US Cybersecurity Plan Includes Offense 101
z4ns4stu writes "Shane Harris of the National Journal describes how the US government plans to use, and has successfully used, cyber-warfare to disrupt the communications of insurgents in Iraq. 'In a 2008 article in Armed Forces Journal, Col. Charles Williamson III, a legal adviser for the Air Force Intelligence, Surveillance, and Reconnaissance Agency, proposed building a military "botnet," an army of centrally controlled computers to launch coordinated attacks on other machines. Williamson echoed a widely held concern among military officials that other nations are building up their cyber-forces more quickly. "America has no credible deterrent, and our adversaries prove it every day by attacking everywhere," he wrote. ... Responding to critics who say that by building up its own offensive power, the United States risks starting a new arms race, Williamson said, "We are in one, and we are losing."'"
Re:what about anonymous? (Score:3, Interesting)
Because you can't budget for internet hooligans. You need to put them on specific payroll if you are to create your own personal fiefdom. Never forget, there is no incentive to save when your organization has no real limits on its "funding". When all you have to do is declare that people will pay you more, and they either do, or you declare that your going to take a loan out on their behalf, there may be an overall percieved need to "keep costs down" but, never "in our department".... no... because from the point of view of its own chartered purpose, a department must expand because there is always more within its mandate to do.
So a general need to cut costs may be realized, but, never acted upon because, every actor believes he needs more money to do his job.
And yet... they keep creating them.
-Steve
The crux of cyberwarfare (Score:1, Interesting)
From TFA
Bush's authorization of "information warfare," a broad term that encompasses computerized attacks, has been previously reported by National Journal and other publications. But the details of specific operations that specially trained digital warriors waged through cyberspace aren't widely known, nor has the turnaround in the Iraq ground war been directly attributed to the cyber campaign. The reason that cyber techniques weren't used earlier may have to do with the military's long-held fear that such warfare can quickly spiral out of control. Indeed, in the months before the U.S. invasion of Iraq in March 2003, military planners considered a computerized attack to disable the networks that controlled Iraq's banking system, but they backed off when they realized that those networks were global and connected to banks in France.
In traditional warfare, going after your enemy was easy. Your leader tells you where to go, and you go there. One loads up on supplies, munition, and guns. In the face of cyberwarfare, however, things get messy. A lone soldier with a laptop can cross be anywhere in the world causing problems. Hell, he could be sitting in your very country's back yard and you might not even have a clue. Or, in TFA's case, the splash damage ends up screwing up critical, tangentially connected systems.
Sucks to be the military division that has to track, attack, and manage the diplomatic border issues regarding hackers during times of war.
Re:Just give it time (Score:4, Interesting)
They're like "that survivalist guy with a whole basement full of guns, ammo, grenades and a rocket launcher or two". It'll be suicide to go up to his house with a BB gun and shoot at it.
If anyone wants to hurt the USA they'd have to do it more sneakily - so there's no obvious target for their nukes, cruise missiles, bombers etc.
Same goes for this "cyberwarfare" thing. A massive concerted attack from your country against the USA will just get you bombed.
The US media likes to make noise about China/<bogeyman of the day> launching cyberattacks on US servers. The fact is, if the Chinese Gov was really involved, the US Gov will just call the Chinese ambassador in, and say: "Hey stop that now". But really which government is going to do that? If my government wanted to start a war with the USA - cyber or otherwise, a real act of patriotism would be to shoot the idiot leader(s) who came up with that idea.
The attacks are mainly from a bunch of script kiddies or criminals. If the US Gov is really serious about reducing the attacks they should just go follow the money/control channels, and jail the people responsible if they're in the USA (won't surprise me if many are actually from the USA- after all Sanford Wallace is in the USA, and the BlueHippo thing was in the USA ).
Re:what about anonymous? (Score:2, Interesting)
Ironically we did. But there are too many organizations and the one dealing with military threats clearly wasn't aware of the others. The best way to deal with terrorists is secret service. They only need tweaking and infiltrating. Pay a few officials, assassinate a few others, done. The idea that any army can stop terrorists is ridiculous.
Oh and failing SS you can attempt to change the region to be something that doesn't hate you. BTW, the secret is NOT bombing them. Ask the british, french or the romans, most of the countries they conquered don't hate them... and the US was just liberating countries. Something to do with trade, peace, talks, cultural exchange, improving the country and oh... not killing them in droves followed by massively dropping the standard of living.
Re:Just give it time (Score:3, Interesting)
Don't count the US out until you can count 10. Maybe the reason for its endurance is that the US is really never just one nation of one people.
Discussions of exceptionalism aside, you must find the term "homeland" (as in "Homeland Security") as inappropriate (even funny) as I do.
Re:preparing for cyber warfare (Score:2, Interesting)
Re:Just give it time (Score:3, Interesting)
It might be a wee bit early to go claiming endurance.
The US has been a superpower for less than 60 years, and has existed for less than 250 years.
The Roman Empire, which you mentioned, and most of history's other great civilizations, were around for rather longer.
Re:Just give it time (Score:2, Interesting)
What about what PLA leaders have published in regards to Information Warfare and ("Informationized Warfare")?
A good starting point is Unrestricted Warfare. See: http://en.wikipedia.org/wiki/Unrestricted_Warfare for links to a PDF version.
--
"This is another type of war, new in its intensity, ancient in its origins—war by guerrillas, subversives, insurgents, assassins; war by ambush instead of by combat; by infiltration, instead of aggression, seeking victory by eroding and exhausting the enemy instead of engaging him. It requires in those situations where we must counter it a whole new kind of strategy, a wholly different kind of force, and therefore a new and wholly different kind of military training."
John F. Kennedy
USMA Graduation Speech, 1962
Re:what about anonymous? (Score:3, Interesting)
The US seems to be a complete dichotomy with regards to its Empire. Inside the US, the citizens struggle to maintain democracy and the laws of their constitution against those who want to restrict and change them. They support the rule of law (although of course differ on what that means), and are very concerned with the rights of their individual citizens. Its a fascinating process to watch (I am Canadian).
Outside the US, anything goes and the Munroe Doctrine supports that. While usually US foreign policy is explained away as a desire to spread the virtues of Democracy (and the American Way(tm)) to other nations, the reality is that the US has usually acted to support US companies in other countries, and well, if democracy breaks out, so much the better. So the US has supported a horde of South American dictators who abused their people, supported those who later turned out to be terrorists, and generally run roughshod over the rights of other nations and peoples in a cavalier manner that belies the principles they supposedly hold dear.
Right now the US is an Empire, like it or not. Rather than compare it to the British or other Colonial empires though, I think the empire of ancient Athens is a closer match. Athens had the first democracy for its citizens, but relied in many ways on slave labour (nowadays thats third world workers, illegal immigrants) to maintain its strong standard of living, and it controlled city-states all over the Mediterranean (nowadays the largest buildup of foreign military bases ever built by any nation in history) that it could use to suppress rival powers. By and large the actions of the US are directed at securing economic stability and control over resources. If that means they need to invade somewhere to achieve those goals, historically that's what tends to happen. Of course the US has also abrogated to itself the role of the World's Policeman.
Now, don't mistake me, I understand this process I think, and I don't entirely disapprove. I just wish sometimes that you could call a spade a spade and avoid the obfuscation. "We are invading Iraq because we need to secure control over the oil in that area", "We are not stopping the genocide in Rwanda because there are no resources there, and well, the people are black", "We are invading the Dominican Republic because the interests of US Sugar are threatened", etc.
Some of the many conflicts the US has gotten involved in were entirely justified in my opinion of course, Afghanistan where Canada is heavily involved for instance. I think rooting out the Taliban and breaking their control over the people there can only be a good thing for the people of Afghanistan and the world in general.
Not that anyone will read this, or care :P
Re:Wait what? (Score:4, Interesting)
FWIW:
I remember reading, I think it was a decade or two ago, about a Nuclear plant that had in internal network for just that reason. And total separation.
Then they hired a consultant to test or fix something, and that consultant brought in his computer and hooked it up to their network, but he needed some info that was kept on his company's site, so he also hooked it up to the main internet.
Well, the virus wasn't all THAT damaging, THAT time.
Separating the nets is VERY desirable. But if you really want to be safe, you need to also use different communication protocols. Different strings for local URIs, etc. Even a simple change would probably be enough, but even a simple change would be a tremendous hassle to implement.
Say you adopt the httq protocol instead of the http. Now you need to modify all the programs that expect http...because you don't want a rogue http link that sneaks in to be able to be processed. Quite a simple change... You'd want a series of changes at about that level of simplicity, and at all 7 levels of the protocol stack. Each one trivial.
Now try to run your MSWind software.... Whoops! All you can run is software that either doesn't depend on the net, or is specially crafted. This means OSS, and practically FOSS software.
(I suppose there might be simpler solutions, but every one I thought of I soon saw holes in.)