It’s All Evan Osnos’ Fault!
Evan Osnos is the China columnist for the New Yorker.
My impression is that he usually covers the social
issues/human rights/dissident beat.
However, yesterday, riffing off the news about organized
Chinese hacking of US government and private websites, he veered off into counter-proliferationblack ops:
The fact is that the United States government has already shown signs of an energetic capacity for cyber war, as in the case of Stuxnet, the software worm that the U.S., working with Israel, is believed to have used to disrupt Iran’s uranium-enrichment program. Coincidentally, I happened to ask some North Korea experts last week if Pyongyang’s latest round of nuclear tests might make it a prime target for a Stuxnet-style intervention. “The only time I heard anything along such lines recently was suspicion that the April launch failure may have resulted from cyber attack—but that was in the realm of conspiracy theory,” John Delury, of Yonsei University, in Seoul, told me.As long as it’s in the realm of the theoretical, here’s another twist: given China’s vocal frustration with its erstwhile allies in Pyongyang, and China’s fondness for cyber adventures, any chance that China might try a Stuxnet approach to slow down a headache on its northeast border? From what I gathered, the chances were slim, in part because of operational differences between Iran and North Korea. “Do the Chinese know which industrial-control systems are in place?” Adam Segal, of the Council on Foreign Relations, asked. “Could they deliver the malware to a system that is most likely ‘air gapped’ and not connected to the Internet? Could they be sure that the infection wouldn’t spread—back to China or to U.S. or others? Do D.P.R.K. nuclear scientists travel? Is it possible to leave thumb drives around with no one noticing?”
On a couple of levels I am gobsmacked by Olnos’ blithe
presumption.
I will set aside for the time being his rather fanciful view
of the dynamics underlying PRC-DPRK relations.
Suffice to say that Beijing’s vision for sustaining its rather
precarious economic and political sway over the northern half of the Korean
peninsula do not involve sabotaging Pyongyang’s most cherished strategic
initiative.
But as to the casual attitude toward a “Stuxnet approach”,
Stuxnet was an act of war. Full
stop. If the PRC or anybody else did
that to us, they would face the prospect of direct, escalating retaliation.
If one is looking for an explanation for why cyberwarfare
has become an obsession of the Department of Defense, with the planned addition
of thousands of specialists to “Cyber Command”, and why President Obama raised
the spectre of cyberwarfare in his State of the Union address, look no further
than Stuxnet.
I believe the stories of massive hacking effort condoned and
directed by the PRC government, and the significant value of the intellectual
property and secrets extracted.
But for the sake of clarity, let’s call it “cyberespionage”.
Cyberwarfare—the destruction of military, industrial, or
infrastructure facilities i.e. acts of war—is qualitatively different.
I also believe that the reason that that the reason that
Chinese cyberespionage is hyped today (and conflated into the “cyberwarfare”
category) is to distract attention from the US complicity in an irrevocable
escalation of cyberwarfare, and to prepare public opinion against the day when
this weapon is turned against us.
In the same article that Osnos advances the narrative of the
dire character of Chinese hacking (After years of warnings that Chinese
hacking was a rising threat, the Mandiant study, and the willingness of U.S.
officials to confirm many of its findings, signal a blunt new American
counteroffensive against the era of Chinese cyber attacks), he proposes
that the PRC might engage in a Stuxnet-type exploit of cross-border military
sabotage.
There’s a qualitative difference in what the PRC has been
accused of in the past, and what the US did with Stuxnet.
That’s not because the PRC is run by wonderful, peace-loving
people--or because the PRC has not developed any cyberwar weapons (for one thing, I expect the PRC's computer scientists have been interested and involved participants in Iran's struggles with Stuxnet).
It’s because the PRC is extremely careful to avoid cycles of
escalation with US power, preferring to counterpunch asymmetrically.
In defense matters, the asymettric doctrine is embodied in “non-interference
in the affairs of sovereign states” as a bedrock value, one that provides China
with a ready, if ever-eroding, bulwark against US “pre-emption” and “R2P”
doctrines which leverage US military and technological superiority across
national borders, and the ability for unmatchable escalation that is at the
heart of the American game.
That isn’t a diplomatic and strategic shield to be abandoned
lightly for the transient pleasures of fucking with North Korea’s nuclear
program, or other cyberwarfare shenanigans, for that matter.
So I found Osnos’ speculation rather clueless, both in the
matter of his understanding of the PRC security mindset and in the matter of
his apparent utter gormlessness as to the significance of the Stuxnet exploit.
I will speculate that Olnos’ level of comfort with the “Stuxnet
approach” has a lot to do with the fact that “we did it first, so it must be
OK.”
Well, it’s not OK, and President Obama realizes it and the
Pentagon realizes it, as can be seen from the attached piece.
But if Evan Osnos thinks it’s OK, and his ignorance is
contagious, we’re closer to the day when US cyberaggression against China can
be excused and advocated as “less than war” and any Chinese retaliation will,
inevitably, be condemned as “an act of war”.
So Evan, if there’s a war with China…it’s your fault!
Crossing the Digital Line
President Obama chose to open the Pandora’s box of cyberwar
with the Stuxnet attack on Iran’s centrifuge operations. In the process, he made a mockery of the
Pentagon’s attempts to establish the rules of cyberwarfare in discussions with
a most active and interested adversary--China.
Now, it is almost inevitable that, in addition to potential battlefields
on land, sea, and in the air, the escalating and repeating cycle of genuine
risk, threat inflation, politicized fearmongering, destabilizing challenges,
and growing polarization, accompanied by expanded missions and fattened budgets
for the security establishment and its defense contractors —will apply to the
US-PRC cyber-arena.
China, of course, is an enthusiastic practitioner of every
commercial, military, and diplomatic hack known to science and, it can be safely
assumed, is developing its own suite of cyberweapons.
I expect Stuxnet also provides adequate inspiration and
justification for the Chinese security and defense establishment to further
formalize and professionalize its cyberwar operation and bloat its budget.
Chinese hacks against US targets have traditionally been
attributed to freelancers indirectly steered by the Chinese government in order
to preserve deniability, as I wrote for Asia Times in April 2012:
China is notorious for its interest in cyber-war as an asymmetric counter to the conventional military superiority of the United States ... and for its apparent willingness to farm out, encourage, or benefit from private hacker initiatives.
On 2010, Mara Hvistendahl wrote in Foreign Policy:[T]he hacking scene in China probably looks more like a few intelligence officers overseeing a jumble of talented - and sometimes unruly - patriotic hackers. Since the 1990s, China has had an intelligence program targeting foreign technology, says James A Lewis, senior fellow for cyber-security and Internet policy at the Center for Strategic and International Studies. Beyond that, however, things get complicated. "The hacking scene can be chaotic," he says. "There are many actors, some directed by the government and others tolerated by it. These actors can include civilian agencies, companies, and individuals." [3]Patriotic hackers in China are called "hong ke" or "red guest", a pun on the phonetic rendering "hei ke" or "black guest" for hacker.The Barack Obama administration went public with its case against China in November 2011, with a report on industrial espionage titled Foreign Economic Collection. It described China rather generously as a "Persistent Collector" given the PRC's implication in several high-profile industrial espionage cases and soft-pedaled the issue of official Chinese government involvement. The report stated:
Their patriotic cyber-duties included destroying the online presence of South Korean boy band Super Junior after an unruly and undignified crowd of Chinese fans clamored to hear the band at the Shanghai World Expo and embarrassed Chinese nationalists. [4]
They also weigh in on foreign issues of greater moment, mixing it up with their Japanese counterparts when Sino-Japanese passions are inflamed by visits to the Yasukuni Shrine or the collision between a Chinese fishing boat and Japanese coast guard vessel off Diaoyutai/Senkaku in 2010.
But their major utility to the Chinese government may be their ability to generate chaff - a barrage of cyber-attacks to distract and overwhelm US security specialists trying to cope with China's pervasive, professional program of industrial and military espionage - and give the People's Republic of China (PRC) government deniability when hacking is traced to a Chinese source.
Chinese industrial cyber-espionage has emerged as a dominant near-term security concern of the United States.
US corporations and cyber-security specialists also have reported an onslaught of computer network intrusions originating from Internet Protocol (IP) addresses in China, which private sector specialists call "advanced persistent threats." Some of these reports have alleged a Chinese corporate or government sponsor of the activity, but the IC [intelligence community] has not been able to attribute many of these private sector data breaches to a state sponsor. Attribution is especially difficult when the event occurs weeks or months before the victims request IC or law enforcement help. [5]A month later, in December 2011, US criticism of China became a lot more pointed. Business Week published an exhaustive report on Chinese cyber-espionage, clearly prepared with the cooperation of federal law enforcement authorities as it named and described several investigations:The hackers are part of a massive espionage ring codenamed Byzantine Foothold by US investigators, according to a person familiar with efforts to track the group. They specialize in infiltrating networks using phishing e-mails laden with spyware, often passing on the task of exfiltrating data to others.
Segmented tasking among various groups and sophisticated support infrastructure are among the tactics intelligence officials have revealed to Congress to show the hacking is centrally coordinated, the person said. US investigators estimate Byzantine Foothold is made up of anywhere from several dozen hackers to more than one hundred, said the person, who declined to be identified because the matter is secret. [6]United States security boffin Richard Clarke had this to say about Chinese cyber-espionage in an interview with Smithsonian magazine:"I'm about to say something that people think is an exaggeration, but I think the evidence is pretty strong," he tells me. "Every major company in the United States has already been penetrated by China."
"What?"
"The British government actually said [something similar] about their own country."
Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And don't get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in them-"logic bombs," trapdoors and "Trojan horses," all ready to be activated on command so we won't know what hit us. Or what's already hitting us. [7]Some big numbers are being thrown around to publicize the Chinese threat.
Business Week's report, while admitting the woolliness of its methodology, stated that losses to American companies from international cyber-espionage amounted to US$500 billion in a single year.
Scott Borg, director of a non-profit outfit called the US Cyber Consequences Unit told Business Week:"We're talking about stealing entire industries ... This may be the biggest transfer of wealth in a short period of time that the world has ever seen."Beyond these apocalyptic economic and military scenarios, we might also descend to the personal and political and point out that Google, a favorite target of Chinese cyber-attacks, is Obama's friend, indispensable ally, brain trust and source of personnel in the high-tech sector.
Connect the dots, and it is clear that the Obama administration, in its usual meticulous way, is escalating the rhetoric and preparing the public and the behind-the-scenes groundwork for major pushback against China in the cyber-arena.
When the New York Times (and
Bloomberg and the Wall Street Journal) got hacked after printing
embarrassing stories about the immense family wealth of Chinese leaders at the
end of 2012, the dominant meme was still the “amateur hacker” as “nationalist
vigilante” determined to avenge the affront to China’s dignity.
However, I was struck by the fact that the hackers explored
the New York Times system primarily to identify sources for the offending articles.
Perhaps the intruders simply wanted reveal the names in
order to incite a “flesh engine search” so that the sources would face the
rough justice administered by the PRC’s nationalistic netizens (though I
haven’t heard that any source was exposed on the Chinese internet)…but to me it
appears more plausible that somebody in the PRC security apparatus wanted to find
out-- for internal use--who violated party discipline by leaking personal
information on the families of top leaders from the files of the Organization
Department.
It was also interesting to me that, according to the Times,
most of the hacks occurred during business hours…Chinese time. The implication being, the PRC is moving away
from the freelance hacker model to employing salaried drones who punch the
clock at 8:00 am and spend their day grinding down a punchlist of planned
cyberintrusions.
The United States, of course, has not been standing idly by.
In a parallel to the alleged Chinese regime patronage of
freelance hackers, the United States Department of Defense also has a history
of recruiting black-hat hackers to provide the DoD with expertise or…whatever.
I profiled one of the first publicized freelance hacks of
Chinese sites, by one “Hardcore Charlie” on the occasion of a blizzard of hacks
by “Anonymous China” against several hundred sites, many of which, like the
Taoyuan Land Reform Bureau’s, were low-level and presumably poorly secured.
“Hardcore Charlie”’s hack attracted some media
attention because his hack of the China Electronics Import & Export Corp.
website scored some puzzling and confidential if not particularly useful
documents: shipping manifests for contractors trucking supplies to US bases in
Afghanistan.
I don’t know of “Hardcore Charlie” hacked the website of the
China Electronics Import and Export Corporation for lulz, from principled
outrage, or because he thought or was told that he could avoid the
prosecutorial hammer currently descending on associates in his hacker collective by
executing a China hack at the behest of the US government.
In any case, judging by his manifesto, Hardcore Charlie does
not look like the model cyber-soldier:
Hola
comradezz, Today us prezenta recently owneed chino military kontraktor CEIEC Us
be shoked porque their shiiit was packed with goodiez cummin froma USA Military
brigadezz in Afghanistan, them lulz hablando mucho puneta sam slit eyed dudz in
Vietnam and Philiez doing bizness in Ukraine and Russia selling goodiez to
Taliban terrorists.
As the US and China professionalize
its cyber forces—and expand their capabilities beyond espionage and low level
harassment to inflicting real-world damage and casualties—freelancers like
Hardcore Charlie, with his affection for anti-imperialist thrash metal, will be
remembered as quaint artifacts of a simpler, more innocent bygone age when the
devastation of a cyberattack was measured by the brilliance of the taunting gif
deposited on the victim’s homepage.
The U.S. military has a strong bias toward formalizing and
institutionalizing aggression in order to prevent uncontrolled and
counterproductive actions by its own forces, allies, and proxies, and trying to
get its antagonists to accept the same norms.
As will be seen below, the U.S. military has already had an unsuccessful
go at trying to define the rules of cyber-engagement with the Chinese before
Stuxnet blew the American argument out of the water.
However, cyberwarfare is in a different class from other
forms of unconventional warfare.
Because of the central feature of the Internet—its
interconnectedness—it is extremely difficult to assure a high level of security
and containment in the case of an attack and prevent unpredictable and
extensive “collateral damage”...
…even if cyber attacks are executed by serious people in
crisp military uniforms who have been trained to the highest level of readiness
through cogent Powerpoint presentations and loyally obey crystal-clear orders
transmitted down the chain of command from omniscient strategists and
tacticians.
In fact, I might say that it was…irresponsible…for President
Obama to get the world into the cyberwarfare business.
The US government has been frantically cleaning up the
Stuxnet cybermess, as can be seen from this post from last year, with a new
afterword.
Friday,
October 12, 2012
America
Freaked Out by the Cyberboogeyman It Unleashed
The theme of Secretary of Defense
Panetta’s remarks at the Intrepid Air and Sea Museum on October 12 before the
“Business Executives for National Security”, in the words of the BBC:
Actually, Mr. Panetta, the “cyber
Pearl Harbor” has already happened.
It was called Stuxnet, the virus
designed and delivered by the governments of the United States and Israel to
sabotage Iran’s nuclear program.
By unleashing Stuxnet—an act of
cyberwar—a Rubicon was crossed. Not my
words, but the words of Michael Hayden, the ex-director of the CIA.
Now the United States is scrambling
to deal with the consequences…and the Western media is by and large obligingly
doing its best to help shove Stuxnet into the memory hole.
Panetta used his speech to push for
more cybersecurity legislation by discussing cyberattacks on Aramco in Saudi
Arabia and RasGas of Qatar using the “Shamoon” virus. The attacks—which occurred and were reported
in August 2012, a few months after Stuxnet—wiped data from tens thousands of
management computers, replaced some files with a taunting image of a burning
American flag, and reportedly rendered the computers useless.
I was amused to hear that Mr.
Panetta carefully characterized these incidents as “the most destructive
[cyber] attack that the private sector has seen to date.”
I assume he added the “private
sector” qualifier to put the fear of cyber-God into the security-obsessed
executives he was addressing (although applying the term “private sector” to
Aramco, the state-owned Saudi Arabian oil behemoth and RasGas, which is 70%
owned by state-owned Qatar Petroleum is a bit of a stretch).
But limiting the scope of discussion
to “private sector” cyberattacks also excludes the much more significant,
expensive, fiendishly complex, and destructive Stuxnet virus, which attacked and
disabled a strategic Iranian government installation.
Stuxnet typifies the grave threat to physical infrastructure that Mr. Panetta got so worked up about much more vividly than an office computer data hack along the lines of Shamoon.
Stuxnet typifies the grave threat to physical infrastructure that Mr. Panetta got so worked up about much more vividly than an office computer data hack along the lines of Shamoon.
And Stuxnet escaped into the wild to
infect computer systems around the world! Collateral damage-wise, there
apparently wasn't much for Stuxnet to do in a non-uranium centrifuge
environment, but it did spread to 100,000 hosts in 155 (mostly US-friendly) countries.
(There has recently been a good deal of techie back and forth
as to whether Stuxnet's global romp was really an unplanned escape; presumably
people are implying that the Israeli spooks inserted some kind of hunter-killer
app that allowed the virus to search Iran and the globe for similar
installations to degrade.)
Despite its obvious utility as an
object lesson in the genuine, real world dangers of cyberweaponry, Stuxnet did
not come up in Mr. Panetta’s remarks, or in much of the media coverage.
Wonder why.
Wonder why.
Instead, DoD backgrounders painted
the Shamoon attacks as dastardly underhanded Iranian payback for (legal and
public) sanctions regime, not as possible direct retaliation for a (secret and
unilateral) cyberattack.
To its credit, the New York Times,
which got the Stuxnet story from the Obama White House back in June, did
mention the Stuxnet exploit in its coverage of Panetta’s speech.
In any case, the United States,
having committed the first cyberattack, is trying to pull up the
cyberdrawbridge in anticipation of retaliation.
One of more interesting elements of
this exercise is the U.S. efforts to paint its actions as a response to Chinese
and Iranian cyberthreats, instead of its own actions. As indicated above, the Western media has
been an obliging enabler, leading to some topsy-turvy reporting.
The Daily News titled the AP report
on Panetta’s speech:
Maybe a better title would be Anti-Iran Alliance Reaps Viral Retaliation
for Stuxnet Sneak Attack.
…
As Secretary Panetta's speech demonstrates, touting the
insidious cyberwar designs of our adversaries has too much efficacy as a
national security hot button for the US government and the Western media to be
squeamish about pushing it, no matter what we did with Stuxnet. We're the
good guys, after all!
That's certainly the case for China, which is a cyber-adversary of considerable notoriety, though (unlike the United States) it has apparently confined the bulk of its efforts to espionage rather than sabotage to date.
[In the excerpt reproduced below, I chew over the Stuxnet/cyberwarfare issue some more in an article I wrote for Asia Times on the recommendation to ban Huawei, the PRC’s leading telecommunications provider, from the US market on security grounds.]
That's certainly the case for China, which is a cyber-adversary of considerable notoriety, though (unlike the United States) it has apparently confined the bulk of its efforts to espionage rather than sabotage to date.
[In the excerpt reproduced below, I chew over the Stuxnet/cyberwarfare issue some more in an article I wrote for Asia Times on the recommendation to ban Huawei, the PRC’s leading telecommunications provider, from the US market on security grounds.]
…
Amid the ferocious Iran-bashing - and "by any means necessary" justifications for covert action against that country's nuclear program - that have become endemic in the West, the true significance of the Stuxnet exploit has been overlooked by many, at least in the West.
Stuxnet was the release of an important cyber-weapon - a virus that did not simply seek sensitive information or attempt to disrupt communication, but one that was reportedly rather effective in damaging a strategic Iranian facility by an act of sabotage.
It was an act of cyberwar.
As David Sanger, The New York Times' national-security adviser, wrote in his White House-sanctioned account:
"Previous cyberattacks had effects limited to other computers," Michael V Hayden, the former chief of the CIA, said, declining to describe what he knew of these attacks when he was in office. "This is the first attack of a major nature in which a cyberattack was used to effect physical destruction", rather than just slow another computer, or hack into it to steal data.
"Somebody crossed the Rubicon," he said. [8]In true US imperial style, Stuxnet was unleashed unilaterally and without a declaration of war, to satisfy some self-defined imperatives of US President Barack Obama's administration.
That's not a good precedent for other cyber-powers, including China, to rely on US restraint, or to restrain themselves.
The Obama administration's attempt to deal with the issue of its first use of cyber-warfare seems to go beyond hypocritical to the pathetic.
There are rather risible efforts to depict the Stuxnet worm - which caused the centrifuges to disintegrate at supersonic speeds - as little more than a prank, albeit a prank that might impale hapless Iranian technicians with aluminum shards traveling at several hundred kilometres per hour, rather than a massive exercise in industrial sabotage:"The intent was that the failures should make them feel they were stupid, which is what happened," the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole "stands" that linked 164 machines, looking for signs of sabotage in all of them. "They overreacted," one official said. "We soon discovered they fired people."According to Sanger, at least President Obama knew what he was getting into:Mr Obama, according to participants in the many Situation Room meetings on Olympic Games [the codeword for the Stuxnet operation—PL], was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyber-weapons - even under the most careful and limited circumstances - could enable other countries, terrorists or hackers to justify their own attacks.
"We discussed the irony, more than once," one of his aides said. Another said that the administration was resistant to developing a "grand theory for a weapon whose possibilities they were still discovering". Yet Mr Obama concluded that when it came to stopping Iran, the United States had no other choice ...
Mr Obama has repeatedly told his aides that there are risks to using - and particularly to overusing - the weapon. In fact, no country's infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.But Obama did it anyway, in the service of a dubious foreign-policy objective - forcibly and unilaterally disabling Iran's (currently) non-military nuclear program - that was arguably an overreaction to Israel's blustering threat to attack Iran unilaterally, and an attempt to get himself some political breathing space from vociferously pro-Israeli interests in US politics.
…
[Before the revelation of US government involvement in the Stuxnet exploit] the Pentagon's cyberwar strategists did their best to frame the cyberwar issue as law-abiding America vs the unprincipled cyber-predators of the PRC.
With Sanger-assisted Stuxnet hindsight, this May report, with its wonderful title "US hopes China will recognize its cyber war rules", is, well, hypocritical and pathetic:While no one has, with 100% certainty, pinned the Chinese government for cyber-attacks on US government and Western companies, in its 2012 report "Military and security developments involving the People's Republic of China", the US secretary of defense considers it likely that "Beijing is using cyber-network operations as a tool to collect strategic intelligence" ...
The report raises China's unwillingness to acknowledge the "Laws of Armed Conflict", which the Pentagon last year determined did apply to cyberspace ...
Robert Clark, operational attorney for the US Army Cyber Command, told Australian delegates at the AusCERT conference last week how the Laws of Armed Conflict in cyberspace might work internationally to determine when a country can claim self-defense and how they should measure a proportionate response.
One problem with it was highlighted by Iran, following the Stuxnet attack on its uranium-enrichment facility in Natanz, which never declared the incident a cyberattack.
Air Force Colonel Gary Brown, an attorney for US Cyber Command, in March this year detailed dozens of reasons why Iran, in the context of the Laws of Armed Conflicts in cyberspace, didn't declare it an attack. This included that difficulties remain in attributing such an attack to a single state. [10]
A few days later, Sanger's story confirmed that the Obama administration had indeed released Stuxnet, rendering moot the Pentagon's plans for a chivalric, rules-based cyberwar tournament, …
Heightened mutual suspicion - maybe we should call it endemic mistrust - is now a given in cyber-relations between the United States and its adversaries/competitors, for a lot of good reasons that don't necessarily have anything to do with Chinese misbehavior, but have more than a little to do with the US willingness to unleash a cyberattack on an exasperating enemy without setting clearly defined ground rules, and its need to pull up the cyber-drawbridge over the national digital moat to prevent retaliation.
Afterword:
Part of the inevitable blowback from the Stuxnet exploit was
the acknowledgment that there was no longer any “no first use” deterrent to
cyberattacks.
In a classic military-industrial complex response, a strategic
mis-step is never a cause for reflection and correction, but is always a
justification for more defense spending.
A head-to-head conventional war with China isn’t likely, despite
the overheated imagination displayed in the AirSea Battle scenario, and it is
difficult to identify any satisfying proxy battlefield in meatspace where the
PRC and the USA might be tempted to slug it out.
But cyberwarfare?...Bring it!
The Department of Defense has a “Cyber Command” which, it
revealed to the Washington Post, is muscling up from 500 staff to 4000
“cyberwarriors”.
The Post interviewed William J. Lynn III, identified as one
of the maestros of the DoD’s cyber strategy:
The DoD is keen to emphasize that its cyberwarriors will be
primarily playing defense, understandable considering the vulnerabilities of
America’s immense, dispersed, highly integrated and—and the case of the power
grid, at least—rather decrepit national infrastructure.
But of course there will be “combat mission forces”:
“This new class of cyber warrior would be responsible for penetrating the machines behind identified attack sources, installing spyware to monitor connections to those machines, and following the trail back to the desktop of the attacker. They would have to research and exploit vulnerabilities, craft malware, operate honey pots, and even engage in targeted Denial of Service attacks,” Richard Stiennon, chief research analyst at IT-Harvest, told GlobalPost.
Contra Dr.
Stiennon’s assertions, I don’t think that the DoD really believes that the
scope of Cyber Command combat missions will be limited to delectable honey pots
and “even” targeted Denial of Service attacks.
Not when the cyberwar scenarios, according to Leon Panetta,
include our enemies derailing trains, contaminating water supplies, or shutting
down power grids. We’re going to be able
to do that, too.
It would appear to me that the DoD is trying to keep the
cyberwar genie in the bottle—defining the US interest as degrading the enemy’s
offensive cyberwar capabilities and drawing the line at industrial or military
sabotage—but unfortunately President Obama already pulled the cork with
Stuxnet.
3 comments:
I really like your post, this is what i was looking forward to know.
your info was really very important for me and others to know too.
Keep sharing more.
Inverter manufacturer
I have been using Kaspersky protection for a couple of years, I recommend this solution to you all.
Order a Sparkling White Smiles Custom Teeth Whitening System online and enjoy BIG SAVINGS!
* Up to 10 shades whiter in days!
* Professional Results Guaranteed.
* Better than your dentist.
* Same strength as dentists use.
Post a Comment