Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Internet

U.S. Military Grapples With Cyber Warfare Rules 175

A number of readers have written to us with a report from Reuters regarding the US Military and cyber-warfare. The context is that the reason the US military did not crack into any of the Serbian boxes because the rules of war are still so murky in that area. What do you folks think? Anything goes? Or should we have a special section added to the Geneva Conventions?Update: 11/08 09:33 by H :Thanks to spartan for a better story on the subject.
This discussion has been archived. No new comments can be posted.

U.S. Military Grapples With Cyber Warfare Rules

Comments Filter:
  • by BradyB ( 52090 ) on Monday November 08, 1999 @02:49AM (#1553412) Homepage
    War is war isn't it. It is the killing of people or industries to make the other side bend under the pressure of your forces. Cyber-warefare should be no different. Cyber-warefare in my opinion wouldn't be nearly as costly in human lives and wasted dollars. Hacking is a lot cheaper than sending boat loads of Marines to another country.
  • Did the USA ever get around to joining the Geneva Convention?
  • I don't see how taking out a power plant by cracking their network is any different than taking it out with a well-placed missile. At least no one is killed this way.

    I'm very interested to know the specifics of their plans. With my limited knowledge of the military objectives of the war, I wonder what they targeted with the "cyber warfare" division that would have hurt teh civilian population more than the missiles aimed at their power plants. Every target for a good crack I can think of would be a military institution. And wasn't there an article a while back about how unstable the entire Yugoslav network was, because of the power outages that the bombing created? It seems to me that the commercial (civilian) network was already disrupted, so even if they had to compromise the commercial network, it wouldn't have done more damage.

    Or am I missing something?

  • Was it actually a declared war? I honestly don't remember any such vote by Congress...

    In any event, I'd think the (im)practicality would be more of a consideration than ethics. There's little reason that their defense infrastructure would allow, say, Telnet access from the rest of the world even if it were based on TCP/IP; hence, (physically) attacking would be the main way to DoS...

    ...concerning ethics, by the time you're committed to airstrikes and launching cruise missiles, it's a little late to be worrying about the whether you're being "nice" to their computers.
  • I think that this article serves to illustrate the fact that even though we did not use cyber-warfare in this war, this form of attack will most definately be used in the future, and the US should prepare for it. There should be major studies done on how the US is vulnerable to these kinds of attacks. What would happen, for instance, if the stock market were attacked? Or the satellite networks of the major telecommunications providors? Or the local power grids? And that's not even taking into consideration all of the military and government systems like GPS.

    Now, I'm sure that the most vital systems are very very well protected, but I think it is essential to consider this as a potential venue of attack. If we look at these systems in this light, we may find that they are less secure (or the country on a whole is less secure) than we had imagined.

  • Supposedly all is fair in love and war. If this is true then sure crack them. I am sure that some of these countries are not going to pay any attention to the Geneva convention anyway. If some wacko takes over a country what does he care about the Geneva convntion any way (not necessarily the case here). Making rules governing cracking and 'war time computing' part of teh Geneva convention is only going to hurt thoses that would abide by the Geneva convention.

    THe end result is going to be that countries like the US would not go out and crack another country but another country may try to crack the US. Who gets hurt ? The US for abiding by some new rule somone wants to make.

    People run redlights, not accidentally, but on purpose here in DC. WHen a light turn red, there are usually 4 to 6 cars that go thru it. Even after trafic has started moving into the intersection I have seen someone runs a red light, and in some cases cause an accident. When people cannot obey a simple law such as running a red light how do you expect a country not to hack another country. We as a race have become a discusting creature. No respect for our selves or our planet or each other. Why do you think that there are so many shooting in the US lately, so many little countries that have there goverments chagned each month, and so much pollution. We just don't give a F***.

    Moderate -1
    flames > /dev/null

    send flames > /dev/null

  • On the one hand, anything which reduces physical death and destruction can't be a bad thing. On the other hand, computer warfare & electronic warfare are quite capable of these, too.

    IMHO, this needs to be taken one step at a time, and should be inclusive, rather than exclusive. (ie: anything NOT explicitly permitted should be forbidden. That prevents people trying to sneak round restrictions.)

    Also, there should be one overriding rule - computer warfare or electronic warfare for the explicit purpose of inflicting higher casualties than could be reasonably & legitamately achieved otherwise, casualties in groups not otherwise deemed legitamate targets, or caualties in any group for the purpose of inflicting terror, should ALWAYS be prohibited and a war crime.

    In other words, DoS attacks on things like hospitals, emergency services and nursaries should be a BIG no-no. Mangling power-station computers would be reasonable, unless the place it supplies is in the middle of a 30' snow-drift, and heat is all that's keeping everyone alive, or a terrible heat-wave, where even a momentary failure of air conditioning would kill 3/4 of the civilian population.

    Military RADAR systems would also make for a reasonable target. Blinding it, rather than blowing it up, would spare lives, whilst having much the same effect. Shutting down civilian RADAR, or interfering with it, for the purpose of causing jet airliners to collide or crash, should get any commander who chose such a tactic suspended over a crocodile pit by their big toes.

  • Hemos had formed complete sentences, etc. Can you guys edit stories once they go up? If you can, please run this on through the dehemosizer.

  • Living in a country that is "sue" happy, this does not surprise me any. Although I do agree with the defense department. It could have been very costly if the bank's software had been corrupted. Remember, who puts up the bill of repair after the war is over. Usually the one that wins!?! I also believe that this was a PR decision as well. We (the US) already have enough bad PR that it probably would not look good if we bankrupt a country as we destroy it physically.

    Steven Rostedt
  • If it keeps people safe from going to war face to face and risking their lives im for cyberwarfare.

    Using cyberwarfare can keep events like Pearl Harbor from happening again.

    Sensei
  • The concept of "Bad Gramar", like "Bad Spelling"
    is nothing more than a concept of fools who feel
    a need to have a rule for everything.

    IMHO As long as the point gets acrosss...then
    it is correct.
  • by japhar ( 88252 )
    My knowledge of law is relatively limited, but from what I've read of it, the geneva convention was designed to protect the civilian population and ensure 'humane' treatment of war prissoners (3 hots and a cot and all that good stuff). Cyber-warfare has absolutely nothing to do with either of those cases. If a powerplant is hacked, the only way that affects the civilian population more than say a missile is if the hack causes a meltdown. Power outtages are a fact of war, the means, when comparing cyber-warfare to regular warfare would seem to be more in accordance with the GC when using hacking in any case, as this would avoid any loss of life.
  • they should have at least the common decency to not interfere with industry or technology critical to the civilian population. I know this would never happen, (especially with regards to the US style of war where anything goes) but it would be nice to know that civilian hospitals etc would not become targets.

    Of course unless there is a communist threat. :P (this last comment was a joke, mocking the utterly stupid policies of the US toward democratic ideas)



    "The importance of using technology in the right way has never been more clear." [microsoft.com]
  • The Geneva Conventions only apply to the losers of a war. Ever hear of a US War Criminal being tried and convicted? Me either.

    Why would cyberwar be any different?

  • Nononono! It's not his fault. A squad of crack mice, from the higher dimensions (and recently guests on Magrathea) were testing their new cyber-warfare expansion pack for Windows 98 on Earth (which is, in fact, a mega-computer), and Hemos' brain got caught in the backwash from the mangled computational matrix.
  • Agreeing not does me!
  • This whole idea of informational warfare is rather like having a couple of groups fighting on a rope bridge, hacking away at the ropes to knock the other side's people off. The problem is that whenever you do such a thing, the rope bridge is going to come out of it in the worst shape.

    If we start using info-weapons on each other, we run a serious risk of destroying the advantages we have gained from such things as the internet. This genie needs to stay in the bottle!

  • ethics are indeed an odd reason to cite in these circumstances - the problem here though is one of targetting: bombing any target has a risk of killing civilians whether a missile is smart or not (though, that smartness depends on the operator...ask the Chinese about their embassy)

    If the effects of any military cracking can be limited to military targets (and not knocking out the power to a children's hospital for example) then maybe it is MORE ethical (and certainly cheaper) than conventional warfare.

  • Lt. William Calley.

    'nuff said.
  • Hell, if a hostile force depends on computing technology to destroy and kill, then can we please knock that out first before going in and ripping people apart with explosives?

    I think that the 'rules of war' should state that the war _begins_ with computer warfare.
  • No. War is not war. The Geneva convention, which was noted in the article, is often obeyed, sometimes even by both sides in a conflict. Even without this, it is generally frowned upon to bomb civillians or residential areas.

    "Cyber-warfare" is essentially useless today : the group being attacked can disconnect their systems, and genuine military systems have no business being connect to a public network anyway.

  • ..wouldn't be nearly as costly in human lives and wasted dollars.

    However, consider that cyber-warfare might have larger effects than "regular" warfare. You seem to think that it's only the U.S. folks who could cause some serious trouble by means of hacking.

    Not so. If someone "from the other side" hacked into NYSE [nyse.com] or some other important business site, it might have catastrophic effects to your economy. And it'd affect everyone's life, not just those poor troops that were sent some 10000 miles away from home..

  • Consider this:

    The army hack into the electrical system, and shut down the power to a city.

    A hospital in the city has a generator failure as a result and several babies and patients on life support die.

    Has this violated the Geneva Convention rules on war?

    The problem here isn't so much the rules as the results of a cyberwar attack. A cyberwar attack can be much more far reaching than people think.

    A cyberwar attack can sometimes take out a specific target, eg a TV station, but in many cases the results of the attack can't be so easily planned for.

    Many computer systems are configured with triggered-backups and inter-networked with other systems so that these respond in a certain way if a failure occurs.

    Going back to my electrical example, what if the main power computer system is linked to a computer in a nuclear power plant that polls it to see if it needs to up the load to take care of a demand. If the software was buggy (and in Eastern Europe, this could very well be the case) the reactor could overload before someone realises and you have a second Chernoybl.

    For a cyberwar attack to succeed you need to have a complete picture of the target. Only when you have a complete picture can you decide to attack or not. This is why the military rely so much on satellite and air imaging systems - they need to know exactly what is being hit. Without a clear picture you can take out a target and not realise that you just started a firestorm.
  • Based on the military's excellent intelligence regarding the Chinese embassy (I'll stipulate that the 'accident' might not have been such, but let's leave that aside for the moment), what makes any of us think their ability to target electronic infrastructure would be any better?

    In fact, this is one of the primary reasons they didn't try anything - the military was too unsure of

    a)platforms
    b)topology/interconnectedness of military and civilian networks

    to try any major cracks.

    Even if the Yugoslavian infrastructure was as built out as ours and western Europe's, the military still would have the same intelligence problem - how do we know that taking out this power plant/military air control/petroleum product distribution depot won't also take out the hospital/school/apartment building next door?

    The unknowns make cyberwarfare difficult to justify _in a situation like Yugoslavia_ where our intelligence is probably lacking. Unfortunately, regions with similar or lower levels of electronic sophistication are going to harbor those against whom we would probably like to use remote methods such as this. Of course, we can always look at the Subcontinent for another set of examples....


  • If someone claims to have higher moral standards than another, then that first person actually has to uphold them, otherwise they are being hypocritical.
  • I can't think of anything ethical about war, though I will concede that war is sometimes required. I always feel a bit queasy when the military or politicians mention ethics though:

    Targeting civilians is ethical, we're at war with the entire country not just the military or its leaders, besides they are probably aiding the war effort.

    Targeting a specific person, say the resident dictator in charge is unethical. Heaven forbid this causes an assasination attempt against one of our leaders. Better to do a bombing run against a city and worry about terrorist acts.

    Embargos are ok even though they almost exclusively impact civilians. Few of the upper caste ever go hungry despite very restrictive embargos.

    Looking at ethics from my narrow viewpoint any hacking attempts that the military is capable of would be unethical. All they should be able to do is harm civilian companies since any important military operations should not be directly connected. Destabilizing the economy would harm civilians long before it'd harm the military.
  • This is silly. During times of war there are
    no "Rules". The rules of war (like the "Geneva
    Circlejerk") are simply rules that the nations of
    the world apply to punish the country that lost the war, after the fact.

    Has there ever once been a warcrimes trial against
    a country that WON a war? I have never seen any.

    My personal feeling is that troops should NEVER
    EVER be sent to a foregin land, unless the country
    sending them is committed to TOTAL warfare.

    When I think of how war should be fought, I think
    of Sherman's "March to the Sea" and burning
    Atlanta to the ground - of course...I also think
    war should be used only as a last resort, and
    only as a reaction to a direct threat (which of
    course means I would have been against the
    US-Confederate War of 1861 inb the first place)
  • The Allies weren't plagued with doubt about cracking into the Nazi lines of communications and control. Just because those lines are now more sophisticated, doesn't make it more or less ethical to do so. If cracking a box saves lives then the military has a duty to do it. Furthermore, the military has an obligation to defend itself from a similar attack, especially with our tech-heavy weapon systems. It's just that in this country we expect them to do so without compromising domestic rights and freedoms in the process. The question becomes, should they crack your box to learn some scant bit of information about a Serbian box?
  • I think that as long as the US army is the one benefiting most from hi-tech communications the US governement will be most reluctant on the subject of international regulation.

    But with the things are going now it's clear that control over- and rapid reduction and analysis of data of the battlefield will be crucial in any future war. No wonder Russia has tried to gather support for a United Nations resolution calling for new international guidelines, considering the state of its armed forces.

  • In the wake of the recent media attention to the "cyber-warfare" issue, one would assume that the world leaders are a bit worried about the reality of the situation. The economic giants of this rock we live on all depend on their information systems. This has put much power in the hands of machines. This, in turn, has put much power into the handfull of people who can operate these machines without threatening national security.

    So what is to stop someone from taking advantage of that? The Geneva Convention cannot stop these cyber-attacks. Hell, if the "enemys" of the superpowers can't play by "the rules" set out regarding human lives, what makes anybody think they will play fair when it comes to cracking into wepons databases? The rules of war are indeed changing, but that still does not mean certain parties are all of the sudden going to start playing by them. If anything, IMHO, it will make things worse.

  • Now the rules of war always seem to have a little caveat: "The above doesn't apply if:
    a)you can get away with it.
    b)you are in really deep shit"

    Frankly I think that their reason for not using cyber attacks is that they were afraid that others would use the same methods back. And BTW: malicious tampering with your system is a major pain in peace-time, but compared to a couple of tomahawk missiles it is not much. Even more so if one of them is aimed at your main server.

    Cyber terrorism is a nice way for the little guy to mess with the big guy, but the big guy has oh so many meaner ways to mess with the little guy. If, for example, M$ wants to get at Joe Hacker, they don't go changing his homepage. They use lawyers (if you didn't know:).

    Now of course there are a number of semi-secret government agencies around the world who, I'm sure, are glad to spread a little havoc upon their enemies du jour from behind a keyboard. but that is a completly different matter

  • someone please correct hemo's
    bad grammer.
    ^^^^^^^^^^^
    It is always amusing to see a self-appointed intellectual stumble on his own "grammer" (I mean gramar, or is garma or karma?) horrors, I mean errors. Me Tarzan, you Jane. Me want banana, you check your grammer. Ugh ugh, unga munga.

    Besides, Hemos' mistake is a spelling one. It has nothing to do with grammar. However, I guess you cannot tell (or know) the difference.
  • by Jon Peterson ( 1443 ) <jon@@@snowdrift...org> on Monday November 08, 1999 @03:21AM (#1553456) Homepage
    Is it wrong to bomb hospitals? Is it better to hack the hospital records so that all blood-type and allergy information is corrupt?

    Is it better to bomb sewage treatment plants so that the people die of disease, or is it better to hack the computers so that sewers are allowed to overflow into the streets?

    Cyber-warfare is just another step in the attempted sanitisation of war. We already know that if you maim someone with a cruise missile it's OK, but if you maim them with a machete then you're war criminal. Good to know that morality is linked to military technology.

    Presumably in 20 years while our brave lads kill the enemy with computers from underground, we'll be condeming the atrocity of indiscrimate killing by out-dated Serbian smart bombs.

    So let's hear it for war-by-wire. Why travel to far away places, meet interesting people and kill them when you can just kill them, eh?

    P.S. I use Serbia only as a recent example of 'hi-tech good low tech bad' reporting in the news. I have no particular view on who was/is right or wrong in that war.
  • One thing that's important to consider when discussing cyber-warfare is the potential for psychological warfare against the people. In WWII civilian populations were routinely bombed to scare the hell out of the enemy civilians. The thought was that if you scared them enough, they wouldn't go to work the next day (and if you killed enough of them, you got the same result). People who won't or can't work aren't contributing to the enemies war machine. In our age of "enlightened warfare", bombing civilian populations is out of the question, but cyber-warfare gives us the ability to wage psychological warfare against them once more.

    As the article pointed out, the worlds increasing dependency on computers gives cracking enemy data networks the potential to shut down power grids, telephone networks, TV stations, data lines, railroad switches, and bank accounts without dropping a single bomb. What would have happened in Belgrade if we'd locked the bank accounts to every Serbian in Yugoslavia, and then shut down the electrical grid and telephone systems for good measure? There would have been rioting in the streets, and that would have been a good thing for us! It could have pressured the Yugoslav government to return to the discussion tables sooner or even resulted in the overthrow of Milosovic. The panic that would have ensued would have convinced them to end the war, and end it quickly. After they returned to the negotiation table, we could have easily restored civilian bank accounts and utilities.

    Now, I realize that in the case of Yugoslavia this couldn't have actually happened...they weren't computerized enough. But what about the next war? Should we be willing to give up a good weapon just to soothe that geek instinct that says "killing computers is wrong"? If attacking an opponents computer systems could mean saving real human lives on both sides, I say crack away!
  • "Cyber-warfare" is hype run amok, a solution in search of a problem. There is absolutely no way in which this new buzzword redefines military operations. I'd be amazed if you can even get two "cyber-warfare experts" who can agree on what it means, much less what its alleged ramifications are.

    Let's start with the least ridiculous definition: "cyber-warfare" as hacking into essential systems to pilfer critical data. How dumb do you have to be to connect systems with critical/classified data to the public Internet? The best defense is not encryption -- it's taking the box off the worldwide network! That's why US Dept. of Defense policy is to disconnect all classified systems from the Internet -- any gains you get from connectivity are more than outweighed by risks. Now, this isn't to say that you won't get lucky and find an important system that's connected externally (in fact, it looks like DoD may have been just this stupid [pbs.org]), but counting on your enemy to be completely stupid does not a strategy make.

    The next level of "cyber-warfare" is supposedly hacking to disable critical commercial systems, like computers controlling nuclear power plants or hydroelectric dams. These may be less secure than government systems, but the irony is that the countries we're most likely to fight -- Iraq, North Korea, etc. -- are also the least likely to have sophisticated computers controlling these systems. They're much more analog than that. Sure, there are countries have these kinds of systems, but those countries -- England, France, Germany, Japan -- are the ones we're least likely to fight!

    There's some history here that I think is pertinent. In the 1930s, the US was one of the few countries in the world that was developing a strategic bombing plan for the event of war with Germany. The Army Air Corps did extensive economic and sociological research and decided that the bombing plan should be centered around knocking out the German electric grid. The reason? Because the American electric grid was highly centralized and therefore vulnerable to air attack! It turned out, when war came, that the German system was nothing like ours; it was more decentralized and thus less vulnerable. But the point is that the planners had made the mistake of being trapped in their own experiences rather than looking hard at the enemy -- they were planning to war against themselves. That's behind the fallacy of cyber-warfare too: "cyber-warfare" is most useful against a highly networked, information-age economy -- in other words, against the U.S. In the wars we're likely to fight, though, cyber-warfare will be about as useful as lobbing spitballs. I just hope that nobody has to get killed before DoD figures that out.


    -- Jason A. Lefkowitz

  • If people have less respect for each other, that is the time for those who DO care to increase their respect of others, and work on improving how they treat & see others.

    How else are those who don't respect to learn different, unless they see different and see that that difference is giving others an advantage that intolerence, abuse and misuse do not?

    I'll give an example. Sun Tzu, in is (in)famous "Art of War", makes it clear that destroying infrastructure is a Bad Idea, and hurts the attacker as much as the atacked. His theories are time-tested and are still largely accepted today. But do you think he learned that good treatment was a strength, in war, through only seeing abuse? Nope. There's no way he could have seen the advantage unless it had been shown, in some form or other.

    What does this mean? It means that "all is NOT fair in love and war", and that the only way to get that across to more violent cultures is to demonstrate the innate superiority of true decency.

  • Hurting civilian populations is how a war is won.
    You make the war so hard on the people, that they
    can no longer suport their countries war effort.

    The only REAL advantage of cracking machines is to gain strategic information or to disrupt communications.

    Taking out a power plant is silly, they can get it
    back online too easy. Much better to bomb it to
    rubble.
  • The problem with this is that there is no such thing as the "surgical strikes" that the media are so in love with. Just as with conventional weaponary, cyberwarfare can produce collateral damage. What is the difference between bombing the power station and hacking it? War is messy and there will always be collateral damage.
  • There are no rules when it comes to war. And unfortunitly when you try to civilize it it becomes a tea party. NIZHNEVARTOVSK, R.S.F.S.R
  • Why do we need war anyway? If they can follow international laws on what they can and can't do in war why can't they solve their problems through such laws also? Can we get these people some Q3 to take their over aggressive behavior out on? I know as many foreign people as U.S. citizens so why on earth would I want to fight them? There are few countries I don't know somebody in and I don't feel I'm unique in this way. We all have gotten used to ignoring the international line so when will our politicians do the same? *sighs*
  • As the famous line in the movie Butch Cassidy and the Sundance Kid goes : "Rules ? In a knife fight ?"
  • The impression that I get from this article is that the Pentagon was all set to go ahead with it... a crack squad at the keyboards, plans in place, when they realized that (surprise, surprise) they didn't know what was going to be the end result, what else this could impact, the political/social/etc. ramifications. Kind of like when the bombs dropped on Hiroshima and Nagasaki. Kind of like the defoliation in Viet Nam and Cambodia. Kind of like the use of depleted-uranium shells in Iraq.

    But they didn't do it. I think I might be proud of that. Granted, their bombing campaign has caused environmental damages that it'll take easily 100 years to try to correct... and granted, I have issues with a lot of other things in US foreign policy and US actions. But still...

    If anything happens in terms of an international document on this, odds are it won't be an add-on to the Geneva convention. It'll be an independent document, more like the CWC or the Nuclear Test Ban Treaty. And I wouldn't be surprised if it gets held back in committee until shortly after it was originally scheduled to go into effect. Thank you, Mr. Helms.
  • I agree with what you are saying, and in theory it works. How do you get thru to someone that is not listening anyway. How do you communicate to someone like Sadam Husan?

    send flames > /dev/null

  • I think the greater (and unspoken) DoD concern would be inviting reprisals on critical US commercial systems.

    IMO, the Pentagon is probably hoping that the lack of any offensive information warfare activity on their part will prevent, for example, Serbia from actively trying to bring down the electronic keystones of the US economy. The fact that no one from the Administration or the Defense Dept. brought this up during the air campaign (and even during the deployment of K-FOR) tends to make one wary about the private sector's vulnarabilities to such attacks.

    That being said, the new IW hawks in the Pentagon are likely overstating the military's weakness in this area to bilk our friends on Capitol Hill out of more defense funding; funds I would personally much rather see go to shoring up critical commercial systems... as an info-warfare-style attack on the markets, large businesses, etc. will probably be difficult to recover from in the short-term, and be far more costly to US leadership and prosperity.
  • Here's a site that includes the Geneva Convention relative to the Protection of Civillian Persons in Time of War [umn.edu], in addition to other interesting documents.



  • I don't see how taking out a power plant by cracking their network is any different than taking it out with a well-placed missile. At least no
    one is killed this way.


    I doubt that "no one is killed" if you take out by any means one of the mission crytical systems in the "Tcarna Voda" Nuclear Fascility. More likely a few thousand killed at least.


    Besides the rant thanks god they had some "outdated information" on buildings in belgrade, not on power plants...

  • If the US succesfully used 'cyberwarfare' do you think theyd tell us about it? The main use would be espionage, and if they were any good nobody in Serbia would know, they are not going to put up a hacked webpage and tell 2600.

    So why the statement? Because it is possible that (very small) conflicts start at the level of cyberspace, and theres the tiniest possibility they stay there. If that happens the winners are the civilians, and the losers are the western arms dealers.

  • If there's one thing I've always seen the 'Net as immune from, it's the idea of "war" ever hitting it. From the first day I ever posted to Usenet, there's only ever been talk of "flames", not of "getting my government to employ me to hack yours" or anything.

    Thought: some people think there's more to a "website" than a collection of HTTP-delivered objects, particularly HTML, gifs and jpegs. (The idea of "page layout" as distinct from content, where the object of the page is to /do/ things rather than view them, comes in here.) A lot of "hacked site" reports are basically graffiti of index.html files.
    At what level does the idea of "cyber warfare" fit in with this?

    ISTM it's all talk of "warfare" and "targetting" and "computers" and "websites" and "guidelines" and all sorts of crap, but nothing actually interesting about how or what might be done.

    Anyone remember having Computer Usage Guidelines at University? ;)
  • Using the Hemos-to-English selection, Babelfish [altavista.com] returned "The context is which has it supposdly made not becoming not broken in the military service of Serbian"

    So cut him some slack... He made more sense the translation did...
  • The army hack into the electrical system, and shut down the power to a city.

    A hospital in the city has a generator failure as a result and several babies and patients on life support die.

    Has this violated the Geneva Convention rules on war?



    The same thing applies if the drop a couple of bombs on the power plant as well though. And the military regularly bombs power plants during conflicts. The difference is that it's a lot easier to rebuild the computer network than it is to rebuild the actual power plant. cyber warfare is 'nicer' than conventional warfare.

    Kintanon
  • Geneva Convention of 1949 [asociety.com]
    The convention deals mainly with the protection of innocents and prisoners.

    Articles 12 & 13 deals with protection of wounded and sick
    Articles 19 to 23 deals with protection of hospitals and medical units
    Article 33 deals with protected buildings

    All these could be accidentally affected by a cyberwarfare attack and put the attacker in violation of the geneva convention and liable to a war crimes trial.

    Take article 19 as an example:
    Art. 19. Fixed establishments and mobile medical units of the Medical Service may in no circumstances be attacked, but shall at all times be respected and protected by the Parties to the conflict. Should they fall into the hands of the adverse Party, their personnel shall be free to pursue their duties, as long as the capturing Power has not itself ensured the necessary care of the wounded and sick found in such establishments and units.
    The responsible authorities shall ensure that the said medical establishments and units are, as far as possible, situated in such a manner that attacks against military objectives cannot imperil their safety.
    Shutting off power to a city could affect a hospital and put the attacker in violation of the convention. If you are trying to make yourself be seen as the force of good, then this would hurt your credibility a lot. This is also why hospitals were given so much press during war.

    The convention is drafted so that many things are already protected even under cyberwar. But I do think it needs to be extended to include protection of certain forms of attack.
  • Hrmmmm.

    The communications infrastructure might be a reasonable target. There's the one-way methods (typically state-controlled broadcast media, used for spreading propaganda and mobilizing people), and the two-way methods (phones, radio, computers...).

    If you can disable the first -- which might very well require a physical attack -- then you might increase uncertainty among the civillians.

    If you can disable the second, you may be able to hamper such things as civillians reporting information to their government (civillian spotters warning about inbound aircraft, say, in the event that radar's being jammed/bombed; or reporting troop movements in the event of an actual invasion); orders from the government outside (such as summoning staff who aren't on-base for whatever reason, and any logistics that aren't completely w/n military lines), and so forth.

    I'm figuring that radio communications can be triangulated, and the phone grid either hit physically (exchanges generally don't run away), or flooded. Network communications tend to go on leased phone lines, as well, so that may be a 2-for-1: voice/data.

    In theory, one could nail enough communications infrastructure to make confusing and isolating an opposing force much easier...
  • We haven't all gotten used to ignoring the international line. Some of us, maybe. And again, this is probably linked to class, education, etc... The US has a strong isolationist streak. Unlike most nations in Europe, etc. the United States a) shares borders with only two countries and b) has most of its population living at quite some distance from its borders. In regards to a), neither Canada nor Mexico gives the impression that the US needs to beware of any potential threat of attack, and thus should try to keep on its 'good side.' This is in fact a big deal.

    The sentiment, well-expressed by Dennis Leary as "we got the bomb," that we can take on the rest of the world and win, or at least destroy our opponent, is still alive and well. US adventures in military intervention haven't made people think "Hmm, maybe we're not invincible" so much as they've made people want to abandon what they perceive as helping out some foreign group and take care of themselves. There is NOT a particularly significant amount of international involvement for most Americans on a personal level. Most people don't meet significant numbers of foreigners, or even immigrants, as children or teenagers; international travel still carries a bit of a price tag; and by adulthood, maybe those of us who work white-collar-style jobs or with MNCs will be in fairly frequent contact with non-Americans, in a working if not a personal relationship. But Joe Q. Smith, who manages the McDonalds franchise downtown, probably won't in any significant way. And isn't that what our politicians are trying to represent?
  • In the next conflict, the US should go for it and try to crack the other country's systems. Hell, it should even offer a prize (lots of cash--tax free :) to the hacker that brings down a specific system (some are more important than others). The offer should go out to hackers world wide. Think about it... the US can offer (US)$1,000,000 to the guy (or gal) that brings down the other country's military network, or something.
  • If it keeps people safe from going to war face to face and risking their lives im for cyberwarfare.

    Cyberwarfare, at this moment, serves a similar purpose to electronic warfare, psycho-warfare, and heck, even air warfare.

    They are side-issues that influence the main battle, i.e. getting what you want, typically liberating a stretch of physical real-estate. Students of the Yugoslav conflict know that our control of the air had very little to do with our tactical control of the ground. Yugoslav ground units were well hidden, and very few were destroyed. In support of ground forces the air force would have been much more deadly. But if your opponent only needs to hide to win, don't count on winning from the air.

    It's very unlikely that cyber-warfare could so cripple an opponent that their military would withdraw. Look at the sanctions we put on Iraq and Bosnia. The effects were certainly worse than any the effects of any cyber-warfare we could have waged. Yet, neither backed down without a show of military force.

    There's a saying from the cold war, that goes something like "It doesn't matter if you shoot every MiG out of the sky if you come back to base and find the Soviet lead tank commander drinking beer in the officer's club." Same thing with cyber-warfare. It's just another helpful tool that will not obviate the need for real actual combat.

  • (I hope I spelled that right) This is completely ridiculous. When you declare war, you have decided that you're going to go to another country and kill their people. THAT IS A CRIME. 'but it's OK if we only kill soldiers, but they are fighting back' What's the difference between a guy who will shoot you and a guy who will try to help the guy who will shoot you by providing him with food, shelter, ammunition, medical care, etc? If I kill the farmer that feeds the soldier, want that make it easier to kill the soldier by demorallizing him? It's war, and it's not meant to be pretty. That's why I get pissed off that our lame Congress allows that President to conduct war without their formal declaration of war. If war cannot be justified to enough people in Congress, it shouldn't be carried out. If it is justifiable, then everything the enemy has is a target. Pandering around the enemy so that people at home aren't upset by what they see on TV only gets our men killed. War is the ultimate sanction. It is ugly and unwarranted in almost every case. (The Balkan crises could have been solved much better by using the billions spent on bombs to build cities for the displaced refugees. The groups are seperated, and the aggressors look silly as they are left out of the windfall.) However, once war is decided upon every method available should be used to hurt the enemy in order to save our men. Anything else is tatamount to treason.
  • Sanitization of war??? Are you living in another galaxy?

    The history of war in this century has been one of increasing messiness. In WWI, probably 10 actual military people were killed for every 1 civilian. In WWI, it was probably about 1 military person for every 1 civilian (remember the Russians lost millions of soldiers). Then later in Korea and Vietnam, the tables turned, and the civilians suffered horrendously more than the militaries.

    Before we introduce any more weapons into the wars we fight, we've got to consider how these can be targeted. It's bad enough when military people die. It's even worse when innocents and non-combatants die.

  • Cyber Warfare just may be the cheapest and most sure way to case nuclear power station & nuclear weapon explozion on the enemy's territory - enormous civilian casualities seems anavoidable too. There is nothing out there to force you hand in the matter, but the precedent would have a tendency to spread. In this kind of warfare the most technically advanced and the best armed countries all but inevitably shall prove to be most vulnerable ones. I wont expect 'em to actually approve this development.
  • The U.S.A. have little to fear in the way of invasion--we can still count on two large bodies of water to make a direct assault on our shores too costly to consider. In the cyberwar context, however, we cannot count on any natural geographical barriers, and we may be at a significant disadvantage because of our dependence on less-than-secure technology and our "Cover Your Ass at All Costs" corporate and government cultures. The Information Superdirtroad leads right to the back door of almost every mission critical institution and enterprise in this country and, as slashdot readers know, few of those doors are securely locked.

    I think it would be wise of our military to refrain from cyberwar until the overall quality of security on corporate and government networks is improved. We can count on the military to defend us against an attacking force on the ground, but on the 'net, we're all on the front lines and it's every man for himself.

  • IMO, the Pentagon is probably hoping that the lack of any offensive information warfare activity on their part will prevent, for example, Serbia from actively trying to bring down the electronic keystones of the US economy

    Yeah, just wait until some 2nd world country manages to DoS Slashdot and take credit for it. Two hundred thousand angry geeks will have reduced their entire information infrastructure to a smoking pile of toaster parts within seconds.

    Kintanon
  • Nice try, but incorrect. Lt. William Calley was convicted in a Court Martial for violating the UCMJ. He wasn't convicted of a war crime.

    You can read all about it here. [umkc.edu]

  • The same way you communicate with an alchoholic or any other terminal addict. You isolate, totally, whilst demonstrating the alternatives.

    Actually, Saddam Hussain is an excellent example of WHY the destructive approach doesn't work, except for the destructive. He put all the soldiers most likely to rebel or desert on the front line, where the Americans could drop cluster bombs on them. In short, America footed the bill for Saddam's political security.

    This is not to say that something shouldn't have been done. It did. And given the alternatives available at the time, the Allies did the best job they could have done, IMHO.

    However, the fact remains that it had largely the opposite effect to the one the Allies wanted, precicely because their efforts were as destructive as the person they were trying to replace.

  • Or hack some computers. Come on.... that's just silly. War is war and it's hell. Of course they're going to crack. I would in second... unless of course I was afraid of pissing off the enemy and forcing them to crack me back. Cracking could be the one real leveler of the global playing field. It would only take a few really sharp Serbs to play havock with the entire US network. The bigger the country the more security holes in their networks.

    Pretty soon these crackers that keep getting busted will be trained in a secret underground facility in Viriginia and will become truly elite.

  • No, in wartime you never bomb the hospitals. Hospitals represent a drain on the enemy resources.
    Did you know that the M16 rifle (the main weapon carried by US infantry) is not designed to kill? It is designed to maim. It is much easier for an enemy soldier to fight when surrounded by dead friends than when surrounded by wounded friends who are crying out in pain. The poor soldier has to make a decision to keep fighting or to try to save his wounded comrade. If he chooses the former, he will have a sneaking suspicion in the back of his head that someone will pay him the same honor. If he chooses the latter and carries his wounded comrade off the battlefield, you've reduced the enemy's number by two and the enemy now has a wounded soldier that it must heal. A dead comrade is a martyr, and the only burden on the enemy is that they have to dig some holes.
  • Hmm...counter to the article's statement, I think computer or "cyber" warfare, is a type of warfare that makes most sense NOT being practiced by purely military organizations. In the case of the United States, it would appear to me that such warfare would be the realm of agencies like the CIA, NSA, not a military division like the Army, Navy or Air Force. Cyber warfare is more insidious, requires more care, precision and stealth, is more controversial and prone to scandal, and I think probably would be the realm of spooks, and /intelligence/ organizations, not GIs. Computer warfare in general is a very touchy subject...consider the day when everybody is connected through a pervasive global network (well, that's almost the picture today). Cannot an act against a piece of the global network be considered an attack on all parties? How can it be localised? This is probably something that needs to be discussed and written down in one of those rules of war agreements.
  • >"Cyber-warfare" is essentially useless today : the group being attacked can disconnect their systems, and
    >genuine military systems have no business being connect to a public network anyway.

    Not really. As long as I can still get some form of targeted virus into their system, be it through a infiltrant, or a floppy they use in both machines (ARGH), they're still in trouble.
  • The Geneva Convention also covers what is ethical to use as weapons in a war, there have been some weapons developed which the U.S. does not use because they were not considered ethical by the Geneva Convention. If I remember correctly this is why the U.S. did not adopt flechette rounds (multiple small dart projectiles in a single cartridge) for the M-16A2. They were considered cruel because entry wounds were often very hard to see and they bent upon impact making them hard to remove without causing further damage, like trying to remove fishing hooks. I also recall an experimental weapon which looked for optical devices and shot a laser at them and could consequently blind people which was scrapped because it was believed that the weapon would never be deemed ethical. I think that if you can blow it up, you should be able to hack it. Computer viruses would probably fall into the unethical region since it would be hard to control who they infect.
  • ...but the purpose was nominally the same, no?

    An individual helping to lead a massacre of a village wasn't looked upon too kindly by authorities who'd be under pressure if they didn't prosecute and convict. Not that this seems to happen with heads of state...

    True, 'tho, it's pretty rare for anybody from a superpower or former superpower to get nailed thusly.
  • Good luck finding a bootsector virus that works on two different CPU architectures.
  • The Geneva Convention is very important. Loading it up with nonsensical "protections" serves only to dilute it, and make it less credible. Nerve gas deserves to be banned. Hacking the enemy's computers does not.

    WRT the concept that this kind of "attack" would invite similar reprisal, I say that we are already a target of opportunity for every nutcase out there. They need no further excuse to attack us.
  • ISTM it's all talk of "warfare" and "targetting" and "computers" and "websites" and "guidelines" and all sorts of crap, but nothing actually interesting about how or what might be done.

    Indeed. And the quote in the Reuters article doesn't exactly inspire confidence that "One Senior Military Officer" (TM) has much of a clue either:

    "We went through the drill of figuring out how we would do some of these cyber things if we were to do them."

    These Cyber Things. Ah, yes, right. Good old US Army. They'll save us from the commies and their deadly website cracks. Or something.


    --
    This comment was brought to you by And Clover.
  • Bit of an odd one here...

    The article mentions the actual document the Pentagon produced, "An Assessment of International Legal Issues in Information Operations.".

    Would anyone know how someone such as myself would be able to get their hands on such a report? It sounds downright fascinating, even though I would anticipate it being a generally dry legalistic read.

  • Taking out a power plant is silly, they can get it back online too easy. Much better to bomb it to rubble.

    It depends on how you take it out. Simply turning it off probably won't do any realy damage and only forces the plant to go to the trouble of restarting. From a dead stop, a coal or oil fired power plant can get back on the grid generating power in about half a day.

    To take the plant offline permanently you'd have do some real damage. Here are a few random ideas:

    1. Cut the supply of lube oil to the turbine's bearings. Steam turbines and generators rotate on large bearins that need a constant supply of cool, pressurized oil. Bearing surfaces are integral to the rotor. Wreckin a bearing neccesitates taking the entire turbine/generator offline for several months, minimum.

    2. Modulate steam flow to overspeed or underspeed the turbine. Running at the wrong speed may cause harmonic vibrations to damage and shake apart the generator and/or turbine. In addition to the ovbious hazards of overheating and blowing up the generator won't be producing electricity at the required 50 or 60 Hertz. Dumping a couple megawatts of 70 Hz AC into the grid is sure to mess things up, or at least force the plant offline

    3. Screw up the fuel supply into the boiler. It might be possible to dump too much fuel into the boiler/burner/whatever and melt it. Modern boilers operate very near the melting points of the materials they're made from. An extra hundred dergees could be enough to wreck it.

    Personally, I'd target the bearings first. Be forewarned that most bearings have elaborate temperature and vibration sensors that will trip the turbine (shut it off) if it overheats or starts to run roughly.
    **Disclaimer - all of this is purely hypothetical. Don't go out to your local electric company and blow it up! **

  • Since when did any major innovation in war technology stay in the bottle? Agreed, it should, buuuuuttt Warmongers won't go for this:

    Me can swing club. Him can throw heavy rock. Oh *&@$@!!

    What about gunpowder, biological warfare, and nuclear warfare? Why should cheap, sneaky, and very effective tactics go unused in this the ineffectively protected electronic age?

    How long before People With Dangerous Intentions start thinking ''if bored people with scripts can easily deface government and military computers, what can a ruthless moral outrage propel me to do? Muahahahahaha!!''
  • Max Planck wrote: I don't see how taking out a power plant by cracking their network is any different than taking it out with a well-placed missile. At least no one is killed this way.

    So how do heart monitors work in the USA then?

    In Europe ours use electricity.

    --

  • Invasion may not be so important, now that it is has been reported that the Soviet Union may have buried nuclear bombs and radio equipment in caches around the country during the 1960's. Belgium has reported finding radio caches on its soil recently.

    I'll try and find link to the article.
  • I suppose there are two options.

    1. Break into the machines, and do as we will.
    -or-
    2. Drop a big bomb on said machine, which is certainly more destructive and more annoying to an admin.

    Since option 2 is already used, there is no excuse for not being able to use option 1 and save a couple bombs.
  • from an actual fortune-cookie-fortue:

    "If we both agreed about everything, one of us would be unnecessary"

  • >>they should have at least the common decency to not interfere with industry or technology critical to the civilian population.

    You can't win a war merely be destroying the military of your enemy. You have to create as much of an uproad amongst it's own people as possible. When a government loses the backing of it's people it's easier to beat.

    >>it would be nice to know that civilian hospitals etc would not become targets.

    I agree with you here 100%. Hospitals shouldn't ever become targets unless they're being used by the military in a strategic sense.

    >> this last comment was a joke, mocking the utterly stupid policies of the US toward democratic ideas

    The US outlasted the USSR. Appearantly those ideas were not all that stupid huh?

    LK
  • Something that hasn't been mentioned yet is that one of the biggest problems with hacking into a system is that once you do it, there's a good chance the enemy will know you did it and fix the holes. In a similar way, military planners have to decide whether it's better to blow up that communications link or leave it up because the enemy is talking across it. Sometimes it may be better to look at a computer and not actually do any damage. Or maybe put a backdoor in for a time when we really need it..... And yes, there are a lot of tricky legal hurdles. Yes, I think the biggest fear is that it opens the US infrastructure up for a lot of nastiness. Despite what many of you may believe, even the spookiest of spooks have a lot of legal guidelines they are "supposed" to follow. We need to get this cleared up because there's no point in having a weapon you're not prepared to use, well maybe nukes, but that's a whole different discussion.
  • No, it's not "nominally the same". You attempted to point to a US serviceman who had been tried/convicted for War Crimes, as defined by the Geneva Conventions. Someone presented factual evidence that showed you were incorrect. The serviceman was not convicted of War Crimes, nor was his trial held under the auspices of a War Tribunal, as laid out in the Geneva Conventions.

    This isn't horse shoes, buddy. You were wrong.
  • It would not believe that unwritten codex is stopping an army from applying a new technology. That would be quite naive, IMHO.

    I see the example from WWII as more relevant where none of the involved parties dared to use the (nerve) gas weapons on the battlegrounds. Since noone had a defense against those, noone wanted to start the usage.

    Even though the U.S. military might be quite protected from cyberwarfare, a lot of the civilian US installations like banks, insureance, government, etc. is probably not. Serbian or Serbia supporting knowledgable people could have easily attacked the US in a counterattack. In the end systems everywhere would be going down (or could not be trusted any longer) without anybody knowing the attacking party.

    In this light, the decision of the US not to use this new kind of weapon is wise. The reason they give to the press is lame...

  • Your analogy comparing the US'electrical grid to the internet is flawed, and thus your conclusion that the US is highly susceptible to cyber-warfare is inconclusive.

    True, the US' (and Canada, as they are joined together) electrical grid, as seen in the shutdown of the northeastern sector of 1965, can allow widespread failure when any point is overloaded. The internet was designed from the bottom up to circumvent this problem. You can blow up half the US but the internet will still work. We can thank Van Cerf for that.

  • ...but the purpose was nominally the same, no?

    Doubtful, IMHO. I'm not familar enough with the context of the court martial. However, I'm quite sure that this incident wasn't an isolated one. Why the case was brought as an example when others were ignored is unknown to me. Probably more to do with Army politics than any pressure from foreign governments.

  • Using cyberwarfare can keep events like Pearl Harbor from happening again.

    I guess so... but in another age the attack on Pearl Harbor was just as revolutionary as "cyber warfare" is today.

    Pearl Harbor was the first coordinated, preemptive, carrier-based attack in the history of the world, AFAIK. It was a spectacular success (for Japan). In the attack on Pearl Harbor the Japanese Navy targeted US Military targets exclusively. Nearly all of the civilian casualties were the result of US anti-aircraft shells falling back to earth in downtown Honolulu.

    Staying on top of the Next Big Thing(tm) is a good way to win wars. Japan thought they had the US beat, but America came back with better intelligence (INDIGO, ULTRA, etc.) and unstoppable infrastructure and logistics.

  • Microsoft will continue to innovate.
  • not only can they not hack into a military network, but this would inevitably lead to warfare on the US front, our own government with all its huge resources penetrating and hacking into the computer networks and systems of US citizens. I am glad they didn't do it. it would set a dangerous example for the future military. The laws need to be VERY clear before they go this route.
  • Let me repost part of the Geneva Convention that has already been posted (it's relevant):

    Art. 19.

    The responsible authorities shall ensure that the said medical establishments and units are, as far as possible, situated in such a manner that attacks against military objectives cannot imperil their safety.


    In other words, placing your military bases and hospitals on the same power grid won't prevent anyone from attacking that power grid.


    Another point that has been raised often in this discussion(often thinly veiled) is a perceived bloodthirstiness and lack of morals in the military. C'mon, these are people just like you and me. They have a distasteful, but very necessary, job to do. They don't enjoy pulling the trigger anymore than you enjoy the 2 am phonecalls to come in and reboot the server.

    I'm not a Linux user so I am very careful when reading or commenting on articles relating to Linux. How about some of ya'll doing the same when you're not too familiar with the topic at hand (How many active duty military or veterans are active Slashdot readers?)?

    Rant concluded. Enjoy the rest of your day.

  • I remembered at the beginning of the war, the US was playing up the cyber-war stuff. They were openly talking about attacking Milosovich's (sp?) foreign bank accounts.
    Suddenly they went into silent mode. I bet it happened when the diplomatic notes arrived from countries which held those accounts: 'Attacking our banks is attacking *our* countries--what kind of allies are you?'

    Then the US Military thought: hmmmm... Maybe its not such a good idea after all.


  • Actually, we did wage cyber-warfare against serbia. Those carbon bombs that we launched over their power stations had a two-fold purpose. The superficial purpose was, of course, making the cities dark so that we could bomb targets more easily. This is silly, however, because they would have turned off all the city lights anyways. The meatier reason for putting their power grid on the fritz is because their military uses some sort of computer networking over powerlines. I no longer have the source for this... I read it on one of the main news sites.
  • The whole point is that the purveyors of high-tech weaponry at international arms bazaars wouldn't want potential multi-million dollar clients to get the idea that their hi-tech equipment could be easily compromised by crackers, (or more likely, the people selling the gear who would retain bypass codes into the systems, just in case they were turned against their country of origin).

    Wake up and smell the napalm....
  • Nato planes were dropping spools of carbon monofilament which short-circuited the power lines. If we're going to go ahead and do that, why not save the jet fuel, the wear and tear, and the potential loss of men and material involved in air runs by simply cracking into the power station and shutting it down (or re-routing the voltage flows from different plants down the same lines, thus shorting those out)?
    On the subject of collateral damage, any shorts in the power grid have the potential for damaging computer hardware attached to the grid. For example, when a lighting storm hit our area of the southeast US some months ago, I lost a nic and nearly lost a mobo. If you're crossing wires (monofilament, cracking, ...) and shorting them, then the result is the same, including potential collateral damage.


    Who am I?
    Why am here?
    Where is the chocolate?
  • Reading these comments regarding possible do-s and
    do-nots, I came up with a question. Let's suppose for the sake of argument that the US declared war on some unpopular and troublesome country. Let's think Irak invading Kuwait again.

    Imagine that the militrary use their cyberwarfare capabilities in some way that effectively violates the "laws of war". Is there an effective way to force american criminals of war to face a trial? I mean, in most cases, the not so well regarded "help" of the USA is used to enforce compliment of international law, because it's huge power.

    Would the other countries in the NATO or the UN security counsel have the power to take those criminals before justice should the US government chose not to hand them? Given they current and apparent concern with not breaking the law, that may seem unlikely, but it's also widely known that "Northamericans have no friends, only interests".

    Just random paranoid and off-topic thoughts :)

  • No, that is not the case. There is a reason for the rules of grammar and spelling. We have these rules to aid in clear communication. Sloppy usage of the English language, or any human language for that matter, is just as bad as sloppy usage of Perl, C++ or any other programming language. I would wager that any programmers reading this site who found improper syntax or even nonstandard idioms in another's source code would then have lesser regard for the author of the code. Clarity and precision are essential. Often clarity of language can be directly linked to clarity of thought.
  • I find it perfectly acceptable for our country to participate in Cyberwarfare. In fact, we already can do, in the physical world, that which may be attainable through an over-the-wire attack.

    • We have missles which can shut down power grids, either temporarily or permanently (an infrastructure attack). Why not just shut it down over a network?
    • We have missles which can cause the enemy to see 15 aircraft coming in to attack, when in fact, a missle sent the signal(good deception techniques) and we are attacking elsewhere with F117s. Why not just send the signal over the wire or even better, alter the system to be disfunctional?

    The objective in warfare (before Clinton anyway), was to fight and win. Now, with the continued advent of Operations Other Than War and limited objective warfare, Cyberwarfare seems to be an even more attractive option, given the relative costs in human suffering (by Soldiers, Airmen, Sailors and Marines of the United States and their families). The risks involved in such operations are much greater since the objective is not to totally annhilate the enemy, but to pacify him and then co-exist within the same physical space for an undetermined period of time and with ill-advised rules of engagement. Would you want to be on the ground then, or have a family member or friend out risking their lives? Or would you rather reduce the need for it through an over-the-wire attack?

    Now, I'm not advocating Cyberwarfare to the extent that we isolate and shut down mission critical equipment in hospital facilities by shutting down a power grid, but if we engage such targets with munitions anyway, wouldn't it make sense to engage the target at lower cost and risk to human life of our nation and forces?

    An argument that I've seen presented is that we are more dependent on information infrastructure than other nations so we ought not to provoke other nations by using the same. In the USA, we have a rather decentralized information infrastructure, highly redundant systems, and data backup performed for all critical systems. I would argue that even if another nation were able to attack us, it would not take that long to recover.

    Now, Russia was also mentioned in the article and you'd have to pay some attention to the fact that they strongly oppose the use of Cyberwarfare. Why is this? Could it be that they have a very centralized information infrastructure, very few redundant systems and cannot regularly perform data backup? I would think this to be the case.

    Anyway, our own government, having developed the most sophisticated military technology in the world is already the number one target for hostile "cyberwarfare" attacks. Just because they have occured during a time when we are not actively engaging an enemy does not mean that it does not happen, or that it does not constitute "cyberwarfare".

    Whenever in warfare, there is a chance to use a supporting weapon such as mortars, artillerly, etc... we have what is known as pre-plotted targets that can be used as a point of reference to speed up the engagement process at a critical time of need. Some (or many) of you may be aware of the many different scenarios the military develops and prepares appropriate contingency plans. Do you think that the NSA does not already have solutions plotted to shut down as many critical systems throughout the world as possible should the need ever arise to do so? These are the targets of tomorrow. It brings about a whole new meaning to "pushing the button".

    Information Warfare, Cyberwarfare, etc... was started a long time ago and it is here to stay. We are already under attack and will continue to be attacked since we have superior technology that many others want, and that some other nations have already obtained from us.

  • Conflicts that the US did not "win": The War of 1812 ...
    The British stopped impressing American sailors, which was what the war was about. While the British burned parts of DC, they didn't get to the shipyards of Baltimore (for which, as a patron of Fells' Point bars, I am grateful); it was, in fact, the Battle of Baltimore that inspired Francis Scott Key to write "The Star-Spangled Banner."

    The U.S. sucessfully asserted its national sovereignity, which I think has to count as victory.

  • Here's to the hope that the military drafts a few thousand script kiddies, realize their IRC skills are useless and makes them pick up a gun. Good luck in the front, kids!

  • cyber warfare is not typical "hacking"/"cracking" as many of you see it. you do not just telnet half way around the world or dialup to some Nuclear power plant (although you can do that to Houston Lighting and Power :-) and do a DoS attack that causes a kernel panic and shuts down the power grid.

    cyber warfare is fought on many different battle fields, and in many ways we have been fighting cyber wars for quite a while. do a little reading on the Navy war game where a US Navy ship was taken over and one of it's missles launched in a cyber warfare attack, you'll get an idea of how these things work. cyber warfare involves things like:

    • Radio/Radar Jamming, EMF Disruptions, other DoS attacks. we've been doing this for a long time.
    • Stealing proprietary technology that missles, ships, et. al. are controlled with and using it to attack/compromise the enemy.
    • Compromising physical technology/network access points to further attack/manipulate the enemy.
    • Disruption of electronic banking systems (freezeing foreign assets, disabling systems, stealing money)
    • It also involves all kinds of technologies, rarely the Internet. i.e. Spread Spectrum, VHF, UHF, Satellite, GSM (and cell protocols), other radio frequencies, etc...
    • any typical act of war (propaganda, disabling supply lines and communications, spying, etc...)
    the biggest advantage any attacker could gain by using cyber warfare IMHO would be to steal proprietary knowledge, information, and war plans.

    remember that cyber warfare is not a *new war*. war is war and cyber warfare is a means to an end. CW is just new ways of doing the things that war has always done, even since the days of King David or Sun Tzu.

  • Let me quote the relevant bit here...
    The responsible authorities shall ensure that the said medical establishments and units are, as far as possible, situated in such a manner that attacks against military objectives cannot imperil their safety
    In other words, it is the responsibility of the defender to see to it that the hospital does not become a militaryt target. Hospitals are not given blanket protection; otherwise, every combat unit could becalled a "medical unit" and be protected by this treaty.

    If you place a garrison of armed troops in your hospital, then I am justified in using whatever force is neessary to destroy those troops. If the hospital is destroyed in the process, that's too bad, but my attack on the hospital does not necessarily violate the Geneva Conventions. Which the United States is not a signatory to, by the way, though it has agreed to abide by them.

    So if you use a power plant to power your military installations, that power plant is a valid military target. If your hospital is powered by the same plant, then you didn't plan very well, because you situated you medical establishments and units in such a manner that attacks against military objectives CAN imperil their safety.

    Feel free to point out factual errors...
  • Who said they have to be different architectures? They just said different, not connected networks. And anyway, one machine would already be infected/0wned/whatever, so you could have it write a boot sector virus to the disk for the other one. But you don't need asm. How about perl? A bit on the slow side, but it could work. Or shell scripts? I know of at least one .bat virus (Ok, it wasn't very successfull, but it would only have to infect 1 other comp).

Kiss your keyboard goodbye!

Working...