CyberWar on U.S.
- Get link
- Other Apps
North Korea threatens to wage 'cyber war' against US
Newsweek-1 hour ago
North Korea yesterday issued a threat to America, promising to "wage a cyber war against the US to hasten its ruin." The threat, which was ...
Search Results
North Korea threatens to wage 'cyber war' against US
Newsweek-59 minutes agoNorth Korea yesterday issued a threat to America, promising to "wage a cyber war against the US to hasten its ruin." The threat, which was ...Column: China, Espionage and the Law of Cyberwar
Voice of America-40 minutes agoOr was it something even larger – perhaps an act of cyberwar perpetrated ... U.S. politicians have long warned about the dangers of a looming ...Continued Hacking Highlights US-Chinese Cyberwar Worries
TIME-Jun 5, 2015The latest massive computer hack suggests the Chinese had it right: it may be time for the U.S. to build a great wall to protect its data and that of ...US Suspects Hackers in China Breached About 4 Million People's ...
Highly Cited-Wall Street Journal-Jun 4, 2015Explore in depth (1,884 more articles)Schiff, King call on Obama to be aggressive in cyberwar, after ...
Fox News-Jun 7, 2015In November, Obama said the increasing number of cyber attacks was “like the Wild, Wild West” and suggested the U.S. must help lead efforts ...US cyberwar with China, controversy in buildup to 2020 Olympics ...
Boston Globe (subscription)-Jun 8, 2015Cyberwar with China: Despite the recent massive data breach, Obama administration doesn't want to admit that the US is enmeshed in a ...- PR Web
Cyber War Waged on the United States with Massive Security Breach
Benzinga-6 hours agoFederal cyber security breach has left millions of American citizens as casualties. Cyber security firm Lazarus Alliance responds with proactive ... Cyberwar? Top China arms-maker flames Russian rival on WeChat
Mail & Guardian Online-Jun 8, 2015The US company makes some of the world's most advanced battle tanks, with an Abrams going for about $6-million according to a 2012 army ...
Read the whole story
· · · ·
Cyberwarfare in the United States is the United States Cyber Command's military strategy ofProactive Cyber Defence and the use of cyberwarfare as a platform for attack.[1] The United States Department of Defense sees the use of computers and the Internet to conduct warfare in cyberspaceas a threat to national security.[2] The Joint Forces Command issued a statement: "Cyberspace technology is emerging as an "instrument of power" in societies, and is becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. With low barriers to entry, coupled with the anonymous nature of activities in cyberspace, the list of potential adversaries is broad. Furthermore, the globe-spanning range of cyberspace and its disregard for national borders will challenge legal systems and complicate a nation's ability to deter threats and respond to contingencies."[3]
However, decades of failure to learn between "silos" in agencies or departments has led to the failure of major United States Armed Forces IT projects and the waste of billions of dollars.[4] Also while the United States federal government has invested heavily in cybersecurity contractors, it has failed to establish standards for these companies or properly manage them.[5] In addition these contractors cost nearly twice as much as federal employees who do the same jobs.[6]
WASHINGTON —
The massive data breach announced last week of personnel records stored at the U.S. Office of Personnel Management has left many questions unanswered.
Among them: Was the theft of files filled with the private details of 4 million federal employees digital espionage? Or was it something even larger – perhaps an act of cyberwar perpetrated to damage the nation?
The OPM attack provides only the latest example of the many ways in which the lines between spying and military action are blurring on the Internet. It highlights how cyberspace is increasingly becoming the arena where nations practice the arts of statecraft.
To that end, an international group of military strategists and legal scholars is hard at work to help define where online espionage ends and military actions begin, with the goal of detailing what international law says can be done in response to either.
Espionage or war?
Some analysts and politicians were quick to seize on the OPM hack as proof the government needs to take cybersecurity more seriously. But there’s little agreement as to just what the hack actually was.
U.S. officials say they are investigating whether Chinese hackers are to blame; China's Foreign Ministry spokesman Hong Lei called the accusations "irresponsible."
Speaking with Business Insider, Eurasia Group president Ian Bremmer was definitive in his assessment.
"We should be very clear: China is at virtual war with the United States, and the threat is far higher than that of terrorism, which gets the lion's share of attention — and, in the post-9/11 world, funding," he said.
However, Kobi Freedman, founder and CEO of the cybersecurity intelligence firm Comilion and himself a former member of the military, told VOA he saw the hack differently.
"This doesn’t look like cyber fraud," said Freedman. "This looks like espionage."
At a press conference following G-7 meetings in Europe, President Barack Obama was equivocal.
"Both state and non-state actors are sending everything they’ve got at trying to breach these [U.S.] systems," Obama said. "In some cases, it’s non-state actors who are engaging in criminal activity and potential theft. In the case of state actors, they’re probing for intelligence or, in some cases, trying to bring down systems in pursuit of their various foreign policy objectives."
U.S. politicians have long warned about the dangers of a looming cyberwar and in recent years the warnings have grown more dire.
In 2012, then-Secretary of Defense Leon Panetta told a Senate appropriations subcommittee that "America faces the potential threat for another Pearl Harbor" and that "technologically, the capability to paralyze this country is there now."
But intelligence historian Matthew Aid, author of the book "The Secret Sentry" – considered by many a definitive history of the National Security Agency – told VOA there’s no clear definition of online war because, by its very nature, it defies clear definition.
"There’s offensive war, which runs the gamut from hackers trying to steal your banking information, but also the use of intelligence agencies such as the NSA hacking into the governments of foreign nations and terrorist organizations to find out what their intentions and capabilities are," Aid said.
"Then there’s the defensive side, with varying government agencies squabbling about who has the authority to defend American corporations and citizens from cyber-attacks from abroad," he said. "There was no one term, so they slapped the label 'cyberwar' on it."
'Law of War'
The difference between labeling an attack an act of espionage or military action is more than just semantic.
Over a period of hundreds of years, an international body of law and treaties has developed governing what nations can and can't do while at war, and while conducting espionage.
Called "Jus in Bello," this "Law of War" addresses nearly every aspect of conflict, from how wars begin and end to defining legitimate targets, the treatment of prisoners, and what are war crimes.
FILE - Hackers have perpetrated massive data breaches. (Photo illustration)
Brigham Young University professor of law and former U.S. Army Judge Advocate Eric Talbot Jensen has long studied the intersection of cyber and the law of war. Jensen points out the law is silent when it comes to espionage.
"True espionage is by definition not illegal under international law, although every nation in the world says it’s illegal as a matter of domestic law," Jensen said. "Espionage by definition is gathering information. That’s never been an act of war. Now if that espionage transitions to acts of sabotage, if it creates effects of significant impact and duration, that might be an act of war, but just espionage, no."
Jensen is part of the international team drafting the latest version of what’s called the “Tallinn Manual” – a guidebook as to how the Law of War applies to cyberspace.
"There is pretty good agreement on principles, but when you get into the details it becomes much more murky," he told VOA.
Jensen cites attribution, intent and the targeting of combatants versus civilians as just a few of the highly technical legal issues the Law of War takes great pains to dissect; issues the Internet can make considerably fuzzier.
The clearest example of a full-blown act of cyberwar, he says, is the Stuxnet malware that destroyed Iranian computers and SCADA systems.
"Let’s assume the U.S. and Israel were behind it," he said. “If they did in fact develop a cyber tool that infiltrated the nuclear facility in Iran and do the damage it did, that’s a clear violation of Iran’s sovereignty and in fact a use of force in violation of [U.N. Charter] Article 2 subsection 4, and an act of war."
Aaron Brantly, a cyber fellow at West Point’s Combating Terrorism Center, says that up to this point, the majority of malicious acts of what some call cyberwar have been fairly mundane.
"We haven’t seen the proverbial cyber Pearl Harbor," Brantly said. "To me that somewhat indicates that states are attuned to the fact that if they take down a nuclear power plant, or mess with a chemical facility, that would be beyond the scope of espionage, and a clear act of war."
Earlier this year, in an address at Stanford University, Secretary of Defense Ash Carter spelled out the Pentagon’s new cyberwar policy in clear terms, warning potential adversaries that the U.S. is ready to respond to any act of cyberwar, using digital weapons of "blunt force trauma" as well as, potentially, conventional force.
Brantly says retaliating against cyber attacks, possibly with traditional weapons like bombs, is unsurprising.
"The Russians were the first to say this: If you get into a knife fight, you want to be the one with the gun," he told VOA.
“You put every tool at your disposal to end the conflict as soon as possible. By limiting it to the cyber domain you potentially expand the possibilities of damage. By claiming that we can go back into the kinetic domain, we move back into a place where the U.S. has clear dominance.”
Responding to an attack
While the Web complicates defining acts of war and espionage as well as attributing attacks to the actual source, analyst Jensen sees cyberwar not as a unique act unto itself, but just a new, additional facet to traditional war.
"My belief is that it’s very unlikely that we’ll have a cyberwar that only includes cyber means," Jensen said. "What’s most likely going to happen is that we’ll have normal war and cyber aspects to that, and we’ve seen that. Between Russia and Ukraine, Russia and Georgia, the U.S. and Iraq – basically every armed conflict between advanced nations we’ve seen since the mid-'90s has included cyber."
Brantly agrees, but cautions what’s still unclear is defining what represents a proportionate response to a cyber attack. That’s an ambiguity that makes cyber conflict potentially explosive, just as nuclear war was starting some 60 years ago.
"On the nuclear side, we’ve just been very lucky, incredibly lucky," Brantly said. "On the cyber side, we’re also pressing luck. Right now we’re still only at 50 percent Internet penetration, and still only depend on the Internet for a relatively moderate percentage of what we do. But as we start moving into the Internet of Things, the potential risk rises."
This month, scholars and strategists began working on the second version of the Tallinn Manual, produced under the aegis of NATO’s Cooperative Cyber Defence Centre of Excellence.
But Stewart Baker, a former Homeland Security assistant secretary and current partner at the law firm Steptoe & Johnson, is unconvinced that a codified Law of Cyberwar will seriously change how online conflict plays out once a full-scale war begins.
"The real law of war, putting aside political constraints, tends to be much more ad hoc," he told VOA. "It is the things that both sides decide they are not prepared to do. And usually that’s a mix of humanity, basic morality and hard-headed assessment that it won’t do much good but will cause massive pain if the enemy does it to you.
"I’m sure there are plenty of international law professors who would be appalled at what I just said, but I do think when you’re in an existential struggle, the law of war is very much based on what did the other guy do to me, and am I willing to do that back to him," he said.
Read the whole story
· · · · · · ·
North Korea yesterday issued a threat to America, promising to "wage a cyber war against the US to hasten its ruin."
The threat, which was published in Rodong Sinmun, North Korea's largest daily newspaper, was released in response to a Reuters report that revealed North Korea had been the target of a previous failed cyber attack by the US five years ago.
The article also said that the The Democratic People's Republic of Korea (DPRK) "can react to any forms of wars, operations and battles sought by the US imperialists," before warning that "the US is greatly mistaken if it thinks the DPRK will just overlook with folded arms the provocations in the cyber space."
This is not the first time that North Korea has published its plans to attack America. In May, the deputy director of a North Korean thinktank with close links to the government, claimed the country was "nuclear-capable" and equipped with long-range missiles that could reach the US, saying they would attack if the US "forced their hand."
Previous to this in July 2014, a top-ranking North Korean military official threatened the US with a nuclear strike on the White House and Pentagon after the North Korean government accused the US of raising military tensions on the Korean peninsula.
The country has also been blamed for some successful large scale cyber attacks in the past, targeting both the US and in South Korea.
In March 2013, three major South Korean banks and two of the country's largest broadcasters were temporarily shut down after a cyber attack which is believed to have originated in North Korea. The country had been repeatedly threatening to "cripple" its southern neighbour in the lead up to the attack.
It's also widely believe that the country was behind the hack on US-based Sony Pictures which happened in December of last year, although North Korea denied the accusations.
The sophisticated attack led to the release of thousands of documents detailing the company's private information including internal emails and employee's social security information and salaries. The hack was initially blamed on North Korea who had been threatening "merciless retaliation" against Sony if the company released The Interview - a film about a plot to assassinate North Korean leader, Kim Jong-un.
A group called "Guardians of Peace" eventually claimed responsibility but many, including the FBI, maintain that the hack originated in North Korea.
A North Korean defector, Prof Kim Heung-Kwang, recently told the BBC that the country employed 6,000 trained military hackers, insisting that: "Their cyber-attacks could have similar impacts as military attacks, killing people and destroying cities."
Read the whole story
· ·
WASHINGTON — President Obama on Wednesday signed an executive order aimed at retaliating against foreign-based online attacks on the United States as the government scrambles to catch up to national security threats that are evolving in a world of fast-changing technology.
The order authorizes financial and travel sanctions against anyone involved in attacks originating or directed from outside the country that pose “a significant threat to the national security, foreign policy or economic health or financial stability of the United States.” No targets for these measures were named.
Months ago, Mr. Obama blamed North Korea for the hacking of Sony Pictures Entertainment as it was about to release “The Interview,” a comedy featuring a mocking portrayal of Kim Jong-un, the country’s leader. Mr. Obama used existing authority to impose economic sanctions on North Korean officials and a North Korean intelligence agency, but the new order will expand his options.
“Cyberthreats pose one of the most serious economic and national security challenges to the United States, and my administration is pursuing a comprehensive strategy to confront them,” Mr. Obama said in a statement. “As we have seen in recent months, these threats can emanate from a range of sources and target our critical infrastructure, our companies and our citizens.”
Among actions that could draw retaliation under the order would be attacks that target vital resources like power grids; steal money, trade secrets or personal information; or disrupt large computer networks. The government could penalize those responsible by freezing assets in the United States, barring Americans from doing business with them and blocking them from entering the country. They would be cut off from American goods and technology.
The sanctions in the Sony case were based on existing authority specifically targeting North Korea, but the new order has no geographic limits, mirroring the approach to counterterrorism, counternarcotics and transnational criminal organizations. “This allows us to target the activity itself wherever it arises,” said John E. Smith, acting director of the Treasury Department’s Office of Foreign Assets Control, which enforces sanctions.
The administration named no initial targets, although it has plenty of cases. American authorities have identified Russian and Chinese hackers tied to past attacks. But the imposition of sanctions, like last year’s indictment of five Chinese members of the People’s Liberation Army charged in the theft of data from American companies, is a delicate diplomatic move that risks shutting off help from a foreign government in tracking down targets on its soil.
Identifying perpetrators may be a particular challenge. In contrast to states like North Korea or Russia that are sanctioned for traditional violations of international norms, hackers dwell in a murky digital world cloaked in ways that make them difficult to catch. In attacks on JPMorgan Chase, Target and Home Depot, for instance, it has been hard to identify the culprits.
The administration tried to reassure the technology world that the new powers would be used judiciously. “We will not, certainly, be using this to target free speech or interfering with the free and open Internet, and we’re not going to be going after the innocent victims of people whose computers were taken over and used by malicious actors,” said Michael Daniel, the president’s online security coordinator.
Representative Adam B. Schiff of California, the top Democrat on the House Intelligence Committee, said the order would send a message to hackers. “For far too long, these 21st-century culprits have acted with impunity,” he said. “This must come to an end if we are to safeguard the nation’s property, privacy and prosperity.”
But Republicans criticized Mr. Obama for not collaborating. “These executive actions can only do so much,” said Cory Fritz, a spokesman for House Speaker John A. Boehner of Ohio. “The president needs to work with Republicans to enact the types of common-sense measures that passed the House in recent years with strong, bipartisan majorities but stalled in the Democratic-controlled Senate.”
Read the whole story
· · ·
Next Page of Stories
Loading...
Page 2
A new age of cyberwarfare is dawning, and a little-known State Department official named Christopher Painter — a self-described computer geek who made his name prosecuting hackers — is racing to digital battlegrounds around the world to help stave off potential future threats.
One of his stops was in South America, where he visited Argentina, Chile, and Uruguay, to hear about what those countries were doing to protect computer networks. One was in Costa Rica, to tout the U.S. vision for the Internet, including security. Another was in The Hague, to, among other things, promote international cooperation in cyberspace.
“It’s been a hectic couple of weeks,” he said
There’s a reason for that. Last month, Arlington, Va.-based security firm Lookingglass released a report detailing a full-scale cyber war being waged by Russia against Ukraine. Russia, Lookingglass concluded, was hacking Ukrainian computers and vacuuming up classified intelligence that could be used on the battlefield. The week before, the Pentagon publicly released a new strategic document declaring, for the first time, that it was prepared to pair cyber war with conventional warfare in future conflicts, such as by disrupting another country’s military networks to block it from attacking U.S. targets
Painter is charged with finding answers to some of thorniest policy questions confronting Washington in the digital age: How to wage cyber war, how not to, and how nations can or even should cooperate on establishing rules for cyber offense.
Countries have found it so hard to sort out answers to these difficult subjects, Painter is setting his sights low, at least for now. One of his initial goals: Promoting a set of voluntary international standards, such as one that says that nations should not knowingly support online activities that damage critical infrastructure that provides services to the public.
“We’re in the relative infancy of thinking about this issue,” Painter said. “This is a fast-changing technology. We’re at the beginning of the road.”
Other, related debates — on surveillance and cyber defense — are further along. Congress is working through a renewal of expiring provisions of the Patriot Act. Other countries are getting in on the act as well: France’s National Assembly this month approved a bill being dubbed “the French Patriot Act,” which controversially allows the government to collect mass e-mail data, and Canada’s House of Commons last week passed anti-terrorism legislation that critics contend endangers online privacy. Congress also has a good chance this year to pass a cybersecurity bill that fosters threat data sharing between companies and the government.
The nascent conversation about cyber offense draws, in some ways, on existing international law, but in other ways has no historical precedent, because cyber war is unlike any other kind of war. Government hackers can do tremendous damage to an enemy country without touching it physically or using any troops or military hardware whatsoever, and without leaving much of a trace about who is responsible. It also upends the traditional notion of deterrence in a realm where the often-invisible attacks make it hard to figure out whom to retaliate against and signal that offense will be answered with offense. Sometimes it’s hard to tell what an offensive weapon even is, since so many cyber tools have both offensive and defensive uses.
The U.S. position is complicated by how advanced its offensive capabilities are in relation to the rest of the world — not only in how far it’s willing to go to limit itself, but also how willing anyone else is to listen because of how it aggressively the U.S. has used its technological edge to spy on other countries and, in the case of Iran, directly attack their infrastructure.
“The United States is in a very unique position. It’s definitely in a class of its own when it comes to cyber offensive operations,” said Henry Farrell, an international affairs professor at George Washington University. “The other problem is that it’s in a class of its own in the unique vulnerability to various forms of cyber attack.”
And for the United States, there are both domestic and global components of the debate over what kind of offensive authorities it should have. While the Obama administration tries to figure out what kind of posture it wants to take on the international stage, some in Congress are agitating for the executive branch to say what it can do on offense, and under what circumstances. If the executive branch doesn’t do that, Congress might do it for them. Senate Armed Services Chairman John McCain (R-Ariz.), is among those contemplating taking action; he is weighing an amendment to the annual defense policy bill that would spell out what the Defense Department’s cyber offensive and defensive capabilities should be.
There are widespread worries across Capitol Hill, meanwhile, that Washington isn’t doing enough to keep up with steady stream of cyber attacks designed to steal corporate secrets and financial data. That never-ending drumbeat has in recent months afflicted Anthem, the second-biggest U.S. health insurer in which hackers accessed personal data like Social Security numbers for millions of customers, and JPMorgan Chase, in which a sophisticated cyber attack compromised the accounts of millions of households and small businesses. McAfee, a leading cyber defense firm, estimates that there are hundreds of cyber attacks per minute.
One major question House Armed Services Committee Chairman Mac Thornberry of Texas and others want to resolve is what the U.S. government should do in instances like the Sony hack last fall, which led to the release of reams of sensitive corporate emails, movie scripts, and even digital copies of unreleased films. President Barack Obama blamed the North Korean government, which was angry over the unflattering portrayal of Kim Jong-un in the film “The Interview,” then promised the United States would “respond proportionally.”
Some cyber experts have subsequently raised doubts about whether Pyongyang was actually behind the attack. If they were, it would mark a milestone as the first time government hackers in one country attacked a private firm in another.
“We don’t have the proper structure in place because our thinking and policies have not evolved to the reality of what cyber is as a domain of warfare,” Thornberry said in an interview. “We don’t really have authorities in place about how to defend civilian/private networks, much less what sort of offensive preemptive retaliatory actions potentially the government would take on their behalf.”
But lawmakers also want to be prepared for more catastrophic attacks, like an assault on the electricity grid, which is largely controlled by private sector computer networks. As far back as 2009, there were reports of foreign governments infiltrating the U.S. electricity grid, and while they didn’t damage the networks they penetrated, National Security Agency director Adm. Michael Rogers has warned they would be a major target in a large scale cyber war.
* * *
Painter, who considers himself an early aficionado of computer technology, has said he began playing with a primitive personal computer while he was at college in the 1980s. After graduating from Cornell in 1980 and Stanford law school in 1984, he gravitated toward tech-oriented lawsuits, and prosecuted the most prominent early hacking cases, securing a conviction in 1999 of the famed hacker Kevin Mitnick — said to be the inspiration for the film “War Games” — for stealing files from companies like Sun Microsystems and Motorola. Later, Painter moved to the Justice Department headquarters and the White House to work on cyber issues.
One thing Painter isn’t looking for, in all his travels, is any kind of comprehensive cyber treaty to somehow tackle the myriad security topics — or, to use his quote from “Lord of the Rings” during a panel in The Hague, “one ring to rule them all.”
Because of how complicated and formless the cyber offense problem is, and how new it is compared to more established forms of warfare, the idea of any kind of comprehensive cyber treaty has been set aside — not just by the United States but many other countries as well, at least for now. Instead, Painter’s focus has been on creating a commonly held set of principles — “norms” — that nations adhere to on a voluntary, legally non-binding basis.
Painter maintains that the emphasis on norms isn’t about preserving “American hegemony.”Painter maintains that the emphasis on norms isn’t about preserving “American hegemony.” Yet many others have noted a distinct lack of interest from the United States when it comes to taking any kind of action that could limit its own offensive options.
“Just as a general matter, administrations of any stripe are certainly not looking to limit their ability in legislation and would probably be loathe in international regulation to swear off particular lines of attack,” said Michael Allen, a former top National Security Council staffer in the George W. Bush administration and former staff director for the House Intelligence Committee who now is managing director at Beacon Global Strategies, a consulting firm. “I don’t think people are eager to start immediately signing up to regimes, norms or certainly not laws, without serious consideration, that begin to restrict this new tool of warfare in its infancy.”
Michael Hayden, a former NSA director and now a principal at the Chertoff Group consulting firm, said the bigger issue is simply that a cyber treaty would be unenforceable. It’s easy enough to cheat on a biological weapons treaty, he said; imagine how easy it would be to cheat on a cyber treaty, since sophisticated hackers can leave no fingerprints whatsoever.
The reason it would easy, he said, is because of how hard it is to determine, forensically, who’s behind any given attack at any time. The landmark 2013 Mandiant report that tracked a host of cyber attacks netting government documents and company secrets to a Chinese military unit was the result of six years of work, and it ultimately could place the attacks as originating only from the doorstep of the building suspected of conducting the hacking.
The same problem of so-called attribution for attacks applies under existing international law. In April, both Defense Secretary Ashton Carter and current NSA chief Rogers made headlines for saying cyberwarfare fell under international law, although that was not a new position for the U.S. government. The origins of that position emerged from a United Nations Group of Governmental Experts that declared a set of principles in 2013, a group that included China.
Some legal experts contended that the Stuxnet virus that attacked Iranian nuclear centrifuges, reportedly a collaboration between the United States and Israel, was a violation of international law because it was an “act of force.”
“That’s already a violation of international law unless you have a justification for that,” said David Fidler, and Indiana University law professor serving as a visiting fellow for cybersecurity at the Council on Foreign Relations. “That’s even if anyone acknowledges they were involved, which they don’t do.”
Fidler said some of the “norms” under discussion in the cyber sphere are merely restatements of norms or international laws that apply to existing forms of warfare, and are either unworkable because they don’t apply to cyberspace or originate from poorly agreed-upon definitions of terminology.
As an example, he pointed to a proposal from Temple Law professor Duncan Hollis to create an e-SOS, similar to the distress signal ships at sea send when they are in trouble and merchant vessels are obligated to respond with help. In the event that a country is under cyber attack, Fidler asked, does it really want a nation like Russia getting into its networks to lend a hand?
Additionally, the U.S. message on norms about cyber intrusions hasn’t always been well received, given the wide scale international electronic spying revealed by former intelligence contractor Edward Snowden, Fidler said. To the rest of the world, he said, “it kind of looks like the U.S. has given up on norms and is relying on unilateral action,” especially when combined with an April executive order to financially punish foreign hackers.
It’s not, he said, that the State Department is doing poor work advancing cyber norms – it’s that doing so is inherently difficult, especially under the circumstances.
For his part, Painter acknowledged that there’s much more to be done in figuring out how international law applies to cyberspace. What does the international law of warfare dictating “proportionality in attack” apply there? That kind of question is going to take a ton of academic work, Painter said.
It’s a subject that has nonetheless made Congress antsy. In February, House Homeland Security Chairman Michael McCaul (R-Texas) joined with House Foreign Affairs Chairman Ed Royce (R-Calif.) to write a letter to National Security Adviser Susan Rice, asking how the Obama administration defined different attacks and how it was prepared to respond to them.
McCaul said he hasn’t received a response to the letter. But he said he and Royce are preparing legislation outlining what they expect from the State Department on those questions.
Others on Capitol Hill said they see gaps in the administration’s authorities and doctrines, but aren’t yet ready to press their case without more examination, among them Thornberry and a leading Democrat on his committee, Rep. Jim Langevin.
“We’re developing capabilities faster than the policies and doctrines that control them,” said Rhode Island’s Langevin, the top Democrat on the Armed Services Emerging Threats Subcommittee. “There’s the need for further definition for actions to do things like defend the nation.
“The vast majority of the systems at risk are not DOD systems. They’re in the private sector,” Langevin said. “In a worst-case scenario, DOD is going to be asked to defend them. If there’s an active cyber attack going on on our electrical grid and DOD has to step in and shuts down the entity that’s carrying out that cyber attack, you can imagine that has all sorts of ramifications.”
* * *
Over time, Fidler said he expects the State Department to get more creative on the development of cyber offense norms. There also might be some other kinds of international consultation that could de-escalate cyber, with both Fidler and Painter touting the Global Forum for Cyber Expertise that launched in The Hague to build up the capabilities of developing nations to handle cybersecurity.
But, again, it’s very early.
Painter, citing one estimate, said that “when you compare it to the process of nuclear rules, it took about 40 years to get grounded.”
“I don’t anticipate the length of time to socialize and draw lines is going to be anywhere near as long as nuclear,” he said. Still, “it’s not an overnight process.”
Ulrich Baumgarten via Getty Images
Share +
Read the whole story
· · · · · · · · · ·
The world is choosing sides in a fight over what the Internet will look like in the years to come.
In recent months, countries have rushed to sign cybersecurity pacts that not only secure cyberspace allies, but also promote their vision of the global Internet.
“It’s kind of indicating how the battle lines are being drawn,” said Richard Stiennon, chief research analyst for security consulting firm IT-Harvest.
While a coalition of nations, including the U.S., is pushing to turn the Internet into a borderless global entity, others such as Russia and China are pressing to give local governments more control over the flow of data.
How the competing visions play out is “a huge question,” Chris Finan, a former military intelligence officer and adviser to the Obama administration on cybersecurity policy. “We don’t know the answer to that yet.”
Over the past four weeks, the U.S. has inked cyber deals with Japan, South Korea and the Gulf states.
Some were standalone cyber pacts, others part of broader security agreements. All pledged to share more data on hacking threats, exchange military cyber tactics and establish international cyberspace standards.
Meanwhile, in what some saw as a response to the spate of U.S. deals, Russia and China unveiled their own wide-ranging cyber pact. The two — seen as the United States’ two main cyber adversaries — vowed not to hack each other and jointly work to repel technology that can “disturb public order” or “interfere with affairs of the state.”
The deals were received as “mainly symbolic,” said Steven Weber, a professor at the University of California, Berkeley School of Information and an expert on international politics and cybersecurity.
But the symbolic markers are an indication the Internet is splintering.
“The Internet is fragmenting and going more towards a future where it’s not one thing, it’s different everywhere,” said Stiennon.
And the fracture lines are being drawn, in part, on how countries view cybersecurity.
For China and Russia, “cybersecurity tends to be parlance for stability and controlling internal discussions and use of the Internet,” Finan said.
For the U.S. and its allies in the cyber pacts, cybersecurity can also be viewed as means of promoting the free flow of encrypted data, uninhibited by government interference.
The differing opinions have been simmering for over a decade.
The 2001 Convention on Cybercrime resulted in a landmark treaty seeking to harmonize international cyber laws. Forty-five countries have now ratified the document. Notably, Russia and China have not.
“The Chinese and Russians are exerting their cyber sovereignty,” said Adam Segal, a Chinese cyber policy expert and senior fellow at the Council on Foreign Relations.
The two countries’ recent pact “is part of that trend,” he said.
Such is also the case for the White House’s series of cyber deals, which aim to set global standards.
“Any time you have a chance to go and work with a country to help shape the way they’re dealing with an issue like this you want to take it,” Finan said.
To some, the competing visions are simply the natural progression of cultural differences manifesting themselves in cyberspace.
“What you’re seeing is a refresh of existing alliance relationships to catch up with the new technology,” said Ian Wallace, co-director of New America Foundation’s Cybersecurity Initiative.
To others, the Russia-China deal is the harbinger of a disastrous change in the Internet.
Former House Intelligence Committee Chairman Mike Rogers (R-Mich.) called it a “huge, bad step for the Internet,” during remarks last week at the Hudson Institute, where he is a distinguished fellow.
“They’re creating this alternative out there, that they say is just an alternative, to what we would know as the Internet,” he said. “They’re going to go take it to developing countries.”
Several cyber experts were much more restrained.
“I have serious doubts about how they’re going to implement [the agreement],” Segal said. “The Chinese and Russians have a complicated relationship in that they're often happy to stand up to the U.S., but don’t necessarily trust each other that much.”
Still, that’s unlikely to stop a worldwide fracturing of the Internet. It’s not just China and Russia who harbor varying views of how security measures should be used to regulate the Internet.
“Across the board there is a greater degree of governments exerting sovereignty or rule-making powers over the Internet,” Segal said. “That seems to be the future.”
In recent months, countries have rushed to sign cybersecurity pacts that not only secure cyberspace allies, but also promote their vision of the global Internet.
“It’s kind of indicating how the battle lines are being drawn,” said Richard Stiennon, chief research analyst for security consulting firm IT-Harvest.
While a coalition of nations, including the U.S., is pushing to turn the Internet into a borderless global entity, others such as Russia and China are pressing to give local governments more control over the flow of data.
How the competing visions play out is “a huge question,” Chris Finan, a former military intelligence officer and adviser to the Obama administration on cybersecurity policy. “We don’t know the answer to that yet.”
Over the past four weeks, the U.S. has inked cyber deals with Japan, South Korea and the Gulf states.
Some were standalone cyber pacts, others part of broader security agreements. All pledged to share more data on hacking threats, exchange military cyber tactics and establish international cyberspace standards.
Meanwhile, in what some saw as a response to the spate of U.S. deals, Russia and China unveiled their own wide-ranging cyber pact. The two — seen as the United States’ two main cyber adversaries — vowed not to hack each other and jointly work to repel technology that can “disturb public order” or “interfere with affairs of the state.”
The deals were received as “mainly symbolic,” said Steven Weber, a professor at the University of California, Berkeley School of Information and an expert on international politics and cybersecurity.
But the symbolic markers are an indication the Internet is splintering.
“The Internet is fragmenting and going more towards a future where it’s not one thing, it’s different everywhere,” said Stiennon.
And the fracture lines are being drawn, in part, on how countries view cybersecurity.
For China and Russia, “cybersecurity tends to be parlance for stability and controlling internal discussions and use of the Internet,” Finan said.
For the U.S. and its allies in the cyber pacts, cybersecurity can also be viewed as means of promoting the free flow of encrypted data, uninhibited by government interference.
The differing opinions have been simmering for over a decade.
The 2001 Convention on Cybercrime resulted in a landmark treaty seeking to harmonize international cyber laws. Forty-five countries have now ratified the document. Notably, Russia and China have not.
“The Chinese and Russians are exerting their cyber sovereignty,” said Adam Segal, a Chinese cyber policy expert and senior fellow at the Council on Foreign Relations.
The two countries’ recent pact “is part of that trend,” he said.
Such is also the case for the White House’s series of cyber deals, which aim to set global standards.
“Any time you have a chance to go and work with a country to help shape the way they’re dealing with an issue like this you want to take it,” Finan said.
To some, the competing visions are simply the natural progression of cultural differences manifesting themselves in cyberspace.
“What you’re seeing is a refresh of existing alliance relationships to catch up with the new technology,” said Ian Wallace, co-director of New America Foundation’s Cybersecurity Initiative.
To others, the Russia-China deal is the harbinger of a disastrous change in the Internet.
Former House Intelligence Committee Chairman Mike Rogers (R-Mich.) called it a “huge, bad step for the Internet,” during remarks last week at the Hudson Institute, where he is a distinguished fellow.
“They’re creating this alternative out there, that they say is just an alternative, to what we would know as the Internet,” he said. “They’re going to go take it to developing countries.”
Several cyber experts were much more restrained.
“I have serious doubts about how they’re going to implement [the agreement],” Segal said. “The Chinese and Russians have a complicated relationship in that they're often happy to stand up to the U.S., but don’t necessarily trust each other that much.”
Still, that’s unlikely to stop a worldwide fracturing of the Internet. It’s not just China and Russia who harbor varying views of how security measures should be used to regulate the Internet.
“Across the board there is a greater degree of governments exerting sovereignty or rule-making powers over the Internet,” Segal said. “That seems to be the future.”
Read the whole story
· · ·
U.S. President Barack Obama holds a news conference at the conclusion of the G7 Summit in Kruen, Germany
By Jeff Mason and Mark Hosenball
KRUEN, Germany/WASHINGTON (Reuters) - President Barack Obama vowed on Monday that the United States would aggressively bolster its cyber defenses, as U.S. officials said the probe into a massive breach of federal government networks has yielded growing signs of a direct Chinese role.
Obama stopped short of pointing the finger at Beijing for the recent cyber attack, which threatens to overshadow broader annual U.S.-China talks in Washington this month at a time when tensions are already high over Beijing's pursuit of territorial claims in the South China Sea.
"We have to be as nimble, as aggressive and as well-resourced as those who are trying to break into these systems," Obama told a news conference at the Group of Seven (G7) summit in Germany.
U.S. officials, speaking on condition of anonymity, have blamed Chinese hackers for breaching the computers of the Office of Personnel Management and compromising the records of up to four million current and former employees in one of the biggest known attacks on U.S. federal networks.
The mission of the intruders, the officials said, appears to have been to steal personal information for recruiting spies and ultimately to seek access to weapons plans and industrial secrets.
Though China has denied involvement, U.S. investigators looking into the computer break-in, which was disclosed on Thursday, have uncovered "markings," or digital signatures, left by the hackers that indicate it was likely an official Chinese government operation, two officials said on Monday.
They did not, however, offer further details as to how they reached that conclusion.
Investigators have all but discarded the notion that Chinese criminal elements might have been behind the hacking and believe it was unlikely the Beijing government hired outside hackers, though one official said that possibility had not been completely ruled out.
U.S. authorities have also begun discussions on whether to go public once they make a final assessment of responsibility, but no consensus on that has emerged, a source familiar with the investigation said.
The White House, which has yet to assign blame, has given no sign whether retaliation might be considered.
In December, U.S. officials moved swiftly to accuse North Korea of being behind a high-profile attack on Sony Corp <6758.T> over a movie depicting the assassination of North Korea's leader, and Obama vowed that the United States would respond.
But the Obama administration is likely to move cautiously in response to any Chinese role, mindful of the potential harm from escalating cyber warfare between the world's two biggest economies whose interests are closely intertwined.
OBAMA CITES "SIGNIFICANT VULNERABILITIES"
In Germany on Monday, Obama declined to say whether he believed China was behind the OPM cyber attack, the second in less than a year on the agency that holds personnel data a security clearance information for the federal workforce.
But he said the United States has old computer systems with "significant vulnerabilities" and needs to be "much more aggressive" in stepping up defenses. He urged the U.S. Congress to move forward on passing cybersecurity legislation.
"In some cases, it's non-state actors who are engaging in criminal activity and potential theft," he said. "In the case of state actors, they're probing for intelligence or in some cases trying to bring down systems in pursuit of their various foreign policy objectives."
Illustration file picture shows a man typing on a computer keyboard in Warsaw
U.S. government officials and cyber analysts say Chinese hackers are using high-tech tactics to build massive databases that could be used for traditional espionage, such as recruiting spies, or gaining access to secure data on other networks.
The latest incident gave the hackers access to a trove of personal information, including birthdates, Social Security numbers, previous addresses and security clearances.
One official said the stolen information would enable an intelligence service to chart out relationships among U.S. government employees and build pictures of individuals and their families, potentially enabling them to figure out ways to target or blackmail people for espionage purposes.
"I see this an intelligence play by the Chinese to get as much high-level information about people as they can," said Mike Walls, a former U.S. Navy cyber warfare commander who is now managing director for security operations at EdgeWave, a private cybersecurity firm.
(Additional reporting by Andrea Shalal, Roberta Rampton and Julia Edwards; writing by Matt Spetalnick, editing by G Crosse)
Read the whole story
· · · · ·
- Get link
- Other Apps
Comments
Post a Comment