Military Asserts Right To Respond To Cyberattacks

Hugh Pickens writes "AP reports that National Security Agency director Lt. Gen. Keith Alexander says the US should counter computer-based attacks swiftly and strongly and act to thwart or disable a threat even when the attacker's identity is unknown. 'Even with the clear understanding that we could experience damage to our infrastructure, we must be prepared to fight through in the worst case scenario,' wrote Alexander in a 32-page Senate questionnaire he answered in preparation for a Senate Armed Services Committee hearing on his nomination to head Cyber Command. Alexander offered a limited but rare description of offensive US cyber activities, saying the US has 'responded to threats, intrusions and even attacks against us in cyberspace,' and has conducted exercises and war games, adding that it is unclear whether or not those actions have deterred criminals, terrorists or nations."

Re:Tell me again...

[calmofthestorm]

To provide a reason to develop harsh cybersecurity laws to fight intellectual property theft and free speech.

Re:Tell me again...

[Runaway1956]

Uhhhh - huh?

This is probably a good place to make wise cracks about the Army and the Air Force, comparing them to the Marine Corps (part of the Department of the Navy, in case you didn't know) but I really would like to know what you're smoking.

Tell you what. Head on over to your closest Navy base, and try to get in. Take a group of friends, if you like. For best results, pick a nuclear capable base. Post back and tell us that the Corps isn't set to defend their bases physically. For that matter, you could choose someplace with nuclear capability and no marines.

The same year that we evacuated Beruit City, we were invited to visit Crotone, Italy. All unbeknown to us, the local communists staged a riot, protesting our nuclear presence in Italy. The plan seemed to be to storm the ship, take the nukes hostage, and embarrass the United States.

As part of the ship's defense force, I went out on the pier with 6 other guys, armed with M-14 rifles, while the gunner's mates set up M-2 machine guns on the bridge wings. The 5 inch guns were brought to bear on the city. We, the landing party, cleared the pier of rioters, then stood nose to nose with the carabinieri (spelling?) for an hour, while a couple local officials came aboard to talk to our captain.

Fortunately, there was no bloodshed, but we would have detonated that nuke in the harbor to prevent a bunch of rioters from getting it. People with nukes are pretty damned determined to make sure that they cannot possibly ever be used against thier own country.

Oh yeah. Compare that to the long list of "mistakes" that the Air Force has been found guilty of.

Re:Tell me again...

[Anonymous Coward]

Speaking as a former Marine familiar with the guys and procedures who do guard the nuclear bases, they are often very new (green), understaffed, but fairly well trained. They have done a good job since the last one got leaked, but it's always fun reading about the last red cell (a team who thinks outside the box to test security) who got in the base and was able to touch the nuke without anyone realizing it. Maybe for your average /.er what you propose is preposterous, but to a foreign military unit with the correct training this would not be quite as hard as you make it sound (though recent advances in biometrics have improved things, but really, you don't think TLA's have the kind of training to defeat said mechanisms?) Overall, the majority of the US's security, especially CONUS, is dependent on deterrent threats, not capabilities. But I digress, the poster is actually often correct that in many installations we often hire third-party security (Ghurka's anyone?) as the first line security on OCONUS bases. Especially since the Navy (womens department) set up the master at arm's program so that they could take over many installations security procedures. As for TFA, it is one of those things that we all knew was incoming, but again, as I originally state, anyone with the proper training and motivation can accomplish major utility disruption easily. For example, I was recently talking to one of the "good ol boys" in the Texas telecom industry. He talked about how some kid knocked down a particular circuit set by crashing his mustang into it, when the officer on scene started asking for damage estimates, due to location of local oil reserves and a power plant, men in suits were claiming conservative estimates at $1mil per minute. Just because one idiot knocked down a pole in the middle of nowhere. Throw in a motivated enemy, a bunch of EMP's (a quickly maturing tech) and the right knowledge, and they could take out half of the US before anyone knew what happened to them. Insert nuke's accordingly. The world is a surprisingly fragile place, with lots of posturing, and very little substance. Anyone, not that it had much to do with anything I just felt like ranting a bit so thanks for listening. =)

Re:Slippery slope...

[ncgnu08]

Okay, I agree there is much to discuss on this topic, but we really can't base any discussion on something Michelle Bachmann says. She is, and has been, completely out of relevance for quite a while. Not only does she prove she knows nothing about history, current events, or logic every time she opens her mouth, but she makes her career by saying inflammatory comments that outrage some group (political, social, or racial).

So lets please discuss this topic. I weigh in on the side of using every electronic counter-measure we have, but let us also leave military retaliation as a viable option. If our country (especially our infrastructure) is being attacked by "hackers" based in a certain country (whether state-sanctioned or acting independently) we should be able to respond with force to stop the attacks. There are many scenarios in which a country would use a cyber-attack as the opening salvo to a military operation.

Example: country "A" launches a massive cyber-attack against country "B". They try to shut down the power grid, the communication systems, the water and sewer systems, and the transportation networks. While country "B" is in complete chaos (such as the blackout in the northeast US a few years ago), country "A" attacks "B". Depending on the success of the cyber-attacks, country "A" might have an easy victory. However if country "B" has chosen to attack in order to defend itself against the cyber-attacks, it stands a better chance of surviving or winning. I acknowledge this scenario does not cover all situations, it is just ONE example.

I don't think we should be dropping nukes because a 14 year old kid somewhere tries to hack into the local DMV office. It is known, however, China operates entire squads devoted to cyber-attacks. IMO, the large variance of potential sources of cyber-attacks makes having a blanket response to all threats impossible to develop. We must respond to each threat individually and uniquely. I would see this policy resembling our policy regarding terrorism. I'm not saying that is a good thing, just a potential likeness.