Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Cyber Command Discloses Offensive Cyberwarfare Capabilities

samzenpus posted about a year and a half ago | from the decker-brigade dept.

Security 136

MojoKid writes "Earlier this week, the newly minted head of the United States' Cyber Command team and NSA head General Keith Alexander told assembled lawmakers that the U.S. has created an offensive cyberwarfare division designed to do far more than protect U.S. assets from foreign attacks. This is a major change in policy from previous public statements — in the past, the U.S. has publicly focused on defensive actions and homegrown security improvements. General Alexander told the House Armed Services Committee, 'This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we're creating are for that mission alone.' This is an interesting shift in U.S. doctrine and raises questions like: What's proportional response to China probing at utility companies? Who ought to be blamed for Red October? What's the equivalent of a warning shot in cyberspace? When we detect foreign governments probing at virtual borders, who handles the diplomatic fallout as opposed to the silent retribution?"

cancel ×

136 comments

Sorry! There are no comments related to the filter you selected.

WORD: NUKE EM NOW !! (1)

Anonymous Coward | about a year and a half ago | (#43177287)

And that'll be that !!

Re:WORD: NUKE EM NOW !! (1)

stevew (4845) | about a year and a half ago | (#43179181)

I think we're in for a whole new Code War. I'm sorry - I just couldn't help myself.

Earn Money (-1, Troll)

sutabipo (2865937) | about a year and a half ago | (#43177289)

http://www.cloud65.com/ [cloud65.com] like Lisa said I didn't know that anyone able to make $5491 in a few weeks on the computer. did you see this site link

If you want peace prepare for war (5, Insightful)

roman_mir (125474) | about a year and a half ago | (#43177305)

Sure, the saying goes: if you want peace prepare for war.

But what if you do not want peace, what if war proved to be much more profitable for people who are top ranking political officials and their buddies? Well, then you accuse everybody else of wanting war and attack first.

So this here I came up with just now: If you want war, accuse others of warmongering and attack them.

Re:If you want peace prepare for war (1)

Anonymous Coward | about a year and a half ago | (#43177437)

It's fine by me. As an employee for a government contractor, these wars have made me and co-workers very rich.

Attacking first is what you SHOULD do when you have the upper hand in military strength. It's what has made and kept the United States the mightiest, richest, most influential nation in the history of mankind.

It's a win-win situation.

Re:If you want peace prepare for war (1)

Motard (1553251) | about a year and a half ago | (#43177617)

I think it's just a response to China; "Nice firewall you got there. It sure would be a shame if something happened to it...."

Re:If you want peace prepare for war (0)

Anonymous Coward | about a year and a half ago | (#43179339)

Dinsdale...?

Re:If you want peace prepare for war (1)

Anonymous Coward | about a year and a half ago | (#43180479)

It's fine by me. As an employee for a government contractor, these wars have made me and co-workers very rich.

Attacking first is what you SHOULD do when you have the upper hand in military strength. It's what has made and kept the United States the mightiest, richest, most influential nation in the history of mankind.

It's a win-win situation.

You are a fool,

The United States is not the mightiest. It could be, but only if you are counting Nuclear Warheads, but why do you need 100 when 1 would have the same effect.

The United States is not the richest. No, The US does have the highest nominal GDP, but it also has the highest debt. It is nowhere near the top of GDP Per Person.

As for the most influential, now I know there is something wrong with you, the US still hasn't adopted the metric system.

I can troll too!

Re:If you want peace prepare for war (1)

tehcyder (746570) | about a year and a half ago | (#43180633)

The trouble is, you might well be serious.

Re:If you want peace prepare for war (3, Insightful)

Bearhouse (1034238) | about a year and a half ago | (#43177441)

I think, and hope, that history has taught our military leaders plenty.
BTW, they are forced to study a lot of history on their way up the greasy pole.

Hence, they certainly know that whilst limited war, if there is such a thing, can indeed lead to vast profits, unlimited war surely leads to ruin.

Of course, we are both gloriously off-topic...what is about is simply one nation-state recognising real and/or potential threats, and organising to counter them. I'm fine with that.

Re:If you want peace prepare for war (2)

roman_mir (125474) | about a year and a half ago | (#43177521)

Hence, they certainly know that whilst limited war, if there is such a thing, can indeed lead to vast profits, unlimited war surely leads to ruin.

- whose ruin?

Once you are ready to start a war for your profit, what do you care who it ruins? Anybody starting a war for a profit by definition proves that he doesn't care about anything at all, killing, destruction, where is the question? It doesn't matter who, and if it's women and kids... you just don't lead them as much. Ain't war hell?

Looks like they never want to end wars nowadays, the longer the better, the longer the more profit certain people make and notice that with every war the population got the shaft regardless of the outcome. The silly people rooting for their side, they think they can win a war. Americans have lost every war, even when the battle is won, freedoms are lost. The very first income tax was introduced during the Civil war. The very first paper money were printed by government for the Civil war. The estate and gift tax came because of WWI, the Fed got power to monetise Treasury debt because of WWI. The withholding tax was introduced in 1942 as an 'emergency tax'. Patriot act exists today as the result of 'war on terror'.

Certainly the people don't come on top in these wars, the system gets more entrenched, it gets more power and the individual freedoms get crushed.

Re:If you want peace prepare for war (1)

fustakrakich (1673220) | about a year and a half ago | (#43177445)

So this here I came up with just now: If you want war, accuse others of warmongering and attack them.

Yeah, you were the first to think of that :-)

Re:If you want peace prepare for war (1)

roman_mir (125474) | about a year and a half ago | (#43177539)

Clearly not the first, the people who use this tactic did.

Re:If you want peace prepare for war (0)

The Grim Reefer (1162755) | about a year and a half ago | (#43177509)

So this here I came up with just now: If you want war, accuse others of warmongering and attack them.

I don't think you are the first to come up with that.

Re:If you want peace prepare for war (-1)

Anonymous Coward | about a year and a half ago | (#43177611)

Yeah - how about GW Bush and Cheney? Who profited from Iraq? Oh duhhhhh......

Re:If you want peace prepare for war (2)

radtea (464814) | about a year and a half ago | (#43177601)

Sure, the saying goes: if you want peace prepare for war.

The saying is military propaganda. If you want peace, prepare for peace.

If anyone doesn't know what "prepare for peace" means--or thinks it means "surrender"--they are part of the problem, too ignorant to partake in this discussion, unable to see that there are options that are better than war (and since war is both on theoretical and empirical grounds the least efficient, least effective solution to any problem there are always options better than war.)

Re:If you want peace prepare for war (0)

Anonymous Coward | about a year and a half ago | (#43177993)

You mean like CCTV justifying government intrusions into Google's codebase and dissidents' gmail accounts by claiming that Google is an espionage front for the US government? That fits your description and it happened in 2010.

Han Solo fired first. (4, Funny)

Eunuchswear (210685) | about a year and a half ago | (#43177317)

Stuxnet.

Re:Han Solo fired first. (3, Informative)

amicusNYCL (1538833) | about a year and a half ago | (#43177359)

Stuxnet, discovered in 2010, was hardly the first salvo to be fired.

http://en.wikipedia.org/wiki/Titan_Rain [wikipedia.org]
http://www.time.com/time/magazine/article/0,9171,1098961-1,00.html [time.com]

Re:Han Solo fired first. (2)

girlintraining (1395911) | about a year and a half ago | (#43177819)

Stuxnet, discovered in 2010, was hardly the first salvo to be fired.

It was the first one to be noticed by the mainstream media and the peripheral bloggers. Yes, those of us who have been here, in the industry, know better. But then, we still consider hacker to be a term worthy of respect... not synonymous with electronic terrorism. What our community knows and understands, and what the larger society knows and understands, with regard to our community and the study and practice of our art, is worlds apart.

Re:Han Solo fired first. (0)

Anonymous Coward | about a year and a half ago | (#43178047)

Holding on to "hacker" is like holding on to "patriot"
Forget it, it's gone and it's out of your control.

Re:Han Solo fired first. (2)

thejynxed (831517) | about a year and a half ago | (#43178921)

That's because to them, we are the Merlins of the modern world. We make magic happen. They don't care to understand the how or why, just that it is done and it works. I don't even think they can comprehend the how or the why, to be honest.

Honestly, someone smarter than I am could probably turn all of the esoteric things found in IT into a major world religion and make serious bank doing so.

If it worked for goatherders, carpenters, and fishermen in ancient days, and some hack novelist in the 1950s/1960s, it can be done with even greater panache today.

Re:Han Solo fired first. (2)

girlintraining (1395911) | about a year and a half ago | (#43179069)

Honestly, someone smarter than I am could probably turn all of the esoteric things found in IT into a major world religion and make serious bank doing so.

While I can't speak on behalf of everyone smarter than you, in my own case, I wouldn't do it because, like most of my intelligent friends, the more we learn, the less we wish to use our knowledge and learning for personal gain at the expense of others. It seems that the desire for power is inversely proportional to the desire for knowledge. It's not often you find the two together... and even when you do, it's usually for a specific goal, rather than sought after in its own right. Most often, the highly knowledgeable consider the journey to acquiring that understanding of the world to be its own reward.

I might perhaps go even farther and suggest that human intelligence, in and of itself, is intrinsically social, which is why people who are anti-social tend to be of low general intelligence. Note that by saying it's inherently social, I do not mean intelligent people are inherently sociable, or that you can't be both highly intelligent and have all the personality of a doorstop. What I mean is, intelligence compels us to seek cooperative enterprise with others.

Re:Han Solo fired first. (1)

tehcyder (746570) | about a year and a half ago | (#43180683)

In terms of founding a religion, you face the slight problem of the charisma vacuum found in most IT experts.

Re:Han Solo fired first. (0)

Anonymous Coward | about a year and a half ago | (#43179901)

It was the first one to be noticed by the mainstream media and the peripheral bloggers.

A notoriously stupid bunch.

Re:Han Solo fired first. (1)

tehcyder (746570) | about a year and a half ago | (#43180653)

The "community" also includes hackers/crackers for hire to governments and criminals, so I wouldn't big it up too much.

Re:Han Solo fired first. (1)

jjp9999 (2180664) | about a year and a half ago | (#43178705)

I think Buckshot Yankee was one of the first major ones (unless you count the Blaster Worm).

Re:Han Solo fired first. (1)

KGIII (973947) | about a year and a half ago | (#43179665)

Your post made me think of this from the description:

This is a major change in policy from previous public statements — in the past, the US has publicly focused on defensive actions and homegrown security improvements.

I've always assumed we had offensive capabilities and have never doubted we did. I suspect we are hearing about it publicly due to the recent news-making attacks from China. I'd have honestly been shocked and disappointed to find out that we hadn't prepared and we actively working in this area. I think it is a requirement for every warring nation to have such capability and I assume the non-third world countries all have such capacity.

So, no, I don't think this is the first salvo, nor are your links, as I think that we've likely had this capacity for quite some time. It seems likely.

Re:Han Solo fired first. (1)

Eunuchswear (210685) | about a year and a half ago | (#43180803)

Stuxnet, discovered in 2010, was hardly the first salvo to be fired.

http://en.wikipedia.org/wiki/Titan_Rain [wikipedia.org]
http://www.time.com/time/magazine/article/0,9171,1098961-1,00.html [time.com]

But those are examples of espionage, not warfare.

Stuxnet wasn't espionage, it was an attempt to destroy things.

That's easy (5, Funny)

Anonymous Coward | about a year and a half ago | (#43177323)

>What's proportional response to China probing at utility companies?
Redirect all traffic coming from the Peoples Army to goatse.
>Who ought to be blamed for Red October?
Sean Connery. What kind of Russian has a Scottish accent. "I know this book. Your conclusions were all wrong. Halsey acted foolishly."
>What's the equivalent of a warning shot in cyberspace?
Redirecting the Great Firewall to Justin Bieber's Twitter feed. Or making a press release detailing our cyberwarfare capabilites.
>When we detect foreign governments probing at virtual borders, who handles the diplomatic fallout as opposed to the silent retribution?
If there is diplomatic fallout then it wasn't really "silent retribution" was it? Take turns making it alternately look like Anon or Isreal.

Re:That's easy (1)

girlintraining (1395911) | about a year and a half ago | (#43179167)

Take turns making it alternately look like Anon or Isreal.

Isreal is totally a real country. Israel is just a typo.

Re:That's easy (0)

Anonymous Coward | about a year and a half ago | (#43181115)

"Who ought to be blamed for Red October?" should be "Tom Clancy" instead. The movie was popular, but the book was popular and being quoted by the (literate) public long before the making of the movie.

"This job ages you like you wouldn't believe, son. (1)

Impy the Impiuos Imp (442658) | about a year and a half ago | (#43177343)

Ten years from now, a Pulitzer Prize winning photo of President Christie, or maybe President Hillary, in the War Room, head slung low, hand across furrowed brow.

"President micro-managing the war, agonizes over accidental bombing of Habbo Hotel."

joshua (2)

Joe_Dragon (2206452) | about a year and a half ago | (#43177395)

joshua is the logon no password needed.

Re:joshua (2)

guttentag (313541) | about a year and a half ago | (#43178135)

joshua is the logon no password needed.

We replaced the "joshua" account with the "mrpotatohead" account 30 years ago after some idiot filmmaker [imdb.com] exposed all our back doors.

Re:joshua (0)

Anonymous Coward | about a year and a half ago | (#43181267)

Exposed? Backdoors are not secrets!

Just a new way for defense contractors to get paid (4, Insightful)

MetalliQaZ (539913) | about a year and a half ago | (#43177405)

This nonsense is merely a result of defense contractors managing to convince the decision-makers that this kind of capability is necessary. Some imagined threat of "cyberwarfare" (that at most could do about the same damage to the United States as a widespread power outage) is used to justify spending untold billions on a division of... what? Are these people supposed to be hackers? information gatherers? Cyber-warriors just sounds cool I guess. Let's go through the fundamentals: Who is the enemy? What threat do they pose? What damages have we suffered in the past that could have been prevented? What kind of damage could be inflicted using what weapons, exactly? What does international law say about this activity? How closely can this related to actual war? I doubt lawmaker in that hearing could answer any of those questions accurately.

As if American companies like Google aren't already leading experts in online security. Google is full of smart people, they can take care of their own front gate.

We live in an exciting time. Stuxnet opened Pandora's box, so-to-speak. However for all that technology, I'm more worried about lunatics with assault rifles. That stuff is REAL.

Re:Just a new way for defense contractors to get p (2, Insightful)

joe_frisch (1366229) | about a year and a half ago | (#43177621)

Cyberwarfare has the potential to do LOT of damage. If every file on your home computer and backups were wiped out, how many of your hours would it take to recover. Multiply by say 100 million. Multiply by the value of the average computer users time. If say 100 million credit card numbers were stolen and used to make say a billion random small on-line purchases, what would it cost to back it all out? What are the digital rights to all of your paid-for content and software worth? Again multiply by 100 million.

We live in a society where information is valuable. I think it is a mistake to only consider the physical damage that cyber-warfare could cause.

I'm not saying that there is a credible attack that could do any of the above, just that low-security systems collectively represent a high value target, so it makes sense to consider how to protect against such an attack. I have no idea if the specific plans of the US make any sense.

I'd like to see some international treaties on cyber warfare to understand what sorts of attacks and responses meet international law.

Re:Just a new way for defense contractors to get p (0)

radtea (464814) | about a year and a half ago | (#43178083)

Nice use of the Standard Template for Pro-Government Action:

1) Lead with wildly exaggerated scenario that you make out to be super-scary

2) Middle paragraph that's patriotic and tough-sounding without actually saying anything that anyone doesn't already know, but presented as if its some kind of special revelation that only a super-tough uber-patriot could possibly have come up with.

3) Close with a polite disavowal of the lead paragraph's wildly exaggerated super-scary scenario, so no one can call you out for promoting fear and arguing from completely unrealistic threats.

The only place where you lose points is that your original scenario is too transparently lame. Losing all our cat pics is going to cost the economy a million dollars per person? I don't think so.

Re:Just a new way for defense contractors to get p (1)

joe_frisch (1366229) | about a year and a half ago | (#43179135)

Where did you get the "million dollars per person"? $1K/person is a total loss of 100B.

Re:Just a new way for defense contractors to get p (1)

Anonymous Coward | about a year and a half ago | (#43177867)

Defensive tech always lag offensive tech. The best deterrent is always the psychological one backed by offensive capability -- instead of intercepting the actual bullet, you intercept the very thought of firing that bullet by clearly defining the consequences of such action. This is basic doctrine whose rationale Slashdotters readily accept with regard to Iran's and North Korea's pursuit of weapons, yet somehow choose to mire themselves in morality here.

Stuxnet didn't "open Pandora's box"
http://en.wikipedia.org/wiki/Titan_Rain [wikipedia.org]
http://en.wikipedia.org/wiki/Operation_Aurora [wikipedia.org]

Deaths caused by "lunatics with assault rifles" are insignificant in number compared to those caused by poor teenage urban males with handguns and zero conflict management skills.
http://www.huffingtonpost.com/j-travis-smith/gun-control_b_2396473.html [huffingtonpost.com]

The lives lost of the students and teachers of Sandy Hook were no more precious or tragic than the victims of murders occurring daily. The sheer rate of death caused by a single assault rifle pushed this event into the spotlight, although assault rifle death tolls are dwarfed by handguns in aggregate. As an example, the death toll of all mass shootings nation-wide in the 13 years since Columbine totals 273, while drive-by shootings in LA during a single year total 277.

Re:Just a new way for defense contractors to get p (1)

tehcyder (746570) | about a year and a half ago | (#43180709)

I don't disagree, but the fact is that a plane crash killing a few hundred people at once is bigger news than a couple of hundred road traffic deaths in aggregate.

There is a reason why the 9/11 terrorists chose planes and large, famous targets, rather than assassinate a few thousand ordinary citizens one at a time over a period of years.

Re:Just a new way for defense contractors to get p (0)

Anonymous Coward | about a year and a half ago | (#43180877)

Cyber-Range already here. Using VM, a complete simulated network in a rack.
A poor substitute, for the Chinese mass production of crackers, operating on like systems ie, RSA etc.
It seems the military has found an excuse not to recruit from hacker fests, and exercise on simulations months old.

Did anyone get bingo? (1)

Elbereth (58257) | about a year and a half ago | (#43177407)

I got cyberspace, cyberwarfare, virtual, and cyber command.

Also: "begs the question" does not mean what you think it means.

Re:Did anyone get bingo? (0)

Anonymous Coward | about a year and a half ago | (#43179371)

His obvious reference:
Logical Fallacy Bingo [lifesnow.com]

There is no such thing as a cyberwar (2)

Hentes (2461350) | about a year and a half ago | (#43177413)

It should be called cyber espionage, and handled as an intelligence issue. Just like there's always spying, there will never be a "cyber peace". Threatening with a counterattack is based on a bad analogy, and doesn't work in this scenario.

Re:There is no such thing as a cyberwar (0)

oodaloop (1229816) | about a year and a half ago | (#43178723)

Stuxnet was an attack, not espionage so yes it does work in this scenario. Oh, and you're an idiot.

Re:There is no such thing as a cyberwar (1)

Hentes (2461350) | about a year and a half ago | (#43179113)

Sabotage is a part of espionage.

Re:There is no such thing as a cyberwar (1)

Alex Belits (437) | about a year and a half ago | (#43180085)

No, it is not, it's an act of war while espionage is not.

Unless applied to playing TF2, of course.

No it doesn't. (0)

Anonymous Coward | about a year and a half ago | (#43177431)

This is an interesting shift in US doctrine and begs questions like:

No it doesn't. [wikipedia.org]

Re:No it doesn't. (1)

DragonWriter (970822) | about a year and a half ago | (#43177565)

No it doesn't.

Sure it does: and your source agrees. Definitions are set by usage, and see the section on "Modern Usage" in the article you cite.

Re:No it doesn't. (1)

nametaken (610866) | about a year and a half ago | (#43179521)

That's pretty funny.

I guess it's one of those situations where the new use is far more common than the old one, so we might as well acknowledge it.

Re:No it doesn't. (1)

tehcyder (746570) | about a year and a half ago | (#43180735)

That's pretty funny.

I guess it's one of those situations where the new use is far more common than the old one, so we might as well acknowledge it.

Fine, so we have to use another more cumbersome phrase instead, thanks to the laziness, ignorance and illiteracy of a bunch of morons on the internet. Great. Newspeak gets ever closer.

Sometimes, I wish we could go back to everyone using Latin in any sort of formal communication. You try saying that "petitio principii," now means simply suggesting a question rather than referring to fallacious circular reasoning.

Why CyberWar? (0)

Anonymous Coward | about a year and a half ago | (#43177533)

Cyberwar is kinda dumb when you can instawin with an EMP!

Right (0)

Anonymous Coward | about a year and a half ago | (#43177567)

Just scare tactics.

Total BS (-1, Flamebait)

NetNinja (469346) | about a year and a half ago | (#43177605)

What kind of subtrifuge bullshit is this?

Does this go along the same lines of "the dangerous Satellite could leak hydrazine if it hit the Earth and we need to shoot it down with a Destroyer mounted Sea to space missle?
I guess it will now be OK if the U.S. openly tells the world to prepare for the U.S. to strike by cyber attack.

Military versus civilian (4, Insightful)

girlintraining (1395911) | about a year and a half ago | (#43177607)

I'm deeply troubled by the lack of understanding that most major world governments have regarding information technology. These are people who still believe copying a file is theft, that the internet and the world wide web are synonymous, and that using encryption must mean you're a criminal. As they do not understand many of the fundamentals of information technology, how can we expect them to make reasonable and informed decisions about the use of the military in response to threats against that infrastructure?

We have had a disasterous serious of wars starting with Vietnam due to a lack of understanding (or willful ignorance) by politicians, leading to massive loss of life because they completely lacked situational awareness. In Iraq, the picture of Bush sitting in front of his "Mission: Accomplished" banner is a running joke even to this day, not because we didn't "beat" Iraq, but because we got stuck in a quagmire of tribal politics, shifting political opinions at home, and soldiers that were not trained for the new paradigm of urban warfare. Our military has traditionally not been a police force, and yet increasingly that's what we're using it for, with disasterous results. The road has not been smooth. I mean no disrespect to our military, or any of the militaries of the world in this, but it's something that institutionally has taken a long time to even approach this point.

When we look at this in a historical context, it becomes clear exactly just how dangerous a military response to an IT crisis would be. The President is talking about an "internet kill switch", as are many other governments. This kind of thinking is wrong-headed and shows a remarkable lack of understanding of both the economic and sociopolical consequences of such a thing, let alone were it even technologically feasible without a massive outlay of funds in the middle of a global recession.

The notion that we need to protect ourselves from foreign powers attacking our critical electronic, financial, and informational assets is unquestionably sound. But tasking the military with this protection, with the current command staff and structure, is intrinsically dangerous. In layman's terms, they don't know what they're doing.

There needs to be a radical paradigm shift in military doctrine to even approach this new battlefield, let alone participate responsibly and meaningfully in it. In this field, the idea of units, divisions, generals, etc., have no analogue. Amongst our senior and most capable information technology assets, peer collaboration and decentralized information gathering and sharing is vastly more effective than the traditional military hierarchy. We need the capability to tear down and rebuild teams as needed, in a fluid and dynamic environment where individual soldier-actors within it are afforded a wide degree of freedom to make individual judgement calls. This is not a battlefield that is amiable to traditional tactics like "Throw 10,000 people at it. Stop when it dies."

What I've seen so far is that the people who would call upon these military assets are completely uninformed about what they are realistically capable of, their relative strengths and weaknesses, and the costs and risks involved. Most of the people in the military are underinformed about this as well, but they are improving at (for an institution) a remarkable rate. They are still far behind.

In light of all of this... I have serious reservations about going offensive. We're not even sure what we're defending yet, or how, or why. It's all shades of grey, and when we're talking about taking military action, grey isn't tolerable.

Re:Military versus civilian (0)

Anonymous Coward | about a year and a half ago | (#43178117)

Hao gu-niang, kang Mei Di de xuanchuan bei de heng liuli. Jiefangjun gan xie ni.

Re:Military versus civilian (1)

guttentag (313541) | about a year and a half ago | (#43178685)

I think the AC just patted GirlInTraining on the head on behalf of the People's Liberation Army and called her a "good girl" ... and something about tycoons and seeing things through colored glass...

Re:Military versus civilian (1)

tehcyder (746570) | about a year and a half ago | (#43180767)

I think the AC just patted GirlInTraining on the head on behalf of the People's Liberation Army and called her a "good girl" ... and something about tycoons and seeing things through colored glass...

Google translate came up with absolutely nothing. Do you have to input Chinese in Chinese characters for it to work?

That's not very helpful if you know no Chinese.

Re:Military versus civilian (1)

Phrogman (80473) | about a year and a half ago | (#43178365)

When you elect politicians based on the promises they make combined with the money they can generate from large corporations, and not really based on their experience and knowledge (you got rid of Clinton - a Roads Scholar - because of an overblown sex scandal, but kept Bush for a 2nd term), of course its doubtful that those making the decisions will be informed or aware of the details and consequences of their decisions. Politicians who have more concern about getting re-elected so they can better change things for their sponsors/owners are not the best people to make such decisions. Unfortunately there doesn't seem to be a better system :(
The military personnel will hopefully be quite knowledgeable and aware of their capabilities and responsibilities and can advise the politicians appropriately. However that said, The Military are sadly rather slow to adapt to change.

Re:Military versus civilian (0)

Anonymous Coward | about a year and a half ago | (#43178749)

We didn't get rid of Clinton. He served just as long as G W Bush. He was only admonished for his sexual impropriety.

Re:Military versus civilian (1)

thejynxed (831517) | about a year and a half ago | (#43178861)

Clinton was already in his law-defined second term (strange that we have Presidents and some Governors with limits, but not any of the rest).

Re:Military versus civilian (1)

thoth (7907) | about a year and a half ago | (#43178967)

So let's see... complaints about politician that suck, and the military gets to clean up their mess. Well yeah, that's the system, military is under civilian control and gets stuck making the impossible happen.

When we look at this in a historical context, it becomes clear exactly just how dangerous a military response to an IT crisis would be.

And what would the civilian response be? Punt the blame to someone else, deny a problem exists, bribe congress to create laws to mask corporate inaction? Wouldn't want to touch those profit margins when it is cheaper just to ignore the real problem and declare tampering illegal. I'm not sure you grasp what it is the military does when the shit hits the fan enough for them to be called on.

But tasking the military with this protection, with the current command staff and structure, is intrinsically dangerous. In layman's terms, they don't know what they're doing.

And civilians or private corporation do? If private corporations actually DID understand what they were supposed to do, wouldn't we have nothing to worry about because they would have already taken care of security problems and infrastructure protection? There wouldn't be any bugs in critical systems at all, amirite?

fluid and dynamic environment where individual soldier-actors within it are afforded a wide degree of freedom to make individual judgement calls.

Yeah right. The analogy you're describing is like some low level IT grunt at megacorp incorporated deciding to fix a bug in a live production system for a client, on their own, with no approval or supervision, by rewriting a critical component in their favorite language that nobody else knows or supports, and deploying it without testing.

Things will work a little different when your actions may be construed as an act of war against a foreign power.

What I've seen so far is that the people who would call upon these military assets are completely uninformed about what they are realistically capable of, their relative strengths and weaknesses, and the costs and risks involved.

So yeah, politicians generally aren't elected for their depth of IT knowledge...

Most of the people in the military are underinformed about this as well, but they are improving at (for an institution) a remarkable rate. They are still far behind.

Where do you get this from? Metrics pulled out of your ass? The military is large, covering people from mechanics to doctors to attorneys to combat fighters to command to technical folks. I could easily point out large tech companies I've worked for where probably 50% of the workforce didn't know jack about technical details either, since they were sales, legal, accountants, or support staff.

Re:Military versus civilian (0)

Anonymous Coward | about a year and a half ago | (#43180661)

Sounds fine. However, you're not the president of the USA nor any of his sponsors, so your concerns will remain unheard.

Why be so defensive about it? (0)

Anonymous Coward | about a year and a half ago | (#43177625)

"An offensive team that the Defense Department would use to defend"? That's offensive to logic.

skynet (0)

Anonymous Coward | about a year and a half ago | (#43177655)

uh oh its skynet....

Focus on offensive capabilites is misguided (5, Informative)

GODISNOWHERE (2741453) | about a year and a half ago | (#43177769)

Ralph Langner (the guy who figured out Stuxnet was designed to attack Iran) has been critical of the US's policies of focusing on offensive capabilities while largely ignoring or grossly underfunding defensive capabilities. He wrote a op-ed [nytimes.com] in the NYT about this. Here [langner.com] is his rebuttal to Obama's executive order on critical infrastructure cyber security.

One of the problems with cyber defensive security is that too many companies use "risk assessment", which is inappropriate for security concerns. This is because risk assessment assumes that you are aware of all possible vulnerabilities and what impact these vulnerabilities will have, which is impossible. It is too easy for companies to use a risk assessment model as an excuse for not spending any money on their security, because the costs of security show up on a balance sheet while the benefits do not.

Any serious attack will come from domestic botnets (3, Insightful)

_greg (130136) | about a year and a half ago | (#43177863)

Attacks from identifiable sources in China or Russia are just exploratory research. Any serious attack would be launched from botnets running on computers belonging to citizens and companies in the country being attacked. Counter-attacking will just increase the damage. Poorly designed and maintained computers are like tinder waiting to be set alight and bring down the whole forest.

NSA is being idiotic (2)

gatkinso (15975) | about a year and a half ago | (#43178159)

Their role is to gather intelligence and secure sensitive government information.

That is it.

By developing these capabilities they make themselves a target, which can only negatively impact their primary mission. Maybe another IC member can pick up the SIGINT and crypto role that NSA seems to be abandoning.

Re:NSA is being idiotic (1)

oodaloop (1229816) | about a year and a half ago | (#43178745)

NSA and CYBERCOM are two different commands who have one leader at the moment. NSA has one mission and CYBERCOM has another. NSA is not abandoning theirs.

"US Assets"? (2)

Anonymous Coward | about a year and a half ago | (#43178321)

I wonder what is meant with US Assets, and when (not if) it will include US Intellectual Property.

Re:"US Assets"? (1)

tehcyder (746570) | about a year and a half ago | (#43180779)

I wonder what is meant with US Assets, and when (not if) it will include US Intellectual Property.

Put away the tinfoil hat, I doubt you're going to have cyber-marines on your ass because you downlaoded a couple of Justin Bieber tracks.

Kinetic response to electronic attacks (2)

Nidi62 (1525137) | about a year and a half ago | (#43178453)

If you want to prevent "cyber" war, then let it be known that your policy is to treat every "cyber" action as its physical/kinetic equivalent. If China hacks into and disables a power grid, then treat it as if they sent in a company of paratroopers to take it over or destroy it. If a state steals sensitive information, treat it as if they or an agent walked into a government agency and stole it the old fashioned way, which would at the very least get a diplomat PNG'd. If it is something that would be considered an act of war if a person physically perpetrated the action, then it should be an act of war. Let them know that actions in "cyberspace" will have consequences in "meatspace".

Bonjour Farewell (0)

Anonymous Coward | about a year and a half ago | (#43179435)

Like the good ol' days in mother Russia:
Vladimir Vetrov [wikipedia.org]
A few books and a French movie [wikipedia.org] (also released in America), have been based loosely on his story.

Re:Kinetic response to electronic attacks (0)

Anonymous Coward | about a year and a half ago | (#43179877)

Yeah... Let's just do that when there's horrible issues with attrition.

Re:Kinetic response to electronic attacks (0)

Anonymous Coward | about a year and a half ago | (#43180219)

Sooo... an eye for an i?

It may be an effective strategy, but only if you don't mind abandoning the pretense that you're the 'good guy'.

Re:Kinetic response to electronic attacks (0)

Anonymous Coward | about a year and a half ago | (#43180387)

Because that will never happen, for the same reason there was a 'cold war' which is that the US is far from certain victory in a war with that state. If you think the US would beat China in a war then you are a fool.

Innocent bystanders (3)

gmuslera (3436) | about a year and a half ago | (#43178499)

That war will be fought in internet, and the innocent bystanders will be all of us, that in a way or another have some part of our lives here. No, won't be bullets, but privacy will dissapear (even pretending that you want it or try to give it to others could lead you to getting into political prosecutions [tumblr.com] ), abuses of people in power will be common (like this [4closurefraud.org] , maybe more **AA oriented this time), forbidding not "government approved" encryption, software, technologies and so on.

Considering the investment on space exploration, Mars will be for long time the only "land of the free"

Re:Innocent bystanders (1)

drinkypoo (153816) | about a year and a half ago | (#43181291)

Considering the investment on space exploration, Mars will be for long time the only "land of the free"

Mars will never be the land of the free unless it is terraformed, by which time there will be plenty of time to put boots on throats on mars.

Pure PR (1)

guttentag (313541) | about a year and a half ago | (#43178553)

Today Obama called [nytimes.com] the new Chinese President, Xi Jinping, to congratulate him on his confirmation as head of state and chairman of the people's republic central military commission (he was already General Secretary of the Communist Party of China and chairman of the Party Central Military Commission). In that call, Obama made a point of addressing cyberattacks as one of the most prominent issues in their relationship.

It's no accident that two days earlier NSA Chief Keith Alexander "disclosed" to the House Armed Services Committee that the U.S. has offensive cyberwarfare capabilities, not just defensive capabilities.

I find it hard to believe that this is new information to the members of the Committee. The U.S. has had and used offensive cyberwarfare capabilities for years, even decades. The Internet itself arose from a DARPA project. The "disclosure" is a well-timed veiled threat meant to add teeth to Obama's diplomatic "congratulatory phone call" on his Chinese counterpart's first official day, in much the same way that China just used its congratulatory message [nytimes.com] to new Pope Francis on his first full day in office to warn him not to "meddle" in its affairs and that it hopes their relationship could be improved by cutting ties with Taiwan.

Neither one of these statements change anything. China knows the U.S. has had offensive capabilities for years, and will probably not alter its stance on cyberattacks. The Vatican knows China wants to appoint its own bishops who answer to the Party rather than the Pope, and it will probably not issue a statement saying that "God has decided that the Chinese Communist Party shall be his hand and mouthpiece for 12 million Chinese Catholics."

If anything, Obama is pleading with the new president to tone down the attacks and choose some less-conspicuous targets so he doesn't have to publicly come out against China. And the Chinese are pleading with the new Pope to tone down any statements he may make about China so they don't have to make his bishops disappear (Francis knows [nytimes.com] what it's like to live in a country where people are "disappeared" for political reasons, as in Argentina's "Dirty War" of the 1970s).

Re:Pure PR (0)

Anonymous Coward | about a year and a half ago | (#43180029)

Maybe Mandarin will be the only language spoken world wide one day. But right now I see little difference between them and us. Their a little more honest in their oppression, which may benefit them in the long run.

Either way both economies go to the same rich people who own international corporations, said corporations have assets and money all over the place, so if one economy or nation dies they will never loose out.

Re:Pure PR (0)

Anonymous Coward | about a year and a half ago | (#43180797)

Maybe Mandarin will be the only language spoken world wide one day

Only if they get rid of the retarded idea of pictograms instead of a sensibly sized alphabet.

What? (1)

ThurstonMoore (605470) | about a year and a half ago | (#43178591)

How does this statement make any sense?

'This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace.'

Wouldn't that be a defensive team?

Re:What? (1)

KGIII (973947) | about a year and a half ago | (#43179791)

When the Brits attacked on D-Day they were doing so in defense of United Kingdom. An offensive act may be committed in a defensive capacity in the form of needing to attack in order to get someone to stop attacking you. Make sense?

Congress authorized offensive cyberattacks in 2011 (1)

jjp9999 (2180664) | about a year and a half ago | (#43178739)

This shouldn't be that shocking. Congress authorized offensive cyberattacks in 2011. Remember? We talked about it: http://it.slashdot.org/story/11/12/23/1850209/us-congress-authorizes-offensive-use-of-cyberwarfare [slashdot.org] [Slashdot]

That aside, however, the US can only let itself get punched so many times before it hits back. The Chinese are doing a lot more than just probing our networks, and they've been doing these things for a long time now: http://www.schneier.com/blog/archives/2011/04/wikileaks_cable.html [schneier.com] [ Schneier on Security]

Information warfare (0)

Anonymous Coward | about a year and a half ago | (#43178779)

1984

That is all.

Does not work (2)

gweihir (88907) | about a year and a half ago | (#43178897)

Sure, they keep claiming an "offensive capability" in order to keep the funding flowing, but they can neither target well, nor can they ensure the target is actually vulnerable. What they probably can do is damage civilian infrastructure. That will not impress an attacker and the claim that they can use this to "defend" the US is pure BS. Information attacks done under time pressure are like germ warfare to take out a very specific target: You never know whether your target may turn out to be immune and you will do massive collateral damage. It is no accident it is banned and heavily frowned upon.

The underlying problem is of course that those in power do not get it to any degree. They want an "offensive capability", so one is faked for them as huge cost. It may even have some use, but effective information attacks need a long, long time to be customized for the target and hence are not suitable for use in a war of any degree of dynamics.

Offense or defense? (2)

Stiletto (12066) | about a year and a half ago | (#43178947)

'This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace.'

So which one is it? Offensive or defensive? Why is it that Americans can't seem to distinguish between the two? Here's a country whose "defensive" military is used entirely to bring war to foreign soil. The "Department of Defense" has not defended actual U.S. soil since Pearl Harbor.

Re:Offense or defense? (0)

Anonymous Coward | about a year and a half ago | (#43180041)

Why can't we distinguish between offense and defense? Well how about his. Let's say I decide to dedicate my life to punching you in the face. I just sit there, punching you in the face. You can defend for awhile, but eventually I'm bound to do damage. Or, you could take me out and be safe.

Re:Offense or defense? (1)

Stiletto (12066) | about a year and a half ago | (#43180271)

Your analogy fits: The USA is the one that is dedicating its life to punching others in the face.

Remember the RDF (0)

Anonymous Coward | about a year and a half ago | (#43179019)

Oh ! RDF ? Ah yes. The Rapid Deployment Force. The Pres. Jimmy Carter answer to the Iran 'threat' after elements of the USA DoD personnel aka 'armed forces' invaded Iran in response to the arrests of CIA, DoS and WH employees at the Embassy of Iran in Tehran on charges of spying and engaging in sabotage and other acts against humanity.

Ergo (not Argo) this one will fail like all the rest.

This is getting ugly (1)

manu0601 (2221348) | about a year and a half ago | (#43179351)

  1. 1- Tell China [nytimes.com] that cyberattacks must stop: the enemy is named
  2. 2- Announce offensive force: the weapons are ready
  3. 3- Next step is: use weapons to attack enemy. Then enemy will fight back

This looks ugly, but it seems the only possible scenario since defensive strategies are out of reach because of their cost (replace everything everywhere)

Re:This is getting ugly (1)

Anonymous Coward | about a year and a half ago | (#43180399)

  1. 1- Tell China [nytimes.com] that cyberattacks must stop: the enemy is named
  2. 2- Announce offensive force: the weapons are ready
  3. 3- Next step is: use weapons to attack enemy. Then enemy will fight back

This looks ugly, but it seems the only possible scenario since defensive strategies are out of reach because of their cost (replace everything everywhere)

Funnily enough, China would say exactly the same thing.

So write my own limited TCP/IP stack you say? (0)

Anonymous Coward | about a year and a half ago | (#43179381)

Sounds like they are pretty confident Linux systems will be busted. Has to be some kind of kernel exploit at a low TCP level. I doubt they expect hardened enemy servers to run any services beyond SSH/OpenVPN and TCPIP itself.

So my guess is those are vulnerable and specifically not to be trusted after hearing this announcement.

So what is the solution for a seriously targeted politically active geek (enemy of the state)? Perhaps build a limited TCPIP stack as a kernel module and run no services.

Instead of supporting odd network configurations, why not move back towards a smaller subset of the protocol? If you engineer the environment from scratch to be secure, why not engineer it a level further and set proper MTU's and disallow fragmenting altogether. Reject them outright. Force DF bit on all new connections. Remove the permissive features such as windowing/scaling and trusting the other side to properly tear down connections. Assume the other side won't properly shut it down, kill connections in odd states quickly, permit only a few half-open connections, etc.

We need a new stack with simplified mechanics without code from 1978. They've been finding holes. I'd say in BSD even. Don't trust that legacy code...... They are so proud of it now. They are dangerous.

Look at various pcap parsing tools that replay streams..... heck, they are 90% of what we need for something considered *seriously* secure. You know, the kind of secure where you remove features and piss off people by making them jump through hoops to communicate with you....

Security over convenience.... Remove the attack vectors that are obviously the most lucrative and easy to pwn. Maybe it's *not* as crazily secure as you think just because it's in use since the 70's.

Re:So write my own limited TCP/IP stack you say? (1)

tehcyder (746570) | about a year and a half ago | (#43180817)

We should go back to using a proper, robust operating system like Windows 3.0 or even MS-DOS They never suffered from any network attacks in all the time I used them.

biTch (-1)

Anonymous Coward | about a year and a half ago | (#43179557)

Absolutely not impressed. (2)

ubiquitin (28396) | about a year and a half ago | (#43179687)

Anyone can be seriously "offensive" in this business. All it takes is $100 laptop and msf.

Defense? That, my friends, is the multi-tens-of-billions industry we're in.

Cyber Command? Show me your defensive game and stop wasting my tax money.

FUD (0)

Anonymous Coward | about a year and a half ago | (#43180537)

Can you imagine it:

"The Cyber War is upon us from China, all US boundary routers are inactive"

"Quick, call the Cyber Defense Attack teams, get them to attack all the boundary routers in China"

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>