TransTracker on 2009-05-01
Cynical translation: How do create a whole new class of reasons to use military force, all while making it seem as legitimate as possible.
This link has been bookmarked by 1 people . It was first bookmarked on 01 May 2009, by TransTracker.
-
01 May 09
-
Analysts and strategists gathered at the Cyber Warfare 2009
conference in London last January were grappling with some thorny problems associated with the cyberaggression threat. One that proved particularly vexing was the matter of exactly what constitutes cyberwarfare under international law. There's no global agreement on the definitions of cyberwarfare or cyberterrorism, so how does a nation conform to the rule of law if it's compelled to respond to a cyberattack? -
-
Steven Chabinsky, senior cyberadvisor to the director of national intelligence.
- 7 more annotations...
-
-
While Chabinsky declined to be specific because of concerns about compromising intelligence-gathering methods, he affirmed that the U.S. has identified "a number of sophisticated nation-state actors who we believe have the capability to bring down portions of our critical infrastructure." Fortunately, he added, "we don't think they have the intent to do so, [since] our country would respond accordingly, and not necessarily symmetrically through cyber means."
-
TransTracker on 2009-05-01
An affirmation that the U.S. would conduct "cross-domain responses" as a result of a cyberattack.
-
-
"I think the primary cyber-risk to our critical infrastructure is from disgruntled employees who have insider knowledge and access," Chabinsky says. "Insider threats
can take advantage of the most serious vulnerabilities; in fact, they can create them. Could they sell their capabilities to a terrorist group? Certainly."-
TransTracker on 2009-05-01
So is that really something that needs to become "militarized"--i.e. a security threat primarily within the purview of the national security community (military, intelligence, homeland security)?
-
-
"I would say that currently, organized criminal activity provides a more pervasive and damaging threat than organized terrorists," says Mike Theis, who until recently served as chief of cyber counterintelligence at the National Reconnaissance Office (NRO), an agency of the U.S. Department of Defense.
-
TransTracker on 2009-05-01
Sounds like a law enforcement issue. Again, is it appropriate to militarize the threat?
-
-
- Theft of personal information that could be used for sale to the highest bidder or on an information exchange.
- Theft of trade secrets, intellectual property or superior business processes. "It could be something as simple as your customer list, but there is usually a lot more of value than that," Theis says.
- Cyberhostage taking. If the contents of your entire hard drive were remotely encrypted by a hacker, would you pay $100 to get the decryption key? Would 10,000 people like you do the same?
- Cyberblackmailing. How much would you pay to prevent your family/customers/competitors/regulators from knowing something that was found on your computer?
- Cyberslaving. The perpetrator installs a back door or "loader" on your machine and sells it to the highest bidder. It would allow the buyer to install any type of software on that machine without being detected. "The last I heard, the average price was still about $1 per machine," Theis says. "It's not uncommon to see machines purchased in blocks of 10,000 or more in order to launch a denial-of-service attack."
According to former NRO official Mike Theis, terrorists and criminals pose similar threats with respect to illicit profit generation. The following are some examples of activity these groups might aim to perpetrate:
"So basically," Theis says, "anything that can be done in the world of brick and mortar has some type of a cyber equivalent."
-
TransTracker on 2009-05-01
And in the world of brick and mortar, these would all be law enforcement issues, not military issues.
- Theft of personal information that could be used for sale to the highest bidder or on an information exchange.
-
"There is reason to consider whether some nation-states lack the ability to control organized crime within their borders, lack the resources to control criminals who victimize people and businesses outside their borders, or suffer from corruption in which government officials are complicit in lucrative criminal schemes," Chabinsky says.
-
TransTracker on 2009-05-01
And here we have a reason to violate sovereignty, despite an ability to accurately determine from where an attack is being launched. Lack of knowledge can provide just as much justification as positive knowledge. Let's say an attack is coming from computers in country X. Did country X's government perpetrate the attack? Or was it country Y? At some level, it could be argued that it doesn't matter. The computers in country X are the ones doing the damage, so take them out...either through retaliatory cyberstrikes, or through "cross-domain responses" in the form of airstrikes, EMP, etc. This is the beginning of the same kind of reasoning we saw regarding terrorism and soverignty following 9/11. Either you are against us or with us. If you don't have control of the terrorists in your country, then you are by default against us. Your lack of control is evidence that you have already lost your sovereignty and therefore we are justified in attacking you. In fact, we're doing you a favor! Returning your otherwise hijacked country to you! Will we see the same kind of logic develop in regards to cyberwar?
-
-
Indeed, the role that hackers play on the cyberwarfare stage is widely underestimated. "I think that a big myth is that cybercrime is still about a 15-year-old kid doing Web defacements," Chabinsky says.
In truth, the hacker element is gaining influence worldwide, and that influence is being targeted by governments. -
"It seems ludicrous that countries that have stated their understanding of the importance of cyberconflict dominance and have dedicated resources to that effort would not use them in a decisive way, but [instead] would depend on patriotic hackers to just happen to get it right and just at the right time."
Still, governments have every reason to want to strain the limits of credibility, Theis says. "It's a nice myth to perpetuate if you're trying to maintain plausible deniability."-
TransTracker on 2009-05-01
So, lack of evidence is not only not evidence of lack. But lack of evidence is evidence of a cover-up, which is therefore evidence of state sponsorship. In short, lack of evidence is evidence.
-
-
-
Public Stiky Notes
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.