Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government The Military Your Rights Online

Cyber War Manual Proposes Online Geneva Convention 90

judgecorp writes "A new manual for cyber war has been compiled by international legal experts and published by NATO. The manual proposes that hospitals and dams should be off-limits for online warfare, and says that a conventional response is justified if an attack causes death or serious damage to property. The manual might get its first practical application today — South Korea's TV stations and banks have come under an attack which may well originate from North Korea."
This discussion has been archived. No new comments can be posted.

Cyber War Manual Proposes Online Geneva Convention

Comments Filter:
  • Frightening (Score:4, Insightful)

    by Hentes ( 2461350 ) on Wednesday March 20, 2013 @06:49PM (#43229729)

    So when the Chinese hack America from an infected Swiss machine the US will bomb Switzerland? From outside it looks like that the military class has a disproportionately large influence in American politics.

    • Well, we are #1 in defense spending... surpassing the combined totals of #2 - #15 (probably surpassing the combined totals of the rest of the world)

      You are correct though. This makes false flag operations significantly easier, cheaper, and at a much reduced risk to the actual perpetrator.

      • Re:Frightening (Score:5, Insightful)

        by geekoid ( 135745 ) <{moc.oohay} {ta} {dnaltropnidad}> on Wednesday March 20, 2013 @07:20PM (#43230055) Homepage Journal

        False flag operations are extremely risky, and don't happen as often as you would think.

        • Extremely risky in the real world, sure ...

          But we're talking digital here. Anything can be a false flag (intentional or not) when it only takes a few black hats with a grudge to cause some serious damage. Even if we could perfectly trace any attack to it's true country of origin (and we can't) this online Rules of Engagement is a farce. If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty? Should Canad

          • If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty?

            We've conducted cyber attacks against Iran, so by this convention we've declared war on the nation state of Iran right?

            • The US doesn't follow the existing Geneva conventions of war, what makes you think an internet version would apply?
            • If some jackass in BFE Wherever, USA gets bored and decides to DDOS a hospital up in Canada, does that put the USA as a whole in violation of this treaty?

              We've conducted cyber attacks against Iran, so by this convention we've declared war on the nation state of Iran right?

              I think it's OK if the US does it. If any other country on Earth had invaded another like Iraq, their head of state, generals, admirals and the rest would be swinging from gibbets as war criminals.

        • How do you know?

        • False flag operations are extremely risky, and don't happen as often as you would think.

          ... and don't [infowars.com] happen [jobsnhire.com] as [veteranstoday.com] often [presstv.ir] as [wikipedia.org] you [navy.mil] would [historicalrfa.org] think [lonesentry.com].

      • Re:Frightening (Score:5, Interesting)

        by daveschroeder ( 516195 ) * on Wednesday March 20, 2013 @07:56PM (#43230343)

        Don't worry, China is on track [economist.com] to outpace the US in military expenditures by 2023 [bloomberg.com]. I'm sure that's all for "peaceful regional defense" and will have no impact on the US.

        China's military rise
        http://www.economist.com/node/21552212 [economist.com]

        The dragon's new teeth: A rare look inside the world's biggest military expansion
        http://www.economist.com/node/21552193 [economist.com]

        Essential reading on China cyber:

        The Online Threat: Should we be worried about a cyber war? (The first page of this is a must read wrt China.)
        http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh [newyorker.com]

        Great snippet: ""The N.S.A. would ask, 'Can the Chinese be that good?' " the former official told me. "My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I'd say, 'Can you read Chinese?' We don't even know the Chinese pictograph for 'Happy hour.'"

        To say nothing of the more recent news.

        But yes, yes...this is all about "false flag" attacks, because naturally the US is always the evil aggressor, and there has never been any oppression or tyranny in the world, save for what the US has foisted upon it. The principles of freedom for which the US stands are just an illusion force fed to a compliant public by the lapdog mainstream press. In fact, we probably have secret time machines so we could extend this evil beyond our nation's short existence in this world. That explains all the bad things that happened before we were around.

        • They very likely outspend us in miltary by a great deal. All that we know about is what they tell the world. However, what they tell the world would not even support their sub program, let alone the entire PLA.
        • Hmm. The cols war. Capitalism vs communism. It seemed that capitalism had prevailed. It's going to be quite amusing if communism snatches victory from the jaws of defeat.

      • Oh, good god. I hate it when ppl bring up the crap about defense spending and have absolutely NO idea of what they are talking about. The first thing is that you have NO fucking idea of how much spending China does. You only know what they tell you. OTOH, you DO know how much western nations spend.
        Secondly, there is the issue of how much something will buy. If China tells their gun manufacturer to sell them copied firearms of ours at $10 per, while We have to buy our at $2000 / unit, well, that is a HUGE
        • Re: (Score:2, Interesting)

          by Anonymous Coward

          China's military might be able to buy things for a fraction of what it costs the Pentagon to buy something comparable, but they also have to deal with the flip side of the equation -- it's hard enough to verify that high-quality components were used to build hardware when you have the kind of supply-chain culture the US defense industry does, and it's technically possible to read the laser-etched code off of a bolt and trace it all the way back to the miners who were working the day the ore was excavated fr

          • Residents of Manhattan might head outside the next morning to a city that's largely intact, and eventually see photos of the smoldering cratered wastelands that used to be the Jersey Shore

            So, what you're saying is that every cloud has a silver lining?

          • Residents of Manhattan might head outside the next morning to a city that's largely intact, and eventually see photos of the smoldering cratered wastelands that used to be the Jersey Shore and Appalachia.

            Uhm.. how would that be a bad thing?

    • by Mitreya ( 579078 )

      From outside it looks like that the military class has a disproportionately large influence in American politics.

      I have an even better suggestion.
      How about we start enforcing the existing physical Geneva convention. So that no excuse (such as "terrorism!") can be used to violate the Geneva convention rules.

      • Fortunately, the Geneva Convention specifically excludes non-state combatants from its protection. Mercenaries, terrorists and insurgents/freedom-fighters are all excluded. The moment you take up arms without being in the military, you are not covered by it.
        • by rtb61 ( 674572 )

          In the eyes of the law and under the requirements of justice prove it, until then they are innocent and only suspects. So either the Geneva Convention or the rule of law apply, take your pick or declare yourself the terrorist and criminal.

          In any cyber attack the results in loss of life, first up those responsible for security should be audited and punished if they failed. Question that need to be asked, did it need to be connected to the internet, was it effectively isolated, how rapidly was an incursion

        • Fortunately, the Geneva Convention specifically excludes non-state combatants from its protection. Mercenaries, terrorists and insurgents/freedom-fighters are all excluded. The moment you take up arms without being in the military, you are not covered by it.

          Indeed, but you are still covered by the civilian laws of that country. Terrorists are arrested, tried and convicted for murder and sent to prison, not indefinitely detained and tortured.

          The British worked this out a while ago with the Troubles.

  • by girlintraining ( 1395911 ) on Wednesday March 20, 2013 @06:56PM (#43229807)

    These people still do not understand the basics of networked systems. Adherence to this proposed list requires several things which are absent on the global telecommunications networks. First, determining who's attacking. In conventional warfare, attributation is easy: They're wearing distinctive uniforms. Computer viruses and malware doesn't have an embedded flag in it to tell you which government sent it, and even if it did, it couldn't be trusted. Second, attacks that are meant to go after one thing can inadvertently hit something else (collateral damage). This is usually geographically-based in the real world... if a hospital happens to be next to a military munitions depot, umm, oops? But online, the hospital could be in another country and yet still be hit by the attack, because its digital signature is similar to the actual target. Either it's on the same network, or has a similar network address, or even a simple one character typo, is all it takes to send a "cyber bomb" (gags) veering off target. And last, but not least... you can have all the countries on Earth sign this and it still leaves out the guns for hire, the mercenaries. The A-Teams of the digital world: Freelancers. They don't have to go by your rules, and if a hospital happens to have a juicy source of personal information that could be turned into cash through extortion, blackmail, or reselling, they may just decide to go for it.

    This document underscores just how little our military and political leaders understand about this new theatre of war. They're drafting up treaties without even knowing where the borders are yet.

    • Re: (Score:3, Funny)

      In conventional warfare, attributation is easy: They're wearing distinctive uniforms. Computer viruses and malware doesn't have an embedded flag in it to tell you which government sent it, and even if it did, it couldn't be trusted.

      Just require all state-sponsored malware to be signed and verified by the a third party. I can see no reason why such a system would fail.

      • by girlintraining ( 1395911 ) on Wednesday March 20, 2013 @07:16PM (#43230003)

        Just require all state-sponsored malware to be signed and verified by the a third party. I can see no reason why such a system would fail.

        "Unable to launch nuclear missiles; The application was unable to contact the licensing server. If the problem persists, please contact your network administrator. The launch bay doors will now close."

    • by geekoid ( 135745 )

      "These people still do not understand the basics of networked systems. "
      yes they do, and probably better then you do.

      " First, determining who's attacking. "
      often easier then you think. You act as if there isn't 100's of people smarter on you working on this every day. Don't make that mistake. I have seen virus traced to a single group with some pretty inventive ways. Plus, people talk more then you would think.

      "Second, attacks that are meant to go after one thing can inadvertently hit something else (colla

      • by apoc06 ( 853263 )

        ----"You act as if there isn't 100's of people smarter on you working on this every day. Don't make that mistake. I have seen virus traced to a single group with some pretty inventive ways. Plus, people talk more then you would think."

        This may be the case with many normal attacks, but once you start considering the sophistication of state sponsored attacks [which TFA is referring to], it becomes quite difficult to track down the true source. Most times this generally relies on the attacker making a mistake

    • by xQx ( 5744 )
      "Second, attacks that are meant to go after one thing can inadvertently hit something else (collateral damage)."

      So, war was originally fought between kingdoms where the peasants didn't vote their king in. It was generally regarded as poor form to attack peasants because the kingdom relies on them regardless of who the king is. The king had a military, who fought other kings and other kings military.

      In western society we evolved some strange rules of war, which evolved to 'civilized' war - when people would
    • In conventional warfare, attributation is easy: They're wearing distinctive uniforms.

      Because people are physically incapable of changing clothes.

    • by RedLeg ( 22564 )
      There are flaws to both sides of your analysis because you left out a couple of "players" which are obviously and currently present in both meatspace and cyberspace: terrorists and rogue states.

      Terrorists typically have no specific nationality, do NOT wear uniforms, and are not necessarily readily identifiable as such, or as to their origin or objective.

      Rogue States simply by definition do not follow the rules, and believe it or not, in conventional warfare, there are internationally recognized laws of

      • The proposal might help if signatory nation states ever openly "went at it".

        All such treaties and agreements are applicable only to the nations involved, but they do let both nations stand together and apply political pressure on non-NATO countries with a bit of mutually-reinforcing moral high ground:

        We've agreed not to attack hospitals, so why do you still consider hospitals to be targets?

        In war, even the complete destruction of your enemy doesn't guarantee victory. The goal is to win both the military battles and the political battles, so your control is recognized once the fighting stops. Fighting dirty might make military victories easier, but you'll piss off other s

    • This document underscores just how little our military and political leaders understand about this new theatre of war. They're drafting up treaties without even knowing where the borders are yet.

      Don't worry. It's not like the US/NATO adheres to the real Geneva Convention.

      Even its own Constitution, the US makes a mockery of it by ignoring the clear language the Founding Fathers used to describe who it pertained to.

    • Our military is very much aware of the new theater and have a heck of a lot more information about it than the average citizen. Attribution in conventional or unconventional non-nation state warfare as we see in the Middle East is not as simple as you make it out to be. A good example would be roadside bombs, where it's not immediately obvious which group was responsible. Someone of Arabic descent bombed the train, but which terror group did it?

      Despite what you think, malware does contain indicators of t

  • by plover ( 150551 ) on Wednesday March 20, 2013 @06:58PM (#43229819) Homepage Journal

    They might leak and make a mess. And electric grids, boy, that would be inconvenient. And not water treatment plants, or traffic signals. And not banks or shops, either.

    The Geneva Convention worked (mostly) because there were mutual prisoners of war who could be mistreated, and horrific effects all around from mustard gas. If Anonymous could post flashing GIFs on an epileptic support group web site for teh lulz, what makes anyone think an attacker will stop at a hospital's firewall?

    • what makes anyone think an attacker will stop at a hospital's firewall?

      "Excellent question, Internet! To answer that, I'm going to turn the mic over to Government Man, a man from the government. Take it away, Government Man!"

      Well, fellow Netizen, it's basically like this. We're the government. The government controls everything, starting with you. Now we know you get these things called liberties and freedoms and stuff, and we let you hold on to the notion that you have them, because they keep you in line. But make no mistake, we're in charge, not you. And we're not gonna have

  • Can't all these generals just get on World of Warcraft of whatever online game and fight each other there, instead of wasting everyone's money on using our internet as their newest play yard?

    • by Nyder ( 754090 ) on Wednesday March 20, 2013 @07:13PM (#43229985) Journal

      Can't all these generals just get on World of Warcraft of whatever online game and fight each other there, instead of wasting everyone's money on using our internet as their newest play yard?

      Because of all the Chinese gold farmers, the Chinese will have the advantage.

  • you can only poke the bear for so long.

  • I don't believe any of the hype I hear on the news about the "Cyber War". Is it real?

    I just don't see how they can claim that power grids, and other critical infrastructure are as vulnerable as they say, especially when the fix is easy: Take them off the public Internet.

  • by girlinatrainingbra ( 2738457 ) on Wednesday March 20, 2013 @07:24PM (#43230077)
    What, should the main page return a "Red Cross" or a "Red Crescent" or an appropriate meta-tag on a web-site's front page in order for it to qualify as an "off-limits" target? Will it be like saying "hey they're not really soldiers 'cause they're not wearing a uniform with patches 'n' shit!" forgetting that the USA's minute-men and civilian militia were definitely a rag-tag bunch of townies who also wore no uniform, while King George's men had their beautiful red-coats!
    .
    Has the USA turned ourselves into the British colonial empire building with our own red-coats? Why would anyone think the USA would follow a NATO directive or another Geneva convention about "cyber-warfare" when the USA is currently unwilling to follow the already agreed-to Geneva Convention against torture and extra-ordinary rendition and recognition of the sovereignty of other states?
    • USA didn't join the Geneva Convention until 1862. And yes, the British would execute any rebels they caught, just like today ununiformed combatants are subject to summary battlefield execution. Also conveniently ignoring the Continental Army, which was a regular military force.
  • by TsuruchiBrian ( 2731979 ) on Wednesday March 20, 2013 @07:24PM (#43230085)

    Everyone just breaks these sorts of rules whenever they feel like. It just provides an excuse to attack other countries shrouded in contrived legitimacy. If we want to attack a country for hacking into a dam we'll do it. If other countries want to be mad at us or even retaliate, they will do that. Pretending that we are just following some coherent rules is a joke, and this should be transparent to everyone.

    Here is how this works:

    1. We do what we want. This is the most important part. Example countries like Axistan are there for our benefit.

    2. We invent rules giving us justification for attacking other countries and removing justification from other countries to attack us. Example A: Axistan is bad because they cyber attacked our hospitals and dams. We need to destroy them. Example B: Axistan attacked us for cyber attacking them, but since we attacked just about everything except their hospitals and dams, their retaliation was unjust and therefore they are the initial aggressors and now we must destroy them.

    3. We pretend these rules are fair and implicitly agreed to by all other countries. Any country that would not agree to these terms is surely an evil country that gets what's coming to them anyway. So even though Axistan never agreed to this rule, we can still punish them for violating it.

    4. When it doesn't work out the way we expected, and we need to break our own rules, that's ok because we still have all the guns, and the American people have a short memory. Oops it turns out we needed to cyber attack one of Axistan's dams. That's fine we'll just invent some reason why it was justified. You mean Axistan somehow managed to cyber attack us without hitting any hospitals or dams? Well lets just invent some reason why it actually broke our rules and lets attack them anyway.

    All of this political bullshit is designed to trick a gullible American public that those in charge are righteous in our actions. I think this is giving far too much credit to the average American's ability to think critically. We can skip most of this show and dance. It would be less insulting to the intelligence of all involved if we just said "We're taking your stuff because we want to and we are bigger."

    In a lot of ways we never really evolved past the politics of the playground. We just wear suits and use expendable high school kids with m-16s and m-1 tanks to pick on the other kids. We are a bully. But that's the way the world is. There are no adults to make us play nice or punish us. We're all bullies or victims or both. It's lord of the flies on a macro scale.

  • Dams? (Score:4, Informative)

    by viperidaenz ( 2515578 ) on Wednesday March 20, 2013 @08:02PM (#43230381)

    Since when were they off the table for war? They blew up German dams in WW2.

    • That was prior to the current UN laws of war - the USA did not attack dams in Korea as there was debate about its legality.
    • by AHuxley ( 892839 )
      A multi national might own the dam~ think of the paperwork to a long term loan.
      Better just to short out/ the city/national grid as its for the war effort - tell the press its for local radar, SAM sites.
      Make good PR with the optics of a non lethal graphite bomb ie the "Blackout Bomb".
      You can get 70%+ of that country's power grid anytime you want.
  • by FatLittleMonkey ( 1341387 ) on Wednesday March 20, 2013 @09:10PM (#43230701)

    The Hermit Kingdom's obsession with propaganda and rewriting history, and common language and history with South Korea, seems to make it ideal for a "backdoor" cultural attack.

    The modern equivalent of a propaganda leaflet drop. Smuggle, or even airdrop, OLPC-style satellite receivers into North Korea, able to receive dedicated Korean language info dumps from suitable satellites, as well as rebroadcasted live radio and (power willing) TV channels. News, music, live weather, etc. (And dedicated counter-propaganda channels.) And encyclopedias, text books, banned poetry/history/music, stored on the devices. Modular, repairable, with solar panels and crank-generators repurposeable to reduce the number of units turned in or destroyed.

    Designed in South Korea, manufactured in China, a few hundred thousand units per year. Bargain.

    [Designed well, they could be more generally suited to the poorest parts of the world. Charities might buy them, increasing the production size, reducing the per-unit costs.]

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...