×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Behind the Government's Rules of Cyber War

Soulskill posted more than 2 years ago | from the defining-preemptive-retaliation dept.

Security 117

wiredmikey writes "Deciding when malware becomes a weapon of war that warrants a response in the physical world – for example, a missile – has become a necessary part of the discussion of military doctrine. The Pentagon recently outlined (PDF) its working definition of what constitutes cyber-war and when subsequent military strikes against physical targets may be justified as result. The main issue is attribution of cyber attacks. The Department of Defense is working to develop new ways to trace the physical source of an attack and the capability to identify an attacker using behavior-based algorithms. 'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert. A widely held misconception in the U.S. government is our offensive capabilities provide defensive advantage by identifying attacker toolkits and methods in foreign networks prior to them hitting our networks. So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

117 comments

Psychological Warfare (1, Troll)

masternerdguy (2468142) | more than 2 years ago | (#38208786)

Damn Chinese hackers. Now the Congress can't have their LAN party, and the lack of recreation will greatly reduce their efficiency.

Causus Belli (5, Insightful)

flaming error (1041742) | more than 2 years ago | (#38208834)

Constitutionally, an "act of war" is whatever Congress agrees it to be.

Such decisions are not the Executive's to make.

Re:Causus Belli (2)

masternerdguy (2468142) | more than 2 years ago | (#38208862)

The president can also order troops to invade another country without congressional approval. It would be political suicide to, say, wake up and invade Norway. But he can.

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38208944)

But that's only because the America of today is a failed state with a failed government.

Re:Causus Belli (4, Interesting)

Ethanol-fueled (1125189) | more than 2 years ago | (#38209210)

Soon, the president will be able to order troops to invade their own country [examiner.com] and indefinitely detain citizens such as those evil terrorist protesters who are all the rage these days.

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38209322)

Good. I'm tired of "occupy x"

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38210276)

Good news everyone, I'm starting Occupy Slashdot!

Action is allowed to proceed the paperwork (4, Insightful)

perpenso (1613749) | more than 2 years ago | (#38208976)

Constitutionally, an "act of war" is whatever Congress agrees it to be. Such decisions are not the Executive's to make.

Actually they are. An "act of war" is something different from a "declaration of war". Congress has the ability to control declaring a war and the spending on a war, however the president commands the military. In response to an act of war the president may order the US military to attack the perpetrators, this would be a lawful order. For example as soon as the president learned of pearl harbor he could immediately order US forces to attack enemy forces, he did not have to wait for the following day when congress got the paperwork in order and formally declared war.

Re:Action is allowed to proceed the paperwork (2)

Bucky24 (1943328) | more than 2 years ago | (#38209480)

That's a good point. A president can't institute a draft without a formal declaration of war from congress though, which can hamper their ability to invade other countries.

Re:Action is allowed to proceed the paperwork (4, Interesting)

flaming error (1041742) | more than 2 years ago | (#38209484)

> the president may order the US military
> to attack the perpetrators

The President may order the US military to defend against an active attack. Taking the fight to the attackers requires authorization.

> wait for the following day when congress got the
> paperwork

Congress may be incompetent, stupid, crazy, and deadlocked, but if there were a real attack on American soil, the most dysfunctional Congress we've ever had could get this done in the middle of the night. If Congress can't do it remotely, I'm sure a quorum of members could get individual direct transport to the capital.within a couple hours and pass something within 30 minutes.

It would take at least that long to prove who started the cyber attack.

Re:Action is allowed to proceed the paperwork (1)

perpenso (1613749) | more than 2 years ago | (#38210780)

> the president may order the US military
> to attack the perpetrators

The President may order the US military to defend against an active attack. Taking the fight to the attackers requires authorization.

The Constitution suggests no such limitation. As Command in Chief the President may order both defensive and offensive operations. In the Pearl Harbor example the president is free to order the military to locate, pursue and destroy the enemy forces even if those forces have disengaged and are withdrawing. Such would be a legal order.

> wait for the following day when congress got the > paperwork

Congress may be incompetent, stupid, crazy, and deadlocked, but if there were a real attack on American soil, the most dysfunctional Congress we've ever had could get this done in the middle of the night. If Congress can't do it remotely, I'm sure a quorum of members could get individual direct transport to the capital.within a couple hours and pass something within 30 minutes. It would take at least that long to prove who started the cyber attack.

Modern history does not support this 30 minute hypothesis. It took a far more functional congress a day to declare war after Pearl Harbor, and that was with both an unambiguous attack and a diplomatic message from the enemy essentially breaking off negotiations and declaring war. And it is good that Congress has the luxury of time and may fully deliberate whether a formal declaration of war is necessary, or if the President's immediate response was sufficient for the moment and if diplomacy may be a better option moving forward.

Re:Action is allowed to proceed the paperwork (1)

flaming error (1041742) | more than 2 years ago | (#38214686)

the president is free to order the military to locate, pursue and destroy the enemy forces even if those forces have disengaged and are withdrawing

I agree. Going after somebody who just attacked you is still self-defense.

Sending soldiers to the perpetrators' country is what requires a declaration of war. If it were not so, we'd forever have what we have today - massive foreign deployments, years of war, all without a congressional declaration of war.

it is good that Congress has the luxury of time and may fully deliberate whether a formal declaration of war is necessary

I agree with the sentiment. If an act were really an unambiguous act of war, I think the decision would be a no-brainer. Otherwise, I agree, they need to talk it out, while POTUS makes plans and waits for authorization to strike.

Re:Action is allowed to proceed the paperwork (1)

dak664 (1992350) | more than 2 years ago | (#38209620)

But after the executive response to the act of war the Presidential ass out to be on the line until there is a Congressional confirmation of war. I don't even mind a silly declaration of War on Drugs or War on Terrorism or War on Unfair Trade as long as all three branches of government have to commit to the process. Better theater if nothing else.

Re:Action is allowed to proceed the paperwork (1)

dcollins (135727) | more than 2 years ago | (#38210742)

"... however the president commands the military."

In the U.S. Constitution, that power has a big qualifier on it. "The President shall be Commander in Chief of the Army and Navy of the United States, and of the Militia of the several States, when called into the actual Service of the United States." [Article 2, Section 2, Clause 1] My best reading is that he's not Commander in Chief until Congress officially taps him thus with a declaration of war.

Re:Action is allowed to proceed the paperwork (1)

perpenso (1613749) | more than 2 years ago | (#38210902)

"... however the president commands the military."

In the U.S. Constitution, that power has a big qualifier on it. "The President shall be Commander in Chief of the Army and Navy of the United States, and of the Militia of the several States, when called into the actual Service of the United States." [Article 2, Section 2, Clause 1] My best reading is that he's not Commander in Chief until Congress officially taps him thus with a declaration of war.

That is an erroneous reading. "When called into the actual Service of the United States" is merely indicating that the president is not normally in command of the state militia. Note that the Commander in Chief of the state militia (or today's National Guard) is normally the Governor of the state. Also note that a declaration of war is not necessary to move the National Guard from state to federal service. National Guard and Air National Guard units served in combat during Korea, Vietnam, Gulf War and today's conflicts in Iraq and Afghanistan.

Re:Causus Belli (3, Informative)

dak664 (1992350) | more than 2 years ago | (#38209008)

Would it were so. Google police action. According to wikipedia the US has engaged in military actions at least 125 times without prior authorization of Congress. World War II was the last authorized war. Even the Civil War needed no authorization because the opposition was a "belligerent power" and not a "sovereign nation".

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38209012)

So you are saying that an ideologically deadlocked congress should be able to prevent the US from defending itself?

Re:Causus Belli (1)

flaming error (1041742) | more than 2 years ago | (#38209248)

Yes, absolutely.

But if there were another Pearl Harbor, you'd find no ideological deadlock.

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38210112)

Are you sure of that?

As far as I know, Hawaii is little more than an inroad for foreigners to invade from within... I say let them learn some other language.

Re:Causus Belli (1)

slick7 (1703596) | more than 2 years ago | (#38209398)

Constitutionally, an "act of war" is whatever Congress agrees it to be.

Such decisions are not the Executive's to make.

The real test will come when we start getting our collective asses kicked by some N. Korean script kiddie.

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38209914)

Well lets all agree here and now: a cyber-crime warranting a missile strike (nuclear or otherwise, at the discretion of whomever happens to be pulling the trigger) - is anything spam or greater.

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38211904)

Nuke it from the orbit! It's the only way to be sure. But then comes the nucular spam and the M.A.D. via port scans and nuclear attacks continues.

Re:Causus Belli (0)

Anonymous Coward | more than 2 years ago | (#38213200)

I agree. The law is the law is the law, and that requires Congress, not the president.

just name a nuke as a nuke power plan that when (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38208884)

just name a nuke as a nuke power plan that when hacked fires at the hacker.

The "right target" is a misconception (5, Insightful)

guanxi (216397) | more than 2 years ago | (#38208904)

'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert.

Not true, unfortunately. How many wars have started based on false information? Off the top of my head:

  * The Spanish-American War: Remember that the Maine sunk by accident
  * The Vietnam War: The Gulf of Tonkin
  * The Iraq War: No WMDs and no connection to Al Queda.

Re:The "right target" is a misconception (1)

Hartree (191324) | more than 2 years ago | (#38209126)

So, you're saying that if the right target is the wrong one, fire at the left target?

Re:The "right target" is a misconception (2)

Bucky24 (1943328) | more than 2 years ago | (#38209492)

This is 'merica boy! We fire at them both!

Re:The "right target" is a misconception (1)

Anonymous Coward | more than 2 years ago | (#38210094)

'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert.

I thought that particular statement is quite ironic given the recent attacks on the Pakistani border outposts.

Re:The "right target" is a misconception (1)

CrimsonAvenger (580665) | more than 2 years ago | (#38210298)

Not true, unfortunately. How many wars have started based on false information? Off the top of my head:

* The Spanish-American War: Remember that the Maine sunk by accident

It's probably not widely known in the USA, but after the Maine blew up (and completely irrelevant to it), Spain declared war on the USA before we could get around to declaring war on them.

* The Vietnam War: The Gulf of Tonkin

One real attack on a US warship, one (most likely) imaginary one. No declaration of war by the USA.

BLOCKQUOTE> * The Iraq War: No WMDs and no connection to Al Queda.

No connection to Al Quaeda, but real WMD's. Remember, chemical weapons are WMD's. No declaration of war by the USA.

Techincally, without a declaration of war, it's not a war (at least by US definitions). Which is why diverse Presidents could get away with attacking everything from Nicaragua to Libya in the last 100 years....

Re:The "right target" is a misconception (1)

Pi1grim (1956208) | more than 2 years ago | (#38211958)

Chemical weapons? You mean they found old socks and bags of beans there?
AFAIK no WMDs were recovered, instead the public was fed "we haven't found them yet, but they're there, that's for sure". And a couple of specialists that dared questioning the presence of WMDs were found dead in the woods.

Re:The "right target" is a misconception (1)

DerekLyons (302214) | more than 2 years ago | (#38211248)

'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert.

Not true, unfortunately.

Did you even read what you wrote? Because what you just said is "no, they don't need to make sure before sending a missile".
 

How many wars have started based on false information?

While it will get you modded insightful, this is irrelevant to the first portion of your message.

Re:The "right target" is a misconception (1)

Leuf (918654) | more than 2 years ago | (#38211324)

They only need to make sure the missile isn't going to piss off anyone that matters too much. If they can't do anything about it, then they don't matter. If they can do something, but it's not going to be enough to get them to actually do it, then they don't matter either.

Kiss your ass goodbye ... (1)

Anonymous Coward | more than 2 years ago | (#38208936)

... Nigerian spammers!

When the nukers get nuked (1)

Xaide (1015779) | more than 2 years ago | (#38208940)

What happens when the missiles get hacked and detonate without launching?

Re:When the nukers get nuked (2)

c0lo (1497653) | more than 2 years ago | (#38208986)

What happens when the missiles get hacked and detonate without launching?

Identify the source and stone the attacker to death.

Everybody must get stoned: (1)

Hartree (191324) | more than 2 years ago | (#38209138)

"Identify the source and stone the attacker to death"

Bob Dylan would be proud.

Re:Everybody must get stoned: (1)

c0lo (1497653) | more than 2 years ago | (#38209396)

Bob Dylan would be proud.

As he's still alive, you should correct the tense or replace Dylan with someone closer to be a role model in this respect (Jim Morrison would be the first to pop into my mind. Bon Scott almost qualifies as well).

Re:Everybody must get stoned: (1)

Hartree (191324) | more than 2 years ago | (#38209506)

How does it imply he's deceased?

Exampe: It's fine to say "I would be proud." about a hypothetical event. Let me assure you I'm no zombie.

Re:Everybody must get stoned: (1)

c0lo (1497653) | more than 2 years ago | (#38209632)

Ok, Ok. My fault. However, it still a sub-optimal choice of "stone to death" role model.

Besides, this is /. - who the hell has rainy days women... even more, at least 35 of them?

Re:Everybody must get stoned: (1)

Hartree (191324) | more than 2 years ago | (#38209692)

"who the hell has rainy days women... even more, at least 35 of them?"

Hope springs eternal in the hearts of fools and slashdotters.

Re:Everybody must get stoned: (0)

Anonymous Coward | more than 2 years ago | (#38212918)

Bob Dylan would be proud.

As he's still alive, you should correct the tense or replace Dylan with someone closer to be a role model in this respect (Jim Morrison would be the first to pop into my mind. Bon Scott almost qualifies as well).

Bob Dylan would have been proud would have been the wrong tense. "would be" is just fine.

Pretending (1)

sugarmotor (621907) | more than 2 years ago | (#38208942)

Isn't it easy for some attacker to pretend they are somewhere else on the network? Also, chances are the behavior-based algorithms would need ten to twenty years of tuning before they are reliable (also with respect to real attacker pretending)

Looks like a project that is easy to spend a lot of money on, but with little accountability.

S

So we are a Christian Nation? (4, Insightful)

paulsnx2 (453081) | more than 2 years ago | (#38208982)

Just to be clear here, many "hawks" claim to follow "Christian Values".

Let's consider the Old Testament values:

leviticus 24:19-24:21

19 Anyone who maims another shall suffer the same injury in return:
20 fracture for fracture, eye for eye, tooth for tooth; the injury inflicted is the injury to be suffered.
21 One who kills an animal shall make restitution for it; but one who kills a human being shall be put to death.

Now the idea here is when you are wronged, you *can't* inflect more suffering than you suffered. There is a limit.

Then Jesus came along, and said this was an *upper limit* not a lower limit. You should instead return good for evil. In other words, these Christian Hawks should consider the fact that their ideas of bombing someone because of malware doesn't even past Old Testament standards, much less those of Christianity. How does a crashed computer equate to blowing up a house or office and killing who knows how many innocents in the process?

I am getting very tired of wars and conflicts to line the pockets of various corporate interests. How about we start demanding ethical principles of our leaders rather than buying into their excuses to abuse people abroad, and increasingly, Citizens at home. What is it going to take for people to realize that our government is getting out of hand, and is not behaving in line with our moral and ethical traditions? Seriously, we hear more concern out of our Religious leaders about allowing same sex marriage than we do the killing of 10's and sometimes 100's of women and children!

There *is* something seriously wrong with the morals of this country. When are we going to realize that we are supposed to come to people's aid when they are in need, to hear them when they cry out for relief? That we are not supposed to react by blowing them up?

Re:So we are a Christian Nation? (2)

masternerdguy (2468142) | more than 2 years ago | (#38209010)

Actually we're a secular nation.

Re:So we are a Christian Nation? (1)

Anonymous Coward | more than 2 years ago | (#38209228)

One nation under God.

In God we trust.

Re:So we are a Christian Nation? (1)

paulsnx2 (453081) | more than 2 years ago | (#38209230)

I did not mean to imply we *are* a Christian Nation, but to point out that many "Christian" Hawks say one thing, and ignore what it means otherwise.

I did a quick re-read of my post, and I think this is at least close to what I wrote.

Re:So we are a Christian Nation? (1)

Jiro (131519) | more than 2 years ago | (#38209402)

You're ignoring some of the violence in the Bible. For instance, look at the book of Revelations and how it speaks approvingly of war and torture. Certainly Christians can easily take these parts literally as well as the other parts. (And even if the torture is a metaphor, the comparison still implies that torture is good.)

Besides, the US is currently run by Obama. He's not a Christian hawk, but he managed to attack Libya without Congressional approval, and the only reason we're out of Iraq is that the Iraqis insisted on the Bush timetable against his wishes.

Re:So we are a Christian Nation? (1)

paulsnx2 (453081) | more than 2 years ago | (#38215116)

> You're ignoring some of the violence in the Bible. For instance, look at the book of
> Revelations and how it speaks approvingly of war and torture. Certainly Christians
> can easily take these parts literally as well as the other parts. (And even if the
> torture is a metaphor, the comparison still implies that torture is good.)

It is a small post on Slashdot, not a comprehensive defense of pacifism in Christianity. The only point I was making is that we have in the texts certain standards for governments to follow. *IF* someone wants to claim we are a "Christian Nation" (whatever that means), *THEN* I think they should consider following a few clearly defined principles and limits as defined in their scriptures.

The post wasn't intended to be more than that. One *could* argue pacifism, but in fact we are far beyond that. As I said, we don't even met "Old Testament" standards for resolving conflicts.

Locutus: "Irrelevant" (1)

Hartree (191324) | more than 2 years ago | (#38209180)

Why would that be a hindrance to all of us hawks who have never claimed to follow christian values? ;)

Re:Locutus: "Irrelevant" (2)

paulsnx2 (453081) | more than 2 years ago | (#38209280)

Some ethical and moral principles apply regardless. I think as an upper limit only inflicting harm proportional to the harm done to you is a pretty reasonable ethical and moral standard regardless of your ethical/moral/religious views.

Some multiple of the harm to you might be okay as a deterrent, in the mind of some.

Almost anyone would consider someone who can forgive and forgo retribution to be someone following a high moral and ethical standard.

See? I think the post *can* apply, even if you are in no way Christian. That is because I am talking about moral and ethical standards here, not about Christianity. But it remains interesting that Christianity demands more from us, and the fact that we don't meet that standard is more of an argument that we are not a Christian Nation than any historical argument (of which there are plenty).

Re:Locutus: "Irrelevant" (2)

Jiro (131519) | more than 2 years ago | (#38209500)

. I think as an upper limit only inflicting harm proportional to the harm done to you is a pretty reasonable ethical and moral standard regardless of your ethical/moral/religious views.

I don't accept that standard.

The reason is that sometimes the amount of harm done is reduced through no desire of the attacker. Your argument says that the better your bomb shelters are, the less you are justified in attacking an enemy (since by using the bomb shelters, you reduced the casualty count on your side, and if there are fewer casualties on your side, proportional force means you are not allowed to kill as many of the enemy).

This isn't just theoretical. Israel is often the victim of this unbalanced standard. Palestinians lob missiles at Israel. The bomb shelters are too good, so Israel gets told they are using "disproportionate force" when fighting back and killing more Palestinians than are killed by the missiles.

I'd suggest a different standard: you're allowed to use whatever force on the people causing the harm to stop them from doing you harm.

Re:Locutus: "Irrelevant" (0)

Anonymous Coward | more than 2 years ago | (#38209950)

There are orders of magnitude in the destructive power of US supplied modern ordnance to Israel like cluster bombs, hellfire missiles, armor piercing tank and artillery shells, not to mention white phosphorus --- compared to the Palestinian Qassam "missile" --- a homemade, unguided glorified Estes rocket --- pretty much a propellant powered rock. You seem to be either grossly misinformed or an apologist.

Re:So we are a Christian Nation? (3, Insightful)

artor3 (1344997) | more than 2 years ago | (#38209232)

One of my favorite verses is "Don't try to do good through evil; overcome evil with good." (Somewhere in Romans, I don't memorize the numbers.) The Republicans respond to this by torturing people without so much as a trial, assuring us all that it's for the best. And this is the party that likes to present itself as defenders of the faith. And even worse, it seems like most self-proclaimed Christians supported the torture.

I wish they'd just drop the act and admit that they aren't religious, they just hate gays and sexually active women.

Re:So we are a Christian Nation? (1)

jpapon (1877296) | more than 2 years ago | (#38209246)

In spite of what you say, they are following the rules you quoted exactly. They are merely trying to identify what constitutes an "eye" when the attack is digital. Just because the weapon was a hacker intrusion doesn't mean it can't kill or harm people. The same evaluations were made long ago with other forms of technology. The conclusion, and rightly so, that providing information which leads to killing is equivalent to killing, was made a long time ago.

Re:So we are a Christian Nation? (2)

dcollins (135727) | more than 2 years ago | (#38210760)

"Just because the weapon was a hacker intrusion doesn't mean it can't kill or harm people."

FUD. When was there ever a hack that has killed people? Meanwhile, the U.S. drops illegal bombs from killer drones around the world every day.

Re:So we are a Christian Nation? (1)

jpapon (1877296) | more than 2 years ago | (#38211954)

Yes, and when have we ever gone to war over a hack? Just because it hasn't happened doesn't mean you shouldn't make a plan for it in case it does.

Re:So we are a Christian Nation? (0)

Anonymous Coward | more than 2 years ago | (#38209254)

I see some fancy schmancy prisons in our country. Internet, three meals a day, college edumication, aye? Detox, rehab, less excessive punishment (for what used to be so many more years, I'm not talking about the excess of drug busts, etc.).

As far as I'm concerned, and what I do know, considering I don't get my news from CNN and Fox, the world has been much more peaceful after the hellacious World War II.

What's Christianity have to do with it? (0)

Anonymous Coward | more than 2 years ago | (#38209306)

There's too many damn "hawks" claiming to follow the "Taoist Values" of "harmony" and "respect"
I am getting very tired of infiltrating networks and sowing paranoia in the Western world to line the pockets of corporate interests.

Taoist Hawks: (1)

Hartree (191324) | more than 2 years ago | (#38209594)

The Tao of the well placed cluster bomb?

Zen and the art of carpet bombing?

Re:Taoist Hawks: (0)

Anonymous Coward | more than 2 years ago | (#38214248)

I guess with reincarnation, killing seems a less severe thing. If you were good, you'll be reborn into a better life, therefore being killed is an advantage to you. If you were evil, you get reborn into a worse life, but then you deserved it anyway. And you have still your chance to become better in your next life (no eternal hell), so it's not that a chance to better yourself had been taken away from you (unlike the Christian believe where after you died, it's too late to change for the better). In any case, death is not the end, it's just the step into another life.

Re:So we are a Christian Nation? (2)

Fluffeh (1273756) | more than 2 years ago | (#38209362)

Seriously, we hear more concern out of our Religious leaders about allowing same sex marriage than we do the killing of 10's and sometimes 100's of women and children!

Most of your Religious Leaders are in fact political creatures just like most politicians. They might internally be thinking about the killings of 10's and 100's - but they preach what will be most likely to generate attention.

The average US citizen doesn't care about 10's or 100's of people dying in some other country at their hand. To make a point, where was the US outrage about the NATO strike [globalpost.com] that killed 24 Pakistani soldiers [bbc.co.uk]. Pakistan is taking this latest attack so seriously that is has given US forces two weeks to vacate their main drone base!

It's a sad world these days, but leaders of just about all things, be they political leaders, religious leaders, business leaders - all have their own little agenda and they make just the right soundbytes and bring up just the right things to get to where they want to be. Sadly, those agendas very rarely seem to have the improvement of the world in general anywhere in the list.

Re:So we are a Christian Nation? (1)

gknoy (899301) | more than 2 years ago | (#38209412)

How does a crashed computer equate to blowing up a house or office and killing who knows how many innocents in the process?

While I see what you're getting at (Christianity promoting forgiveness, which seems at odds with air strikes), I believe the point is that it's not merely "a hacked computer" that is considered harmful. What matters is what the computer is connected to:

A hack of a SCADA system at some important facility could harm all sorts of stuff.
A hack of a power grid or air traffic control system would surely injure many, and probably kill quite a few as well.
A hack of the control systems for flood protection systems, tornado warning systems, and so on could be pretty devastating.

There are many systems where we use computers to monitor things or control them, and have to take various precautions to ensure that User Error doesn't hurt anyone. That's much harder to safeguard if the computer's been altered to lie to you ("Oh, yes, temperatures in reactor three are totally normal!"), or even directly control things.

If some black hat (or script kid?) out in upper Elbonia is trying to influence systems like that, I can understand how our government would consider that an aggressive act, and respond with force.

Poorly Defended Computers (1)

Shifty0x88 (1732980) | more than 2 years ago | (#38210654)

Dont you think that these type of systems should NOT be hooked up to the internet and that putting them on the internet is just asking for sh*t to go wrong?

If they really need to be networked with other computers maybe they should invest in their own fiber cables, I mean aren't there plenty of dark fiber [wikipedia.org] for them to buy

And what about locking down the computers themselves, I believe Stuxnet and the Wikileaks deals were because you can just plug a flash drive in and hit copy, who thought that was a good idea to allow???

Sounds like another left hand not talking to the right hand to me

And more to the question posted, don't you think a strike against a cyber-attacker is a little overboard? I mean isn't it like trying to shoot a mosquito with a shotgun, a little overkill and unwarranted don't you think?

For that matter what is a justifiable punishment for that type of crime? A counter cyber-attack, extradition(if we can, depending on where the attack originated from) for prosecution?

Then you have to think about whether it was a country or an individual that has committed the crime, does a town need to get attacked or 1 house? And for that matter he didn't have a gun so using a gun seems like a little much.

Whoever comes up with the answer must make sure that it is a justifiable one and that we aren't just being the world police like always.

Re:Poorly Defended Computers (0)

Anonymous Coward | more than 2 years ago | (#38211816)

Whoever comes up with the answer must make sure that it is a justifiable one and that we aren't just being the world police like always.

But police doesn't ... oh wait, never mind!

Re:So we are a Christian Nation? (1)

EnempE (709151) | more than 2 years ago | (#38209940)

I am going to avoid the religious flamebait here, as far as I know there was a deliberate separation of church and state in the US. We should actually talk about the moral standard that you are referencing, which is more or less utilitarian in nature. Can we equate a crashed computer to blowing up a house. I would propose the following scenario.
The wealthy 1% of some country somewhere, highly educated and with malicious intent manipulate the medical information systems in a number of hosptials in the major population centers across your country. Records are switched, details changed etc., due to this mis information there are deaths through mistreatment before the problem is discovered. The health department then demands that all records be double checked to prevent further deaths. The delay and confusion causes another 50 deaths as emergency centers back up and doctors are provided with no patent information, as paper copies of these records just don't exist anymore. News spreads of the deaths in hospitals and people panic, more deaths result as a result of people not seeking medical assistance when they need it. In total the subtle manipulation of data causes about 75 deaths and the destabilization of the health system may cause further deaths for many years. The group responsible openly celebrates their victory and states their intention to do more damage to other countries and to target other public utilities, and do so "until the death". This group lives in a small enclave with 50 people in total.

If you are charged with providing a safe environment, would you respond to this use of malware with aid or with a firmer action ?

Re:So we are a Christian Nation? (0)

Anonymous Coward | more than 2 years ago | (#38211244)

Look, I'm all about religious people are stupid and Christian's for a stronger nuclear armament are stupid hypocrites.... But check out Stuxnet. It's malware, that potentially causes nuclear facilities to explore, dams to flood, sewage plants to explode and all other kinds of real world people dying shit.

It's real. It's out there. It's software that can kill a city.

Reality is that military responses may have to extend to cyber attacks.

Also... the evidence suggests that stuxnet was an American or Israeli national defence project aimed at Iran's nuclear capabilities. So there might be a reason why the DOD is so keenly aware of the possibility of cyber attacks that might warrant missiles being fired in response.

Re:So we are a Christian Nation? (1)

Opportunist (166417) | more than 2 years ago | (#38211562)

Oh c'mon, religion has been used as an excuse to go to war since times immemorial. You can't change the rules now. Besides, as long as that enemy follows a different religion, it's all fine and fair game.

For reference, see crusades, 30 years war, etc.

Re:So we are a Christian Nation? (1)

mr100percent (57156) | more than 2 years ago | (#38212456)

Sadly, people have been trying to lawyer all the "thou shalt not kill" out of religion for thousands of years.

attacking the country for the act of an individual (1)

fullmetal55 (698310) | more than 2 years ago | (#38209030)

Is it fair to start a war with an entire country because of the act of one or a small group of individuals? and when it is a small group of internationally scattered individuals, which country(s) do you attack, all of them? what if one of the people were Americans? or a close ally? is it worth risking all-out World Wide war because of a handful of hackers living in their parent's basements? The question really is difficult to ascertain. This is not unlike the problem of the war on bin Laden, do you attack Saudi? his homeland? Iraq, a country which condemned him, and deported him years earlier? Afghanistan, where he might be hiding out? Pakistan, where he was hiding out? It becomes trickier when you're dealing with more allies... one guy in Britain, one in Canada, one in the Netherlands, one in Italy, and one in Australia, while the attack was launched from a compromised computer within the United States. Who do you invade? Where does the missile target? pick one and hope the rest of the world doesn't side with them on the relatively unprovoked attack on another nation's sovereignty due to the actions of one of their civilians?

Re:attacking the country for the act of an individ (2)

jpapon (1877296) | more than 2 years ago | (#38209272)

Yes. You attack the people who attacked you, until they don't want to attack you anymore.

There are diplomatic procedures for that, actually (2)

Freddybear (1805256) | more than 2 years ago | (#38209364)

For instance, in the case of bin Laden, we knew for a fact that he was in Afghanistan at the time. We asked them to extradite him, all in accordance with the treaty that both the USA and Afghanistan had signed. The Taliban government refused to honor that treaty. So diplomacy had already broken down, and war was basically the only option.

In your other example, we have good relations with all of those countries, and we hope that their governments are not (very) belligerent towards us, at least not to where they would deny us our rights under extradition treaties. So we go through diplomatic channels, we get them to bust the guy and ship him to us for trial. All nice and peaceful diplomacy. Would we go to war with Canada over one criminal whom they refused to extradite? Probably not.

Now if, let's say, there was some large organized gang operating out of, say, Mexico, which routinely attacked and killed Americans, even up to American police officers, then the Mexican government better damn well be cooperating with our military and law enforcement. And if American government officials got involved in smuggling weapons to that big Mexican criminal gang, maybe for some misguided political reason, and our Justice Department knew about that smuggling and tried to stonewall and refused to deal with that problem and punish the officials who were responsible, well, that would definitely be an act of war against Mexico, as well a a violation of their oath of office by those government officials. And if high officials in our Executive branch not only let it happen, but continued to cover up for the crimes, they would deserve to be extradited to Mexico, and I hope the Mexicans would punish them to the fullest extent of the law.

Re:There are diplomatic procedures for that, actua (0)

Anonymous Coward | more than 2 years ago | (#38211106)

Would we go to war with Mexico over one criminal whom they refused to extradite? Probably.

FTFY

Mission Impossible (1)

WaffleMonster (969671) | more than 2 years ago | (#38209166)

It used to be worst case your arch nemesis would social engineer themselves a scary but somewhat amusing swat raid at 3am..

Death from above raining on my parade with live ordinance is no joke.

There is no algorithm possible that can say for sure where an attack came from. Such technology simply does not exist especially in the face of thinking advasaries who would undoubtably seek to use US munitionions as a force multipler against their advasaries. Not all conspiracies are false.

There are no new rules for this (1)

Angst Badger (8636) | more than 2 years ago | (#38209216)

So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?

Same as every other war. Whenever the arms industry, the mass media, and whatever industries want the raw resources of the purported attacker manage to get the public frothed up enough that opportunists in the executive and legislative branches feel secure about being reelected if they start a war. There's not a lot of point in coming up with cover stories ahead of time.[1] There's always plenty of time between the campaign contributions and the actual deployment of the fleets to test ad campaigns and slogans with the focus groups.

[1] Unless you're a think tank or a private military contractor that's scored a nice, fat, no-bid contract to come up with lurid scenarios that can be used to drive news coverage to shore up public support for even more military spending.

When we say "we don't do that" without giggling. (0)

Anonymous Coward | more than 2 years ago | (#38209392)

from TFA:
> The problem with mandating types of responses - a cyber-attack in response to a cyber-attack, for example -
> is that it limits the nation's ability to respond to threats as needed, John Burnham, vice ....

Something we do "in a pinch" should never be enough to cause us to declare war on someone who does it to us. But good luck getting agreement on that.

Excuses (0)

Anonymous Coward | more than 2 years ago | (#38209930)

As if the U.S. ever needed an excuse to enter into war....

Re:Excuses (1)

Opportunist (166417) | more than 2 years ago | (#38211546)

Nonono... they need no reasons, but they still need an excuse.

But don't feel bad, it's always been that way. Countries have been looking for excuses to attack each other since the dawn of time. The first war was probably started on the grounds that the witch from cave 15 gave the chieftain the evil eye and now he has gout.

Re:Excuses (0)

Anonymous Coward | more than 2 years ago | (#38211884)

The first war was probably started on the grounds that the witch from cave 15 gave the chieftain the evil eye and now he has gout.

You are exaggerating. First war most probably took place before humans learned to count to 15.

Very dangerous doctrine (2)

Hentes (2461350) | more than 2 years ago | (#38209944)

The US should stop putting such stupid people in top military positions, this is extremely dangerous. Is my country going to be nuked the next time a Chinese hacker decides to use a proxy from here?

Cyberwarfare is a fearmongering buzzword so the military types can get all the permissions they need. Just because an exploit is often called an 'attack' , it has nothing to do with a physical attack. Most attacks have a much better real-life analogy:

Cyber espionage

99% of the attacks is actually analogous to some form of espionage. Most attacks aim to get information, which could hardly be classified as warfare. And even the ones that cause informational or physical damage are actually acts of sabotage, a part of espionage.

Cyber espionage has three main properties: it is anonymous, it can be done by a single person or very few people and it can be defended against perfectly.

Thus, a counterattack in case of cyber espionage is impossible as you can't ever be sure who the attacker is, and they might be just a few independent hackers messing around. The optimal course of action is to prepare the defences to resist such an attack, by securing the networks, not placing critical infrastructure on the net, forcing employees to obey security protocols and finally hiring whitehats to test the defences.

Now on the other hand, there IS such thing that can be called:

Cyber warfare

Cyber warfare is also called a denial of service attack, and is fundamentally different from cyber espionage. It's purpose is always the same simple thing: prevent a machine to be accessed from the Internet. Its dangers are that it can disrupt and cause huge losses to companies providing services through the Internet, it can block access to infrastructures that can only be controlled online, and it can prevent the public from accessing certain pieces of information.

Cyber warfare is not anonymous, done by a large number of IP addresses, and can't be defended against. While it can be done by a national "cyber army", even in this case physical retaliation is not advised. It's much easier to just not accept incoming connections from said country untilthe problem is resolved in a diplomatic way. Also, a DoS attack can be done by a group of insurgents/activists or a single botnet controller. In the first case, they should be reported to their country, asking them for action in a form of "cyber ultimatum": if they don't disconnect and investigate those users, connections from the whole country will be blocked. In the case of hacked computers, the owner of the Internet connection should be held responsible for securing it. Thus, even a cyber warfare scenario could be handled without resorting to violence.

Sadly, the Pentagon is full of these aggressive lunatics, and it's even more said that the American government does little against this nonsense.

Re:Very dangerous doctrine (1)

bouldin (828821) | more than 2 years ago | (#38210802)

I pretty much agree with your conclusions, but have a couple quibbles.

Cyber warfare is also called a denial of service attack, and is fundamentally different from cyber espionage.

Cyber warfare is not anonymous, done by a large number of IP addresses, and can't be defended against.

You're right that the purpose of an attack is to disrupt the target machines, but it won't always be a DDOS attack. Stuxnet was a worm with a targeted payload; if the German researcher hadn't found it and gone public, Iran might not have ever figured out why their centrifuges weren't working as anticipated.

But Stuxnet doesn't fit neatly into cyberwarfare. I'd say it fits better into a third category: Covert Action, which is, by design, deniable.

But, yeah, I totally agree that this is unnecessary saber rattling.

Re:Very dangerous doctrine (1)

T Murphy (1054674) | more than 2 years ago | (#38215440)

The government is simply trying to define what would be an act of war, as opposed to leaving it undefined. If you're so afraid of aggressive lunatics in the Pentagon you should be very happy the government is preventing them from having free interpretation of what to consider an act of war.

While I agree that it is difficult, if not impossible, to squarely attribute an attack as sponsored by a foreign government, I think it would be bad policy to say we will never consider a military response to any form of cyber attack. If we were at war with China, I would expect them to do all they can to disrupt our economy and infrastructure using cyber warfare. Now picture that same cyber attack but without being at war. Sure, we shouldn't respond by firing a missle the moment we have a hunch who is attacking us, but any non-military threats we make to try to end the attack would be a lot stronger if it is known the next step is to consider physical retaliation (and might encourage the usual suspects to play nice so as to avoid being falsely accused).

That said, I don't want the warmonger types making the calls on this, as I don't expect we could reasonably move beyond just threatening physical retaliation given the uncertainties involved.

wholesale NFL jersey (1)

jersey123456 (2485408) | more than 2 years ago | (#38210048)

If you like footy, you most likely have a favourite footy Wholesale NFL jerseys [jerseymall.biz] league or & have a list of players who like to see. A great way to show your loyalty to the team is through the use of NFL jerseys that sport your team colors, logo & name. If you are in to a specific player, you can receive a replica of his shirt & show everyone that you think is the boss. NHL jerseys [jerseymall.biz] wholesale nfl jerseys are stylish & sports, & NBA jerseys [jerseymall.biz] you won't must pay an arm & a leg to get!Thanks to the Net, the net store of the NFL fans of all teams the chance MLB jerseys [jerseymall.biz] to buy high quality wholesale NFL Jerseys without leaving home.

Attack the internet (1)

chrismcb (983081) | more than 2 years ago | (#38210558)

So the US wants to physically attack the internet? The same one that they designed to sustain a nuclear attack?

Technical attribution is a fantasy (1)

bouldin (828821) | more than 2 years ago | (#38210730)

Kudos to wiredmikey (and the ed?) for capturing that attribution of an attack is the key sticking point for military response.

Attributing attacks in a packet switched network like the Internet is just a fantasy.. Sure, you can trace an attack back to, say, China, but how do you know the attack originated there? You don't, unless China cooperates and gives your forensics experts access to their networks. Which probably will not happen.

So the hawks want to shore up some credibility for attribution. Here is the plan, from the linked DoD PDF:

This research focuses on two primary areas: developing new ways to trace the physical source of an attack, and seeking to assess the identity of the attacker via behavior-based algorithms.

Nice try Pentagon, but statistically-powered voodoo does not overcome the problem here: that the attacking machines could be controlled from anywhere, possibly even through teh 7 proxies. Lulz.

Maybe we should listen to the National Research Council when they write "deterrence of cyberattacks by the threat of in-kind response has limited applicability." (NRC Report, p.5 [nap.edu])

I'll close with a suggestion: why not, instead of focusing on how and when we get to launch attacks, focus on bettering our defenses?

Re:Technical attribution is a fantasy (1)

Opportunist (166417) | more than 2 years ago | (#38211526)

Attributing attacks in a packet switched network like the Internet is just a fantasy.. Sure, you can trace an attack back to, say, China, but how do you know the attack originated there? You don't, unless China cooperates and gives your forensics experts access to their networks.

I'd say you might be onto something here. "Allow us to do a search of those computers there. What? No, we don't care if they contain trade secrets (nudge, nudge, wink, wink), but they attacked us! And you don't want us to retaliate, do you? If you didn't do anything wrong, you have nothing to worry about."

Genius (0)

Anonymous Coward | more than 2 years ago | (#38210838)

That's a genius idea, you finally found a reason to bomb/invade every country in the world, or at least the ones that have internet access.

Blahblahblah IAAL, IANYL (2)

cemulli (1374641) | more than 2 years ago | (#38211318)

First, I'm a pacifist doing research into cyber deterrence and self defense, so I'm really interested in this topic and what /. posters have to say on it. I studied international law purely to understand these sorts of issues, so here's some of the information that I gleaned from research.

As others have pointed out, technical attribution is unattainable right now. You'd think this would be a deterrent, but there are some legal theorists out there that suggest imputing responsibility to the country that is hosting the attackers. Think back to the U.S. invading Afghanistan because they were harboring Al Qaeda. Currently, international law permits a state to be held responsible if they have “indirect responsibility” for the actions of third parties within their borders, which means that the state had neglected its duty to prevent persons within its borders from perpetrating crimes against other states. However, if the victim state strikes back, their targets must be limited to the non-state actor attacker unless their lawful cross-border operations are opposed with force by the host state. So, there's still an attribution problem, it's just closer to the legal grey area.

Going back to the original question of when a cyberattack might warrant a kinetic counterstrike, I'm going to delve into the really boring legal terminology here. There are several different areas of law to look at. First, you have the jus ad bellum (or jus in bello, depending on what stage of the conflict you're in) requirements of military necessity, proportionality, and distinction under the law of war. Distinction just means you can, for the most part, avoid targeting noncombatants. Whether the necessity requirement is met involves determining whether a more peaceful resolution would be possible, evaluating the nature of the aggression and each party’s objectives, and estimating the likelihood that intervention would be effective. Proportionality requires the response to be limited to the amount of force that is reasonably necessary to interrupt an ongoing attack or to deter future attacks, but does not require the response to be limited to the amount or type of force initially used by the attacker. So the main things that they would be evaluating, if they're following the laws of war, would be necessity and proportionality.

Then, you have Articles 2(4), 39, and 51 of the United Nations Charter to give additional guidance (insofar as they can). Under 2(4), uses of force are prohibited. Under 39, responses to uses of force have to be approved by the UN Security Council, or they can be justified as self defense under Article 51. But Article 51 also requires the initial attack to have been an "armed attack," which probably means something more than a "use of force," which is ever so helpful since the UN Charter was written only with kinetic attacks in mind anyway. When people are talking about applying these provisions to cyberattacks, a bunch of legal scholars have come up with several different names for the same thing - look at the attack, then figure out if it's the kind of attack that would be prohibited under 2(4) (maybe considering the action itself or its effects), and then decide from there whether self defense is justified under Article 51. So basically, no, I don't have much of an answer, I just have a lot of tests to look at for case-by-case situations. Lawyers suck like that.

One of my sources for some of this information: David E. Graham, Cyber Threats and the Law of War, 4 J. NAT'L SECURITY L. & POL'Y 87

TL;DR - This question (when can cyberattacks justify kinetic attacks in response) is hard. But if a cyberattack went after a country's SCADA system, causing a failure in the electrical grid or dumping sewage into the water supply, I'd say that's probably the easiest situation where a kinetic response would be permitted under the law. Asked another way, if Stuxnet had caused a nuclear meltdown that destroyed more property and injured a lot of people, instead of simply breaking some centrifuges, would a kinetic counterstrike have been justified? Probably. (Not that we know for sure what all of the effects were OR who was behind it, but let's just pretend that we live in a world that has some, or any, degree of certainty)

Totally not a topic I like to think about before sleep. But there's some of it.

Just be effin' glad Cuba ain't no superpower (1)

Opportunist (166417) | more than 2 years ago | (#38211512)

They might have included in their doctrine when starving the economy and blocking international trade becomes enough of a reason to send missiles.

Easy (0)

Anonymous Coward | more than 2 years ago | (#38213900)

"So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?"

The real-world answer is easy: Whenever it is convenient.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...