Full Version: Cyber Attacks
Ok first of all, for those that don't know, this is what it means to be pwned.
Now, on to the matters at hand....
Chinese hackers have launched a sustained attack against the web systems of the US Department of Commerce.
Security experts reckon attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office.
Security consultants and US government officials reckon the assaults have at least the tacit support of the Chinese government, AFP reports.
Full Article
Now, this is nothing new, China has supposedly been at this before. However, the CIA, DoD, NSA and other US governmental systems get hit all the time by "script kiddies" and crackers both from inside the US and outside. I would like to stay away from turning this into a debate that focuses on China as it hard to track down the origins of an attack. It's quite possible that these attacks are coming from Iran or Iraq or heck, even Canada for all we know. The attackers could be masking themselves to make it look like the attack came from China.
Assuming we can definatively track down the origins of an attack...
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
Now, on to the matters at hand....
QUOTE
Chinese hackers have launched a sustained attack against the web systems of the US Department of Commerce.
Security experts reckon attacks originating from computer crackers largely located in China's Guangdong province are aimed at extracting sensitive information from targets such as the Commerce Department's technology export office.
Security consultants and US government officials reckon the assaults have at least the tacit support of the Chinese government, AFP reports.
Full Article
Now, this is nothing new, China has supposedly been at this before. However, the CIA, DoD, NSA and other US governmental systems get hit all the time by "script kiddies" and crackers both from inside the US and outside. I would like to stay away from turning this into a debate that focuses on China as it hard to track down the origins of an attack. It's quite possible that these attacks are coming from Iran or Iraq or heck, even Canada for all we know. The attackers could be masking themselves to make it look like the attack came from China.
Assuming we can definatively track down the origins of an attack...
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
Nope. Our critical government networks should be so private that only insiders could attack. Then you just shoot them.
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
Nope. These outfits need to take responsibility for their own systems' security. They should keep responsible people on board who care about the company and not outsource at all. Seems that businesses are starting to rediscover this rather simple-minded principle of the computing bidness.
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
No grounds for military action. I think it would be fun to put up systems that intentionally draw the attackers in, trace back to them and instigate our own forms of attack in the network. It would be great fun!
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
Same as for #3. Two can play the cracker game, yup yup. DOS them like mad, issue pings of death from all over, that sort of fun. I fantasize about a national grid that kicks off every time an attack is attempted, millions of little computers doing little pieces of the counter-attacks. Shoot, something like that could go world-wide!
Osama will wonder how come the NICs are melting.
Nope. Our critical government networks should be so private that only insiders could attack. Then you just shoot them.
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
Nope. These outfits need to take responsibility for their own systems' security. They should keep responsible people on board who care about the company and not outsource at all. Seems that businesses are starting to rediscover this rather simple-minded principle of the computing bidness.
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
No grounds for military action. I think it would be fun to put up systems that intentionally draw the attackers in, trace back to them and instigate our own forms of attack in the network. It would be great fun!
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
Same as for #3. Two can play the cracker game, yup yup. DOS them like mad, issue pings of death from all over, that sort of fun. I fantasize about a national grid that kicks off every time an attack is attempted, millions of little computers doing little pieces of the counter-attacks. Shoot, something like that could go world-wide!
Osama will wonder how come the NICs are melting.
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
I think it would depend on the severity of the attack, and whether or not it actually was an attack and not just an attempt at espionage. A cyber attack must be considered just as serious as a physical attack in that it can potentially cause a corresponding amount of damage.
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
See the above answer, I suppose. States are responsible for the security within their borders and since the internet and & cyber reality has no borders then its all to easy to get inside and cause mayhem.
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
With moderation and in a like manner. Cyber attack, unless it gives rise to actual physical injury, should be fought with a retaliatory cyber attack. If a kid brekas into the DoD, then the DoD should break into the kids computer and erase his bank accounts. If a kid breaks into the DoD and damages it, then he should be arrested (or his parents).
If a nation does the same, then the response should be similar just on alarger scale.
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
By what ever means necessary to prevent them from damaging the civil infrastructure or causing injury.
I think it would depend on the severity of the attack, and whether or not it actually was an attack and not just an attempt at espionage. A cyber attack must be considered just as serious as a physical attack in that it can potentially cause a corresponding amount of damage.
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
See the above answer, I suppose. States are responsible for the security within their borders and since the internet and & cyber reality has no borders then its all to easy to get inside and cause mayhem.
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
With moderation and in a like manner. Cyber attack, unless it gives rise to actual physical injury, should be fought with a retaliatory cyber attack. If a kid brekas into the DoD, then the DoD should break into the kids computer and erase his bank accounts. If a kid breaks into the DoD and damages it, then he should be arrested (or his parents).
If a nation does the same, then the response should be similar just on alarger scale.
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
By what ever means necessary to prevent them from damaging the civil infrastructure or causing injury.
QUOTE(moif @ Oct 10 2006, 05:47 AM) 
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
I think it would depend on the severity of the attack, and whether or not it actually was an attack and not just an attempt at espionage. A cyber attack must be considered just as serious as a physical attack in that it can potentially cause a corresponding amount of damage.
For the purpose of this debate, I'd like to clarify that I mean an actual "cyber attack" rather than espionage.
Obviously this still brings up further issues:
The first would be that a cyber attack can fail or be blocked by our defensive measures and cause no damage. A physical attack, while possibly ineffective, doesn't really "fail" in the same sense that a cyber attack might. A missile can miss it's target but whoever fired at us is still going to face repercussions. But while a cyber attack might "fail" it's still an attack.
The other thing I think we need to discuss is if the extent of the cyber attack matters. I believe given a military attack on US soil, some would say "an attack is an attack" whether it killed 3,000 people or 30,000 people. Does this same logic translate to the cyber world? If some country managed to knock out our communication satellites via a cyber attack, no one is directly killed and it's possible the US public might not demand action. However, if somehow a cyber attack was pulled off that caused US civilian or military casualties, I think that the American public would demand some sort of action be taken.
These are some of the tricky nuances that keep me continuously thinking about this topic. I guess I should've also asked: Where do you draw the line between a cyber attack that should result in military action and one that does not." But that's not an "official" question to debate
Great topic, Psyclist! 
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
In a legal sense, it absolutely is an act of war. The larger question relates to severity and intent. Even a failed attack, if its intent was to disrupt US military operations, is an actionable offense in my book. Tom Clancy details just such an attack scenario in his book Debt of Honor. Of course, that is fiction but the end of the book is chillingly prescient (PM me if you want to know, I don't want to ruin it here
). The response to the attack is trickier to surmise. Do you use conventional weapons or perhaps respond with a US cyber attack? Is even such an attack warranted?
2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
Potentially, yes. Again it depends on severity and intent. If a country is attempting to subvert our economic infrastructure, that is an act of war just as significant as an attack on a military installation.
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
This is by far the tougher question to answer. Military response is certainly an option, depending on the severity of the attack and whether there is specific evidence pointing to a country either supporting or executing the attack. I think the doctrine of proportional response would be useful in this scenario.
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
Through usual legal channels, hopefully with the cooperation of the host government where the crackers are located.
1.) Is a cyber attack on US governmental or military targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, a n attack on critical military infrastructure)
In a legal sense, it absolutely is an act of war. The larger question relates to severity and intent. Even a failed attack, if its intent was to disrupt US military operations, is an actionable offense in my book. Tom Clancy details just such an attack scenario in his book Debt of Honor. Of course, that is fiction but the end of the book is chillingly prescient (PM me if you want to know, I don't want to ruin it here
). The response to the attack is trickier to surmise. Do you use conventional weapons or perhaps respond with a US cyber attack? Is even such an attack warranted?2.) Is a cyber attack on US economic, buisness, or civilian targets by another country or tacit support from that country's government constitute an act of war? Even if the cyber attack failed? (For example, an attack on eBay or the stock market)
Potentially, yes. Again it depends on severity and intent. If a country is attempting to subvert our economic infrastructure, that is an act of war just as significant as an attack on a military installation.
3.) Do you believe such an attack would be grounds for military action? If not, how should the US retaliate?
This is by far the tougher question to answer. Military response is certainly an option, depending on the severity of the attack and whether there is specific evidence pointing to a country either supporting or executing the attack. I think the doctrine of proportional response would be useful in this scenario.
4.) How should the US handle cyber attacks from "gangs" of crackers or (z0mg! terrorists!) that aren't necessarily state sponsored?
Through usual legal channels, hopefully with the cooperation of the host government where the crackers are located.
This is a simplified version of our main content. To view the full version with more information, formatting and images, please click here.