Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Security The Internet The Military United States News Your Rights Online

Pentagon Says Cyberattacks Can Count As Act of War 282

suraj.sun tips news that the Pentagon has decided computer sabotage originating from another country can be classified as an act of war. "The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to US nuclear reactors, subways or pipelines as a hostile country's military." This news comes only days after the Chinese military admitted the existence of a team of cyberwarriors. "The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the US can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military."
This discussion has been archived. No new comments can be posted.

Pentagon Says Cyberattacks Can Count As Act of War

Comments Filter:
  • They took down our farmville time, we should risk the lives of our troops and murder their civilians in retribution!
  • so what? (Score:2, Insightful)

    by Anonymous Coward

    anything is an excuse to go to war. since when did they need to specify?

    • Exactly.
      The real question is whether the USA wants to go to war. They'll find an excuse anyway for blaming the other.

      And I seriously doubt that a single 'act of cyber war' will lead to military retribution against a sovereign nation. It might if the sovereign nation is rather insignificant... but it's not gonna happen if it's China, India or Russia... and hopefully not of it's any allied country, like the one I happen to live in.

    • They don't need to specify a reason, but coming up with BS excuses is a nice boost to civilian morale. It's a prestigious line of work with a long and glorious history: Remember the Maine!

      • by Intron ( 870560 )

        The War On Terror was used to justify internal spying and the eradication of checks and balances on the Executive Branch.

        The War on Cyber Terror will be used to justify controls on the Internet.

        • The War On Terror was used to justify internal spying and the eradication of checks and balances on the Executive Branch.

          The War on Cyber Terror will be used to justify controls on the Internet.

          This sounds like another page out of that "How to Run a Government" handbook that George Orwell wrote (1984). This is the bit about keeping the country in a perpetual state of war.

  • It's utterly reasonable, although it's going to be exceptionally difficult to separate government actions from those of civilians. Who wants to bet that this will, sooner or later, be used as an excuse for invasion?

  • treason, too. (Score:5, Interesting)

    by petes_PoV ( 912422 ) on Tuesday May 31, 2011 @09:58AM (#36296988)
    If attacking an american military installation via the internet is deemed an act of war, then surely exposing it on such a vulnerable network in the first place must count as treason. I mean, who would knowingly place such a valuable (and apparently, easily accessed) facility that's so vital to the defence of the country, in such danger of attack in the first place?
    • The military has its own private network for the real important stuff. The sorts of things you find on the internet are mostly just recruitment sites and the like.
      • by tepples ( 727027 ) <tepples@gmai3.14159l.com minus pi> on Tuesday May 31, 2011 @10:07AM (#36297136) Homepage Journal

        The military has its own private network for the real important stuff.

        Hence the comment in 2004 by then President Bush about "rumors on the internets that we're going to have a draft". He was referring to the public Internet, the Armed Forces internet, and any organization using an internet on 10.* [google.com].

      • Defense contractors? (Score:4, Interesting)

        by wfstanle ( 1188751 ) on Tuesday May 31, 2011 @10:18AM (#36297304)

        The real problem is defense contractors that have all sorts of classified material on their computers. We could spent billions on defense related R&D and some third rate country might get that data and even might destroy our copy of the data while they are at it. Or even better, put a hidden bug in the design that will cause us grief when we try to use it in battle. (Of course, it could remain inactive until it is activated by an enemy.)

        • not very likely, although since computers are actually made in china, a timed virus in one of those might be a problem.

          • If I were a Chinese expert in charge of sabotaging equipment for export, I'd have my trick built into the silicon. A simple little network of gates that listens out for a sequence of a specific 128-bits... and upon recieving them resends on all ports, links the highest volt rail available to all the IO lines and fries everything. Useless for espionage, but in the event of an actual war it'd make for one hell of an alpha strike. Just broadcast the kill-code on whatever radio frequency the enemy uses, or send
    • Re:treason, too. (Score:5, Insightful)

      by c6gunner ( 950153 ) on Tuesday May 31, 2011 @10:17AM (#36297284) Homepage

      If dropping a nuke on the Pentagon is deemed an act of war, then surely placing it in such a vulnerable location in the first place must count as treason. I mean, who would knowingly place such a valuable (and apparently, easily accessed) facility that's so vital to the defence of the country, in such danger of attack in the first place?

      • Flamebait? Really? I consider this a valid criticism of the OP's absurd post.

        Any building, utility, transportation or other critical infrastructure, even a computer network will have certain vulnerabilities for which steps must be taken to mitigate risks. Simply accusing one of treason simply because there are risks is a little over the top donchathink?

    • by mldi ( 1598123 )
      Exactly. When I read, "US nuclear reactors, subways or pipelines", I was wondering WTF these things are doing hooked up to the internet at all. It's like whining about getting splashed at a pool.
    • You have to draw a reasonable line somewhere.

      Anything not encased in a Slaver stasis field can be considered vulnerable.

  • by Errol backfiring ( 1280012 ) on Tuesday May 31, 2011 @09:59AM (#36297010) Journal
    The USA fights anything with military force. Be it international justice, drugs, terrorists or whatever.
    • The USA fights anything with military force.

      Especially shortages of pork [wikipedia.org].

  • Stuxnet worm (Score:2, Insightful)

    by Anonymous Coward

    Things that America does don't count though, right?

    • by Dracos ( 107777 )

      This. Relatedly, anything Israel does (with or without America) is just defending itself.

  • Not a new question (Score:5, Insightful)

    by N1AK ( 864906 ) on Tuesday May 31, 2011 @10:02AM (#36297050) Homepage
    The internet hasn't changed the fact that if someone doesn't want to be tied to an 'attack' they can make it hard to tell it was them, or even look like it was someone else.

    Chinese hackers using systems located in Russia to hack NSA assets is just as hard to 'prove' as China launching a Russian made ICBM from a submarine disguised as Russian in a location the Russians would likely use etc. Unless the person who attacks you basically tells you they did it to your face (and even then potentially) you're making a judgement as to what happened based on evidence.
    • by mlts ( 1038732 ) *

      Bingo. I have seen many companies with hacked computers used as launching points for attacks.

      If someone coming from a .pk host launched an attack that blew out a bunch of transformers in India, how can one prove that it was someone from the ISI who did it, or a compromised host, and the real culprit is some kid in a basement who wants to see India and Pakistan exchange nukes? There is no certain way to tell.

  • Call me... (Score:4, Insightful)

    by symes ( 835608 ) on Tuesday May 31, 2011 @10:02AM (#36297056) Journal

    Call me daft, by all means, but for some reason I am incredulous that critical systems should be vulnerable to cyber attack. It just feels like something went very wrong at the design stage to allow this to happen. But then I'm not a developer...

    • "Cyber attack" can mean a lot of different things. It could mean having a spy bring a thumb drive into a secure area and install some malware on a critical system and wreak havoc.
      • Why does a critical system have unsecured USB ports? Fixing that seems more important than clarifying you'll bomb people over it.
        • You forget the fundamental tenet of information technology: All software sucks, all hardware sucks.

          Thus, there needs to be a way to administer firmware updates and software security patches. That selfsame way (whether that is wifi, USB, serial bus, or dip switches controlled by smoke signals) is always a vector for malware.

          • True but there are ways to mitigate risk. Software that is easily modifable is a good start. Software that actually enforces security is another.

            the DOD should be using something like a harden version of SELinux where you have to get permission to open your email on any machine that wasn't expressly assigned to you.

        • Can you accept that simply as an example and not a literal point to debate?
  • The United States (Score:5, Insightful)

    by bill_mcgonigle ( 4333 ) * on Tuesday May 31, 2011 @10:03AM (#36297072) Homepage Journal

    Continually at War with some group, product, or idea since 1941.

  • by ad454 ( 325846 ) on Tuesday May 31, 2011 @10:03AM (#36297074) Journal

    The USA & Israel jointly developed the Stuxnet worm and launched it against the Iranian nuclear facilities:

              http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org]

    In the first documented and well-confirmed act of cyber-warfare, does this mean that both the USA and Israel have declared war against Iran, and that Iran would be in its rights to strike back at targets in both countries and kill people there?

    Gee, this is all we need, yet another war on top of Afghanistan, Iraq, and Libya.

    • In the first documented and well-confirmed act of cyber-warfare, does this mean that both the USA and Israel have declared war against Iran, and that Iran would be in its rights to strike back at targets in both countries and kill people there?

      There's no such things as "rights" when we're talking about nations. They can do whatever the hell they want, and so can any other nation. The prudent ones tend not to act in a way that'll get them anhilliated.

      • by MRe_nl ( 306212 )

        "They can do whatever the hell they want, and so can any other nation".

        I think many people would disagree.

        http://www.un.org/en/law/index.shtml [un.org]

        • by c6gunner ( 950153 ) on Tuesday May 31, 2011 @10:49AM (#36297718) Homepage

          I think many people would disagree.

          I think many people are retarded. So what?

          If the US decides to invade Canada tomorrow for no reason whatsoever, who's going to stop them? What do you imagine the international community will do?

          Even in the case of Iraq, the UN didn't want to do anything except write strongly worded letters. If you think international laws are actually enforcable, you're a fool.

    • Well, yes that probably should've been considered an act of war. It did as much damage as a few dozen bombs would've and I'm sure they wouldn't have liked that.

      Having said that, it's hard to prove - the point in TFS - and they're not stupid enough to fight the US unless they have to.

      I was just saying this the other day - cyberattacks can be as damaging as tactical bomb raids (generally without human casualties though). If a nasty targeted worm got into the C&C systems? Definitely an act of war by its cr

    • by wiredog ( 43288 )

      It hasn't been proven that the US and Iran created Stuxnet... Provenance is a problem the article you didn't read points out.

    • by argStyopa ( 232550 ) on Tuesday May 31, 2011 @11:12AM (#36298102) Journal

      1) I'm not sure that you can assert "Wikipedia" as sufficient casus belli. "Some guy somewhere (we're not sure who) said you attacked us, this means war!"

      2) There are two levels to the article's question, both of which are directly relevant:
      - first, there's the question of 'what's worth war?' - a question that has been asked from the beginning of time, and for which there is no hard and fast answer, because it depends entirely on the context. The fact is that all countries leave this line vague, as a deterrent to any opponent ever coming close. Is shooting down another country's plane an act of war? What if they were flying close to your borders spying on you? How about axe-murdering some of your soldiers? (http://en.wikipedia.org/wiki/Axe_murder_incident). None of these led to war, but can you imagine the repercussions if the US stated categorically that such actions posed no risk of war?
      - second, there is a significant risk of disinformation in real life, probably an order of magnitude greater in cyberops. The burning of the Reichstag is the first example that comes to mind, but history is littered with cat's paw, false flag, or other disinformation operations meant to convince one state that another is attacking it. If the Stuxnet virus contained comment code in Yiddish, or even "Copyright 2004(c) Israel Cyberwarfare Unit", many, many gullible people would take that as proof-positive that "the jews did it!", even though a sensible person would be dubious that the real culprit would be quite so stupid (unless, of course, it's a double-blind, but you can go a long way down that hallway if your tinfoil hat is planted firmly enough).

      My point is that it's clear that a cyber attack could be an act of war. Stating so is only marginally useful as a way to give yourself some diplomatic flexibility if you detect such an attack. "Insisting on more clarity" is at a minimum silly, unreasonable, and wholly misunderstands the context of why such statements are made. At worst, it's just another disingenuous political attack.

    • by mldi ( 1598123 )

      Kaspersky Labs concluded that the sophisticated attack could only have been conducted "with nation-state support"[18] and it has been speculated that Israel and the United States may have been involved.

      Considering Iran is the one making those claims, and also since Iran pretty much blames everything on the West and Israel, it's pretty bold of you to conclude Stuxnet was created jointly by the USA and Israel from that statement from the Wikipedia article you linked up.

  • So if a citizen of China, Russia, or Zimbabwe originates a successful (or even mildly irritating) attack against the US government, they will see it as an act of war?
    I didn't read TFA, but looks like them terrists can spark a war by simply hacking via *name your country here* proxy.

    Let's say that isn't even the case, does the Pentagon think that an international cyber attack is going to just come from an address registered to chinacyberwardivision.cn?

    This seems shaky at best to declare war on phantoms... th

  • by whoda ( 569082 ) on Tuesday May 31, 2011 @10:05AM (#36297108) Homepage

    What about SEAL Team 6 invading Pakistan?

    • by bsDaemon ( 87307 ) on Tuesday May 31, 2011 @10:11AM (#36297212)

      Clearly, you don't get how double standards work.

      • Lana: And what part of that are you still not getting, exactly? Archer: Obviously the core concept, Lana. Sorry I didn't go to space camp!
    • by ad454 ( 325846 ) on Tuesday May 31, 2011 @10:24AM (#36297402) Journal

      What about SEAL Team 6 invading Pakistan?

      Personally I think that any country that hides and shelters a terrorist that kills thousands and thousands of the civilians would be considered an act of war. Pakistan should consider itself lucky that its only got a small slap on the wrist by the USA navy seals.

      • by Anonymous Coward

        Personally I think that any country that hides and shelters a terrorist that kills thousands and thousands of the civilians would be considered an act of war. Pakistan should consider itself lucky that its only got a small slap on the wrist by the USA navy seals.

        You mean like this guy? This is a guy as bad as Osama, but he just happens to cooperate with the CIA and with "US interests". There are 100s of deaths directly linked to him including bombing of a passenger airliner.

        http://en.wikipedia.org/wiki/Luis_Posada_Carriles [wikipedia.org]

        So is this a little inconvenient truth? Or do you stick with your assertions?

        • He clearly specified terrorists that killed "thousands and thousands" of civilians. 100s is obviously A-okey-dokey.
    • Pakistan is not happy with us over that. Under the rules of war, they can declare war on us for the invasion of their sovereignty. Which is what we did. But at the moment, they're the ones with egg on their face, and they'd be foolish to do so. Also, they're supposedly an ally, which means that they trust our intentions - at least ostensibly.

      Does it give us the right to do what we want? Not really, but the fact remains that the ethics of war are highly complex. Since nobody can ever be "right", in absolute

  • Spam is a problem. All these malware infections too. And it is often next to impossible to trace the real origins of these attacks. Are we preparing to lock down the internet to fight a nebulous foe? "War on Cyber-terrorism?" Funny that the government doesn't seem interested in regulating the money trail these scammers and malware pushers use.

  • by bjourne ( 1034822 ) on Tuesday May 31, 2011 @10:08AM (#36297154) Homepage Journal
    Step 1: Declare computer attacks an act of war Step 2: Claim any entity you don't like is "hacking" you Step 3: Since "hacking" is all technical mumbo jumbo it doesnt matter if you can't prove shit. The president would never lie, would he? Step 4: Bomb the shit out of whoever the bad guys de jour are. Step 5: Shitloads of profit for the military industry, not so much for those who are footing the bill.
    • Re:Simple plan (Score:4, Insightful)

      by thijsh ( 910751 ) on Tuesday May 31, 2011 @10:19AM (#36297310) Journal
      Better yet, the first time some incredible fuck-up happens that causes widespread damage and/or death and its even remotely related to computers (like anything nowadays) it can be declared an act of war by any entity. If something like the three mile island incident would happen today they would probably blame Iran or 'the terrorists'.
    • Step 1: Come back to reality.
      Step 2: Stop posting paranoid bullshit on slashdot.
      Step 3: ???
      Step 4: We all profit!

    • by rcb1974 ( 654474 )
      Exactly! Mod parent up. This just gives our President the ability to wage war on anyone he wants, without Congressional approval. Oh wait, he's been doing that for years!
  • Translation: We're too dumb to fight fire with fire, so we'll do what we know best...KILL KILL KILL!
  • on Iran? Stuxnet was a deliberate attack on Iran's nuclear infrastructure.
  • " how to define when computer sabotage is serious enough to constitute an act of war. ."

    How is this any different from the current situation? The US went to war in Iraq on the flimsiest of pretexts. The Bush administration ginned up the supposed threat that Iraq would have nuclear weapons in a very short time and we had to act NOW! Are we to start a war because we think that a hacking attack is immanent?

  • How on Earth... (Score:5, Insightful)

    by diewlasing ( 1126425 ) on Tuesday May 31, 2011 @10:12AM (#36297222)
    ...can a foreign power do damage to "nuclear reactors, subways or pipelines" via a cyber attack? Seriously, I want to know, this is not a rhetorical question. Are their computer systems connected to an outside network or is there a someone on the inside (a la Stuxnet)?
    • Re:How on Earth... (Score:5, Informative)

      by Anonymous Coward on Tuesday May 31, 2011 @10:29AM (#36297480)

      1) It is all on the internet
      2) SCADA systems, which are the control systems for everything from AC ducts to coolant pump controls on nuclear reactors, have major security vulnerabilities and they are plugged directly into the network via ethernet or wireless
      3) These systems were designed and implemented by the lowest bidder

      That's how.

      This goes for pretty much every current control system in every power plant, water treatment plant, nuclear reactor, spill way, switching station, airport, train, medical center, etc...

      • by Lumpy ( 12016 )

        4) Complete Moron supervisors and managers of these plants demand they can remote access the systems from their home or the main office over the internet.

        That one is what undermines more security than any other. The retarded manager or CEO.

        They dont want to pay for a secure point to point T1 line to a hardened and secure dedicated PC at that location. they cant justify the expense... so they want it anyways and half ass it by using "pc anywhere" or another half assed solution and put it on the internet w

    • Are their computer systems connected to an outside network or is there a someone on the inside (a la Stuxnet)?

      You deliver a trojan to a user that you know plugs their personal device into the work network. Or you know, SOME of them really ARE connected to the internet, and they're counting on firewalling to keep them secure. Maybe they have multiple heterogeneous firewalls or something, and think it will keep them safe.

      Many of these tools were developed before "anyone" (statistically anyone) thought you needed more than routing for IP security...

  • Since the Pentagon has such an expanded idea of "war," it's great to know that only Congress can declare war.

    Oh, wait . . . .

  • Comment removed based on user account deletion
    • Let's forget the myth of the Chinese being so ancient, wise and mighty -- because it's just that, a myth.

      China is ancient, China has wisdom but may choose to ignore it, and China is mighty but it's kind of a one-shot super-cannon. If they move and fail then they will have expended so much doing so that they will be utterly vulnerable to attack. So they are playing the long game to see who melts down first... And they're betting it will not be them. With such a massive population, they may be right.

      China's population is not a lack of wisdom, it's an overabundance of greed. They are by no means unique in this re

  • ...but I find this kind of hard to take seriously, kind of like when the US government declared cryptography to be a form of munitions and imposed the same export controls.

    Here's what I don't get: If someone maliciously attacks a physical base, fine. You can't lock down physical things entirely -- there's always the possibility of an inside man, or, say, a nuke. But these sorts of things, we already have ways of dealing with.

    However, if someone can carry out a successful "cyberattack" from their home countr

  • by geekmux ( 1040042 ) on Tuesday May 31, 2011 @10:21AM (#36297354)

    ...our Military itself, and the fact that they repeatedly fail computer security audits year after year. Perhaps conversely it should be considered an act of Treason to perpetuate the lack of security around our critical systems, and hold those accountable who are refusing to spend the money to resolve the issues.

    Yeah, I know I'm not the popular guy here asking the Government to actually spend MORE money, but some things need blatant and obvious attention, and allowing our country to go to war because their Windows 98 systems got hacked isn't the answer. I promise that any re-work of computer systems will be cheaper than any war we're pushed (or choose) to engage in. We've pretty much proven than beyond any doubt with the last decade worth of war on terror.

    • I know I'm not the popular guy here asking the Government to actually spend MORE money

      we don't really need to spend more, just waste a whole lot less.

  • is not to play.

    • by Lumpy ( 12016 )

      Bzzzt! Wrong....

      The only way to play is to target and fire at the hostiles with a orbital mass driver platform. solid steel projectiles shot at the target at 9000 miles per hour would be a very eco friendly way of fighting a war. you get the desired effect of a nuclear bomb with no fallout and the projectile is earth friendly! or you could simply aim and focus your orbital solar mirror at the offending country and do the ants under a magnifying glass trick..

      Honestly the USA needs to weaponize space with

  • US Air Force General Kevin Chilton, head of US Strategic Command, has said that attacks on the United States via the Internet could merit a conventional military response.

    “I don’t think you take anything off the table. We’re particularly looking toward one group in Seattle [newstechnica.com].”

    The Seattle-based insurgent group is thought to have seeded American government and military computers with millions of copies of malware that allows attackers easy access to any data stored on the computer, or in

  • Isn't Echelon a permanent cyber-attack ?

    What about that virus in the Iran nuclear program ?

  • And you thought you knew what your kids were doing in their bedrooms at night.
  • That should be the question. If it's state supported, then aggressive acts against the US should leave the option of reprisal, be they physical or virtual. However, as often is the case, the power of the state is waning and more often homeless smaller groups are posing as the real threat. You can declare war on drugs or Al Qaeda or other non-state elements all you like, but all it really amounts to is a way to justify to your people that you're cutting their resources/services to go after something with

  • 1. They are making a case for more funding to combat "cyberterrorism".

    2. To a hammer everything looks like a nail. To the Pentagon everything look like war.

  • http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net]
    "Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all.

  • Because that means we performed an act of war against Iran with the release of that Virus...

    When you open a box, it's not a one way street... Your enemies get to use your excuses as well.

  • "If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a 'use of force' consideration, which could merit retaliation."

    So just hacking into a system would NOT merit an armed response. Might merit a retaliation in kind, however.

    Also, not all cyber-attacks would be over the internet. Not all systems that are networked are reachable over the internet. The internet itself runs over other networks, but

  • Think more deeply for a moment. The meat of this issue is not that the US is suddenly comfortable with bombing somebody's router when it threatens their power grid -- every country whose infrastructure is worth protecting already has this in their contingency plans. The real news is that the US is SAYING it and making it explicitly clear.

    For those of you who still think in terms of moralities in geopolitics, I don't know what to tell you except grow up -- realpolitik defines the world beyond your Matrix-lik

  • This makes me wonder about insurance claims since I believe that most insurance companies won't pay if an incident is classified as an act of war. A quick Google search turned up this [bankrate.com], and this [straightdope.com].
  • Dear Representative:

    We should not go to war over a cyber crime that does not cost the lives of American Citizens. We should not go to war over drugs, we should not go to war over oil prices, we should not go to war over a conflict that is unlikely to cost American lives. We are not the world police, we do not have a morally superior nation, our way is not the only correct way.

    We should go to war to save American lives. Including the lives of our soldiers. I understand that it is not always easy to deter

  • So.... a compromised rack of servers in Michigan will get you a nice missle strike? No thanks. IPs can be spoofed, connection logs tampered with and tracks covered up. It sounds like another "Gee we didn't check our data close enough" scenarios waiting to happen.

    It would take the likes of a forensic expert who is a cross between Columbo, Chuck Norris and Bruce Schneier in order to have any credibility to base an act of war on and that person would not be working at SAIC, NSA or the Pentagon.
  • This is interesting, but the premise of the story is old news. There were reports on this when the White House report came out came close to two weeks ago. Some relevant quotes: Countries “have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace ... When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country." http://joshuaphilipp.com/2011/05/us-faces-a-long-road-in-implementing-new-cyberstrat [joshuaphilipp.com]
  • I think the key point to keep in mind is that the attacks have to be proportional to that of a traditional conventional military attack. The Pentagon isn't going to drop a cruise missile on some kid because he launched a DDoS attack on a .mil website; that's about the equivalent to that same kid spray painting a recruitment office at night or at most getting a bunch of friends to protest in front of it. They're talking about serious and substantial attacks, the sort that brings down the power grid and blo

Heard that the next Space Shuttle is supposed to carry several Guernsey cows? It's gonna be the herd shot 'round the world.

Working...