Now, the good news: It's possible to defend against a 'cyberattack.' And the American military has been working on ways of dealing with threats to our info tech.
Welcome to the 21st Century
That good news/bad news thing is from my point of view, of course.I live in this country. I like being able to run a furnace during winter, get air conditioning now and then in the summer, and use the telephone year-round. All of which depend on a power grid and telecommunications system that rely on software and computers.
I think that the Pentagon isn't anywhere near as big a threat to me as, say, Al Qaeda. Which isn't the same as assuming brass hats can do no wrong. (June 18, 2009) The American military isn't perfect. I don't expect that of any human institution. What's remarkable about the people who defend this country is that they routinely and objectively review what's been done - then learn from their mistakes - and successes. (June 30, 2008)
Military Minds, Hackers, and Obligatory Hand-Wringing
News that an attack on America's information technology will be treated as an act of war, like any other attack, will almost certainly hit old-school news media this June.The Wall Street Journal has already published an article about the report.1 That paper has been around since the late 19th century, so in a sense it's 'old school,' but their editors seem to have noticed that class struggles and Yankee imperialism are a trifle dated as relevant topics go. So is "relevance," for that matter - and that's another topic.
In a perfect world, the Pentagon would have noticed America's reliance on information technology - and how an attack could target that technology - years ago. For that matter, in a perfect world we wouldn't need armed forces: and nobody would have decided to fly airliners into New York City's World Trade Center.
I'd like to be wrong about this, but my guess is that we'll read some of the usual complaints:
- Paranoid generals
- Threats to our privacy
- American
- Arrogance
- Insensitivity
- Whatever
Maybe that sort of knee-jerk response has gone out of fashion. Things change, including biases among the powers that be. Sometimes change comes when the powers that be themselves get swapped out. And that's yet another topic. (May 26, 2011, March 18, 2011)
Dealing With Uncertainty
A concern that's already been raised is, I think, more reasonable: how to tell where an attack on an American information system came from.Anything involving the Internet will be easy enough to track, in a way. A few years ago, a series of such attacks came from China. Or, rather, servers in China. March 20, 2010, February 22, 2010, October 10, 2008) The Chinese government's official line is that it wasn't them.
They could be right. I don't necessarily think so - but it is possible that whoever planned the various attacks lived in and operated out of, say, Liechtenstein. Or Kenya. Or Paraguay. Or anywhere else in the world with modestly-adequate Internet connections. Trojan horse viruses are nothing new: and a government-run server could be hijacked by one. (Apathetic Lemming of the North (October 3, 2010))
One thing I'm not particularly worried about is a Dr. Strangelove scenario where one (1) lunatic general - American, of course - decides to make it look like China launched yet one more hack attack on America. It could happen, of course: but I'm pretty sure that this country, at least, has learned to be a little more careful than we were back in the "remember the Maine" days.
Perfect, no. But we do, I think, learn.
Why I Believe What I Believe
As I said earlier, I like living in America.I was born here, so there's a sort of 'this is my home' feeling involved. I've also known folks who weren't born here, and decided to pull up roots and become Americans. I know that this country isn't perfect: but it's one of the nations folks are trying to break into.
I've discussed some of the reasons I think the way I do in another blog: including posts listed in the last quintet of links under "Related posts."
Related posts:
- Cyberwar
- "Lockheed Martin Corp, SecureIDs, EMC, and All That"
(May 28, 2011) - "Stuxnet: Inhuman Secret Agent"
(November 26, 2010) - "China, Paper on How to Bring Down USA Power Grid: All a Big Misunderstanding?"
(March 20, 2010) - "China. Hackers. Cyberattack. Again."
(February 22, 2010) - "World Bank Group Network Hacked; Chinese IPs Used: Just What We Need"
(October 10, 2008)
- "Lockheed Martin Corp, SecureIDs, EMC, and All That"
- It's a changing world
- "Who Needs Facts? Cultural Assumptions and Politics"
(July 24, 2009) - "Unintended Consequences? The West May be Getting Over Hiroshima"
(January 25, 2008) - "Russian Official Declares First-Strike Nuke Policy: Why?"
(January 19, 2008) - "Starvation, Poverty, and Perceptions"
(July 18, 2007) - "Doctors, Terrorists, and the Proletariat: What's a Person to Think?"
(July 3, 2007)
- "Who Needs Facts? Cultural Assumptions and Politics"
- Why I believe what I believe
- " 'Just War:' Unpleasant, but Not a Contradiction in Terms"
A Catholic Citizen in America (March 22, 2011) - "That's Funny: You Don't Look Catholic"
A Catholic Citizen in America (December 17, 2010) - "The Pope, Science, and Technology: My Take"
A Catholic Citizen in America (October 30, 2010) - "Tolerance: Yes, it's a Good Idea"
A Catholic Citizen in America (August 3, 2009) - "Conservative? Liberal? Democrat? Republican? No, I'm Catholic"
A Catholic Citizen in America (November 3, 2008)
- " 'Just War:' Unpleasant, but Not a Contradiction in Terms"
- "Cyber Combat: Act of War"
Siobhan Gorman, Julian E. Barnes, Technology, The Wall Street Journal (May 31, 2011)
1 Excerpt from today's news:
"The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military.
"In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. 'If you shut down our power grid, maybe we will put a missile down one of your smokestacks,' said a military official.
"Recent attacks on the Pentagon's own systems - as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm-have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. ... This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.
"The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war....
"...One idea gaining momentum at the Pentagon is the notion of 'equivalence.' If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a 'use of force' consideration, which could merit retaliation.
"The Pentagon's document runs about 30 pages in its classified version and 12 pages in the unclassified one. It concludes that the Laws of Armed Conflict - derived from various treaties and customs that, over the years, have come to guide the conduct of war and proportionality of response - apply in cyberspace as in traditional warfare.... The document goes on to describe the Defense Department's dependence on information technology and why it must forge partnerships with other nations and private industry to protect infrastructure.
"The strategy will also state the importance of synchronizing U.S. cyber-war doctrine with that of its allies, and will set out principles for new security policies. The North Atlantic Treaty Organization took an initial step last year when it decided that, in the event of a cyber attack on an ally, it would convene a group to 'consult together' on the attacks, but they wouldn't be required to help each other respond....
"...Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.
"The move to formalize the Pentagon's thinking was borne of the military's realization the U.S. has been slow to build up defenses against these kinds of attacks, even as civilian and military infrastructure has grown more dependent on the Internet. The military established a new command last year, headed by the director of the National Security Agency, to consolidate military network security and attack efforts.
"The Pentagon itself was rattled by the 2008 attack.... At the time, Pentagon officials said they believed the attack originated in Russia, although didn't say whether they believed the attacks were connected to the government. Russia has denied involvement.
"The Rules of Armed Conflict that guide traditional wars are derived from a series of international treaties, such as the Geneva Conventions, as well as practices that the U.S. and other nations consider customary international law. But cyber warfare isn't covered by existing treaties. So military officials say they want to seek a consensus among allies about how to proceed.
" 'Act of war' is a political phrase, not a legal term, said Charles Dunlap, a retired Air Force Major General and professor at Duke University law school....
(The Wall Street Journal)