got a small slap on the wrist by the USA navy seals.
An example of US sponsored terrorist (Score:3, Interesting)
Personally I think that any country that hides and shelters a terrorist that kills thousands and thousands of the civilians would be considered an act of war. Pakistan should consider itself lucky that its only got a small slap on the wrist by the USA navy seals.
You mean like this guy? This is a guy as bad as Osama, but he just happens to cooperate with the CIA and with "US interests". There are 100s of deaths directly linked to him including bombing of a passenger airliner.
http://en.wikipedia.org/wiki/Luis_Posada_Carriles [wikipedia.org]
So is this a little inconvenient truth? Or do you stick with your assertions?
Re: (Score:2)
Re: (Score:2)
http://en.wikipedia.org/wiki/Klaus_Barbie#CIA_and_Bolivia [wikipedia.org]
Re: (Score:2)
Clearly, you don't get how the Bush Doctrine works.
Iraqi army invades Texas, decides to all but abandon that effort to occupy Canada for 8 years (not for the oil, ahem), then a strike force finally assassinates him in a villa outside Mexico City.
Re: (Score:3)
America shelters george w who sent more americans to their death than osama did. if an iraqi strike force came in and struck bush, burial at sea, and all, would anyone have a right to say peep?
Nobody forced anybody to sign up for any branch of the military. They were all consenting adults that knew full well of what they might be getting themselves into. As much as you might not like George W., it's petty and ignorant to compare him to the leader of the largest terrorist organization ever in known history.
Re: (Score:2)
Re: (Score:2)
Pakistan is not happy with us over that. Under the rules of war, they can declare war on us for the invasion of their sovereignty. Which is what we did. But at the moment, they're the ones with egg on their face, and they'd be foolish to do so. Also, they're supposedly an ally, which means that they trust our intentions - at least ostensibly.
Does it give us the right to do what we want? Not really, but the fact remains that the ethics of war are highly complex. Since nobody can ever be "right", in absolute
Are we finally going to pay attention to SPAM now? (Score:2)
Spam is a problem. All these malware infections too. And it is often next to impossible to trace the real origins of these attacks. Are we preparing to lock down the internet to fight a nebulous foe? "War on Cyber-terrorism?" Funny that the government doesn't seem interested in regulating the money trail these scammers and malware pushers use.
Re: (Score:2)
Only when the Chairman of the Joint Chiefs gets suckered into a 419 scam.
Simple plan (Score:3)
Re:Simple plan (Score:4, Insightful)
Re: (Score:2)
Step 1: Come back to reality.
Step 2: Stop posting paranoid bullshit on slashdot.
Step 3: ???
Step 4: We all profit!
Re: (Score:2)
Translation (Score:2)
So the west has officially declared war... (Score:3)
How is it different? (Score:2)
" how to define when computer sabotage is serious enough to constitute an act of war. ."
How is this any different from the current situation? The US went to war in Iraq on the flimsiest of pretexts. The Bush administration ginned up the supposed threat that Iraq would have nuclear weapons in a very short time and we had to act NOW! Are we to start a war because we think that a hacking attack is immanent?
How on Earth... (Score:5, Insightful)
Re:How on Earth... (Score:5, Informative)
1) It is all on the internet
2) SCADA systems, which are the control systems for everything from AC ducts to coolant pump controls on nuclear reactors, have major security vulnerabilities and they are plugged directly into the network via ethernet or wireless
3) These systems were designed and implemented by the lowest bidder
That's how.
This goes for pretty much every current control system in every power plant, water treatment plant, nuclear reactor, spill way, switching station, airport, train, medical center, etc...
Re: (Score:2)
4) Complete Moron supervisors and managers of these plants demand they can remote access the systems from their home or the main office over the internet.
That one is what undermines more security than any other. The retarded manager or CEO.
They dont want to pay for a secure point to point T1 line to a hardened and secure dedicated PC at that location. they cant justify the expense... so they want it anyways and half ass it by using "pc anywhere" or another half assed solution and put it on the internet w
Re: (Score:2)
Are their computer systems connected to an outside network or is there a someone on the inside (a la Stuxnet)?
You deliver a trojan to a user that you know plugs their personal device into the work network. Or you know, SOME of them really ARE connected to the internet, and they're counting on firewalling to keep them secure. Maybe they have multiple heterogeneous firewalls or something, and think it will keep them safe.
Many of these tools were developed before "anyone" (statistically anyone) thought you needed more than routing for IP security...
The Constitution (Score:2)
Since the Pentagon has such an expanded idea of "war," it's great to know that only Congress can declare war.
Oh, wait . . . .
Re: (Score:2)
Re: (Score:2)
Let's forget the myth of the Chinese being so ancient, wise and mighty -- because it's just that, a myth.
China is ancient, China has wisdom but may choose to ignore it, and China is mighty but it's kind of a one-shot super-cannon. If they move and fail then they will have expended so much doing so that they will be utterly vulnerable to attack. So they are playing the long game to see who melts down first... And they're betting it will not be them. With such a massive population, they may be right.
China's population is not a lack of wisdom, it's an overabundance of greed. They are by no means unique in this re
I must be naive... (Score:2)
...but I find this kind of hard to take seriously, kind of like when the US government declared cryptography to be a form of munitions and imposed the same export controls.
Here's what I don't get: If someone maliciously attacks a physical base, fine. You can't lock down physical things entirely -- there's always the possibility of an inside man, or, say, a nuke. But these sorts of things, we already have ways of dealing with.
However, if someone can carry out a successful "cyberattack" from their home countr
The real crime is within... (Score:3)
...our Military itself, and the fact that they repeatedly fail computer security audits year after year. Perhaps conversely it should be considered an act of Treason to perpetuate the lack of security around our critical systems, and hold those accountable who are refusing to spend the money to resolve the issues.
Yeah, I know I'm not the popular guy here asking the Government to actually spend MORE money, but some things need blatant and obvious attention, and allowing our country to go to war because their Windows 98 systems got hacked isn't the answer. I promise that any re-work of computer systems will be cheaper than any war we're pushed (or choose) to engage in. We've pretty much proven than beyond any doubt with the last decade worth of war on terror.
Re: (Score:2)
I know I'm not the popular guy here asking the Government to actually spend MORE money
we don't really need to spend more, just waste a whole lot less.
The only way to win (Score:2)
is not to play.
Re: (Score:2)
Bzzzt! Wrong....
The only way to play is to target and fire at the hostiles with a orbital mass driver platform. solid steel projectiles shot at the target at 9000 miles per hour would be a very eco friendly way of fighting a war. you get the desired effect of a nuclear bomb with no fallout and the projectile is earth friendly! or you could simply aim and focus your orbital solar mirror at the offending country and do the ants under a magnifying glass trick..
Honestly the USA needs to weaponize space with
Re: (Score:2)
Cyber attack could bring military response (Score:2)
US Air Force General Kevin Chilton, head of US Strategic Command, has said that attacks on the United States via the Internet could merit a conventional military response.
“I don’t think you take anything off the table. We’re particularly looking toward one group in Seattle [newstechnica.com].”
The Seattle-based insurgent group is thought to have seeded American government and military computers with millions of copies of malware that allows attackers easy access to any data stored on the computer, or in
Does this cut both ways ? (Score:2)
Isn't Echelon a permanent cyber-attack ?
What about that virus in the Iran nuclear program ?
killer drones on way to Anonymous homes right now (Score:3)
Is it state funded? (Score:2)
That should be the question. If it's state supported, then aggressive acts against the US should leave the option of reprisal, be they physical or virtual. However, as often is the case, the power of the state is waning and more often homeless smaller groups are posing as the real threat. You can declare war on drugs or Al Qaeda or other non-state elements all you like, but all it really amounts to is a way to justify to your people that you're cutting their resources/services to go after something with
This is the Pentagon we are talking about... (Score:2)
1. They are making a case for more funding to combat "cyberterrorism".
2. To a hammer everything looks like a nail. To the Pentagon everything look like war.
Recognizing irony key to transcending militarism (Score:2)
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net]
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all.
Do they want to open that box? (Score:2)
Because that means we performed an act of war against Iran with the release of that Virus...
When you open a box, it's not a one way street... Your enemies get to use your excuses as well.
From the article no one read (Score:2)
"If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a 'use of force' consideration, which could merit retaliation."
So just hacking into a system would NOT merit an armed response. Might merit a retaliation in kind, however.
Also, not all cyber-attacks would be over the internet. Not all systems that are networked are reachable over the internet. The internet itself runs over other networks, but
To those of you sniping with the moral arguments (Score:2)
Think more deeply for a moment. The meat of this issue is not that the US is suddenly comfortable with bombing somebody's router when it threatens their power grid -- every country whose infrastructure is worth protecting already has this in their contingency plans. The real news is that the US is SAYING it and making it explicitly clear.
For those of you who still think in terms of moralities in geopolitics, I don't know what to tell you except grow up -- realpolitik defines the world beyond your Matrix-lik
What about insurance (Score:2)
To the American Gov't. (Score:2)
Dear Representative:
We should not go to war over a cyber crime that does not cost the lives of American Citizens. We should not go to war over drugs, we should not go to war over oil prices, we should not go to war over a conflict that is unlikely to cost American lives. We are not the world police, we do not have a morally superior nation, our way is not the only correct way.
We should go to war to save American lives. Including the lives of our soldiers. I understand that it is not always easy to deter
No reliable way to pinpoint the attacker (Score:2)
It would take the likes of a forensic expert who is a cross between Columbo, Chuck Norris and Bruce Schneier in order to have any credibility to base an act of war on and that person would not be working at SAIC, NSA or the Pentagon.
Old News, But Raises An Important Subject (Score:2)
Proportional Damage is Key (Score:2)
Re: (Score:2)
Canada?
Re: (Score:2)
It's simple. We follow the traceroute until it reaches a country we want to attack, then we attack it.
Re: (Score:2)
There's also this little thing called the War Powers Act that mostly pushes Congress aside.