More news on the cyber warfare front today as more details leak out about the Pentagon's ongoing efforts to produce a cyber operation framework. Today we learn via the Washington Post that the Pentagon has a classified list of approved cyber weapons and tools that are ready to be deployed if necessary, just as the DoD has an approved list of traditional military responses to certain scenarios.
This list has actually existed for several months and has been accepted by other agencies like the CIA, and joins the battery of other approved weaponry the DoD can deploy under certain circumstances. But as with the Pentagon's other tools of war, those capabilities come with restrictions.
One senior official told the Post that placing cyber weapons in the arsenal right next to cruise missiles, airstrikes, and M-16s is "perhaps the most significant operational development in military cyber-doctrine in years." Indeed, it brings clarity to an otherwise murky area of international military relations where the rules of engagement are somewhat opaque. And, perhaps most notably, it establishes the chain of command.
For instance, it specifies when a cyber attack requires presidential authorization and when it does not. For instance, if the military wishes to plant a virus in a foreign nation's networks that can be activated later, it needs a presidential nod. But a variety of other activities, including spying on other nations' cyber capabilities or leaving "beacons" behind to mark vulnerable sites in foreign systems, need no approval from the Commander in Chief.
But the situation is still far from crystal clear. The rules change when the U.S. is engaged in a state of hostilities versus a state of peace with the intended target (outside of a zone of hostility, presidential approval is almost always required). During wartime, a president can pre-authorize commanders to use a range of tools so that they can remain nimble on the ground. And, as in physical warfare, there are a range of mission-specific variables, like collateral damage and potential civilian casualties, that have to be weighed. Says the Post:
Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.
Stuxnet is a prime example of the real challenge the Pentagon faces here. The Stuxnet worm is largely thought to have been designed specifically to disable Iranian nuclear technologies. It is also thought to have been created by the United States or Israel. But once loose in cyberspace, the worm did not discriminate, affecting systems in several nations around the world, including the United States.
Therein lies the real cyber warfare challenge. Traditional battlefields are confined to a physical space, and while the repercussions of what happens there can quickly reverberate around the world, the raw physical impact is limited in scope. In cyber warfare, the battlefield is always global, reaching everywhere all the time, and it's here the Pentagon must aggressively limit the law of unintended consequences.
It would be nice to do away with "cyber" as an adjective. It's quite fitting that an adjective a decade out of style is really taking hold in government.
I think that all military officers and politicians should be required to drop LSD.
They know not what they do, but I'm getting impatient with forgiving them.
The Hegemons will fall one by one, and it can either be bloody, or bloodless.
The ball is in their court.
Singularity is near.
I think PariahDrake should avoid dropping LSD before they post.
Then maybe the posts will be coherant.
I kind of doubt it tho.
Anyway, back to the article. Its nice to know we at least have a plan to strike back in these types of attacks. I just wish the attacks weren't so indescriminate that they affect everyone. Its the same kinda logic as exterminating cockroaches with hand grenades. yeah you probably killed them but is the collateral damage worth it.
Like with all my neighbors, I prefer to get along. Perhaps on occasion I may buy things from my neighbor and borrow money from him. He may sell his items in my yard and we share in many things of life and business. But, one absolute fact, my house is my house and his house is his. If my neighbor decides to break into my house and steal my R&D research of my business, I can forget that I owe my neighbor money, i.e., “Treasury Bonds and interest and other business loans”. I am my own country. I can get alone without him. I am sick and tired of his country selling my country poison products, hacking into my computers and doing bad business. I am the inventor of how he communicates to me in all this hacking. I could decide to respond and close his computers and close his communications and hurt his own business too. In life, ultimately it would be better if we all behaved correctly in business and life.
Ok, okay. Let me take a guess at what these "Cyber warfare" tools and tactics include:
-Honeypots (and not the kind of "extremest honey pot" that Wikipedia is referring to on their cyber warfare page)
-Paying people to be professional 'trolls', like this is a new concept
-Search tickers and related macro-monitoring tools
-Undercover online agents (could be lumped in with the professional troll group)
-A team to write their own viruses, worms, keyloggers, diagnostic tools, etc.
- As mentioned in the article, a team that uses the internet statistics to analyze collateral damage risks, keyloggers, honeypot hits and macro analyzing tools like search tickers.
These are the same tools used by private corporations for cyber security, 'covert marketing' and their own corporate espionage efforts. The difference here is that funding is probably mismanaged and costs billions of taxpayer dollars.
I like to see ALL the Illegal rogue computer operating systems be shut down from talking to each other on a network and the internet!!!!!!! IMMEDIATELY!!!!!! I do not think the private creators of this software need to do this. I believe our USA government already has the authority to stop the use of stolen items by the bad guys!!!!!!! This would relieve the manufacture of any negative feedback by the general customers. The USA Government is required to enforce the law, yes!
In our country hand guns are suppose to be registered. I believe the same should be required of computer operating systems on a network and internet. Too much abuse of these operating systems is going on. The source of the abuse must stop! Yes, many manufactures do require some kind of registration, but I do believe now to the general public, a operating system needs to be registered as well. It’s just a matter of public safety!
I would hope that at least some measures were in place before the release of this info, otherwise I seriously doubt the pentagon's commitment to sparkle motion.
@BubbaGump Criminals that use guns to commit crimes don't usually register their gun. They obtain it on the black market.
The same principle will apply to restricting operating systems the way you suggest. It would be a matter of time before a work around would be created to bypass whatever method you use to restrict network use.
A prime example would be internet cafe users in China. There are users that routinely get past the "Great Firewall" to browse the internet unrestricted that are 50+ years old. I have a hard enough time trying to get a 30 yr/o to type a URL in the address bar to troubleshoot for my job in the states. The need was there and now everyone and their grandma can get past it. Another example would be the turnaround time between a new product release and "jail breaking" it. Seems a futile effort for tax money.
@PariahDrake Is that a reference to Demosthenes or Locke that I'm not aware of?
Lets face it no matter what the protocol is, this means we will end up sending lots of nasty "bio-nary bombs" (LOL :D) at our enemy and filling their servers with horrible eye burning porn in the terms of Hextermegakilabite scale and could lead to some brutal online battles.
maybe they should settle it in a mario kart race or halo match? (yes i know some people will never play fair , but the US is 100-200 years of what they disclose publicly, no need to worry, the white hats have it covered. What better way to be able to gather intel on the whole world then to 1. build computers that hold data 2. link them all together and 3. disseminate information to areas like china and the middle east to westernize the populations fed daily propaganda. Nice work, i get to enjoy vacations worldwide in my old age. Hats off to the white hats)
I consider you home computer the same in many ways as you house. If you leave you house door unlocked no one has the right to go in your house without your permission. The locks on a house are there as a deterrent to honey people. A lock on a house does not stop a dedicated bad guy. All our houses have glass windows. Any dedicated bad guy can get in your home. When someone enters you computer without permission this is breaking and entering. I like to see those who enter you computer be punish harshly as if they entered you house as a burglar. Hackers and people who create virus need to be punish harshly. People using illegal versions of operating systems need those systems turn off, shut down and stopped from communicating on networks and internets. I think its correct if our Government turns off any illegal\stolen operating system and if possible crash that system do, to make it useless! No one has the right to go into you home or computer without your permission and needs to be stopped and punished!
I consider you home computer the same in many ways as you house. If you leave you house door unlocked no one has the right to go in your house without your permission. The locks on a house are there as a deterrent to HONEST people. A lock on a house does not stop a dedicated bad guy. All our houses have glass windows. Any dedicated bad guy can get in your home. When someone enters you computer without permission this is breaking and entering. I like to see those who enter you computer be punish harshly as if they entered you house as a burglar. Hackers and people who create virus need to be punish harshly. People using illegal versions of operating systems need those systems turn off, shut down and stopped from communicating on networks and internets. I think its correct if our Government turns off any illegal\stolen operating system and if possible crash that system too, to make it useless! No one has the right to go into you home or computer without your permission and needs to be stopped and punished!
I wonder how old is this picture is? It seems to me, that these sailor uniforms are a bit old and out of date. Of course it is natural for military to release something public, the information that is being release is many years out of date.
The funny thing is; we haven't learned since the Cold War or the ancient west; control before purpose will always fail...
Yeah, some like to think that virus or worm are the only ways to infect a host or group of hosts. Then again, most of those think they actually buy a real effective product when they buy what Microsoft tells them to. But this stuff here, we are talking mirror overlays, mobile buffering as you go, grabbing any host you can and creating a RTE over their network; and changing anything that network puts out to whatever you want it to say or do. Botnets are old fashioned stuff with little true capability compared to what a nation's systems can be made to do now. Well, not mine. But then again, computer security is a physical thing to me, having little to do with the 'proscribed' methods commonly preached about. These days, you are lucky if all your zombie terminal is being used for is a denial of service attack or as a place to store someone else's personal data. And YEAH, I called YOUR computer a zombie terminal. Antivirus my ass.
Ok, this is On Topic:
The FBI is asking that people go to one of our nation's security sites before July, when infected systems will no longer (supposedly) be able to connect to the Internet. The site I have is www.dcwg.org. They are set up for diagnostics, and supply fix info, do referrals to other problem solving apparatus.