December 2012 Archives

An article in Threat Post misses a big point about Cyberwar Doctrine: it isn't about other countries.

Committing to a cyber attack is a pretty grey area as far as 'Acts of War' versus 'Pure Intelligence Gathering' is concerned.  To exemplify this statement, consider a scenario:

US intelligence hears a report that a foreign leader was rushed to a hospital recently, but the government in that country is staying mute on what is wrong.  In the interest of intelligence gathering, US Cyber Command decides to snarf hospital records from all capital city hospital networks in an effort to chase down rumored conditions (if a patient was admitted with rumored conditions at the right time, increased likelihood of meaningful report, "Like" the source, or whatever it is US Cyber Command does with good intel). 

The trouble with the scenario?  Breaking into a hospital's patient record system has the potential to deny service to that system for the hospital.  In turn, it could mean slower patient access to care, and could actually cause deaths.  If the country in question determines that the US executed the attack, could it be considered an act of war?

Congress, at the very least, would want answers.  One of the first questions Congress would ask should be: "What are your rules for engagement and procedures for determining worst-case-scenario in a cyber intelligence gathering mission?"

Cyberwar Doctrine is currently more of a CYA for government hackers so that they can show the purse-string holders they are being responsible.  In the end, it's a good thing: better to have too little hacking than too much, and better to err on the side of, "we could kill people by accident, maybe we shouldn't do this."

No doubt various countries are developing their own internal Cyberwar doctrines, and no doubt there will be a few major incidents of power outage/etc before countries sit at the same table and hash out the differences in their doctrines, spell out what constitutes war requiring physical retaliation.

Welcome to the 21st century.

News Weekly Round-Up

| No Comments | No TrackBacks
Robert Clark, an attorney with the US Cyber Command, gave a nice interview with ABC News.  In the interview, Clark gives a nice overview of some of the legal challenges involved with Cyber War.  I can only imagine the frustration on the government hackers' facers when, finding the perfect exploit, they have to wait for a chain of approval and then just the right opportunity in order to exploit it.

Reason has a nice piece detailing both the technical and intelligence-gather difficulty of pulling off an effective attack, as well as highlighting the treaty challenges involved in Cyber.  It's a pretty light article, lacking detail, but a nice find for anyone pondering the technical difficulties and legal issues in trying to black out a continent.  My favorite articles about Stuxnet all highlight the "intelligence gathering" aspect -- no doubt the most difficult part in attacking any complex control system.

The Daily Mail has a piece on the US Pentagon's Plan X.  Primarily a hype piece: 110 million USD in funding over 5 years is enough to cover maybe two dozen actual researchers with computers.  Don't expect great or scary new weapons from this group, although we may see some follow-up ala the Washington Post's "Top Secret America" series.

Finally, Japan has been hit by another large earthquake this morning.  Thankfully no major tsunamis this time.  Our thoughts and hopes go out to everyone in Japan.

About this Archive

This page is an archive of entries from December 2012 listed from newest to oldest.

November 2012 is the previous archive.

January 2013 is the next archive.

Find recent content on the main index or look in the archives to find all content.