The answer is simple: in our country and system of government, the military fundamentally, and as a matter of law, answers to civilian authorities.

The military doesn't need to have day-to-day "control", but we need to have the capability, when attacked militarily, to defend ourselves militarily -- including in the "cyber" realm.

The mistake people make is believing it's a binary either/or; either civilian or military. The fact is that our information capabilities are so critical that they need appropriate levels of protection. The notion that civil authorities can defend systems from a cyber attack is a fine notion, but not realistic if we are under a coordinated cyber attack from a nation-state explicit seeking to cripple us. If a foreign military is bombing civilian targets within our own borders, is not the purpose of our military to protect us? Sure, civil first responders will be involved, too, but I think most would expect a military response. We as a nation are so used to the military being something we use in foreign lands and faraway places that the concept of our military being here to defend ourselves at home is a concept that is, well -- foreign.

There can certainly be (and already are) public-private partnerships, civilian-military cooperation, etc. This also doesn't mean that secure systems and protocols should be "backdoored" for the government, but it might mean having some combination of infrastructure, equipment, accesses, standards, partnerships, rules, and similar in place at civilian facilities.

I think the problem people have is that we can see planes, tanks, and soldiers -- we are worried we can't "see" what "the government" is doing, as is the case in the digital realm. But what we can "see" is the law and a robust system of oversight. Yes, history tells us that there have been abuses. There no doubt will be again. It is a system made up of humans and all of their requisite imperfections.

But we shouldn't throw the baby out with the bathwater -- just because we know we can't do something perfectly doesn't mean we shouldn't do it. Does the benefit outweigh the risks? Some believe that giving any military or intelligence service ANY control over defense of systems and networks represents too big a risk -- I would ask those people to get a broader perspective.

Hope this answers at least part of your question; this is just my own view.

This might be more true in the uniformed services (though I've certainly worked with a pretty diverse array of people and ideas; perhaps not as diverse as our society at large, but diverse nonetheless) and a lot of direct federal government employment at some of the intelligence agencies, but it's definitely not true of contractors. What you're describing is true in agencies that have a very established and rigid culture, like has been developed for a lot of the federal law enforcement positions (such as FBI). I've seen my share of combinations of eccentric, gay, pierced, odd, tattooed, interesting folks with clearances working for DOD/IC contractors.

The biggest issue with a clearance is getting your foot in the door because you have a special skill set. Many go the military route -- they already have a clearance, and it's any easy choice when they go to the civilian or contractor side. It's a big investment to hire someone who is uncleared, start paying them, and wait a year while their clearance investigation is in process. It's definitely akin to the whole, "they won't hire without experience, but how will I get experience if no one will hire me?" Persistence, mainly.

The repeal of DADT will go the furthest to changing the broader culture, I think. But you know what? I've met very few people, save perhaps some young kids who don't yet know any better, who really cares. And if any of the senior or middle leadership personally cares, they don't show it. This is a non-issue for the military. I'm also glad to see ROTC being welcomed back to institutions like Yale. It was the right thing to do.

And as was noted there are plenty of ways to perform service to your country and those around you without serving in the military!

If a system administrator misconfigures a router and damages our information infrastructure, is that any less relevant than someone sticking C4 to the side of a power transmission tower to cause a similar amount of damage?

One word:

Intent.

Intent matters. That's why we punish people who kill someone or cause property damage, etc., intentionally, and don't punish those who do the same things, but don't do so intentionally (and also don't do so because of negligence or reckless disregard). It's the same result: someone is dead, property is destroyed, etc., no?

(Ahh, the gray area -- negligence. What if that network admin can be proven "negligent"? Well, I'm not a lawyer, but the general answer is still intent.)

So, intent matters. We care when someone is actively and purposefully trying to do us harm. That's also the simple answer to the question of why we prosecuted a "war on terror", and why we don't have a war on ladders, a war on lightning, a war on car accidents, or any manner of other things that can kill people. Those things are accidents. Sure, sometimes there is negligence peppered in, and there is immeasurable complexity beyond how I've distilled it down here.

But what of cyber -- when we talk of something like "neglecting" to secure a router (secure how? by whose standards? by what measure?), and it is compromised and real, quantifiable damage is caused, who is at fault: the admin, or the attacker? There are two general camps here: those who believe that the admin and/or router vendor is at fault, and those who believe the attacker is at fault. The truth usually lies somewhere in between, but on the friendly side it's less about "fault" and more about responsibility.

If you leave your house unlocked, and someone comes in and burns it down, is that your "fault"? There are all sorts of ways to argue this, but the bottom line is that while you might have a responsibility to protect your property in a sensible manner given your circumstances, it's still the attacker who is solidly at fault, and subject to punishment.

When it comes to cyber war it's a complex landscape. Civilian, academic, financial, critical infrastructure, government, and military systems are all interconnected. What's the difference between cyber war, cyber espionage, cyber crime, cyber terrorism, hacktivism, or simple malicious hacking? We as a society rely on these systems. We want to be protected, but we don't trust the government to do it. Perhaps that will always be a shortcoming of free and open society in this and other realms; the benefits of open society certainly outweigh the risks. But that also puts us at a distinct disadvantage to those who wish to attack us, whatever their motivation and affiliation.

As for how we trust the military? By learning what the capabilities, techniques, and threat landscape looks like. Sure, some information is classified or so arcane as to be boring, but it's all out there. How can we trust the military to properly execute any military action -- to maintain air superiority, to drop a bomb, or to capture a city? Because, politics and personal feelings on any particular issue aside, these things are well-understood concepts. Cyber might not yet be as well-understood, but even for all the obfuscation, confusion, and hype, it's a realm that also has rules and can be understood.

Militaries have been deceiving their adversaries for literally millennia. Cyber is new, but it is no different. Yes, it is powerful, and a single person or small group can create havoc far disproportionate to their manpower. But we've had many significant force multipliers over the course of warfare. We develop new tactics, new intelligence methods, new techniques, new capabilities.

If an adversary attacked a US civilian asset militarily, is it not the job of our military apparatus to protect us...? It seems we have gotten to a point where people believe it is laughable to "trust" the US government or the military, when there is egregious oppression, suffering, and death at the hands of repressive governments elsewhere in the world. Some people say the government has forgotten the Constitution. I'd say that, with the aid of the echo chamber that is the internet, many people have utterly lost their perspective. The irony, I suppose, is that adversaries will take advantage of that, too...

Attribution.

Disclaimer: I am a Navy Information Warfare Officer.

First, it's important to note that the White House didn't confirm the suspected source. It was anonymous officials who said this appeared to originate "from China" -- take that as you will.

As you point out, an attack may appear to come from a particular (set of) IP address(es), network(s), or source(s). An attack may have a certain profile, or share a profile with other attacks. An attack may have an assumed motivation based on its target. The attacker(s) may even wish to make it appear that the attack is originating elsewhere.

Even if the "source" is established, is it a nation-state? Hacktivists? Nationalist hackers acting on behalf of government or at the government's explicit or implicit direction? Transnational actors? None of the above?

No one wants to "start a war" with China, but the error in balancing the cyber threat against the "hype" is assuming that all threats are bogus, or must be the result of hawks looking for neverending war, excuses to begin/escalate the next "Cold War", and similar. The threat from China is very real, long-established, and well-understood for anyone who cares to look. It has been discussed thoroughly, even for the Chinese, in their own strategic literature, and there are very public examples of China's offensive cyber capabilities. China's investment in offensive cyber capabilities comes because of the understanding that dominance of the information realm will essentially allow China to skip large chunks of military modernization and still be highly effective in any conflict with the United States.

Think of it this way: it's now assumed that the Stuxnet/Duqu/Flame family were created by the US and/or Israel. (Keep in mind that even overt admissions prove nothing, and can be self-serving...) Even before the books and articles about OLYMPIC GAMES, attribution was assumed because of the target and because of snippets of clues in the code. In general, why is that assumption any more or less valid than this? Is it because some are more inclined to believe that of course the US engages in cyber warfare; but any cyber attacks against us are suspect.

Of course, there are those who will assume that indications of any cyber attack will always be a "false flag" and/or used by those with ulterior motives who want war. It can't possibly be that there are aggressors who indeed want to attack the US, and who greatly benefit from the odd proclivity of those in free societies to see the enemy as their own government, while overlooking the actual adversary. Sun Tzu would be beaming.

Background:

Chinese Insider Offers Rare Glimpse of U.S.-China Frictions
http://www.nytimes.com/2012/04/03/world/asia/chinese-insider-offers-rare-glimpse-of-us-china-frictions.html?_r=1

"The senior leadership of the Chinese government increasingly views the competition between the United States and China as a zero-sum game, with China the likely long-range winner if the American economy and domestic political system continue to stumble, according to an influential Chinese policy analyst. China views the United States as a declining power, but at the same time believes that Washington is trying to fight back to undermine, and even disrupt, the economic and military growth that point to China’s becoming the world’s most powerful country."

China is on track to exceed US military spending in real dollars by 2025
http://www.economist.com/node/21542155

China’s military rise
http://www.economist.com/node/21552212

The dragon’s new teeth: A rare look inside the world’s biggest military expansion
http://www.economist.com/node/21552193

Essential reading on China cyber:

The Online Threat: Should we be worried about a cyber war? (The first page of this is a must read wrt China.)
http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh

Great snippet: "“The N.S.A. would ask, ‘Can the Chinese be that good?’ ” the former official told me. “My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"

U.S. cyber warrior accuses China of targeting Pentagon
http://news.yahoo.com/u-cyber-warrior-accuses-china-targeting-pentagon-011916520.html

Chinese Military Advocates Cyber Offensive Capability
http://www.infosecisland.com/blogview/21194-Chinese-Military-Advocates-Cyber-Offensive-Capability.html

China used downed U.S. fighter to develop first stealth jet
http://www.dailymail.co.uk/news/article-1349906/Chengdu-J-20-China-used-downed-US-fighter-develop-stealth-jet.html

Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf

Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage
http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf

How China Steals Our Secrets
http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html

China cyberspies suspected in new caper: what has experts worried
http://www.csmonitor.com/USA/2012/0927/China-cyberspies-suspected-in-new-caper-what-has-experts-worried

China's Cyber Thievery Is National Policy—And Must Be Challenged
http://online.wsj.com/article_email/SB10001424052970203718504577178832338032176-lMyQjAxMTAyMDAwOTEwNDkyWj.html

FBI Traces Trail of Spy Ring to China
http://online.wsj.com/article_email/SB10001424052970203961204577266892884130620-lMyQjAxMTAyMDAwNzEwNDcyWj.html

NSA: China is Destroying U.S. Economy Via Security Hacks
http://www.dailytech.com/NSA+China+is+Destroying+US+Economy+Via+Security+Hacks/article24328.htm

Chinese Espionage Campaign Targets U.S. Space Technology
http://www.businessweek.com/news/2012-04-18/chinese-espionage-campaign-targets-u-dot-s-dot-space-technology

Report: Hackers Seized Control of Computers in NASA’s Jet Propulsion Lab
http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/
http://oig.nasa.gov/congressional/FINAL_written_statement_for_%20IT_%20hearing_February_26_edit_v2.pdf

Chinese hackers took control of NASA satellite for 11 minutes
http://www.geek.com/articles/geek-pick/chinese-hackers-took-control-of-nasa-satellite-for-11-minutes-20111119/

Chinese hackers suspected of interfering with US satellites
http://www.guardian.co.uk/technology/2011/oct/27/chinese-hacking-us-satellites-suspected

Former cybersecurity czar: Every major U.S. company has been hacked by China
http://www.itworld.com/security/262616/former-cybersecurity-czar-every-major-us-company-has-been-hacked-china

China Attacked Internet Security Company RSA, Cyber Commander Tells SASC
http://defense.aol.com/2012/03/27/china-attacked-internet-security-company-rsa-cyber-commander-te/

Chinese Counterfeit Parts Keep Flowing
http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news%2Fasd%2F2012%2F03%2F27%2F04.xml&headline=Chinese+Counterfeit+Parts+Keep+Flowing

China Corporate Espionage Targets U.S. Firms
http://www.businessweek.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-dot-s-dot-companies

U.S. Official on Cyber Attacks: "It's Getting Harder for China's Leaders to Claim Ignorance"
http://www.securityweek.com/uscc-commissioner-cyberattacks-getting-harder-chinas-leaders-claim-ignorance

China's Role In JSF's Spiraling Costs
http://www.aviationweek.com/aw/generic/story.jsp?id=news%2Fawst%2F2012%2F02%2F06%2FAW_02_06_2012_p30-419987.xml&channel=defense

I could go on...

Agreed

I think most people, both in and out of the United States, see a result like this as absurd.

That's the issue all right. And I think the Court's decision is absurd.

Valve has already "blessed" this effort, and the Black Mesa devs have said as much. There will be no C&D letters.

From Valve (in January 2007...)

Congratulations to the Black Mesa for Half-Life 2 MOD team for picking up the Most Anticipated MOD Award for the coming year from Mod DB. Over 80,000 votes were cast for MODs built for a number of different games, and they have been crowned this year's most wanted. More information on this ambitious project to recreate Half-Life 1 from scratch in the Source engine is available on their site. We're as eager to play it here as everyone else.

The only thing Black Mesa did was remove "Source" from the mod name, but Valve allowed them to keep the domain because of fan base recognition.

For better or worse, this is a new battlespace, and DOD is talking about it

I noticed some pro-RIAA posts saying that defendant was liable for distributing, not just downloading. This is simply not so. Distribution, within the meaning of the Copyright Act, requires a sale or other transfer of ownership, or a rental, lease or lending.... none of which occurred here. 17 USC 106(3)

No, constitutional due process... the principle that statutory damage awards are supposed to bear some reasonable relation to the actual damages sustained.

After the jury's verdict, if the judge finds the verdict for punitive or statutory damages to be out of all reasonable proportion to the actual economic harm sustained, it is supposed to reduce the verdict to a number that bears a reasonable proportion to the harm sustained. The Supreme Court noted that it will rarely be a number higher than 10x the actual damages. In finding the magic number, the court weighs various factors, such as the outrageousness of the defendant's conduct, etc. Regular copyright law also requires that copyright statutory damages bear some reasonable relationship to actual damages. In non-RIAA cases the courts usually sustained multiples of 2 to 4 times the actual damages.

In case you're interested in reading the arguments I made in 2009 in this case, as to why the verdict was in violation of due process, here they are (PDF)

Yes he could. But there's no point in doing it now, the case isn't over. He's fighting for a principle here. He has a right to appeal, and I believe the US Court of Appeals for the First Circuit will reverse this decision.