Next message: mea culpa: "[ISN] cDc releases BACK ORIFICE for MS Windows"
Originally From: alan l cottrell <acottrell�t_private>
Posted To: dc-stuff�t_private
THE WASHINGTON POST (July 26, 1998): Intent on developing more powerful
weapons for penetrating enemy computer networks, U.S. military and
intelligence authorities are struggling to define new rules for deciding
when to launch cyber attacks, who should authorize them and conduct them
and where they fit into an overall defense strategy[1].
Not since the advent of nuclear bombs half a century ago have national
security officials confronted weapons with such potential to alter the
means for waging war, say those involved in the planning. But the
consequences of their use remain largely unexamined and problematic[2].
The extent of U.S. offensive capabilities is among the most tightly held
national security secrets[3]. According to various accounts, the
government has explored ways of planting computer viruses or "logic bombs"
in foreign networks to sow confusion and disruption[4].
It has considered manipulating cyberspace to disable an enemy air-defense
network without firing a shot[5], shut off power and phone service in
major cities, feed false information about troop locations into an
adversary's computers and morph video images onto foreign broadcast
stations[6].
Pentagon officials say they are at an early stage of thinking about the
various applications for cyber weapons and the legal, ethical and
operational consequences of employing them. But because of secrecy
concerns, many of the programs remain known only to strictly
compartmentalized groups, inhibiting the drafting of general policy or
specific rules of engagement[7].
"It's a little bit like medical ethics,"[8] said a high-ranking Defense
Department official who requested anonymity. "The technology gives you
the capabilities that go a lot further than the ethical context for using
them sometimes. This is a very tough area."
A presidential directive last month outlining a plan for raising U.S.
defensive barriers against computer attacks made no mention of the
offensive side of the issue. Senior administration officials say no
presidential directive about offensive capabilities is in the works that
might help resolve the differences between the Pentagon and intelligence
agencies[9].
Similarly, Congress has held next to no public debate[10] on the direction
the United States should be heading in inventing cyber weapons[11],
writing guidelines for their use or weighing the potential international
repercussions of unleashing them. At a Senate hearing last month that
focused on the vulnerability of America's information systems to
unauthorized entry[12], Sen. Carl M. Levin, D-Mich., gingerly questioned
whether the United States is developing offensive capabilities. George J.
Tenet, director of Central Intelligence, said the nation can rest assured
that "we're not asleep at the switch in this regard."
For all the interest in cyber warfare, specialists cautioned that yawning
gaps exist between what the technology promises and what practitioners
currently can deliver[13]. Large-scale computer attacks require an
extraordinary amount of detailed intelligence about a nation's hardware
and software systems[14], as well as about the habits and decision-making
processes of foreign and military authorities.
"Frequently, we like to think of electronic attack as the ultimate in
precision weapons," said Vice Adm. Arthur K. Cebrowski, a leading Navy
authority on the subject. "But these are not necessarily very precise
instruments."
Much is still unknown about how a major cyber attack would play out.
"We don't understand the cascading effects on decision-making of what
providing defective data to an enemy may mean," said a colonel responsible
for the Air Force's information warfare plans. "That's a hard thing to
model."
Other critical questions surround these largely untested weapons, experts
say. Given their broad destructive potential, for instance, should cyber
weapons be placed under a special military command authority, similar to
the Strategic Command that manages targeting plans for the U.S. atomic
arsenal?[15]
When should the United States justifiably consider taking down chunks of
the information infrastructure of a foreign country? What are the risks
of inviting retaliation?
How should intrusions into foreign systems be conducted in peacetime for
the benefit of intelligence gathering, and when does such snooping --
which often involves the same computer techniques as offensive action --
cross some boundary into outright aggression?
"What constitutes an act of war in this area? It's never been made
clear," said Brenton C. Greene, a former Pentagon specialist in
information operations who served on the presidential commission that
studied U.S. vulnerabilities last year...
<snip>
for the remainder of this article, see http://www.washingtonpost.com
[1] the us military is not allowed to conduct warfare on its own
citizens, right? especially without a formal declaration of war?
[2] right now, who else could they be used against -- besides us, i mean?
[3] i'm wondering, is this why the clinadmins what to force weak
encryption upon us -- especially at the export level? you know those
feisty germans. we could never invade granada again if we let them
secure their communications...
[4] a.) who's been talking?
b.) remember this the next time someone criticized the use of worms,
viruses or security testing...
c.) is this a possible defense for kevin mitnick (well, the government is
doing it, why can't i?).
[5] just like the legion of the underground -- good going, guys
[6] a.) once again, just like the legion of the underground (they're
really cyberspies)... </sarcasm>
b.) now your domestic station is running american military diversions
while cnn is live, on the ground, filling you in on what is really
happening. and which station do you watch? which one do you believe? a
little crinkle in the plan here. now, if the were to take over cnn...
[7] pete, sinster -- all you security consultants out there, i'm sensing
a brand new business opportunity, with the potential for wealth and fame:
teach the military how to conduct cyber war. you better act quick,
before this article reaches new mexico (i figure you've got two weeks),
and carolyn sees the same opportunity (that ought to give you another two
months)...
[8] can you have ethics and the defense department logically in the same
sentence. anyway, forget about carolyn, she doesn't have any ethics...
[9] ok, so the pentagon has a new toy and the nsa and cia want to play
with it too? don't you feel safer now?
[10] although patrick leahy (senator from vermont, sits on intelligence
committee, and generally knowledgeable about technology) admitted that
there were secret hearings before the intelligence committee on just this
subject...
[11] mitnick wasn't cracking into people's computers, he was inventing a
new form of cyber weapon on behalf of the us military...
[12] i think they're talking about you
[13] what they're really trying to say is this: For all the interest in
cyber warfare, specialists cautioned that yawning gaps exist between what
government employees can currently do and what everyone else seems
capable of...
[14] not unlike the kind of "intelligence" that pete currently collects
-- i'm seeing money rushing to you, evil pete...
[15] yep. i'm volunteering to lead the Strategic Command for the Use and
Exploitation of Cyber Weaponry in All Circumstances Short of a Formal
Declaration of War as passed by Congress
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:59:53 PDT