# Cyber Attacks, Act of war and the equivalence..



## mike_cos (Jun 1, 2011)

On the eve of the publication of his first, formal, cyber-strategy, the Pentagon began releasing the first content information. The Wall Street Journal is reporting that DoD would be directed to consider the attacks that caused death, destruction or serious damage to be equivalent to actual armed attacks, acts of war which would justify the retaliatory second traditional means. Attacks on non-conventional and conventional response. A new edition, updated to the twenty-first century, the strategy of deterrence of the Cold War in the European theater where, conversely, to attack the U.S. would respond using conventional nuclear weapons.
In brief... in US will discover that a Government of a nation is guilty of cyber-attacks against US military objs, will respond with real bombs... not bullshits...
What you think mates?  (hey... it's a long time I don't see Pardus...)

SOURCE WSJ


----------



## LimaOscarSierraTango (Jun 1, 2011)

I read this yesterday or two days ago and wanted to hold judgement.  I am still not sure what to think because of a few reasons.

1). It would take a government body to admit to a cyber attack, which is very unlikely.  Otherwise it could be blamed on IP address spoofing, a compromised machine, people not affiliated with the government, etc.

2)."Destruction" or "serious damage" are pretty vague terms.

3). If it does come out that we in fact were partially responsible for Stuxnet, did we commit an act of war against Iran?

4). With how involved to government is with some of its contractors, how would they view their contractors getting compromised (is Lockheed, L3, and I am sure many others that use RSA SecureID)?

5). What about a non-government entity causing death, destruction, or serious damage via a cyber attack?  Will they be considered terrorists or enemies of the State?  What if it originates from within our border?

So what resources would we allocate to the response to a cyber attack?  Troops on the ground?  A cyber counter-attack?  One of the main problems with this is that I feel as though our military is for the most part battle weary.  A strategy like this could cause us more problems than anticipated.  Or on the flip side, it is just something to make the citizens of this country feel a little more secure since most governments wouldn't admit to any type of cyber attack on the United States.

I understand only a small amount of the strategy has been released.  That is the main reason why I reserve judgement.  I would expect the full strategy answers my questions and more.


----------



## mike_cos (Jun 1, 2011)

LOST I agree with you... I have anyway to spend more time to decide if is right or not...


----------



## LimaOscarSierraTango (Jun 1, 2011)

It's always good to have some sort of strategy in place, IMO (as long as it is well thought out).  I am just not so sure if this is more of a symbolic move or something to give other governments a legitimate reason to pause.

And why now?  I guess it is as good a time as any, but is it so we might have a legitimate reason to go after Iran in case of retaliation for Stuxnet (if it does come to light we actually had a part in it)?

Just some thoughts I have on the subject. :-/


----------



## Servimus (Jun 1, 2011)

LimaOscarSierraTango said:


> It's always good to have some sort of strategy in place, IMO (as long as it is well thought out). I am just not so sure if this is more of a symbolic move or something to give other governments a legitimate reason to pause.
> 
> And why now? I guess it is as good a time as any, but is it so we might have a legitimate reason to go after Iran in case of retaliation for Stuxnet (if it does come to light we actually had a part in it)?
> 
> Just some thoughts I have on the subject. :-/


Perhaps it's because relatively speaking we don't have much experience in Cyber warfare. We've been hit multiple times before by "probing" attacks.

http://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_States#Cyberwarfare_activities_of_the_U.S.

http://www.csmonitor.com/World/terr...rd-against-cyber-attacks-Intel-director-Blair

Maybe this is just a way to say- Yeah, we're not the Cyber-warfare powerhouse, but we're still the military superpower. A deterrent.


----------



## mike_cos (Jun 1, 2011)

LimaOscarSierraTango said:


> And why now?



I think it's more of a warning to those governments (like china?) that have tried to penetrate US military network.... forewarned is forearmed....


----------



## LimaOscarSierraTango (Jun 1, 2011)

Servimus said:


> Perhaps it's because relatively speaking we don't have much experience in Cyber warfare. We've been hit multiple times before by "probing" attacks.
> 
> Maybe this is just a way to say- Yeah, we're not the Cyber-warfare powerhouse, but we're still the military superpower. A deterrent.



Very good points. I think the biggest issue with this is that we have some extremely talented "kids" in this field in our country. It is extremely hard to recruit them into government work because they are anti-Big Brother and anti-police State, which many of the people in this industry feel as though we are moving to, if not already there.



mike_cos said:


> I think it's more of a warning to those governments (like china?) that have tried to penetrate US military network.... forewarned is forearmed....



Another good point. China has been in and out of many government networks worldwide for many years, and they were the first country I thought of when I first heard about the cyber strategy. But in all seriousness, do you think the US would actually retaliate against China? At least with bombs? If anything, the US _might_ engage in cyber warfare, but I have a hard time believing we would be very effective (although I also believe that if another country officially attacked the US via cyber warfare, that would rally different hacker and skiddie groups in the US and around the world against that other country and it may start "WWIII" through the Internet. WarGames anybody?).


----------



## Marauder06 (Jun 1, 2011)

I read about this in the paper this morning.  I think it's so heavily caveated that it will never be used, sounds like political posturing to say "hey look we're doing something!"


----------



## Scotth (Jun 1, 2011)

I don't have a problem with the policy or that it's vague.  Cyber-warfare could affect so much in our country you really can't be specific.  It's a necessary message to tell the world.  Cyber-warfare can be very cost effective and low risk without having this stated policy.  Countries should know if they attack us there will be consequences for an attack.  You make take down our power grid from a computer but we will take down your power grid with a JDAM.


----------



## DA SWO (Jun 1, 2011)

Marauder06 said:


> I read about this in the paper this morning. I think it's so heavily caveated that it will never be used, sounds like political posturing to say "hey look we're doing something!"


Agree, but could be used to punch a minor power (Pakistan) in the nose should an Administration feel compelled.
This could also be used to harass China, India, S.Korea and a few other hacking power houses.


----------



## SpitfireV (Jun 1, 2011)

As others have said, it's only possible to tell (superficially) where an attack has come from. Proving it's a government behind it all is neigh on impossible.


----------



## mike_cos (Jun 1, 2011)

Marauder06 said:


> I read about this in the paper this morning. I think it's so heavily caveated that it will never be used, sounds like political posturing to say "hey look we're doing something!"



or to have an excuse for another preventive war.... oops wait.. did not mean that..


----------



## DA SWO (Jun 1, 2011)

mike_cos said:


> or to have an excuse for another preventive war.... oops wait.. did not mean that..


We don't need excuses (Libya).


----------



## mike_cos (Jun 1, 2011)

SOWT said:


> We don't need excuses (Libya).


oh really?... I had not noticed...


----------



## DA SWO (Jun 1, 2011)

mike_cos said:


> oh really?... I had not noticed...


Libya is a good example, as is Bosnia, Kosovo, Operation DENY FLIGHT.
Afghanistan is iffy (Don't think it is an Article 5 Operation).
Only once (maybe twice) has NATO conducted operations under Article 5, anyone wanna guess where the Art 5 ops were conducted?


----------



## SpitfireV (Jun 1, 2011)

Sorry, what's article five in respect of?


----------



## mike_cos (Jun 1, 2011)

SOWT said:


> Libya is a good example, as is Bosnia, Kosovo, Operation DENY FLIGHT.
> Afghanistan is iffy (Don't think it is an Article 5 Operation).
> Only once (maybe twice) has NATO conducted operations under Article 5, anyone wanna guess where the Art 5 ops were conducted?


Hey mate... mine was only a provocation....you americans must begin to be used to these provocations after some election results in Europe.. ig in Italy communists are raising again... not everyone is kind  to the USA as Berlusconi.. (and me)


----------



## mike_cos (Jun 1, 2011)

SpitfireV said:


> Sorry, what's article five in respect of?


http://www.nato.int/cps/en/natolive/official_texts_17120.htm


----------



## SpitfireV (Jun 1, 2011)

Thank you Saint Michael.


----------



## mike_cos (Jun 1, 2011)

SpitfireV said:


> Thank you Saint Michael.


----------



## mike_cos (Jun 1, 2011)

CNAS has published something about cyber-security.... but I'll take a week off to read more.. LOL


----------



## mike_cos (Jun 2, 2011)

Google foil hackers attack against US politics, soldiers, journalists and activists of dissense in china.
Google said "the attack started from China".... The White House "Not affected members of U.S. Gov.."

New York, June 1, 2011 - A flurry of attacks from Chinese hackers took aim at the Gmaile-mail accounts of senior U.S. politicians and Asian countries including South Korea,journalists, soldiers and activists from the Dissent China.

Said on Google, saying that the attack of the hacker apparently left from Jinan. Thecompany ensures that the hacking was foiled. In recent months, the American software giant had a first time Chinese hackers accused of attacking its servers in China.

The White House, however, made ​​it known that "has no reason to believe that the government's e-mail accounts have been hacked" during the attacks. Tommy Vietor, a spokesman for the White House, said that the U.S. administration has decided to launch an investigation. "We are reviewing the reports, and we are trying to establish the facts, "said Vietor.

And Now?... what will do Obama?... In rome today were Biden and Jinping(vice-president of china)... maybe to talking about it...LOL


----------



## Blizzard (Nov 5, 2015)

Resurecting thread because the following article is in topic and it may be interesting to view comments with the benefit of knowledge gained over the past several years:

Pentagon Contractors Developing Lethal Cyber Weapons

The next generation of war is upon us (and has been for several years).


----------



## Brill (Nov 5, 2015)

Lethal Cyber effects?


----------



## AWP (Nov 5, 2015)

Open a dam and flood a region, crash a plane, cause a POL facility to explode, etc.


----------



## 104TN (Nov 5, 2015)

Freefalling said:


> Open a dam and flood a region, crash a plane, cause a POL facility to explode, etc.


It's insane how much infrastructure is still tied to relatively unsecured SCADA systems.


----------



## Blizzard (Nov 5, 2015)

lindy said:


> Lethal Cyber effects?


From the article:
_There is a chapter titled "Cyber Operations" in DOD's first-ever "Law of War Manual," published in June. The section reflects the department's' growing transparency surrounding cyberwarfare, national security legal experts say. Less than three years ago, most activities beyond defensive maneuvers were __classified__. 

The manual lays out three sample actions the Pentagon deems uses of force in cyberspace: *"trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes."*
_
Most are probably familiar with Stuxnet and the offensive possibilities/capabilities it demonstrated.   In many ways cyber is the new "atomic bomb"; it's a new leap forward in warfare.   Even small nation states and potentially even small private groups can weild devestating power.  Ex. just consider the NE power outage in 2003.  That was just a bug.  What could a well placed cyber attack do?  Is it out of the realm of possibility to think numerous nations have offensive code already deployed in a variety of data center types throughout the world, just waiting for the command?

On a similiar note, it's interesting Nothrup Grumman is advertising their development of offensive cyber capabilites (although they don't mention the lethal components):


----------



## Blizzard (Nov 5, 2015)

rick said:


> It's insane how much infrastructure is still tied to relatively unsecured SCADA systems.


Fact.

Hackers exploit SCADA holes to take full control of critical infrastructure


----------



## Brill (Nov 5, 2015)

Freefalling said:


> Open a dam and flood a region, crash a plane, cause a POL facility to explode, etc.



In a zero CDE, zero CIVCAS environment...dream the fuck on.

17-series MFers are Snake Eaters.


----------



## CQB (Nov 6, 2015)

We had some boffin here recently for a bit of jaw jaw. They were talking plausibly of a zero day attack from someone. How far off it was wasn't outlined


----------



## DA SWO (Nov 6, 2015)

lindy said:


> In a zero CDE, zero CIVCAS environment...dream the fuck on.
> 
> 17-series MFers are Snake Eaters.


Killing civilians as collateral is one thing, killing them as part of the plan is another.
WW II was the last time either side shrugged it's shoulders over civilian deaths.
We'd have to be getting over run before it would be considered, and liberals would still argue against it.


----------



## x SF med (Nov 6, 2015)

DA SWO said:


> WW II was the last time either side shrugged it's shoulders over civilian deaths.




Tell that to ISIL, or the Muslim Brotherhood...


----------



## DA SWO (Nov 6, 2015)

x SF med said:


> Tell that to ISIL, or the Muslim Brotherhood...


Not recognised states.
We could add the Viet Cong, Hamas, Serbs, Bosniacs, etc; but Western/Civilized Countries try to avoid civilian deaths.
We lose wars because many don't understand that wars are not civil events.


----------



## Blizzard (Nov 6, 2015)

CQB said:


> We had some boffin here recently for a bit of jaw jaw. They were talking plausibly of a zero day attack from someone. How far off it was wasn't outlined


We see zero day attacks on pretty regular basis.  Stuxnet exploited multiple zero day vulnerabilities.  Sony's attack utilized a zero day vulnerability.  Java has served as an attack vector multiple times.  Zero-days are even sold on the black market.  The question is when we get hit with one that is truly crippling to critical infrastructure or something similar.


----------



## Blizzard (Nov 6, 2015)

lindy said:


> In a zero CDE, zero CIVCAS environment...dream the fuck on.


Agree.  The ethical/moral component present a roadblock for us but not necessarily for our adversaries.  Are we likely to cause a nuclear reactor meltdown?  No but an organization such as ISIS or another more technically advanced group/country may not hold the same restraint when it comes to us. 

This presents the real challenge.  It's true asymmetric warfare and the technology threshold required to become a legitimate threat is significant lower than it is for something such as NBC development.  Now, rather than looking at nation states and larger better organized terror groups, we must consider and address threats from significantly smaller but technically capable organizations, such as organized crime groups in former Soviet states.


----------



## AWP (Nov 6, 2015)

Languages are the new WMD. Let's invade every nation with a computer. Dick Cheney approves.


----------



## DA SWO (Nov 6, 2015)

Freefalling said:


> Languages are the new WMD. Let's invade every nation with a computer. Dick Cheney approves.


Actually you could win buy sending infected computers everywhere.
Great idea.


----------



## Brill (Nov 6, 2015)

DA SWO said:


> Actually you could win buy sending infected computers everywhere.
> Great idea.



China do that.


----------



## CQB (Nov 6, 2015)

Blizzard said:


> Agree.  The ethical/moral component present a roadblock for us but not necessarily for our adversaries.  Are we likely to cause a nuclear reactor meltdown?  No but an organization such as ISIS or another more technically advanced group/country may not hold the same restraint when it comes to us.
> 
> This presents the real challenge.  It's true asymmetric warfare and the technology threshold required to become a legitimate threat is significant lower than it is for something such as NBC development.  Now, rather than looking at nation states and larger better organized terror groups, we must consider and address threats from significantly smaller but technically capable organizations, such as organized crime groups in former Soviet states.



Are Dae'sh that capable? They're great at SOCMED in situ (with J-DAMs as the last laugh), but does it extend to CW?


----------

