Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Should the US Go Offensive In Cyberwarfare?

kdawson posted more than 5 years ago | from the mutually-assured-mayhem dept.

Security 276

The NYTimes has a piece analyzing the policy discussions in the US around the question of what should be the proper stance towards offensive cyberwarfare. This is a question that the Bush administration wrestled with, before deciding that the outgoing president didn't have the political capital left to grapple with it. The article notes two instances in which President Bush approved the use of offensive cyberattacks; but these were exceptions, and the formation of a general policy was left to the Obama administration. "Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

Sorry! There are no comments related to the filter you selected.

Offensive? (4, Funny)

oahazmatt (868057) | more than 5 years ago | (#27750801)

Why? Just contract /b/ to do all the dirty work for you.

It could be the Blackwater of Online Warfare.

Re:Offensive? (5, Funny)

emocomputerjock (1099941) | more than 5 years ago | (#27750887)

Now if only you could figure out a way to convince them that they are your personal army.

Re:Offensive? (5, Funny)

homain (1199477) | more than 5 years ago | (#27751133)

promises of boxxy naked should do the trick

Re:Offensive? (0)

Anonymous Coward | more than 5 years ago | (#27752587)

Insightful, wtf is wrong with you people. It's +1 Funny!

Re:Offensive? (1)

Jeian (409916) | more than 5 years ago | (#27752805)

Thanks, now I have tea all over my screen.

Re:Offensive? (0)

Anonymous Coward | more than 5 years ago | (#27750909)

Not your personal army.

Re:Offensive? (1)

dark42 (1085797) | more than 5 years ago | (#27751439)

Anon is not your personal army. Anon is not your personal army. Anon is not your personal army.

Re:Offensive? (1, Funny)

Anonymous Coward | more than 5 years ago | (#27751447)

problem is that the Pentagon doesn't leik Mudkips.

Re:Offensive? (5, Insightful)

religious freak (1005821) | more than 5 years ago | (#27752325)

I think it's naive to believe we're NOT on the offensive, though I've got to admit our nation's recent incompetence in dealing with IT (defunct air force initiative, losing engineering plans to the F35) gives me a little more doubt.

But we INVENTED a lot of this stuff. What does the NSA do, exactly? Yeah, they intercept international communications and develop systems to do this, but is that really all they do... really?

I sure as hell hope not...

Re:Offensive? (0)

Anonymous Coward | more than 5 years ago | (#27752913)

I believe the F-35 plans were relinquished from the contractor and not a government computer. Also, the military's most sensitive networks aren't accessible from the internet, which makes them a little easier to defend. As far as public infrastructure goes, I have no idea why someone think it's smart to make them accessible as well.

I, too, hope the NSA is f@cking up some foreign networks who attack us.

what the US should do (3, Insightful)

viralMeme (1461143) | more than 5 years ago | (#27750821)

What the US should do is stop connecting 'computers' to the Internet that can so easily be hijacked in phishing/malware/spam attacks.

Re:what the US should do (2, Interesting)

cdrguru (88047) | more than 5 years ago | (#27751335)

If the "owner" or "user" of the computer is tricked, bribed or forced to install such malware, what computer is there that will protect itself?

Sorry, but if you have untrained and inexperenced people doing administration on computers, you are going to have problems. No matter what the computer operating system is, if the "administrator" installs malware on it and follows whatever procedures are required to install the software, it is compromised. Period.]

Linux, MVS, VM, Windows, Solaris, OS X, whatever. It doesn't matter. The only thing that has any chance of helping is to get the administration power out of the hands of inexperienced and untrained people. Give them "appliances" that cannot be subverted because nothing can be installed on them.

When was the last time you had to update the anti-virus software on an iPod? How about having to reboot your refrigerator because it locked up?

If all people need is web browsing and email, they need something that will do that and nothing else. No possibility of viruses, worms, trojans or whatever else. Just something that gets the job done without the possibility of anything bad happening.

Re:what the US should do (3, Interesting)

Trikki Nikki! (1516301) | more than 5 years ago | (#27751685)

If the "owner" or "user" of the computer is tricked, bribed or forced to install such malware, what computer is there that will protect itself?

Sorry, but if you have untrained and inexperenced people doing administration on computers, you are going to have problems. No matter what the computer operating system is, if the "administrator" installs malware on it and follows whatever procedures are required to install the software, it is compromised. Period.]

Linux, MVS, VM, Windows, Solaris, OS X, whatever. It doesn't matter. The only thing that has any chance of helping is to get the administration power out of the hands of inexperienced and untrained people. Give them "appliances" that cannot be subverted because nothing can be installed on them.

When was the last time you had to update the anti-virus software on an iPod? How about having to reboot your refrigerator because it locked up?

If all people need is web browsing and email, they need something that will do that and nothing else. No possibility of viruses, worms, trojans or whatever else. Just something that gets the job done without the possibility of anything bad happening.

I agree with most of your reply, but your analogies seem a little flawed. My refrigerator doesn't call my friend's refrigerator in Sweden and show pictures of his latest backpacking adventure, nor does my iPod go on msn so (s)he can talk with his/her girlfriend on the web cam. I have already stopped crossing the street to avoid getting hit by a car, I change my underwear on a daily basis *just in case* it does happen and the paramedics have to take my clothes off, and I also have recently begun not even talking to or going near anyone who has ever been to, or flown over, Mexico. Who knows who has the swine flu that is going around. Why do you even have a fridge? You don't *need* one. All you really have to do is buy non-perishable items. There are hundreds of things people don't *need* but will continue to use anyway. Telling them they shouldn't have it doesn't fix the problem at all. People *are* going to keep using all the thousands upon thousands of features their computers have, and they *aren't* going to get any smarter about it. That's just reality. And *forced* to download malware? When was the last time you heard of a cyber thug holding a gun to someone's head, demanding they install their program, or else!?

Re:what the US should do (2, Interesting)

Dan541 (1032000) | more than 5 years ago | (#27752989)

But other people don't suffer at the hands of your ability to operate a refrigerator and if they did (you cook them a meal) you are liable for food poisoning. A computer should be no different, users need to be held accountable for the damage their stupidity causes.

Ok I'll throw in a free car analogy.
If you don't know how to drive a car, yet you choose to anyway you are held liable if you crash, even though you didn't know what you where doing you would still be charged. Same goes for any other bit of machinery, try using a crane without a license and see who faces the lawsuit when you wreck something.

Yes, computers should be JUST applications limited to the users needs and if an unqualified person wishes to operate a computer further they should be liable to the damage it does.

Re:what the US should do (1)

Foofoobar (318279) | more than 5 years ago | (#27751759)

CLI baby. Go back to X windows from a command line. if the user doesnt want to do anything but what they have to on the computer, they won't be doing things that they shouldn't.

Re:what the US should do (1)

aliquis (678370) | more than 5 years ago | (#27752685)

That just make no sense at all.

If the user is supposed to be able to use the system they need to know how to use it, and if they get bribed to do something how does it matter how the system is used?

Also it's X window system, not X windows, and "from a command line" doesn't make sense either.

A command line user interface don't make the system useless.

Re:what the US should do (3, Insightful)

grumbel (592662) | more than 5 years ago | (#27752311)

If the "owner" or "user" of the computer is tricked, bribed or forced to install such malware, what computer is there that will protect itself?

OLPC with Bitfrost will do exactly that just fine. Just because most other OSs don't even try to prevent those issues doesn't mean you can't.

Re:what the US should do (1)

interkin3tic (1469267) | more than 5 years ago | (#27751623)

What the US should do is stop connecting 'computers' to the Internet that can so easily be hijacked in phishing/malware/spam attacks.

That's somewhat less satisfying than dropping napalm on them. More effective, sure, but do you really want to live in a world where spammers AREN'T burned alive? Cause I don't.

spammers ? burned alive ? that's why... (1)

da5idnetlimit.com (410908) | more than 5 years ago | (#27752307)

And me waiting all this time for the '+10inches - Garanteed - Swedish Pump + 15 Original Cyalis' package to be delivered...

Re:what the US should do (0, Interesting)

Anonymous Coward | more than 5 years ago | (#27752133)

What the US should do is disconnect all the countries that are attack vectors; as a type of sanction to force said countries' governments to deal with their cyber-criminals internally.

There, fixed that for you.

Re:what the US should do (1)

Dan541 (1032000) | more than 5 years ago | (#27752877)

I agree,
we already have enough problems with asshats abusing the internet. We don't need the United States Government as well.

Abso-freakin'-lutely! (5, Interesting)

Smidge207 (1278042) | more than 5 years ago | (#27750829)

Starting in 2002 we gave away our dominance in software technology to other nations. The policy of China was to subsidize tens of thousands of students studying in the computer sciences. In 2002 American companies subsidized this policy of China by shipping over American jobs so that Chinese students could gain the necessary and hard to obtain experience of working on real systems. American programming jobs were shipped to India, China, and Russia and subsidized these nations in their ability to build expertise in software technology.

Now very few American students are enrolled in the computer sciences departments of America to provide the expertize necessary for threats to American computer systems, while other nations have tens of thousands that can obtain all of the benefits of software technology. American students will not enroll in the computer sciences when the policy of America is simply to ship programming jobs overseas. Now many American systems are dependent upon offshore foreign programmers. There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.

The reality is that major American system may have already been compromised by bribes to offshore foreign workers to insert malicious code into the American systems where they have direct access. Hollywood movies show complex schemes and supposedly sophisticated attacks to access computer system when the reality is that you can simply walk in the front door with a bribe and have complete access. It is meaningless to protect these systems from attacks over the internet when they may already have been seriously compromised.

=Smidge=

Re:Abso-freakin'-lutely! (0)

Anonymous Coward | more than 5 years ago | (#27751053)

americans won't enroll in computer science jobs because it's a derided social position and the jobs that are required entail actual real work (of a mental component, not the same as labor, i understand)

not because the jobs aren't there. which they are, actually.

Re:Abso-freakin'-lutely! (4, Interesting)

ClosedSource (238333) | more than 5 years ago | (#27752509)

Yes, the jobs are right there in the careers section of the web site and as long as tech companies want to claim there's a shortage of qualified candidates, they'll remain there unfilled.

Re:Abso-freakin'-lutely! (5, Insightful)

Red Flayer (890720) | more than 5 years ago | (#27751191)

American students will not enroll in the computer sciences when the policy of America is simply to ship programming jobs overseas.

And yet that's not the policy of America. That's the policy of *some* American companies.

Mostly because US workers are not worth what they cost to employ.

The solution is not a phobic restriction on offshoring (protectionism), the solution is to bring domestic wages in line with offshore wages. Ideally this is done by increasing the global standard (and cost!) of living, but at some point we might just have to realize that our ridiculous wasteful standard of life is unsustainable if we want to compete economically with the rest of the world.

Re:Abso-freakin'-lutely! (4, Informative)

tukang (1209392) | more than 5 years ago | (#27752401)

Yes, you have a point about our standard of living but it's not only our standard of living that has caused this problem, it's also the deterioration of the quality of k-12 education in the US - especially in math.

When I did my undergrad, more often than not, kids who didn't know standard mathematical identities, were Americans. I don't see how someone who doesn't understand logs and exponents inside out can do well in a (respectable) comp sci program. Why should US companies hire mediocre US comp sci students when they can hire higher quality students overseas at a cheaper price?

Re:Abso-freakin'-lutely! (2, Insightful)

_ivy_ivy_ (1081273) | more than 5 years ago | (#27752701)

...it's also the deterioration of the quality of k-12 education in the US - especially in math.

While your deterioration theory is interesting, and math education is inadequate, I'm fairly sure you're hearkening back to a past that never was.

I seem to remember that inadequate math education was offered as "proof" as to why the Soviets beat the US into space with Sputnik.

Re:Abso-freakin'-lutely! (1)

aliquis (678370) | more than 5 years ago | (#27752951)

Isn't your wages ridiculously high to? What does a bachelor of science degree job give you / year over there in general? A masters degree?

Over here in Sweden the union for engineers recommends demanding 28.000 SEK / month for master of science and 26.500 for bachelors, but then most people probably have to settle for little less than that, experienced people most likely earn more.

But say that a bachelor may start at 25.000 SEK then, that's 25 000 * 12 Swedish kronor = 36 768.9 U.S. dollars / year, what would it be in the US?

But then it may be more expensive to hire people here since the companies may have to pay higher taxes/fees for each employe which will also add to the cost.

I have no idea how each educational system compares against each other.

(bachelor over here = 9 year obligatory school + 3 year "gymnasium" + 3 year university or similar.)

Re:Abso-freakin'-lutely! (0, Troll)

OeLeWaPpErKe (412765) | more than 5 years ago | (#27752997)

But requiring even basic math standards from little kids is so unfair. After all some never learn them. Your only option is to, at some point, exclude the worse performing students from the "best" education, or at the very least limiting their choices. This not only involves "focring a bad education on them", but also involves telling them they're crap.

Requiring any sort of knowledge for passing school creates, in other words, inequality. Inequality that is, first and foremost, the result of lazyness on the part of the bad students and secondary a result of natural talent (or lack of such). But it's inequality.

Now in reality, obviously people are naturally unequal. Even races have "on average" differences that can present advantages or disadvantages. "Whites" are on average (a lot) taller than both black and yellow races. This creates advantages and disadvantages for both parties. But ... worse than that there are also intellectual differences. On average only 1 in 7 (randomly chosen) whites will outperform a yellow person in an IQ test, and only 1 in 200 randomly chosen blacks will outperform a randomly chosen white person. There are even ideological differences, these are extremely obvious but extremely incendiary. Let's put it this way : your choice, both in religion (or "lack of it"), and even in political matters is a strong indicator of performance in IQ tests and both academic achievement and success later in life. Whoops.

So if you create advanced math classes, you'll see a lot of yellow faces, significantly less white faces, and every 5 years or so a single black face. You can imagine the screams of the politically correct nutcases. You will find in those classes basically no muslims (even in muslim states they would be sorely underrepresented), many christians, and slightly less atheists than christians. There wouldn't be many jews, but something like 80-90% of jewish students would find themselves amongst these "top performers". Imagine how incendiary this is, and then think about the obvious question : "since there is no difference in performance of christian students and kids of ex-muslim christian parents, clearly there is something in the religion that's preventing cognitive development. What ?". Imagine the world's response to obvious questions like that. Replace muslims with blacks, same question, but involving genes. Or find out how this relates to political orientation, and repeat for extra outrage.

Add to that that community organisers really, really dislike inequality. Even when it's so plainly obviously necessary things like excluding everybody except comitted students from higher education. Some even go so far as to make it the "responsability of the state" to change biological facts like the fact that a gay couple can't have natural children (you can laugh, but that's exactly what Europe is trying to do. Needless to say, it will fail, and create heaps of resentment along the way)

A "community organiser" is in charge of America, so I wouldn't expect the dumbing down to end any time soon. But soon a criminal drug addicted thief will no longer have to suffer "the humiliation" of having a lower grade in math than the kid who spends half his free time reading math and physics papers on the web. Prepare for worse, not for better.

Re:Abso-freakin'-lutely! (1)

misexistentialist (1537887) | more than 5 years ago | (#27752817)

Since a Chinese/Indian worker can maintain the same standard of living as an American at a fraction of the American's wage, the only way to equalize wages would be to pay the foreign workers like kings. They will always be undercut by people willing to live like princes, however, so really what would have to happen is to decrease the American's standard of living to that of a pauper.

If the government gave a shit about this country they would protect American jobs. The idea that China will retaliate by cutting off American imports, which consist of a few chickens, is a distraction from the policiticians' interest in protecting corporate profits.

Re:Abso-freakin'-lutely! (4, Insightful)

clarkkent09 (1104833) | more than 5 years ago | (#27751223)

the policy of America is simply to ship programming jobs overseas

No it's not. The policy of America is to promote globalization and free trade which in the long run is thought (rightly or not) to be beneficial to the USA. If that's what you are doing then it does make it kinda hard to use legislation to stop American companies from doing what they want which is hiring labor where its cheapest. Either you are for protectionism in which case we will lose in the long run because US companies won't be able to compete, or you are for liberalization of trade (including labor) in which case US workers will have to compete for jobs on equal terms with Chinese, Indians etc

Re:Abso-freakin'-lutely! (3, Interesting)

Jane Q. Public (1010737) | more than 5 years ago | (#27752369)

"... globalization and free trade which in the long run is thought (rightly or not) to be beneficial to the USA."

And there is the problem: who really thinks this?

The fact is that GATT and NAFTA had, and have, very little to do with "free" or "fair" trade. Subsidies and trade barriers remain on both sides of all borders, and in the main, they were giveaways of many trade advantages that the U.S. naturally enjoyed, to the eventual detriment of U.S. citizens and businesses.

However, your statement that the U.S. cannot compete is simply false. BEFORE these "trade giveaways", we competed just fine. Isn't it amazing that we have had trouble since?

Further, the "cheap" labor markets have also, over time, gained a well-deserved reputation for sub-standard products, whether those products are toys or software. That is not to say that there are not competent programmers and producers elsewhere. Of course there are. But I am referring to trends and averages. Further, "cheap" labor and production has led to environmental degradation that would not be tolerated within the U.S. So these multinational and outsourcing corporations are responsible for harming their cheap laborers even as they improve their income.

Globalization of the economy (as opposed to plain trade) is a bad, bad, disastrous idea. Diversity is essential for the survival of organisms, and that is a valid analogy to economies and cultures as well. Nationalism will not (had better not) be broken down, because if it is, woe to the people of Earth.

Re:Abso-freakin'-lutely! (1)

Timothy Brownawell (627747) | more than 5 years ago | (#27751895)

There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.

You seem to be implying that there haven't been cases of American workers doing the same. Is there any reason to think this implication is accurate?

Huh? (0, Troll)

Jane Q. Public (1010737) | more than 5 years ago | (#27752219)

WE did nothing of the sort. The giveaway in software technology was on the part of traitorous corporations that decided to outsource, in the name of short-term profit, and without regard to the very economy that made them big in the first place. Don't include me, or most other U.S. citizens, in that "we"!

Further, the U.S. still leads in software technology, even if there has been a drain. And further yet, your information is out of date: students in the U.S. have again started enrolling in Computer Science programs nationwide, bringing the numbers back up.

I would have to agree with you that American systems have been compromised. Blame the big American corporations and multinationals. They are responsible (along with the politicians who made it all possible). However, the idea that money and physical access is the easiest way to compromise a system is nothing new; it has always been that way.

Re:Huh? (5, Insightful)

Dishevel (1105119) | more than 5 years ago | (#27752567)

We did ALOT!

We gave craploads of money to teachers unions and then made high school easy to pass without learning anything so the teachers did't look to bad

We passed onerous environmental and labor laws encouraging companies to abandon the US.

We ran around and screamed and yelled that everyone should be coddled and no one should be fired.

We did alot. We are getting exactly what we paid for.

We have strong unions getting massive benefits at the cost of the consumer and the citizen. Because smartly, the businesses pass on the true costs of what we wanted right back to us. If you don't like what you got, then look at us. Not "Evil big business".

Re:Huh? (1)

jabithew (1340853) | more than 5 years ago | (#27752611)

The giveaway in software technology was on the part of traitorous corporations that decided to outsource, in the name of short-term profit, and without regard to the very economy that made them big in the first place.

The American economy pressured them to do it. They reduced costs for goods sold to American consumers*, because their consumers demanded it, and they returned increased profits to their (primarily) American investors.

The problem with free trade is that its benefits are disparate and hard to quantify (e.g. an extra 0.5% on GDP annually, slightly lower inflation), while its downsides are specific and easy to see (a closed factory).

*A comparison between the effects of labour competition and reduced goods prices is easy to find; real wages in the US have fallen, implying that labour competition is the larger effect at the moment. This isn't sufficient to judge the benefits or lack thereof of free trade, not least because no-one has tried it yet.

Re:Abso-freakin'-lutely! (2, Insightful)

tukang (1209392) | more than 5 years ago | (#27752261)

There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.

The reality is that major American system may have already been compromised by bribes to offshore foreign workers to insert malicious code into the American systems where they have direct access.

Do you honestly think American workers don't do the same? It's almost as if your argument is that American workers are inherently more ethical than foreign ones and that therefore offshoring is a bad thing.

no brainer (5, Insightful)

Briden (1003105) | more than 5 years ago | (#27750841)

If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

no.

putting vital systems on the Internet (4, Funny)

viralMeme (1461143) | more than 5 years ago | (#27750935)

"If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.

Re:putting vital systems on the Internet (1)

KDR_11k (778916) | more than 5 years ago | (#27750963)

Any that consists of a mixture of public and private employees?

Re:putting vital systems on the Internet (1, Informative)

Burkin (1534829) | more than 5 years ago | (#27751295)

What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.

The US, apparently.

Get used to it. (2, Insightful)

Ungrounded Lightning (62228) | more than 5 years ago | (#27752811)

What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.

What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the telephone network?

What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to radio receivers?

And so on.

You gotta communicate with 'em SOMEHOW. Are you proposing the banking system, the hospitals, and the military all SEPARATELY (and each individual organization within each group SEPARATELY as well) dig up the country and run their own private network? (And harden it against manhole-divers with bolt cutters while they're at it?)

"The Internet" and other networks sharing infrastructure (and potential vulnerabilities) is the current communication utility. It's time to stop wringing hands about how foolish it is to actually use it and join those working on how to do so safely and reliably.

Re:no brainer (1)

jonbryce (703250) | more than 5 years ago | (#27751263)

Physically bombing a country's electricity and transport infrastructure seems to be fair game, so why shouldn't a cyber attack be the same.

We might find it is preferable to break in in such a way that they don't know it has happened, and monitor what is going on. I'm sure that already happens, but this is a tactical decision.

Re:no brainer (2, Insightful)

flyingsquid (813711) | more than 5 years ago | (#27752693)

It seems to me that there are two questions here. First, is attacking civilian infrastructure to cause discomfort, fear, or inflict economic hardship a morally just tactic? Second, is it actually effective?

In World War II, the U.S. bombed civilian targets in Germany and Japan, the rationale being that stopping the Third Reich and the Japanese empire justified the cost in lives and suffering. We had 50 years to think about that decision before the U.S. became involved in the Kosovo War in 1999. Then, the U.S. and NATO bombed a number of civilian targets, including Serbia's electrical grid, TV stations, bridges, and factories. Again, nobody is going to argue that this is noble and chivalrous, but while it's distasteful, it's arguably preferable to letting a dictator get away with murder, or rather, genocide. Given the lack of outrage in the United States, I'd argue that we've long since decided as a society that it's OK to deliberately attack civilian infrastructure if the the suffering caused is less than the suffering averted. Where it becomes questionable is when attacks on civilian infrastructure are meant to be purely punitive, out of revenge rather than a need to protect yourself or others. Then, I'd argue that it's not justifiable.

But it's also important to ask: are such attacks really effective? Hitler tried to break the will of the British people by attacking civilian populations with bombers, buzz-bombs, and V-2 rockets. However, the Brits rallied around Churchill. And arguably, Hitler's decision to attack civilian targets in the Battle of Britain was one of his biggest mistakes, because it took pressure off of the Royal Air Force. The destruction caused to German cities by Allied bombing runs didn't lead to the surrender of the Germans, and I suspect that Japan would have struggled on despite Hiroshima and Nagasaki if they had thought that they had a serious chance of winning the war. So, I'm not a military historian, but I'd argue that attacking the civilian population is counterproductive. Generally, it will enrage your enemy and make them more determined to fight on. The loss of life and financial loss caused by the 9-11 attacks didn't break the will of the American people or destabilize the Bush Administration, instead it caused people to rally around the administration and let them do whatever they wanted.

Re:no brainer (1)

MozeeToby (1163751) | more than 5 years ago | (#27751503)

That would assume that taking out the power grid would in fact do those things. Hospitals have generators, as do ATC systems. Banks I'm sure would be able to keep working behind the scenes, even if they couldn't open their doors to customers.

The way I see it, we should use cyber warfare as a life saving measure. Basically, don't use cyber attacks unless you would use an equivalent military strike to get the same effect if the cyber option wasn't available. There are times when destroying or disabling a power grid is a legitimate military tactic. If, in one of those times, it is possible to do so without risking civilian or soldier's lives, why not do it? It would probably also leave open the possibility of re-enabling the power grid and besides, with the US's air superiority its not like you couldn't bomb it later if need be.

Re:no brainer (1)

cenc (1310167) | more than 5 years ago | (#27752237)

I believe it was Powel that said, "you break it, you buy it". So, rebooting a couple of computers, reinstalling some software, sure seems a much cheaper deal than trying to rebuild a power grid.

I would assert it would in fact be unethical, to bomb the power grid if you could simply do it with cyber attack.

Re:no brainer (1)

mR.bRiGhTsId3 (1196765) | more than 5 years ago | (#27752393)

Yes.
An attack results directly in the death of American citizens. Such a response would only indirectly result in the death of citizens if at all.
Whereas such an assault would cost lives and physical damage, the response would simply be an inconvenience. After all, what hospital or air traffic control system doesn't have battery backups. Making life miserable for an opponent is a sure way to curb future agression, and disabling an enemies civil infrastructure is a benign way of doing this.

Re:no brainer (1)

Dishevel (1105119) | more than 5 years ago | (#27752585)

If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

no.

Yes

Why not? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27750847)

I mean, what could possibly go wrong, now that the adults are in charge again?

Re:Why not? (2, Funny)

Anonymous Coward | more than 5 years ago | (#27751063)

They will take a look at it as soon as they finish playing with their airplanes.

No cyber-waterboarding or cyber-torture (5, Funny)

Anonymous Coward | more than 5 years ago | (#27750951)

I can just imagine the streaming video of masked men slowly lowering a powered-up motherboard into water while yelling "why did you portscan us?"

Re:No cyber-waterboarding or cyber-torture (1, Funny)

Anonymous Coward | more than 5 years ago | (#27751481)

Why do I actually feel pain at the thought of that motherboard being shorted in the water?

Perhaps I'm too close to technology.

Yes (5, Interesting)

MikeRT (947531) | more than 5 years ago | (#27750955)

The US military should comport itself online similar to how it handles the distinction between government and civilian targets in physical battles. That means the US military should regard all Chinese and Russian systems as open, hostile targets of opportunity the way that those governments treat everyone else. However, the US military should refuse to use its resources for the betterment of the US economy, unless that is something like stealing Russian jet designs and handing them quietly over to Lockheed or Northrop Grumman to analyze.

Let's stop kidding ourselves that these countries are only responding to us. There are plenty of people who foolishly believe that the Russians and Chinese are only engaging in an arms race to keep up with us because they're "afraid of us." Bull. Fucking. Shit. Like hell they're scared of us. The reason they're doing this is obvious to anyone who has studied their history. For centuries they've been imperialists and aggressors, and now a young country has finally kicked them to the curb. It's a pride issue, not a national security issue. The moment we accept that is the moment we'll finally come to grips with what we're really dealing with here.

Conflict always been part of our history. War will always be with us. The lunacy that leads people to believe in progress to negate that is the same lunacy that has lead to the economic mismanagement that resulted in the Great Depression, the millennial bubble and our current fiasco. Basic facts about war, foreign policy and economics will always be with us.

The answer is no. (5, Insightful)

hey! (33014) | more than 5 years ago | (#27750957)

At least, not until provoked, and then only at resources demonstrably being used in actual operations against the US.

The reason is that we don't want politically motivated cybervandalism to be legitimized.

This is what I had against the whole neo-con "spread democracy" program. I'm all for spreading democracy, but it won't work unless you spread the values and institutions necessary to make democracy work. One of those is freedom of thought and expression. It makes no sense to promote democratic government in a country where you are conducting psyops campaigns and are complicit in or actually performing suppression of free speech.

Re:The answer is no. (1)

interkin3tic (1469267) | more than 5 years ago | (#27751681)

At least, not until provoked

I would consider all those "Tr3y canadian C1alis rol3x3s FREE!" sufficient provokation to justify military action. Not only do they spam me, they're full of typos! It's offensive on all levels!

(Yes, I do know it's not so much typos as it is trying to get past filters, I don't care)

Proactive offence vs passive defence (5, Insightful)

Mr.Fork (633378) | more than 5 years ago | (#27750983)

As a former fed IT staffer and military specialist, our policies were always to be proactive. Resting is never a good place to be when an attack hits. Obama (and the rest of our NATO nations) need to have their own cyber-warfare military units to respond to any potential threat. With our economies being tied closer and closer each year to the internet, its now along the same lines of our need for energy and needs to be guarded as such.

Besides, I would rather these units proactively dismantle bot-nets, spynets, and spam-nets to protect our infrastructure than to constantly force the private companies to deal with the criminal and 'not-so-criminal-china-warfare' tactics going on today.

Let's think about this one for a second... (3, Insightful)

explosivejared (1186049) | more than 5 years ago | (#27750989)

If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

Seriously, if any military official takes more than two seconds to realize that it is clearly insane and has not learned one thing from our struggles in Iraq and Afghanistan. Alienating the populace of a nation like that has no benefit and is outright counterproductive. An attack on civilians like this works only in the context of strategic, conventional total war. We haven't fought a conventional war in 50 years. For any foreseeable conflict that U.S. could be involved in, it would be only sane to scrap the idea of attacking civilian infrastructure of any kind, information infrastructure included.

Re:Let's think about this one for a second... (2, Insightful)

cptnapalm (120276) | more than 5 years ago | (#27752889)

"We haven't fought a conventional war in 50 years."

There were those two wars against Saddam Hussein (I put it this way to distinguish the initial part of the Iraq War from the counter-insurgent part).

Since when does the government... (1)

aaandre (526056) | more than 5 years ago | (#27751013)

Since when does the gov ask NYT or slashdot readers what to do? And, would we really expect that the CIA would be making public announcements about their actions and intentions?

"Cyberwar" by definition involves at least two warring parties, doesn't it?

And, the internet is an interesting beast, requiring a computer to be connected to it in order communicate. Once connected, there's the potential for an exploit, given the complexity of software + hardware and the human vulnerability to coercion (mandatory http://xkcd.com/416/ [xkcd.com] ).

So the question is less of should we start but should our government continue leading a "quiet war" with governments they pretend to be friends with. In your name, with your money.

The Machiavellian approach destroys trust and non-trusting relationships are a lot of work and no fun.

What makes you think they haven't? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#27751045)

Just because you don't read about it doesn't mean it doesn't exist.

You seriously think the country with the worlds largest and longest established sigint program doesn't use it for offensive purposes?

like they dont already (1)

naeone (1430095) | more than 5 years ago | (#27751067)

hard to imagine it hasnt happened already, the stronger the denial the more likely it is

Absolutely (2, Insightful)

gringofrijolero (1489395) | more than 5 years ago | (#27751081)

Nothing prepares you for war like lots of practice.

No (1)

harris s newman (714436) | more than 5 years ago | (#27751083)

That would be illegal.

Re:No (1)

russlar (1122455) | more than 5 years ago | (#27751701)

That would be illegal.

You mean like torture was illegal?

"Just like the atomic bomb" (3, Insightful)

BobMcD (601576) | more than 5 years ago | (#27751095)

Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.

I agree. And just like the atomic bomb, exactly two of these might ever be used in actual warfare.

Think it through:

1) North Korea kills several power plants with cyberweapons.

2) US kills North Korea with conventional weapons.

Sure, if you're Estonia or Georgia you may have problems. You don't have one of the most powerful military forces in the world at your disposal. But here in the US we have all sorts of muscle that we use against people that we feel are misbehaving.

In fact, I doubt highly that we would prevent such an attack were the enemy foolish enough to launch one.

Stop an excuse to go to war? This nation? I think not.

Re:"Just like the atomic bomb" (2, Funny)

teh kurisu (701097) | more than 5 years ago | (#27751889)

Stop an excuse to go to war? This nation? I think not.

You make it sound like you have a choice in the matter. Yours is the nation that brought the world Norton Antivirus; of course you're not stopping an attack.

Against whom? (1)

wjh31 (1372867) | more than 5 years ago | (#27751099)

last time i checked, terrorists are known to use channels that are also used by a large portion of the public, so bringing them down doesnt sound good. And to go fully (especially publicly) offensive against any nations sounds like a very good way to start a war, even if a cold one.

Define The Enemy (0)

Anonymous Coward | more than 5 years ago | (#27751209)

Until the U.S. government realizes who the big cyberspace enemy is, the one that costs everyone the most money and does the most damage, then no, it shouldn't do anything. Once it figures out that spammers are the enemy, then yes, by all means launch authorized government-sized counterattacks against their servers.

disconnected (2, Interesting)

rndmcnlly (751912) | more than 5 years ago | (#27751215)

A related but more general question: When people talk of bits of infrastructure being connected or disconnected from the Internet, are they talking about the presence of direct, layer 3 connectivity (can I ping the airport's tracking systems?), any layer (if I hack the contracting company's intranet can I view aircraft positions through a series of proxies and application layers?) or actual electronic disconnection from the Internet (can you get only get in via getting your man on the inside the tweet the secrets from his cell)? Distributed infrastructural systems communicate Somehow...

Morality is a luxury item (1)

hessian (467078) | more than 5 years ago | (#27751233)

"Should" is a moral question. Moral questions are a luxury afforded by rich societies with no pressing needs (in other words, no cause for survival except continued convenience). The real question is "Do we need to?" and my answer is that if you have enemies, you always need to keep track of them.

I may be channeling Niccolo Machiavelli here... stupid cheap acid I bought back in my sophomore year.

Re:Morality is a luxury item (2, Insightful)

Xadnem (1120075) | more than 5 years ago | (#27751673)

Moral questions aren't a luxury, unless you're playing a zero sum game. Most nations aren't, they're a necessity, if only out of self-interest. If a nation proves it's rabidly amoral, doesn't follow the rules of war that have developed over the past few hundred years, they also better hope they don't need allies.

And i thought. (2, Funny)

pottymouth (61296) | more than 5 years ago | (#27751251)

This was about Arlen Specter.

Can't we just outsource all our security? (0)

Anonymous Coward | more than 5 years ago | (#27751329)

I mean, it would be a lot cheaper wouldn't it?

No, and for a simple reason... (2, Insightful)

HerculesMO (693085) | more than 5 years ago | (#27751455)

We will lose that offensive.

We are the ones who come up with copy protections and it takes some kid in Scandanavia a few hours to crack it.

We will quickly be destroyed by the cyber armies of 13 year olds with 22 hours of sunlight and Mountain Dew in their grasp.

Re:No, and for a simple reason... (1)

cptnapalm (120276) | more than 5 years ago | (#27752969)

Solution is simple: stop exporting Mountain Dew!

Internet geography =! world geography (3, Interesting)

gmuslera (3436) | more than 5 years ago | (#27751487)

Retaliation against a real world country because one, a few or several of the attacking parties were doing the final/traceable connection from there could not be very fair, and could show how close is militar intelligence with absolute stupidity.

Even if could be attacks lauched by other countries government internet addresses, but how you separate government willing to do that attack from some individuals there just checking the waters without autorization?

What is worse, what were the biggest internet attacks till today in general? From Morris worm to Conficker, passing thru all the spam in the middle, all were done by individuals and groups not related with government. There was the cyberattack to Estonia (?) some years ago, that was done more by individuals than from a government.

With nuclear bombs at least you have them enclosed in silos, military security, isolated. You need a small army to try to get one if not get disabled before. But a clever kid could take for its own benefit (from turning it to you or launching a big attack at your name) your entire botnet from the safety of his home.

But i have to agree that the 1st cyberattack from America was a big success. Crippled most of the computers of the world, caused lots of damages to other countries and still is active doing its work. But still, you cant say for sure if was launched by the government or Microsoft Corporation.

What a pointless question. (4, Funny)

DarkEntity (1089729) | more than 5 years ago | (#27751579)

As an American, I think I already am pretty offensive to most people on the Internet.

From Orbit (0)

Anonymous Coward | more than 5 years ago | (#27751717)

I say we NIMDA the site from orbit.
It's the only way to be sure.

Air Traffic Control (1)

ubergamer1337 (912210) | more than 5 years ago | (#27751751)

Even if hackers/governments were to bring down an Air traffic control system, the chances anybody would die are slim. At least in the USA, approach controls are still equipped with old-school battery radios, and will land the planes that way. Occasionally they do it this way now, from freak system outages, etc.

US was one of the first to go offensive (3, Insightful)

Halo1 (136547) | more than 5 years ago | (#27751791)

Or did everyone already forget ECHELON [europa.eu] ? Or does it only count if you actively break into other systems, rather than only intercept everyone's personal, business and political Internet communications?

And it would really surprise me if they didn't break into other systems yet. It's not like they first asked for public approval for ECHELON before starting to set up and use it.

That's intelligence gathering (2, Interesting)

Sycraft-fu (314770) | more than 5 years ago | (#27752849)

Which, like it or not, is treated very differently. There is a tacit agreement among nations that spying isn't a cause for war. Many nations try to spy on each other and while the spys themselves have little to no protections, the spying itself doesn't result in major stir ups. Remember that not long ago Aldrich Ames, a CIA counter-intelligence officer, was convicted of spying for the Russians. While he went to prison for it, the US certainly didn't go to war with Russia, or for that matter even get mad and impose sanctions or the like. Heck for that matter Russia has even refused to release the identity of the bank account that has $2 million of money for Ames because they argue he rightfully earned it and it shouldn't be subject to seizure by the US.

It is just accepted as part of the game. Intelligence gathering is something all nations try to stop when it is against them, but they don't go and start wars over it. So if you want to start a cyber war with the US over their intelligence gathering, well then you might not like the result as that is a major change in the rules.

it's a tremendously bad idea (1)

DragonTHC (208439) | more than 5 years ago | (#27751793)

they are utilizing probably a tenth of their hacking capacity. they are hitting sparse targets for capital gain or espionage.

What would happen if they decided to hit us for real?

*Aimed* is the crucial word. (5, Interesting)

teh kurisu (701097) | more than 5 years ago | (#27751827)

Another is avoiding attacks aimed at civilians.

Israel's policy, which America supports, is that firing a missile into a block of flats full of civilians is okay, if they think a terrorist is in the building. The attack is not aimed at the civilians, they just happen to be there. I'm sure the same mindset would apply in this case.

Re:*Aimed* is the crucial word. (1)

mR.bRiGhTsId3 (1196765) | more than 5 years ago | (#27752501)

You have oversimplified. Israel's policy, which America supports, is that firing a missle into a block of flats full of civilians is okay, since blocks of flats full of civilians is the only place terrorists every hide/stash their weapons, and by extension, the civilians are aiding the terrorists.

There's also precident in international law (2, Informative)

Sycraft-fu (314770) | more than 5 years ago | (#27752771)

For example if you read the Geneva Conventions, you find that various places are "off limits" for war. Hospitals and religious places would be the big ones. The rules say you need to take care not to attack them. However, there's a flip side to the rule: You also need to take care not to use them for military purposes. So if there's a church and it is used by people as a church, no problem, that church is off limits. However if an army decides to set up shop in there are use it as a base, it just became fair game.

This happened in WWII. The Nazi's took over a monastery since it had a good position for messing with shipping in the Mediterranean. They figured that the allies wouldn't bomb it, since it was a Christian religious structure, and as with many monasteries, it was designed rather like a fortress making an infantry assault impractical. Ya well, they were wrong on the not bombing account. the place was reduced to rubble. Not something that anyone really wanted to do, but it became a valid military target when it was being used to host attacks.

Now the situation in Palestine is obviously not identical, but it is similar. While a group of houses is manifestly a civilian setup and thus not a legitimate military target, it changes if those houses are used to house fighters, weapons and launch attacks.

Series of tubes? (0, Flamebait)

senorpoco (1396603) | more than 5 years ago | (#27751857)

Unless the internet tubes are full of oil, I don't see it happening anytime soon.

We are the offensive (0, Flamebait)

ezwip (974076) | more than 5 years ago | (#27751881)

The US has been on the offensive in cyber wars since the beginning of the internet, which they created. Most countries and businesses run our trojan. You might have heard of this. It is called Microsoft Windows.

We cannot.. (0, Troll)

SnarfQuest (469614) | more than 5 years ago | (#27752157)

Doing such things would be almost as awful as ... putting a caterpiller on someone. How could anyone respect a country that uses such things as caterpillers and worms?

Obama should ban such devices of torture as worms, just like he banned caterpillers.

What is stopping them? (1)

Locke2005 (849178) | more than 5 years ago | (#27752239)

...Another is avoiding attacks aimed at civilians. God knows the US has NEVER intentionally attacked civilians, no siree! (Cough, Hiroshima, Cough, Nagasaki, Cough) I'm not really certain that avoiding "collateral damage" is a big a concern to the US military as you seem to think it is.

In a word (1)

Loosifur (954968) | more than 5 years ago | (#27752421)

Yes.

It's no different than any other logistic target. If another country strafed an interstate or shot down one of our satellites, we'd consider it an act of war. Just because it involves a computer doesn't mean the principle or effect is any different. Enough of this "cyber" crap, a violation of a law, a treaty or an understanding is just what it is, whether it happened electronically or not.

Playing offense (2, Insightful)

xeniast (575383) | more than 5 years ago | (#27752491)

DoD developed BSD under DARPA for Public Network Safety
Then ignored or wasted the development research
and used microsoft.
Start by dumping microsoft.
Former DoD Systems Engineer

We're not children! (1)

Phroggy (441) | more than 5 years ago | (#27752525)

If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?

Give me a break.

If a US military base is attacked by a foreign government, whether physically or online, it is an act of war, and should be treated as such. A military response may be appropriate, and that could include an online attack as one component of the military strategy.

If a US military base is attacked by foreign teenagers in their parents' basements, it is a criminal act carried out by individual citizens, and should be treated as such. The perpetrators should be prosecuted by their own government in their own country, or extradited to our country to stand trial, depending on international treaties. No retaliation against the government of that country, or its infrastructure, is appropriate unless they refuse to take law enforcement action. If existing treaties don't allow things to work this way, then it's time to work on negotiating some new ones.

The whole notion of a "proportional response" is insane.

Re:We're not children! (0)

Anonymous Coward | more than 5 years ago | (#27752703)

Like any common thief. Have the local magistrate arrest him
and punish him accordingly.

Get some REAL IT guys, run a secure OS (1, Flamebait)

Nonillion (266505) | more than 5 years ago | (#27752599)

If the government would quit running fucking Windows, hire some IT guys who know their ass from a hole in the ground; maybe we wouldn't have so many problems on the cyber front.

Seems like a bad idea (1)

Alcoholist (160427) | more than 5 years ago | (#27752649)

Because going on the offensive worked so well in Iraq, Afghanistan, Somalia, Vietnam, etc...

Richard Clarke's stance (2, Interesting)

edmazur (958154) | more than 5 years ago | (#27752743)

Richard Clarke [wikipedia.org] spoke at my campus about a month ago and addressed this question. His claim was that United States needs to put forth some doctrine of cyberwarfare deterrence for the same reasons it did with nuclear warfare. His argument was that because of how dependent on computers the world is, cyberwarfare, a relatively unknown beast, has the same potential for the mutually assured destruction [wikipedia.org] that nuclear weapons are capable of.

Root'em all!!! (1)

Vinegar Joe (998110) | more than 5 years ago | (#27752795)

Let Linus sort'em out!!!

CyberConfusion (1)

_Sprocket_ (42527) | more than 5 years ago | (#27752865)

From the article:

"The fortress model simply will not work for cyber," said one senior military officer who has been deeply engaged in the debate for several years. "Someone will always get in."

I always find it disturbing when these issues are treated like physical security issues. Part of that is because it is often physical security specialists that are brought to task. It is an environment that they often seem to be completely unprepared to deal with.

The issue is that information security and physical security are fundamentally different domains. We have no real control over the laws of physics. They exist whether we want them to or not. The best we can do is work within those laws. The most cutting edge military hardware is simply a better understanding and ability to exploit the laws of physics which have remained constant. But there are still limits. And so physical security specialists find themselves with limited options to mitigate risk and tactics designed around those limits.

Information security deals with systems, protocols, and laws that we design and implement. If we discover that an adversary has found a way to take advantage of any given law, we can alter it so that advantage no longer exists. This provides a very wide degree of options as an infosec specialist can not only mitigate existing risks, but take steps to completely change the entire situation if warranted.

And that's probably why the whole "cyber" thing annoys me to no end. It seems to be some kind of meme that tries to put our physical existence in to the electronic domain. In reality, there is no Tron. We are not Neuromancers. What is referred to as "CyberWarfare" is really information warfare - signals intelligence, espionage, electronic warfare, and other well-trodden paths. There may be new techniques and social implications. But the situations we're looking at are just extensions of things we already deal with. Attempting to blur the lines between the physical and informational domains only confuse the issue.

Why would you assume... (1)

thePowerOfGrayskull (905905) | more than 5 years ago | (#27752943)

Why would you assume that we aren't already?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?