Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Military United States Technology

US Cybersecurity Plan Includes Offense 101

z4ns4stu writes "Shane Harris of the National Journal describes how the US government plans to use, and has successfully used, cyber-warfare to disrupt the communications of insurgents in Iraq. 'In a 2008 article in Armed Forces Journal, Col. Charles Williamson III, a legal adviser for the Air Force Intelligence, Surveillance, and Reconnaissance Agency, proposed building a military "botnet," an army of centrally controlled computers to launch coordinated attacks on other machines. Williamson echoed a widely held concern among military officials that other nations are building up their cyber-forces more quickly. "America has no credible deterrent, and our adversaries prove it every day by attacking everywhere," he wrote. ... Responding to critics who say that by building up its own offensive power, the United States risks starting a new arms race, Williamson said, "We are in one, and we are losing."'"
This discussion has been archived. No new comments can be posted.

US Cybersecurity Plan Includes Offense

Comments Filter:
  • by Anonymous Coward

    Who needs a botnet when you have a labotomized group of internet hooligans who only need a target worth harassing?

    • Re: (Score:3, Interesting)

      by TheCarp ( 96830 )

      Because you can't budget for internet hooligans. You need to put them on specific payroll if you are to create your own personal fiefdom. Never forget, there is no incentive to save when your organization has no real limits on its "funding". When all you have to do is declare that people will pay you more, and they either do, or you declare that your going to take a loan out on their behalf, there may be an overall percieved need to "keep costs down" but, never "in our department".... no... because from the

      • by earlymon ( 1116185 ) on Saturday November 14, 2009 @10:43AM (#30097830) Homepage Journal

        Because you can't budget for internet hooligans.

        In the 90s the military establishment began to realize and fear that the methods we had in place were dedicated to force on force conflicts but that terrorists - especially postulated nuclear ones - had no solution. Within a decade, that proved prophetic (although thankfully, not the nuke part).

        From TFS:

        Williamson echoed a widely held concern among military officials that other nations are building up their cyber-forces more quickly.

        Looks like déjà vu all over again.

        No one is ever ready for the upcoming threat - they're too busy safeguarding against the last surprise.

        • Re: (Score:2, Interesting)

          by Idiomatick ( 976696 )

          In the 90s the military establishment began to realize and fear that the methods we had in place were dedicated to force on force conflicts but that terrorists - especially postulated nuclear ones - had no solution.

          Ironically we did. But there are too many organizations and the one dealing with military threats clearly wasn't aware of the others. The best way to deal with terrorists is secret service. They only need tweaking and infiltrating. Pay a few officials, assassinate a few others, done. The idea th

          • by NotBornYesterday ( 1093817 ) * on Saturday November 14, 2009 @12:44PM (#30099002) Journal

            Ask the british, french or the romans, most of the countries they conquered don't hate them... and the US was just liberating countries. Something to do with trade, peace, talks, cultural exchange, improving the country and oh... not killing them in droves followed by massively dropping the standard of living.

            The British , French, and Romans killed lots of natives building their empires, they had no compunctions about doing it, and they certainly didn't feel bad about it after. So did the Spanish, for that matter. They also imposed their own laws on other cultures, and taxed their new "subjects", drawing more wealth out of the colonies than they put in, thereby driving down the local economy. The primary reason for being a colonial power has always been to exploit someone else's wealth.

            The US has built (or rebuilt) a lot of infrastructure in the wake of its various invasions. The standard of living in these places would be a lot higher if said infrastructure wasn't still being blown up, this time by people other than the US.

            Not justifying invasions or civilian deaths, just saying I don't agree with your comparison.

            • Re: (Score:3, Insightful)

              by ceoyoyo ( 59147 )

              Agreed. The places the US out and out invades usually get rebuilt pretty well, from Germany and Japan through 1990s and 2000s Iraq and 200s Afghanistan.

              The ones that don't actually get invaded though... those are the ones that really generate the anti-US sentiment. From all the destabilizing and dictator installing that was done in South America to the fooling around in Afghanistan and Iran and Iraq in the 80s.

              • Re: (Score:3, Interesting)

                by Phrogman ( 80473 )

                The US seems to be a complete dichotomy with regards to its Empire. Inside the US, the citizens struggle to maintain democracy and the laws of their constitution against those who want to restrict and change them. They support the rule of law (although of course differ on what that means), and are very concerned with the rights of their individual citizens. Its a fascinating process to watch (I am Canadian).

                Outside the US, anything goes and the Munroe Doctrine supports that. While usually US foreign policy

            • Re: (Score:2, Insightful)

              You seem to assume that all empires other than the USA were patterned after the Belgian Congo.

              Didn't the British Empire leave an infrastructure of railways, telegraphs, hospitals and universities? Is the export of trial by jury, common law, and parliamentary democracy a legacy to be reviled? Are people forced to play soccer, rugby, and cricket?

            • Sure people died but in almost every single case the standard of living shot up massively and economically was good for both sides.
              Romans killed a certain chunk of a country, mainly military since collateral damage is rarer with a spear. At worst they'd decimate a group (That means 1/10th btw) to show they mean business.

              After that they would make the leaders sign fealty or w/e. They'd leave a few troops there. And set about bettering the country. They would tax the country some for their own benefit. Then
              • Sure people died but in almost every single case the standard of living shot up massively and economically was good for both sides. Romans killed a certain chunk of a country, mainly military since collateral damage is rarer with a spear. At worst they'd decimate a group (That means 1/10th btw) to show they mean business.

                I would debate the economically good part. There are those who argue that the Roman Empire fell because it ran out of countries to invade and loot, and therefore could no longer afford the massive armies required to keep the hold on the lands they had taken. I can't imagine the outcry if the US "decimated" Iraqis to show we mean business.

                After that they would make the leaders sign fealty or w/e. They'd leave a few troops there. And set about bettering the country. They would tax the country some for their own benefit. Then they would build. The barbarians they conquered were given roads, theaters, sometimes written word, law, aqueducts, plumbing, foods.

                Which largely parallels what has happened in Afghanistan & Iraq. Elected governments have been set up. The elections are far from being problem-free, but things are

        • by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Saturday November 14, 2009 @01:20PM (#30099304) Homepage

          > In the 90s the military establishment began to realize and fear that the methods we had in place were dedicated to force on force conflicts but
          > that terrorists - especially postulated nuclear ones - had no solution. Within a decade, that proved prophetic (although thankfully, not the nuke
          > part).

          Actually, I tend to think Lawrence Lessig's essay "Insanely Destructive Devices" addressed the issue quite nicely. Technology that can be used for good can always be turned for evil. As technology expands what a person may easily do, or what a small group of people may do, it MUST ALSO expand the amount of harm a person can do.

          Its hard to argue that explosives and guns have not increased the damage of an individual with access to them going psychotic and deciding to kill. I am afraid that this threat is unavoidable. So too the threat of determined individuals with a rational or semi-rational goal of destruction are even more amplified. Terrorism *IS* rational from a soldier at war's viewpoint.

          So, in the end, the ONLY viable solution, besides attempting to raise the bar just enough to mitigate as much as possible the "crazy lone wolf" threats, is decreasing the rationality of terrorism. ONLY by stopping such groups from forming in the first place and growing will they be stopped.

          This is why I actually believe that things like torture programs get more people killed. The hypocrisy of championing due process, the rule of law, and civil rights and then instituting secret programs of detention, rendition, and torture are not lost on the enemy. They join up BECAUSE they know we are hypocrites, it is why they joined.

          Hearts and minds are the only battlefields that matter in the end. The rest is just those victories and defeats playing out.

          -Steve

          • It's a nice utopia but there's a simple flaw: decreasing the rationality of terrorism is no easier than decreasing the rationality of full-scale war.

            That's not to say that you're not right - removing the incentive is key. But it's wise to avoid appeasement as well - and as we didn't have rational policies in place to prevent this outcome, and now face hatred, many, from what I've seen and read, translate reducing motivation into appeasement.

            The other problem with the concept is that it's bad enough that th

          • You covered a lot of territory, hence, my multiple replies.

            This is why I actually believe that things like torture programs get more people killed.

            We were supposed to be the good guys, as in Geneva Convention. We were supposed to have learned from past mistakes that some killing - and other abominations - don't stop when the bell rings. It creates an unending situation. World War II is the outcome of World War I and that was the outcome of the Franco-Prussian conflict of Kaiser Wilhelm I's days.

            Resentment doesn't die. Torture creates resentment. The North Koreans actually seem to believe th

      • by gmuslera ( 3436 )
        That tactic <a href="http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia">worked</a> against Estonia a couple of years ago. People is easy to manipulate, at least in big numbers, and paying a few comunicators could be less expensive than paying thousands of normal users.

        Of course, building a botnet is per se an aggressive move, either against your own citizens or to foreing (enemy or not) countries, if it spreads over their computers. And the easiest way to get attacked by your own tools (
      • The military does not want to keep their costs down, in fact they want to keep increasing so each year they maintain a level of budget to the last, sickening really....but everyone does it in politics and in government.

    • by Talisman ( 39902 )

      Oh, I think you know why not Anonymous.

      NOT YOUR PERSONAL ARMY.

  • Well (Score:1, Insightful)

    by Stargoat ( 658863 )
    Well, why wouldn't it include an offense? If someone is putting videos of nutjobs cutting the heads off of people, we damn well ought to be able to take their servers down.
    • Re: (Score:3, Insightful)

      by hansraj ( 458504 )

      You know what's a better idea? Leave those damn servers alone and let everyone see for themselves what a nutjob your enemies are. Bringing their servers down won't bring the poor sod in the video back to life, but it might make sure that next time you have something tangible to act on (like invading a "rogue" country) other countries will root for you.

      • Generally, I think it would be a bad idea to allow an enemy to freely spread propaganda (unless it works for you)... besides, what's the saying? All's fair in love and war? Their servers are fair game, IMHO.

    • by Anonymous Coward

      I love when commments get modded down simply for expressing an opinion the moderator doesn't like.

      Did you guys really expect no offensive strategies? I think nerds on this site need to get real about the real world.

  • This makes complete sense to me. History is replete with examples of leaders who did not learn to exploit new technology, new fields of battle, and paid the price for it. Expanding your capabilities to use and defend against attacks in information technology is just an extension of the principle of finding a bigger stick.
  • Wait what? (Score:5, Informative)

    by Dyinobal ( 1427207 ) on Saturday November 14, 2009 @10:26AM (#30097706)

    "America has no credible deterrent, and our adversaries prove it every day by attacking everywhere,"

    Well that's just it you can't build a razor wire wall and laugh as people cut themselves trying to get through it. It seems to me the first mistake to be made is to treat a digital front as if it was a front in an actual war. All you're doing it guarding secrets most often, or sometimes vital services. Best way to protect them is physical separation from civilian networks. I know my friend who does communication translation for the military works on a network where they mirror a hand full of sites (wiki among them) every week and host them in house simply because having the network connected to the internet at large is just to risky.

    • Re: (Score:3, Insightful)

      by Adambomb ( 118938 )

      I don't really understand how this is even an issue. I seem to remember reading an article almost a decade ago [sadly I don't remember the source] which explained how the NSA operated their networking and it was EXACTLY what you're saying. The only connection their networks had to the outside world were stations with two terminals, internal network on one and external networks on the other with the agent in the chair being the ONLY connection between the two.

      No amount of efficiency gained is worth having tr

      • I don't really understand how this is even an issue. I seem to remember reading an article almost a decade ago [sadly I don't remember the source] which explained how the NSA operated their networking and it was EXACTLY what you're saying. The only connection their networks had to the outside world were stations with two terminals, internal network on one and external networks on the other with the agent in the chair being the ONLY connection between the two.

        No amount of efficiency gained is worth having truly sensitive data being ANYWHERE on an exposed network.

        In one of my formal environments, there were networks like this; all the very sensitive kit is tucked away on aggressively segmented if not air-gapped networks. However, there was a time when we were migrating the firewall infrastructure which would involve complete disruption with the public internet for the non-critical / normal internal network. We had to reschedule twice because the critical business didn't have another way of passing on data to / from their international partners. It's not that they

      • Re:Wait what? (Score:4, Interesting)

        by HiThere ( 15173 ) <charleshixsn.earthlink@net> on Saturday November 14, 2009 @06:21PM (#30101828)

        FWIW:
        I remember reading, I think it was a decade or two ago, about a Nuclear plant that had in internal network for just that reason. And total separation.

        Then they hired a consultant to test or fix something, and that consultant brought in his computer and hooked it up to their network, but he needed some info that was kept on his company's site, so he also hooked it up to the main internet.

        Well, the virus wasn't all THAT damaging, THAT time.

        Separating the nets is VERY desirable. But if you really want to be safe, you need to also use different communication protocols. Different strings for local URIs, etc. Even a simple change would probably be enough, but even a simple change would be a tremendous hassle to implement.

        Say you adopt the httq protocol instead of the http. Now you need to modify all the programs that expect http...because you don't want a rogue http link that sneaks in to be able to be processed. Quite a simple change... You'd want a series of changes at about that level of simplicity, and at all 7 levels of the protocol stack. Each one trivial.

        Now try to run your MSWind software.... Whoops! All you can run is software that either doesn't depend on the net, or is specially crafted. This means OSS, and practically FOSS software.

        (I suppose there might be simpler solutions, but every one I thought of I soon saw holes in.)

    • It seems to me the first mistake to be made is to treat a digital front as if it was a front in an actual war. All you're doing it guarding secrets most often, or sometimes vital services.

      There are two fundamental issues that bug me whenever I see these stories. The first is treating information security like physical security. And the second is whether this really is warfare.

      To begin with, there are different rules in play for physical security than information security. Physical security is governed by the rules of physics. There's not much we can do to alter that. We can discover new ways to make use of these rules but we can't fundamentally alter them. Information security is gover

      • by HiThere ( 15173 )

        Some reports of this kind of action have mentioned electrical systems being disrupted over a wide area. That's direct physical damage. Especially if any hospital systems go down. (Could be over-voltage rather than under-voltage, too, but the reports weren't that detailed.)

        Certainly *this year* the physical damage that could be done by this kind of attack is less than it will be in a decade. Or next year. But that doesn't mean that it isn't present, and isn't a growing threat.

        Information "theft" via thi

        • Some reports of this kind of action have mentioned electrical systems being disrupted over a wide area. That's direct physical damage. Especially if any hospital systems go down. (Could be over-voltage rather than under-voltage, too, but the reports weren't that detailed.)

          Certainly *this year* the physical damage that could be done by this kind of attack is less than it will be in a decade. Or next year. But that doesn't mean that it isn't present, and isn't a growing threat.

          Sure - all this leads to physical damage; be it directly or indirectly. But the underlying systems involved are all well within the realms of information security. And that requires a different mindset than the battlefield.

          Espionage and sabotage are closely linked. In fact, sabotage is often treated as a subset of espionage despite the distinctions between the two. The desired outcomes may be different. But the skills, tools, and avenues of attack are often the same. Protecting against one is protec

    • by nurb432 ( 527695 )

      Well that's just it you can't build a razor wire wall and laugh as people cut themselves trying to get through it.

      In war, yes, you can.

  • by meustrus ( 1588597 ) <meustrus@PLANCKgmail.com minus physicist> on Saturday November 14, 2009 @10:35AM (#30097758)
    To me, this is reminiscent of our arms race with the Soviet Union. Military officials were convinced that the Soviets were always one step ahead of them the entire time, even though the only time they got to a technology before us was the launch of Sputnik, which wasn't really a military achievement anyway (we were all decades behind spy satellites or something like SDI). If they didn't think the Soviets were building something better than what we had (which would have been supported by their intelligence gathering) they never stopped using that argument to support large standing armies and rapid technological arms buildup.

    And when the USSR collapsed, we learned that the entire time they had been at least two steps behind us.

    My opinion is that our infrastructure is in such disrepair that if hostile powers had the capability of cyperterrorism, they would have to practice extreme restraint not to use it to put the entire nation in a blackout for a month. If that means they're waiting for a combined-arms assault, then offense is not going to help us when our "military botnet" doesn't have any electricity to run on.

    The recent scare about cyberterrorism causing blackouts in Brazil, only to find that those blackouts were more likely due to natural causes in a poorly maintained electrical grid [slashdot.org], supports my point.
    • by Chabil Ha' ( 875116 ) on Saturday November 14, 2009 @10:50AM (#30097868)

      And when the USSR collapsed, we learned that the entire time they had been at least two steps behind us.

      Would you have had it any other way? If we had not maintained our paranoia of the Russians one-upping us, would we have maintained our edge? I'll let history stand as the best outcome of the cold war without trying to second guess what would have happened if we had not taken the position we did. The illusion of a perpetual stalemate is certainly preferable to the alternatives.

      • by Tuoqui ( 1091447 )

        Exactly... and even if China is say one or two steps behind they have more than enough population to afford a conventional war even with the US. Why do you think the US dicks around in Afghanistan, Iraq and crap instead of say Iran (a more credible threat than Iraq ever was and supposedly working on nukes), Pakistan (having their own Al Quada problems now but they have nukes!), and North Korea (their leader is a nutjob)

    • Re: (Score:3, Informative)

      by earlymon ( 1116185 )

      While it's true that we severely overestimated their number of ICBMs and their production capabilities, there were a number of places where the Soviets were ahead of us:

      * fighter aircraft maneuverability
      * Lunakhod (decades before the Mars rovers)
      * tanks
      * Sputnik

      And Sputnik was indeed a military coup. If you've seen the boost vehicles blowing up while we tried to match them, I'd ask you to consider the panic that that created. Sputnik proved the Soviet capability to put a package into a low orbit - kind of

      • tanks??? what about the m1 abrams? what comes even close?

        • Nothing comes close to an Abrams - no question about that.

          However, I'd question its predecessors in comparison to Soviet models - I'm no expert, but I think I'd have given them the edge.

          Sorry for the poor writing style.

          Same can be said for my comment on fighters - depends upon the generation.

          Point being that the Soviets were just a bunch of me-too copycats, or almost-rans ... not so much.

        • by ceoyoyo ( 59147 )

          A hundred Soviet tanks.

          The USSR had a LOT of tanks. Far more than NATO had.

          • Yes - the large number of Soviet tanks was exactly what drove the development of the Abrams - the idea being that superior stand-off attack was the only answer to larger numbers.

            In fact, that happens to be the two popular technological approaches to war - large numbers of less expensive, less capable systems vs. smaller numbers of more expensive, more advanced systems.

            So, you're either missing the point that the discussion is about _levels_ of technology - or you're considering the mass-number approach to b

            • by ceoyoyo ( 59147 )

              First, the post I replied to asked what comes close to an M1 Abrams tank. The answer is, 100 Soviet tanks not only come close but blow right by. Regardless of level of technology, it was widely thought by NATO that if a conventional war started, western Europe wasn't going to last long. When the cold war ended, NATO found out they were right. I don't think NATO would be happy with congratulating themselves over their level of technology while watching Soviet tanks roll over Europe.

              The pure technological

              • Well, I thought the discussion was in fact limited to the post-WWII period.

                However - the confusion between flashy and technology is yours alone.

                The Hittites - the iron sword, the Egyptians - the chariot, the Greeks - the Spartan shield and triremes, the Romans - the ballista - and I could go on.

                Technology has always advanced war.

                And if you think that the invention of the tank wasn't significant to winning wars, then you're blind to the history of the end of WWI and Germany's successful invasions at the onse

    • by Adambomb ( 118938 ) on Saturday November 14, 2009 @11:08AM (#30097982) Journal

      But But But, I want my Kuang Mark 11 to slot into my deck!

    • It was in the best interests of everyone in the military to say that the Russians had better everything. Take a lesson from scotty, "It can't be done cap'n, but I'll have it running in 3hours."


      Also, the military gets paid.
  • I have friends working for the Navy who are taking > 6 months just to order a fscking desktop computer.

    I doubt the DoD is capable of pulling this off.

    • Re: (Score:1, Funny)

      by Anonymous Coward
      Do they really need a special computer to check filesystems? I thought most computer had this feature built in.
  • by boudie2 ( 1134233 ) on Saturday November 14, 2009 @10:37AM (#30097778)
    A job for Bill Gates, smartest man in the world. Only he can catch Osama Bin Laden and keep the world safe for democracy. Isn't this all sounding like the story line to a bad movie?
  • by Anonymous Coward

    From TFA

    Bush's authorization of "information warfare," a broad term that encompasses computerized attacks, has been previously reported by National Journal and other publications. But the details of specific operations that specially trained digital warriors waged through cyberspace aren't widely known, nor has the turnaround in the Iraq ground war been directly attributed to the cyber campaign. The reason that cyber techniques weren't used earlier may have to do with the military's long-held fear that such warfare can quickly spiral out of control. Indeed, in the months before the U.S. invasion of Iraq in March 2003, military planners considered a computerized attack to disable the networks that controlled Iraq's banking system, but they backed off when they realized that those networks were global and connected to banks in France.

    In traditional warfare, going after your enemy was easy. Your leader tells you where to go, and you go there. One loads up on supplies, munition, and guns. In the face of cyberwarfare, however, things get messy. A lone soldier with a laptop can cross be anywhere in the world causing problems. Hell, he could be sitting in your very country's back yard and you might not even have a clue. Or, in TFA's case, the splash damage ends up screwing up critical, tangentially connected systems.

    Sucks to be the m

  • ...proposed building a military "botnet," an army of centrally controlled computers to launch coordinated attacks on other machines.

    Dear Terrorist:
    I am a Jihadist in Nigeria with $10 million and if I put it into a bank, those infidel Americans will freeze it. If you send me $5,000 to open an account in the Cayman Islands, I will put you in for half!

    Or the other one:
    Dear Terrorist:
    Do want a LARGER penis? With a LARGER penis, you'll be more of a man and be able to take out those infidel Americans! Buy V1@gr4 from us! We will make you BIGGER and STRONGER! Allah be praised!

    or:

    Make BIG MONEY selling AK-47s from home! Make even more with I

  • Strangelove (Score:4, Funny)

    by Hemogoblin ( 982564 ) on Saturday November 14, 2009 @10:57AM (#30097914)

    Mr President, we must not allow a script-kiddie gap!

    • You read my mind.

      Just like the "bomber gap" and the "missile gap" which were either paranoia-driven nonsense or a simple (but effective) way to get finding for weapons that no-one needed, or used.

      Maybe the best way america could defend itself from the threat of baddies with computers would be to cut themselves off from the rest of the world.

      • Maybe the best way america could defend itself from the threat of baddies with computers would be to cut themselves off from the rest of the world.

        Good idea - we should even hide from them.

        In mine shafts.

  • Botnet? (Score:2, Funny)

    by omni123 ( 1622083 )
    A military botnet? No problem; just throw all the federally owned computers in to another one, I'm sure Conficker doesn't mind sharing...
  • Very ironic. (Score:1, Offtopic)

    This is all very ironic, as I mention here:
    http://listcultures.org/pipermail/p2presearch_listcultures.org/2009-November/005991.html [listcultures.org]

    So, the US military, once again, in a tremendous burst of irony, is developing ways to create artificial scarcity on the network of abundance. And they are justifying this to have new ways to further harm the people upset about being harmed by the illegal and immoral US invasion of Iraq.
    "Illegal, Immoral Invasion of Iraq to Carve up the Middle East"
    http://www.mediamonitors.net/a [mediamonitors.net]

  • Shouldn't this be in the "no-shit-sherlock" department?
  • ...US military should rob foreign banks, too?

  • Isn't this fairly similar to how that short-story got started? The major governments of the world start building up their computers for war, only for each system to eventually link itself to the others and become an emergent A.I.? Granted, the computers in the story were for running real-world warfare, not cyber-attacks, but still...
  • how about "cease your cyberattacks or we unplug your country from the internet"

  • We get paid by every single big criminal out there.
    We have decades of experience.
    We are the best in the world.
    We wish you goood luck! ^^

    Greetz,

    Your Russian hacker community.

  • This has cropped up on slashdot before. Can't find the article, but it was more hand-wringing about the vulnerabilities of the American network infrastructure to enemy attack.

    Granted, the nature of the Internet is to provide information access from any point in the world, and because of that it can be so easily exploited, commandeered, or broken. But I believe if the $hit ever hit the fan and the Tubes were threatened, those of us who hack and build and kludge the Code would come to its defense. Hundreds of

  • Oh... :-\ (Score:3, Funny)

    by Quiet_Desperation ( 858215 ) on Saturday November 14, 2009 @05:05PM (#30101230)
    When I saw "offense" I envisioned a couple crackers in Eastern Europe getting a drone launched Hellfire missile up the rear. Oh well.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...