Cyber War Manual Proposes Online Geneva Convention 90
judgecorp writes "A new manual for cyber war has been compiled by international legal experts and published by NATO. The manual proposes that hospitals and dams should be off-limits for online warfare, and says that a conventional response is justified if an attack causes death or serious damage to property. The manual might get its first practical application today — South Korea's TV stations and banks have come under an attack which may well originate from North Korea."
Re: (Score:3)
Money is quite dirty and should never be fed to a child. It also has no nutritional benefits.
Re: (Score:2)
Frightening (Score:4, Insightful)
So when the Chinese hack America from an infected Swiss machine the US will bomb Switzerland? From outside it looks like that the military class has a disproportionately large influence in American politics.
Re: (Score:3)
My thoughts exactly. Plus, use of a proxy could create the equivalent of digital Al Qaeda cells, and if the Geneva Convention analogy is extended then there's no nation state to target. (GC is only for 2 or more nations in hostilities, not independent terror groups or internal conflicts) The entire concept sounds like a knee jerk reaction by people who don't understand how Big Al's innerweb works.
Our adversaries are already using proxies and launching attacks from inside the US from compromised US companies and civilians. I think you underestimate the DOD's ability or desire to attribute attacks to the appropriate party before responding. We know damn well who, how, and where from the majority of the intrusions and attacks are coming from.
If there is a significant cyber attack that causes extensive physical damage or casualties, then by all rights it's an act of war and an appropriate response is w
Re: (Score:2)
Well, we are #1 in defense spending... surpassing the combined totals of #2 - #15 (probably surpassing the combined totals of the rest of the world)
You are correct though. This makes false flag operations significantly easier, cheaper, and at a much reduced risk to the actual perpetrator.
Re:Frightening (Score:5, Insightful)
False flag operations are extremely risky, and don't happen as often as you would think.
Re: (Score:2)
Extremely risky in the real world, sure ...
But we're talking digital here. Anything can be a false flag (intentional or not) when it only takes a few black hats with a grudge to cause some serious damage. Even if we could perfectly trace any attack to it's true country of origin (and we can't) this online Rules of Engagement is a farce. If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty? Should Canad
Re: (Score:3)
If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty?
We've conducted cyber attacks against Iran, so by this convention we've declared war on the nation state of Iran right?
Re: (Score:3)
Re: (Score:2)
The US doesn't follow the existing Geneva conventions of war
Oh bullshit.
If we didn't follow the Conventions there'd be no Gitmo and Iraq and Afghanistan would have been completely depopulated by the end of 2003.
Bullshit to you. The Nazis didn't follow the Geneva Convention and they didn't completely depopulate the countries they invaded.
Re: (Score:2)
If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty?
We've conducted cyber attacks against Iran, so by this convention we've declared war on the nation state of Iran right?
I think it's OK if the US does it. If any other country on Earth had invaded another like Iraq, their head of state, generals, admirals and the rest would be swinging from gibbets as war criminals.
Re: (Score:2)
How do you know?
Re: (Score:2)
False flag operations are extremely risky, and don't happen as often as you would think.
... and don't [infowars.com] happen [jobsnhire.com] as [veteranstoday.com] often [presstv.ir] as [wikipedia.org] you [navy.mil] would [historicalrfa.org] think [lonesentry.com].
Re: (Score:3)
Re:Frightening (Score:5, Interesting)
Don't worry, China is on track [economist.com] to outpace the US in military expenditures by 2023 [bloomberg.com]. I'm sure that's all for "peaceful regional defense" and will have no impact on the US.
China's military rise
http://www.economist.com/node/21552212 [economist.com]
The dragon's new teeth: A rare look inside the world's biggest military expansion
http://www.economist.com/node/21552193 [economist.com]
Essential reading on China cyber:
The Online Threat: Should we be worried about a cyber war? (The first page of this is a must read wrt China.)
http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh [newyorker.com]
Great snippet: ""The N.S.A. would ask, 'Can the Chinese be that good?' " the former official told me. "My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I'd say, 'Can you read Chinese?' We don't even know the Chinese pictograph for 'Happy hour.'"
To say nothing of the more recent news.
But yes, yes...this is all about "false flag" attacks, because naturally the US is always the evil aggressor, and there has never been any oppression or tyranny in the world, save for what the US has foisted upon it. The principles of freedom for which the US stands are just an illusion force fed to a compliant public by the lapdog mainstream press. In fact, we probably have secret time machines so we could extend this evil beyond our nation's short existence in this world. That explains all the bad things that happened before we were around.
Re: (Score:2)
Re: (Score:2)
Hmm. The cols war. Capitalism vs communism. It seemed that capitalism had prevailed. It's going to be quite amusing if communism snatches victory from the jaws of defeat.
Re: (Score:2)
Secondly, there is the issue of how much something will buy. If China tells their gun manufacturer to sell them copied firearms of ours at $10 per, while We have to buy our at $2000 / unit, well, that is a HUGE
Re: (Score:2, Interesting)
China's military might be able to buy things for a fraction of what it costs the Pentagon to buy something comparable, but they also have to deal with the flip side of the equation -- it's hard enough to verify that high-quality components were used to build hardware when you have the kind of supply-chain culture the US defense industry does, and it's technically possible to read the laser-etched code off of a bolt and trace it all the way back to the miners who were working the day the ore was excavated fr
Re: (Score:2)
Residents of Manhattan might head outside the next morning to a city that's largely intact, and eventually see photos of the smoldering cratered wastelands that used to be the Jersey Shore
So, what you're saying is that every cloud has a silver lining?
Re: (Score:1)
Residents of Manhattan might head outside the next morning to a city that's largely intact, and eventually see photos of the smoldering cratered wastelands that used to be the Jersey Shore and Appalachia.
Uhm.. how would that be a bad thing?
Re: (Score:1)
From outside it looks like that the military class has a disproportionately large influence in American politics.
I have an even better suggestion.
How about we start enforcing the existing physical Geneva convention. So that no excuse (such as "terrorism!") can be used to violate the Geneva convention rules.
Re: (Score:3)
Re: (Score:2)
In the eyes of the law and under the requirements of justice prove it, until then they are innocent and only suspects. So either the Geneva Convention or the rule of law apply, take your pick or declare yourself the terrorist and criminal.
In any cyber attack the results in loss of life, first up those responsible for security should be audited and punished if they failed. Question that need to be asked, did it need to be connected to the internet, was it effectively isolated, how rapidly was an incursion
Re: (Score:2)
Fortunately, the Geneva Convention specifically excludes non-state combatants from its protection. Mercenaries, terrorists and insurgents/freedom-fighters are all excluded. The moment you take up arms without being in the military, you are not covered by it.
Indeed, but you are still covered by the civilian laws of that country. Terrorists are arrested, tried and convicted for murder and sent to prison, not indefinitely detained and tortured.
The British worked this out a while ago with the Troubles.
Re: (Score:2)
Deliberate targeting of civilian assets is a well established violation of the laws of war.
Even when done accidentally it's considered collateral damage and in cases of profound recklessness the aggressing party may be liable for reparations.
Re: (Score:2)
There wouldn't be any Jews left either.
Re: (Score:2)
Unless you properly win the war and there is no party left to pay reparations.
Re: (Score:2)
Fighting dirty in a war tends to piss off the world at large and is very costly in terms of international relations. Which in turn has strategic implications if you need their support in the future, or if they may choose to retaliate out of principle.
As an example, I cite how the Holocaust was the main factor resulting in the Nuremberg trials.
Hitting someone below the belt is a good way to bring your opponent down, but your victory will be short lived if you get an army of outraged fans climbing the ropes
Re: (Score:2)
Would there have been Nuremberg trials if Germany took over Europe?
Re: (Score:2)
Re: (Score:2)
Well there wouldn't be a US if we hadn't fought dirty against the Brits.
This just in: Still clueless (Score:5, Insightful)
These people still do not understand the basics of networked systems. Adherence to this proposed list requires several things which are absent on the global telecommunications networks. First, determining who's attacking. In conventional warfare, attributation is easy: They're wearing distinctive uniforms. Computer viruses and malware doesn't have an embedded flag in it to tell you which government sent it, and even if it did, it couldn't be trusted. Second, attacks that are meant to go after one thing can inadvertently hit something else (collateral damage). This is usually geographically-based in the real world... if a hospital happens to be next to a military munitions depot, umm, oops? But online, the hospital could be in another country and yet still be hit by the attack, because its digital signature is similar to the actual target. Either it's on the same network, or has a similar network address, or even a simple one character typo, is all it takes to send a "cyber bomb" (gags) veering off target. And last, but not least... you can have all the countries on Earth sign this and it still leaves out the guns for hire, the mercenaries. The A-Teams of the digital world: Freelancers. They don't have to go by your rules, and if a hospital happens to have a juicy source of personal information that could be turned into cash through extortion, blackmail, or reselling, they may just decide to go for it.
This document underscores just how little our military and political leaders understand about this new theatre of war. They're drafting up treaties without even knowing where the borders are yet.
Re: (Score:3, Funny)
In conventional warfare, attributation is easy: They're wearing distinctive uniforms. Computer viruses and malware doesn't have an embedded flag in it to tell you which government sent it, and even if it did, it couldn't be trusted.
Just require all state-sponsored malware to be signed and verified by the a third party. I can see no reason why such a system would fail.
Re:This just in: Still clueless (Score:5, Funny)
Just require all state-sponsored malware to be signed and verified by the a third party. I can see no reason why such a system would fail.
"Unable to launch nuclear missiles; The application was unable to contact the licensing server. If the problem persists, please contact your network administrator. The launch bay doors will now close."
Re: (Score:2)
"These people still do not understand the basics of networked systems. "
yes they do, and probably better then you do.
" First, determining who's attacking. "
often easier then you think. You act as if there isn't 100's of people smarter on you working on this every day. Don't make that mistake. I have seen virus traced to a single group with some pretty inventive ways. Plus, people talk more then you would think.
"Second, attacks that are meant to go after one thing can inadvertently hit something else (colla
Re: (Score:2)
----"You act as if there isn't 100's of people smarter on you working on this every day. Don't make that mistake. I have seen virus traced to a single group with some pretty inventive ways. Plus, people talk more then you would think."
This may be the case with many normal attacks, but once you start considering the sophistication of state sponsored attacks [which TFA is referring to], it becomes quite difficult to track down the true source. Most times this generally relies on the attacker making a mistake
Re: (Score:2)
So, war was originally fought between kingdoms where the peasants didn't vote their king in. It was generally regarded as poor form to attack peasants because the kingdom relies on them regardless of who the king is. The king had a military, who fought other kings and other kings military.
In western society we evolved some strange rules of war, which evolved to 'civilized' war - when people would
Re: (Score:2)
In conventional warfare, attributation is easy: They're wearing distinctive uniforms.
Because people are physically incapable of changing clothes.
Re: (Score:2)
Terrorists typically have no specific nationality, do NOT wear uniforms, and are not necessarily readily identifiable as such, or as to their origin or objective.
Rogue States simply by definition do not follow the rules, and believe it or not, in conventional warfare, there are internationally recognized laws of
Re: (Score:2)
The proposal might help if signatory nation states ever openly "went at it".
All such treaties and agreements are applicable only to the nations involved, but they do let both nations stand together and apply political pressure on non-NATO countries with a bit of mutually-reinforcing moral high ground:
We've agreed not to attack hospitals, so why do you still consider hospitals to be targets?
In war, even the complete destruction of your enemy doesn't guarantee victory. The goal is to win both the military battles and the political battles, so your control is recognized once the fighting stops. Fighting dirty might make military victories easier, but you'll piss off other s
Re: (Score:2)
This document underscores just how little our military and political leaders understand about this new theatre of war. They're drafting up treaties without even knowing where the borders are yet.
Don't worry. It's not like the US/NATO adheres to the real Geneva Convention.
Even its own Constitution, the US makes a mockery of it by ignoring the clear language the Founding Fathers used to describe who it pertained to.
Re: (Score:2)
Our military is very much aware of the new theater and have a heck of a lot more information about it than the average citizen. Attribution in conventional or unconventional non-nation state warfare as we see in the Middle East is not as simple as you make it out to be. A good example would be roadside bombs, where it's not immediately obvious which group was responsible. Someone of Arabic descent bombed the train, but which terror group did it?
Despite what you think, malware does contain indicators of t
And oil rigs (Score:3)
They might leak and make a mess. And electric grids, boy, that would be inconvenient. And not water treatment plants, or traffic signals. And not banks or shops, either.
The Geneva Convention worked (mostly) because there were mutual prisoners of war who could be mistreated, and horrific effects all around from mustard gas. If Anonymous could post flashing GIFs on an epileptic support group web site for teh lulz, what makes anyone think an attacker will stop at a hospital's firewall?
Re: (Score:2)
what makes anyone think an attacker will stop at a hospital's firewall?
"Excellent question, Internet! To answer that, I'm going to turn the mic over to Government Man, a man from the government. Take it away, Government Man!"
Well, fellow Netizen, it's basically like this. We're the government. The government controls everything, starting with you. Now we know you get these things called liberties and freedoms and stuff, and we let you hold on to the notion that you have them, because they keep you in line. But make no mistake, we're in charge, not you. And we're not gonna have
Re: (Score:2)
That's the thing about cyberwar. Anyone can jump on the battlefield, from anywhere, at any time. You don't have to spend billions of dollars to field a standing army of cyberwarriors, or rabble-rouse your church members into forming a militia. You can be sitting alone in your mother's basement, muster up a couple thousand bots, and suddenly you're making as much impact on the world as the entire nation-state of North Korea. People who do that have shown themselves to have notoriously poor judgement when
Get off our lawn (Score:2)
Can't all these generals just get on World of Warcraft of whatever online game and fight each other there, instead of wasting everyone's money on using our internet as their newest play yard?
Re:Get off our lawn (Score:4, Insightful)
Can't all these generals just get on World of Warcraft of whatever online game and fight each other there, instead of wasting everyone's money on using our internet as their newest play yard?
Because of all the Chinese gold farmers, the Chinese will have the advantage.
You know (Score:2)
you can only poke the bear for so long.
Re: (Score:2)
The UK in Malaysia, Ireland
Russia in Afghanistan
Russia in Chechnya
South Africa and it long boarder wars
The death squads of Latin/South America.
To actually fight and win a war you end up with Iraq and NATO in Afghanistan - the body count, body bags, drone wars in Africa, Pakistan...
You have to hold the country, change the country and get a lot of locals to betray their country long term.
Better to use local/regional youth as "freedom figh
Is there really a "Cyber War" ? (Score:2)
I don't believe any of the hype I hear on the news about the "Cyber War". Is it real?
I just don't see how they can claim that power grids, and other critical infrastructure are as vulnerable as they say, especially when the fix is easy: Take them off the public Internet.
Re: (Score:2)
Did someone add WiFi to their centrifuges?
Hijinks ensue in definition? (Score:3)
.
Has the USA turned ourselves into the British colonial empire building with our own red-coats? Why would anyone think the USA would follow a NATO directive or another Geneva convention about "cyber-warfare" when the USA is currently unwilling to follow the already agreed-to Geneva Convention against torture and extra-ordinary rendition and recognition of the sovereignty of other states?
Re: (Score:1)
Re: (Score:2)
USA doesn't adhere to geneva convention today so....
I really don't see the point. (Score:4, Insightful)
Everyone just breaks these sorts of rules whenever they feel like. It just provides an excuse to attack other countries shrouded in contrived legitimacy. If we want to attack a country for hacking into a dam we'll do it. If other countries want to be mad at us or even retaliate, they will do that. Pretending that we are just following some coherent rules is a joke, and this should be transparent to everyone.
Here is how this works:
1. We do what we want. This is the most important part. Example countries like Axistan are there for our benefit.
2. We invent rules giving us justification for attacking other countries and removing justification from other countries to attack us. Example A: Axistan is bad because they cyber attacked our hospitals and dams. We need to destroy them. Example B: Axistan attacked us for cyber attacking them, but since we attacked just about everything except their hospitals and dams, their retaliation was unjust and therefore they are the initial aggressors and now we must destroy them.
3. We pretend these rules are fair and implicitly agreed to by all other countries. Any country that would not agree to these terms is surely an evil country that gets what's coming to them anyway. So even though Axistan never agreed to this rule, we can still punish them for violating it.
4. When it doesn't work out the way we expected, and we need to break our own rules, that's ok because we still have all the guns, and the American people have a short memory. Oops it turns out we needed to cyber attack one of Axistan's dams. That's fine we'll just invent some reason why it was justified. You mean Axistan somehow managed to cyber attack us without hitting any hospitals or dams? Well lets just invent some reason why it actually broke our rules and lets attack them anyway.
All of this political bullshit is designed to trick a gullible American public that those in charge are righteous in our actions. I think this is giving far too much credit to the average American's ability to think critically. We can skip most of this show and dance. It would be less insulting to the intelligence of all involved if we just said "We're taking your stuff because we want to and we are bigger."
In a lot of ways we never really evolved past the politics of the playground. We just wear suits and use expendable high school kids with m-16s and m-1 tanks to pick on the other kids. We are a bully. But that's the way the world is. There are no adults to make us play nice or punish us. We're all bullies or victims or both. It's lord of the flies on a macro scale.
Dams? (Score:4, Informative)
Since when were they off the table for war? They blew up German dams in WW2.
Re: (Score:3)
Re: (Score:2)
Better just to short out/ the city/national grid as its for the war effort - tell the press its for local radar, SAM sites.
Make good PR with the optics of a non lethal graphite bomb ie the "Blackout Bomb".
You can get 70%+ of that country's power grid anytime you want.
Off-topic (Score:3)
The Hermit Kingdom's obsession with propaganda and rewriting history, and common language and history with South Korea, seems to make it ideal for a "backdoor" cultural attack.
The modern equivalent of a propaganda leaflet drop. Smuggle, or even airdrop, OLPC-style satellite receivers into North Korea, able to receive dedicated Korean language info dumps from suitable satellites, as well as rebroadcasted live radio and (power willing) TV channels. News, music, live weather, etc. (And dedicated counter-propaganda channels.) And encyclopedias, text books, banned poetry/history/music, stored on the devices. Modular, repairable, with solar panels and crank-generators repurposeable to reduce the number of units turned in or destroyed.
Designed in South Korea, manufactured in China, a few hundred thousand units per year. Bargain.
[Designed well, they could be more generally suited to the poorest parts of the world. Charities might buy them, increasing the production size, reducing the per-unit costs.]