The Pentagon, trying to create a formal strategy to deter cyberattacks on the United States, plans to issue a new strategy soon declaring that a computer attack from a foreign nation can be considered an act of war that may result in a military response.As the article touches on, how do you know that a government is behind it? Would we really go to war because a bunch of hackers at Qingdao Tech decide that it would be fun to mess with American computer systems? And considering that an attack would probably be routed through a great many computer systems, determining the source of the attack might be difficult.
Several administration officials, in comments over the past two years, have suggested publicly that any American president could consider a variety of responses — economic sanctions, retaliatory cyberattacks or a military strike — if critical American computer systems were ever attacked.
This strategy is a Potemkin village or, to rip off Gertrude Stein: There is no there, there.
By "military response" I *HOPE* all they mean is "dispatch submarines and Special Forces to cut all Internet cables to that godforsaken country so it can rot in peace without pestering the rest of us." Because anything more than that is sheer lunacy.
ReplyDeleteEven that would be fairly problematic for countries with extensive land borders with fiber optic cables laid across them. Not to mention that these cables are owned by the Oligarchy and do you really think they're going to allow their puppet government to cut their cables? Only if they can figure out some way to make the marks err general public pay for it, I guess...
- Badtux the Baffled Penguin
This is the kind of news that just makes my little heart go all pitter patter. We can't even keep our computer systems secure within our own country without anybody else trying to muck with them. This would just give us another excuse to attack another country, as if we actually need another one.
ReplyDeleteTheoretically, computer systems can be made secure. If a supposedly secure system gets hacked, the people who are responsible for securing that system should be the ones under the gun, not the hackers.
Of course we are dealing with the government here. If there is a politician in the chain of command then all bets are off.
Charles, there is no such thing as a "totally secure" system. I have hacked even the most secure system ever built, the Honeywell Multics, the only system in the history of the world that ever met the Pentagon's strictest security classification standard (in case you're wondering, it was a phishing attack, and no, I did not deploy it against anybody other than myself -- but it *would* have worked against others). The only theoretically secure system is one locked into a bank vault with no wires going in or out -- not even electric wire. But that computer system isn't very useful.
ReplyDeleteComputer security is all about making computers harder to attack, not about making them impossible to attack, because short of cutting them off from the outside world entirely there's always an attack vector of *some* sort. Maybe not an easy one -- indeed, Multics was quite difficult to attack, my exploit required physical access to a Multics terminal and a non-administrative account on the Multics system -- but there's always a way. From a practical standpoint Multics would have been unattackable by any current methods used to attack Windows or Linux, but a foreign power with significant resources could have always found a way...
- Badtux the Computer Security Penguin
Charles, they're talking about infrastructure attacks. No system is completely secure. Hell, even Ft. Knox could, in theory, be robbed.
ReplyDeleteComputer systems are not hard for a dedicated hacker to get into. It might take finding a password, but I bet that if you went into ten offices in any company, you'd find at least one desk where the user wrote down their password and stuck it in their desk drawer.
If a banker kept all of the bank's money on the floor of the lobby, and he stood outside on the sidewalk passing out keys to passersby, would anyone take him seriously when he said he was robbed? There is security and there is security theater. If there are politicians involved, I will leave it to you to figure out which one applies.
ReplyDelete