Pentagon says computer hack is act of war

**American Patriot** · May 31st, 2011, 13:51

Pentagon says computer hack is act of war

Drones to hit Anonymous any day now

31 May 2011 11:47 | by Nick Farrell in Rome | posted in Security

1 Comment

With its unique ability to place everything into a sense of perspective, the US Army has decided that hacking is an act of war, which could result in a full military strike.
According to the Wall Street Journal, any computer sabotage coming from another country can constitute an act of war.
As part of the Pentagon's formal cyber strategy hackers are being seen as significant a threat to US nuclear reactors, subways or pipelines as a hostile country's armed forces.
Basically there is a certain amount of sabre rattling here.
The Pentagon is sending out a message that if a country attacks by shutting down the US power grid, it will put a missile down one of its smokestacks.

The Pentagon is still working out what the scale of attack should be.
Obviously, you do not go to Defcon 1 over a DoS attack on a military website. Although in several theatres of war the US army has been known to carpet bomb towns who were rude to generals on their holidays before the war broke out.
However, there is a problem which the Pentagon did not mention. How to define when computer sabotage is serious enough to constitute an act of war and can you be sure that the country you think is behind it, really is responsible.
In typical US government jargon, the plan is to have a policy of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then retaliation would happen.
One of the problems the US is facing is that the Rules of Armed Conflict that guide traditional wars are derived from a series of international treaties, such as the Geneva Conventions, do not include cyber warfare.
Then there is the other matter of what happens if a foreign hacker attacks by himself without his government's knowledge.
If the rules are too tight, then a hacker looking for proof of UFO in a Pentagon database could get his country nuked.

External links

online.wsj.com
Share this

More
Other security stories (rss feed)

Related topics

USA, Pentagon, DDoS Attacks, UFO

Read more: http://www.techeye.net/security/pent...#ixzz1NwDGAnpK

**American Patriot** · May 31st, 2011, 13:52

US may classify major cyber attacks as acts of war: report

Published on Tue, May 31, 2011 at 17:32 | Source : PTI
Updated at Tue, May 31, 2011 at 17:42

The US may soon classify major cyber attacks as acts of war, which may face possible military retaliation.

Classifying computer sabotage, coming from another country as constituting an act of war is likely to be unveiled in Pentagon's first ever cyber strategy, the Wall Street Journal reported, quoting from unclassified portions of the strategy expected to become public next month.

The threat of military retaliation, the paper said, was to serve as a warning to foes not to mess with or sabotage US nuclear reactors, subways, country''s electricity grid and pipelines.

"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.

The paper said the recent cyber attacks on the Pentagon systems - as well as the sabotaging of Iran''s nuclear programme via the Stuxnet computer wormï¿½have given new urgency to US efforts to develop a more formalised approach to cyber attacks.

WSJ quoting officials said the new strategy would maintain that the existing international rules of armed conflict - embodied in treaties and customs - would apply in cyber space.

While refusing to discuss potential cyber adversaries, officials told WSJ the previous hacking attacks on strategic US offices had originated from Malaysia and China.

"That's why military planners believe the best way to deter major attacks is to hold countries that build cyber weapons responsible for their use," the paper said.

A parallel, officials said, existed in President George W Bush administration''s policy of holding foreign governments accountable for harbouring terrorist organisations, a policy that led to the US military campaign to oust the Taliban from power in Afghanistan.

**American Patriot** · May 31st, 2011, 13:53

Pentagon to Take Military Action Against Cyber Attacks?

Jupiterimages/Thinkstock(WASHINGTON) -- Hacker attacks have become more widespread and damaging lately, enough so that the government is considering stepping in and taking military action.

According to the Wall Street Journal, some top officials at the Pentagon are now calling computer sabotage an act of war, and are considering using military force as one way to respond to the malicious attacks against the U.S. Doing so may warn potential adversaries about hacking.

Internet security lawyer Parry Aftab says there's no such thing as a harmless cyber attack.

"Everything on the Internet belongs to someone," he says.

Businesses also stand to lose a lot if hacked and have been at the center of the most recent breaches. Defense contractor Lockheed Martin and broadcaster PBS were the latest victims of cyber break-ins this past weekend. Prior to that, Sony's PlayStation network was hacked, compromising the accounts of more than 100 million customers.
Copyright 2011 ABC News Radio

**American Patriot** · May 31st, 2011, 13:54

May 31, 2011 21st century warfare

Rick Moran

The Pentagon has concluded that an organized cyber attack on the United States might warrant a military response.

The conclusion is part of a strategy, parts of which will be unclassified next month, that deals with the question of hackers disrupting power or communications networks in the United States.

Wall Street Journal:

Recent attacks on the Pentagon's own systems-as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm-have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military.
One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.

China has already been fingered as a possible culprit in some high profile hacks. But so has the Russian mob and Albanian organized crime families. It would be next to impossible to ferret out direct connections between the Russian government and mob. Besides, there may very well be a third party involved anyway.
This isn't so much a strategy as it is a warning. Those who would do us harm by hacking our networks could pay a steep price.

**American Patriot** · May 31st, 2011, 13:54

US warns: hack us, and we might bomb you

By Nate Anderson | Published 13 days ago

The US revealed its "International Strategy for Cyberspace" (PDF) yesterday. It's mostly blather about how terrific "cyberspace" is, but it gets more specific on a few key issues like national defense. Could our next war start because of a hack? The government says it's possible.
"States have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace,” says the policy. Indeed, such aggressive acts might compel a country like the US to act even when the hacking is targeted at an allied country.
“Certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners,” says the document. “When warranted, the United States will respond to hostile acts in cyberspace as we would any other threat to our country.”
Military force will only be used as a last resort after other diplomatic and economic remedies are attempted, but the US government has certainly realized the value of the Internet and has no intention of sitting quietly while corporate and governmental computer systems are attacked with impunity.
But the cyberspace security strategy doesn't just involve talk about playing offense; defense is stressed even more heavily. “Dissuasion” of hackers is a core goal, and it extends beyond national borders. “A globally distributed network requires globally distributed early warning capabilities,” says the strategy, which calls for “new computer security incident response capabilities globally" and interconnected network defense systems.
With the new strategy document, the government is putting the world on notice: “The United States will ensure that the risks associated with attacking or exploiting our networks vastly outweigh the potential benefits.”

**American Patriot** · May 31st, 2011, 13:58

Cyber Combat: Act of War
Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force

Article
Comments (63)

more in Tech »

Email
Print

Save This ↓ More
Twitter
LinkedIn
+ More
larger Text smaller

By SIOBHAN GORMAN And JULIAN E. BARNES

WASHINGTON—The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.

The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.

View Full Image
CYBERWAR
Reuters

The Pentagon is studying when cyber attacks justify military action. An Air Force security center in Colorado.
CYBERWAR
CYBERWAR

Recent attacks on the Pentagon's own systems—as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.

The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military.

One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.
The War on Cyber Attacks

Attacks of varying severity have rattled nations in recent years.

June 2009: First version of Stuxnet virus starts spreading, eventually sabotaging Iran's nuclear program. Some experts suspect it was an Israeli attempt, possibly with American help.

November 2008: A computer virus believed to have originated in Russia succeeds in penetrating at least one classified U.S. military computer network.

August 2008: Online attack on websites of Georgian government agencies and financial institutions at start of brief war between Russia and Georgia.

May 2007: Attack on Estonian banking and government websites occurs that is similar to the later one in Georgia but has greater impact because Estonia is more dependent on online banking.

The Pentagon's document runs about 30 pages in its classified version and 12 pages in the unclassified one. It concludes that the Laws of Armed Conflict—derived from various treaties and customs that, over the years, have come to guide the conduct of war and proportionality of response—apply in cyberspace as in traditional warfare, according to three defense officials who have read the document. The document goes on to describe the Defense Department's dependence on information technology and why it must forge partnerships with other nations and private industry to protect infrastructure.

The strategy will also state the importance of synchronizing U.S. cyber-war doctrine with that of its allies, and will set out principles for new security policies. The North Atlantic Treaty Organization took an initial step last year when it decided that, in the event of a cyber attack on an ally, it would convene a group to "consult together" on the attacks, but they wouldn't be required to help each other respond. The group hasn't yet met to confer on a cyber incident.

Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say.
More

Hackers Broaden Their Attacks
More: Cyber Crime

The move to formalize the Pentagon's thinking was borne of the military's realization the U.S. has been slow to build up defenses against these kinds of attacks, even as civilian and military infrastructure has grown more dependent on the Internet. The military established a new command last year, headed by the director of the National Security Agency, to consolidate military network security and attack efforts.

The Pentagon itself was rattled by the 2008 attack, a breach significant enough that the Chairman of the Joint Chiefs briefed then-President George W. Bush. At the time, Pentagon officials said they believed the attack originated in Russia, although didn't say whether they believed the attacks were connected to the government. Russia has denied involvement.

The Rules of Armed Conflict that guide traditional wars are derived from a series of international treaties, such as the Geneva Conventions, as well as practices that the U.S. and other nations consider customary international law. But cyber warfare isn't covered by existing treaties. So military officials say they want to seek a consensus among allies about how to proceed.

"Act of war" is a political phrase, not a legal term, said Charles Dunlap, a retired Air Force Major General and professor at Duke University law school. Gen. Dunlap argues cyber attacks that have a violent effect are the legal equivalent of armed attacks, or what the military calls a "use of force."

"A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same," Gen. Dunlap said Monday. The U.S. would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack.

James Lewis, a computer-security specialist at the Center for Strategic and International Studies who has advised the Obama administration, said Pentagon officials are currently figuring out what kind of cyber attack would constitute a use of force. Many military planners believe the trigger for retaliation should be the amount of damage—actual or attempted—caused by the attack.

For instance, if computer sabotage shut down as much commerce as would a naval blockade, it could be considered an act of war that justifies retaliation, Mr. Lewis said. Gauges would include "death, damage, destruction or a high level of disruption" he said.

Culpability, military planners argue in internal Pentagon debates, depends on the degree to which the attack, or the weapons themselves, can be linked to a foreign government. That's a tricky prospect at the best of times.

The brief 2008 war between Russia and Georgia included a cyber attack that disrupted the websites of Georgian government agencies and financial institutions. The damage wasn't permanent but did disrupt communication early in the war.

A subsequent NATO study said it was too hard to apply the laws of armed conflict to that cyber attack because both the perpetrator and impact were unclear. At the time, Georgia blamed its neighbor, Russia, which denied any involvement.

Much also remains unknown about one of the best-known cyber weapons, the Stuxnet computer virus that sabotaged some of Iran's nuclear centrifuges. While some experts suspect it was an Israeli attack, because of coding characteristics, possibly with American assistance, that hasn't been proven. Iran was the location of only 60% of the infections, according to a study by the computer security firm Symantec. Other locations included Indonesia, India, Pakistan and the U.S.

Officials from Israel and the U.S. have declined to comment on the allegations.

Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China. A 2009 government-sponsored report from the U.S.-China Economic and Security Review Commission said that China's People's Liberation Army has its own computer warriors, the equivalent of the American National Security Agency.

That's why military planners believe the best way to deter major attacks is to hold countries that build cyber weapons responsible for their use. A parallel, outside experts say, is the George W. Bush administration's policy of holding foreign governments accountable for harboring terrorist organizations, a policy that led to the U.S. military campaign to oust the Taliban from power in Afghanistan.

Write to Siobhan Gorman at siobhan.gorman@wsj.com

Read more: http://online.wsj.com/article/SB1000...#ixzz1NwF15Hfe

**catfish** · June 1st, 2011, 02:45

So when do we start bombing China and Russia? I get the feeling it will be more like the government needs more control of the internet. Maybe they do, I don't know. Personally, I feel like we have to much important stuff connected to internet when it doesn't need to be. Frontline had a great show about hackers attacking power stations over the internet.