CYBERATTACKS: Should the US engage in offensive attacks?
NPR had a story this morning about cyberattacks. Pentagon Goes On The Offensive Against Cyberattacks : NPR Here is a excerpt from the story:
The best example of an offensive cyberattack independent of a kinetic operation would be Stuxnet, the cyberweapon secretly used to damage nuclear installations in Iran. A U.S. official has privately confirmed to NPR what the New York Times reported last summer — that the United States had a role in developing Stuxnet.
Because the operation has been shrouded in secrecy, however, there has been no public discussion about the pros and cons of using a cyberweapon in the way Stuxnet was used.
Among the top concerns is that other countries, seeing Stuxnet apparently used by the United States and Israel, might conclude that they would also be justified in carrying out a cyberattack. The British author Misha Glenny, writing in the Financial Times, argued that the deployment of Stuxnet may be seen "as a starting gun; countries around the world can now argue that it is legitimate to use malware pre-emptively against their enemies."
Another concern is that the malicious software code in Stuxnet, instructing computers to order Iranian centrifuges to spin out of control, could be modified and used against U.S. infrastructure assets.
This is an issue about which I have not given any thought. Part of me says that if the US can do something like disable a nuclear weapons program with a cyberattack, then the US should do it. But, as the commentary above states, there are great risks of cyberattack proliferation.
I try to be perfectly civil, until someone really pisses me off.
My most-read newspaper, The Economist, wrote a concise article about the subject a little while back.
Cyber-warfare: Hype and fear | The Economist
The general sense was that the ability of cyber-warfare to do things like what the famous Stuxnet was designed to do is far more limited than fiction would have us believe.
If the two most sophisticated cyber-warfare nations in the world -- the United States and Israel -- can put their smartest minds to work on what is likely considered a high-priority task and given plentiful resources, and, the best they can achieve against a fairly isolated, smaller nation like Iran is setting them back a couple of months' research, how effective can we expect it to be?
I do not think we will see effective use of so-called cyber-warfare being a useful tool against hard targets like infrastructure, power plants, and the like, in my lifetime.
However, contrast this to the recent New York Times case, in which China hacked many of the Times' computer systems in what is assumed to be related to the publishing of stories about a corruption scandal in China.
China seems to have developed a quite sophisticated cyber-espionage division.
I see cyber warfare as a useful, powerful intelligence gathering tool, as radio intercepts, spy planes, and other SIGINT has been in the past.
Edit: having some trouble getting URL's to display properly. Hopefully you can read these.
Maybe I'm naive, but it has been my impression that these types of attacks/counter-attacks happen with somewhat regularity from both private and state sponsored entities. I have no issue with the "attacks" and I imagine many of our offensive tactics improve our defensive tactics. Anything it takes to monitor and disrupt countries like North Korea is a good thing in my book.
Well it is a weapon and one avilable to every country wi th computer systems and a couple of smart people......or money to buy them. I doubt our using it will trigger development and use against us and I doubt our abstaining would be much influence against it being used to damage us either.
Originally Posted by MarkS
I think cyber-warfare against "soft" targets happens with some regularity -- espionage, theft of intellectual property, occasional DDoS attacks, and the like.
The OP and article I linked -- I have not listened to the NPR story -- are talking more about attacks on "hard" targets like infrastructure, using cyber-warfare to cause physical damage. I do not think this is currently very common, as I do not think the capacity exists.
If it did, though, I think we should treat it as analogous to a guided bomb.
Originally Posted by 88 rex
The U.S. should continue to develop every tool in it's arsenal else it be left behind. The only way to stay at the forefront is to continue to probe, analyze, or attack the enemies weapons and technologies, and try to stay one step ahead.
Along with that should be a continued effort to protect the U.S. system from attack itself. There are a lot of bright minds in other countries, heck we can't even protect ourselves from their spam and identity theft.
"I felt bad because I couldn't wheelie; until I met a man with no bicycle"
“The supreme art of war is to subdue the enemy without fighting.”
― Sun Tzu, The Art of War
The history of mankind is replete with accounts of those with the best technology wins.
The history of mankind is also replete with accounts of those holding the higher ground wins.
Of the forces under the Commander and Chief, seems the Air Force should be #1 priority for cyber-weapons development and execution.
USA moral high ground would be served by proportional and debilitating counter-attacks against perpetrator(s) while keeping our secrets, secret.
“Appear weak when you are strong, and strong when you are weak.”
― Sun Tzu, The Art of War
Yes is the answer in general but the details are the problem.
Why? What about NSA or a DoD component that was stood up for the purpose of "cyber", USCYBERCOM?
Originally Posted by troutmd