Didn't see a topic. If this is being discussed elsewhere, please disregard.

http://www.cnn.com/2011/US/05/31/military.cyberattack/index.html?iref=allsearch

Quote :

"Washington (CNN) -- The Pentagon is formulating a new strategy on how to respond to cyberattacks that would include using military force, a spokesman confirmed Tuesday. Col. David Lapan said if the attack is serious enough, "a response to a cyberincident or attack on the U.S. would not necessarily be a cyber response, so as I said all appropriate options would be on the table." The final public portion of the "Defense Strategy for Operating in Cyberspace" is expected to be released in two or three weeks. But much of it has already been discussed for months by numerous administration officials, including the White House and Deputy Secretary of Defense William Lynn. In May, the White House released the International Strategy for Cyberspace. It said in part, "We reserve the right to use all necessary means -- diplomatic, informational, military, and economic -- as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests." The White House hopes this policy will act to discourage cyberattackers. "There is certainly the deterrent effect of letting our adversaries know how we would consider those actions and what steps we might take," Lapan said. The Defense Department's appreciation of the serious threat posed by cyberattacks grew substantially after an incident in 2008. That's when someone inserted an infected flash drive (what some call thumb drives) into a U.S. military laptop on a base in the Middle East. "The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems," Lynn wrote last fall in Foreign Policy magazine. "This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. According to Lynn's article, the code on that flash drive "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control." But Lynn admits one of the more difficult hurdles facing anyone trying to respond to cyberattacks is figuring out who the attacker is. "Whereas a missile comes with a return address, a computer virus generally does not. The forensic work necessary to identify an attacker may take months, if identification is possible at all," Lynn wrote. "And even when the attacker is identified, if it is a nonstate actor, such as a terrorist group, it may have no assets against which the United States can retaliate." The Pentagon policy is part of the larger White House plan, but it will not include specifics as to what responses might be triggered by certain levels of cyberattacks. "We're not going to necessarily lay out if this happens we will do this, because again the point is, if we are attacked we reserve the right to do any number of things in response just like we do now with kinetic attack," Lapan said. "So it makes the idea that attacks in cyber would be viewed in a way that attacks in a kinetic form are now, the military option is always a resort.""

What are your thoughts on this?
I can't confirm or deny U.S. attacks on others.... but I'm fairly well convinced that the U.S. does in fact engage in cyber attacks on other nations. Not to go off on conspiracy theories here... but it would only make sense.

Bit of a double standard? Most likely.
USA #1: :-/

More specifically, where do you draw the line between the offensive and defensive here?

5/31/2011 9:22:04 PM

I think we can all agree it's time for a preemptive strike on South Korea. Zerg rush them before they zerg rush us.

5/31/2011 9:32:20 PM

Don't like it, mostly because it sounds like just another excuse to go blow shit up. Are we going to pre-emptively strike Iran in 10-15 years because they have weapons of web destruction?

That being said, I do think we should be investing in securing infrastructure related networks (which probably shouldn't be connected to the internet if they're that damn important anyways).

[Edited on May 31, 2011 at 10:01 PM. Reason : Plug them sneakernet holes, too.]

5/31/2011 9:54:32 PM

I actually thought of EMCE when I saw on the news the other day that some 1337 phreakers had hacked into Lockheed

5/31/2011 10:50:36 PM

How is it a double-standard exactly? Countries are welcome to attack us in response to US cyber-attacks.

6/1/2011 8:59:03 AM

take a drink every time you read "websites of mass destruction"

6/1/2011 9:06:17 AM

Quote :

"How is it a double-standard exactly? Countries are welcome to attack us in response to US cyber-attacks."

agreed

6/1/2011 10:02:41 AM

I think the only notable thing here is that the military has officially said it would go "kinetic" on certain types of cyber attacks. Before people start going off on how we're going to drop cruise missiles on kids in their parents' basements, the key point being made by this announcement is that it would have to be in response to something proportional. A group of teenage punks taking down a .mil website is hardly worth a Tomahawk; they're the cyber equivalent of some vagrants with a spray can at very least or at worst, a group of protesters in front of a recruiting office.

In my opinion, what the military is referring to are serious attacks, the deliberate acts that would bring down the power grid, disrupt the military's communications systems, or create truly disruptive actions that would be equivalent in damage to a traditional bombing or blockade; they're worried about the next Stuxnet. These are activities that aren't done by a lone hacker or two but by organized, coordinated groups that use "cyber" technology organized in conjunction with other intelligence gathering skills that can only be done by larger, well funded groups or national governments.

6/1/2011 11:26:00 AM

As someone who has a PS3, I approve of this.

6/2/2011 11:52:54 PM

^^ Exactly.

and speaking of Stuxnet,

...I'm fairly well convinced that the U.S. does in fact engage in cyber attacks on other nations.


Disclaimer: I haven't read anything about it on the high-side...just open source information.

6/3/2011 12:25:56 AM

^^ lol

[Edited on June 3, 2011 at 9:11 AM. Reason : haha new recruiting technique for the military, kill those guys who took down the PSN.]

6/3/2011 9:10:31 AM

Quote :

"PREEMPTIVE ZERG RUSH"

6/3/2011 12:16:49 PM

This is too soft and should be expanded. The next time I get one of those 419 scam emails from Nigeria, I demand a cruise missile go SOMEWHERE.

6/3/2011 2:23:53 PM

Quote :

"...I'm fairly well convinced that the U.S. does in fact engage in cyber attacks on other nations. "

Looks like you were right!

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html

Quote :

"From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program. Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet."

6/1/2012 8:49:42 AM

Brace yourselves for the cyber firestorm. The United States has made it open season.

6/1/2012 10:54:00 AM

Quote :

"How is it a double-standard exactly? Countries are welcome to attack us in response to US cyber-attacks."

Wuh oh

6/1/2012 12:24:52 PM

Glad this was brought back up.... I was actually searching for this thread the other week when I heard about Flame....i was searching in Chit Chat though



So again, not saying Iran is or isn't pursuing nuclear weapons, but where is that line drawn between offense and defense here?

6/1/2012 1:13:43 PM

Pre-emptive defense is somehow not considered offense when done by the US

6/1/2012 1:25:17 PM

"Double standards" are a non-issue when you're talking about geopolitics. Every country wants others to be held to a different standard than they are, it's just that some countries have the power to make that happen and others don't.

6/1/2012 1:29:22 PM

prepare to be fucked by the long dick of empire.

6/1/2012 1:38:05 PM

^^^^

Quote :

"On 8 January 2012, U.S. Secretary of Defense Leon Panetta acknowledged on Face the Nation that Iran was not trying to develop a nuclear weapon, but was trying to develop a nuclear capability. He also urged Israel to work together rather than make a unilateral strike on Iran’s nuclear installations."

Correct me if I'm wrong, but I don't think they are violating any treaties by developing nuclear power. The sanctions are entirely unwarranted.

As far as your question:

Quote :

"Pre-emptive defense is somehow not considered offense when done by the US "

[Edited on June 1, 2012 at 1:39 PM. Reason : .]

6/1/2012 1:38:54 PM

Quote :

"Wuh oh"

By 'welcome' I meant 'they have the ability to' not that I want them to. I'm not asking to be attacked here. I think cyberwarfare against military or civilian infrastructure is an act of war and it would not be outside the realm of reason for Iran to want to fuck us up for pulling this shit.

6/1/2012 1:47:51 PM

Quote :

""Double standards" are a non-issue when you're talking about geopolitics. Every country wants others to be held to a different standard than they are, it's just that some countries have the power to make that happen and others don't."

What could ever go wrong with this plan?

6/1/2012 2:34:51 PM

It's not a plan; it's reality. What could go wrong? Oh I don't know...maybe people will get pissed enough to hijack planes and fly them into crowded buildings.

What could go wrong if Iran gets to develop a nuclear bomb? Oh I don't know, maybe nuclear holocaust.

It's a nuanced issue. Our hands are so far in the cookie jar that I'm not sure "do nothing" is even an option any more.

6/1/2012 5:09:57 PM

Quote :

"It's not a plan; it's reality. What could go wrong? Oh I don't know...maybe people will get pissed enough to hijack planes and fly them into crowded buildings."

Well, I was thinking more like world war, but that would be underselling the risks of global political power being determined completely by force. Now, the consequences are closer to destruction of civilization. But you know, mice, dragons, I'm sure they're close enough.

It's like sitting in a crowded NRA room and claiming that the guy with the machine gun should be able to get his way more often. The way that modern armies work is that it's very difficult to develop a force powerful enough to win head-to-head against another army. But indiscriminate genocide of civilian populations is like cutting through butter for our technology.

It doesn't matter if your gun is bigger if that other guy can still shoot you in the face without warning. We are required by natural law to be pacifists. US aggression is/was only ever possible under the specific circumstances that it enjoyed support or tolerance from the majority of governments of developed nations on Earth. That global support sets the boundaries of our military aggression, and it's a war with NK, for instance, is not thinkable.

6/1/2012 5:30:33 PM

wow. we now have zero room to talk when we complain about chinese hackers attacking our companies. stupid, stupid, stupid

6/2/2012 6:54:26 PM

Like we haven't been doing this exact kind of thing for at least a decade.

6/2/2012 11:54:48 PM

I would highly recommend reading this article from WIRED about Stuxnet if you haven't already:
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1

6/3/2012 7:54:54 AM

I prefer cyber warfare to real warfare, if there's gonna be warfare.

6/3/2012 1:07:44 PM

http://www.washingtonpost.com/world/national-security/pentagon-proposes-more-robust-role-for-its-cyber-specialists/2012/08/09/1e3478ca-db15-11e1-9745-d9ae6098d493_story.html

Looks like thw pentagon is looking for the latitude to proactively "defend" the nation by attacking orher countries' networks

8/10/2012 1:51:06 PM

China

http://bits.blogs.nytimes.com/2013/02/19/daily-report-chinese-army-unit-is-tied-to-hacking-against-u-s/

2/19/2013 9:51:29 AM

****BUMP****

Pretty good commentary in here from years ago lol.

seems like sanctions may be how congress chooses to respond, if it makes it through the House? And Trump signs it? I actually favor sanctions as a solution. Economic power should be the big stick of the 21st century and sanctions would be more transparent to the world compared to revenge cyber attacks (cats outta the bag on that one).



[Edited on June 30, 2017 at 6:55 PM. Reason : Who is responsible for that big cyber attack in Europe?]

6/30/2017 6:50:24 PM

https://www.us-cert.gov/sites/default/files/ncirp/National_Cyber_Incident_Response_Plan.pdf

https://sipa.columbia.edu/system/files/Cyber_Workshop_Attributing%20cyber%20attacks.pdf

If you can get ahold of the below, I read this back I think in November. Outstanding issue regarding the difficulties of a military response with respect to cyber attacks.

https://jia.sipa.columbia.edu/cyber-issue

[Edited on June 30, 2017 at 9:31 PM. Reason : a]

6/30/2017 9:29:39 PM

I got to hear ADM Mike Rodgers, head of the NSA and soon to be USCYBERCOM, talk about this exact issue in an unclassified forum a little less than a year ago. It was surreal. He couldn't confirm anything, but opened a great conversation about attribution and proportionality with respect to effects as opposed to kinetics. IE: To determine proportionality we would look at the effect generated from the cyber attack and then determine the response to have a similar effect. The aspect of kinetics (blowing shit up and how much/how bad) has become a smaller part of the conversation.

If you're interested in stuxnet/olympic games, there's a good documentary called Zer0 days. I think it's on showtime right now.

7/1/2017 6:39:15 PM

Did Rodgers mention any reason why the Trump administration seems barely even capable of acknowledging the recent cyber attacks?

7/2/2017 9:14:04 AM

Quote :

"I got to hear ADM Mike Rodgers, head of the NSA and soon to be USCYBERCOM, talk about this exact issue in an unclassified forum a little less than a year ago."

There wasn't a Trump administration until January of this year... so, no he did not.

7/2/2017 10:31:51 AM

He was appointed to those positions in 2014 by Obama (and almost fired too)

7/2/2017 10:33:23 AM

This might need a new thread topic, but I'd love to hear some of you military folks (or people that just follow foreign policy/military stuff closely) expound on your opinions on some of these military Trump appointees, specifically if you see significant elements of current "military culture" in their actions.

For instance:

-Mike Flynn, by many accounts had a decent military career, made it to DNI. Got fired because of his batshit ideas about Iran? Was willing to collude with Russia because....?

Erik Prince, by many accounts had a decent military career, made it rich contracting. Was willing to collude with Russia because...?

Rodgers, Mattis, McMaster, all highly respected. Seem fine with our traitor president totally ignoring our cyber vulnerablilities and doing less than nothing.

7/2/2017 11:28:09 AM

Rogers-- Appointed by Obama in 2014, please read posts above yours. Seems qualified enough as far as I can tell. I don't have anything intelligent (good or bad) to say about him except for what I said a few posts up, which isn't really a comment on how well he is doing the job.

Mattis-- I disagree with his stance on Women in combat roles, but can understand the opposing side. (his argument) I really think he will do a fantastic job, however I struggle with the waiver he got because of the amount of time that passed since his retirement from active duty. I feel like that rule is there for a good reason, and while Mattis may be a decent exception I worry about the precedent it sets.

McMaster-- Really like him. I think his response to Syria was appropriate. I have no idea how the whole administration is going to handle Syria, ISIS, and Afghanistan, but McMaster is very qualified to advise the president on those issues and the second and third-order effects that will come out of whatever solution they come up with.

Flynn-- I know less about him than Rogers. I'm not sure he colluded with Russia per se, but I'm sure he started some sort of relationship before he was officially in the position. Pretty big violation, and he was rightly fired. What else is behind this curtain? Who knows...

Quote :

" Seem fine with our traitor president totally ignoring our cyber vulnerablilities and doing less than nothing."

From the lecture ADM Rogers gave (before Trump took office) and from a few other sources, including GEN Michael Hayden, who was head of NSA and CIA under Bush and Obama, and Clinton and Bush respectively; a lot of what happens is ridiculously classified. Gen Hayden said after he retired (but still before Trump took office) that he thought it was over-classified which perhaps makes these conversations very difficult because the public can't get any real information.
For what its worth, the NSA in combination with USSTRATCOM is tasked with the defense of the nation in the cyber realm and those organizations operate at a very classified level, so I wouldn't expect any information to be posted on CNN.
Just my $.02, I'm sure there are military folks on TWW that have worked for one of these organizations and can tell me where I'm wrong.

7/3/2017 4:59:32 PM

https://lawfareblog.com/un-gge-failed-international-law-cyberspace-doomed-well

In case you missed that the UN working group seeking to set rules of the road for cyber attacks just imploded. (This article does a good job of not being hair on fire)

7/7/2017 8:47:08 AM

Eh, are you surprised?

I mean, the more advanced western society gets, the more dangerous cyber warfare gets. It will no longer be just a matter of a country being inconvenienced due to some credit card service being down, or a country hacking user info to gain personal knowledge of classified users. As everything, including automobiles, gets automated, the stakes will rise exponentially for cyber warfare to be a regular part of a country's ability to wage war.

Yea, an EMP would do a lot of the same kind of damage, but that is Glen Beck territory and very unlikely to happen. But what if a country were to hack OnStar today? I mean shit they'd have some level of control over every modern GM vehicle. What a great terrorist attack it would be to disable GM vehicles during 8 AM rush hour traffic in LA. And then, once our vehicles go completely autonomous? Then they could do some really harmful things via cyber warfare. OMG FIRESALE!!

And this international law they would come up with? It would constantly be obsolete.

I realize that terrorists don't follow international law anyway, and I guess this is just basically a code of conduct for all member nations, but when it comes to war, there are crimes against humanity, but we've already ruined our military with ridiculous rules of engagement. Now we're going to have a set of rules of engagement for cyber warfare?

[Edited on July 7, 2017 at 9:22 AM. Reason : sdfs]

7/7/2017 9:09:27 AM

It's a little surprising considering previous iterations of the group had successfully met in the middle and agreed on broad topics regarding cyber attacks and cyber security. It's much more common to see nations come together at the UN, agree on basic international law, then openly ignore it as it becomes convenient for them individually. So to watch that process deteriorate into "Nah, fuck you, we do what we want" is a somewhat scary tell on the current status of international relations regarding the cyber.

7/7/2017 9:45:24 AM

Quote :

"I realize that terrorists don't follow international law anyway, and I guess this is just basically a code of conduct for all member nations, but when it comes to war, there are crimes against humanity, but we've already ruined our military with ridiculous rules of engagement. Now we're going to have a set of rules of engagement for cyber warfare?"

I would think of this less on the scale of individual ROE, and more on the scale of the use of chemical and nuclear weapons. And I believe it's vitally important for the world to come together on some level to discuss how we are going to decide things like attribution, and proportionality.
Scenario: the signal that got to the United States onStar system originated in DPRK, and moved through Japanese owned networks, bounced off an Indian satellite, and ended up on some onStar server in the US owned by a Chinese company. Who's culpable, and what's the proportionate response?
There are myriad valid arguments depending on a ridiculous number of factors. And this is a scenario that largely only effects a number of US drivers, the secondary effects may be greater than that but how culpable is a nation that failed to stop this transmission through their networks? So what is the proportionate response? Can the US shut down DPRK transportation systems? For how long? These are concepts that were developed in meatspace, when the way military effects were generated was by physically moving mater. This isn't necessarily true in the cyber realm as effects can be generated by just sending an information signal through a variety of media.
Attribution has become significantly harder but I feel like that's due more to globalization, than to technology; but obviously tech has greatly aided globalization. That signal passed though systems owned by multiple nations, both allies and not. There is certainly a case to be made that nations that allowed aircraft to fly through their airspace to attack another nation are at least somewhat culpable. Is this true for an electron signal that computers have turned into zeros and ones?
Also with military technology (airplanes, tanks, missiles, ships) the barrier for entry is seriously high, making it difficult for anyone to act without the support of a State. This simply isn't true in the cyber realm. Even in places where people subsist on pennies a day, you will find cell phones and internet connections. This means that a single actor with very little help from a host nation can generate some really nasty effects, for a relatively low cost. So how is the international community going to deal with that issue?

Quote :

"So to watch that process deteriorate into "Nah, fuck you, we do what we want" is a somewhat scary tell on the current status of international relations regarding the cyber."

I feel like because the barrier to entry is so low, the number of opinions possible here are part of the problem. With nuclear weapons, the rules were largely written and agreed upon by 2 parties. Similarly with the Space domain. The US and USSR were the only real players as they were the only nations who had the technology to weaponize space. For cyberspace, literally every nation in the world has current skin in the game. This isn't even trough for the Law of the Sea, which was been developed and built upon for centuries.



I just got my Masters in Military Operational Art and Science, and I wish I had studied this more while I was in school. There were multiple research topics and groups that discussed stuff exactly like this... I just went more for social stuff.

7/7/2017 2:33:29 PM

I hate to backtrack a bit ITT, but this week was a perfect example of me going WTF????? At some of these military appointees.

It's been like two days since we got the Russian version of the Trump-Putin meeting: Trump accepted Putin's explanation and wants to "move on."

The whitehouse has said basically nothing and doesn't even seem capable of getting on the same page of accepting the constant Russian "probing" of our critical infrastructure.

These Military folks have been silent. McMaster asked by the press pool on Air Force 1 if Trump "accepted" Putin's explanation, he basically just didn't deny it. Where are they?

Your boss is either Neville Chamberlain or Benedict Arnold. They do nothing.

7/9/2017 10:07:11 AM

now you need a new thread topic...

7/9/2017 1:52:14 PM

Trump yesterday:
Putin swears they didn't try to hack our election, we're going to form a joint cyber security group to safeguard future elections that's IMPENETRABLE!

Trump today:
Of course a joint group could never happen, why would anyone ever think that?!??

Anyone still have any faith in this administration?

"who knew healthcare could be so complicated?"
"who knew Korea is so complicated?"
"who knew we shouldn't trust Russia to safe guard elections?"

7/9/2017 11:37:38 PM

Quote :

"McMaster asked by the press pool on Air Force 1"

Wait there are press pools on AF1 now? That's an improvement at least.

7/10/2017 12:36:58 AM

Quote :

"Anyone still have any faith in this administration? "

no one should have faith in any administration really

7/10/2017 6:11:50 AM

shitty take there genius

7/10/2017 7:20:19 AM

^

7/10/2017 10:27:28 AM