I've always wondered what the US would do if China started flying sigint surveillance planes along the edge of US territorial airspace. Or if Americans discovered that the Chinese had interception equipment in critical telecom switching stations throughout the world that allowed them to divert America's commercial and governmental communications to Chinese supercomputers for decryption.
There are a lot of things that America does to other countries that would be taken as acts of war if they were done to America.
There are a lot of things that America does to other countries that would be taken as acts of war if they were done to America.
I have to call bullshit on this, sorry.
The Russians did this sort of thing all the time during the cold war: parking nuclear submarines off the East Coast, flying bomber runs along the border, reconnaissance -- the list goes on and on. On both sides. There was never an "act of war" Even the Cuban Missile Crisis (which did not have mutants, by the way) ended peacefully.
Look, I think it's great to point out there are two sides of every story. But this type of statement goes beyond a simple plea for "take a look at the other side, guys" and heads into propaganda territory, i.e. everything is mostly the same. So I had to call you on it. Let's not go there.
Why? Because this is a good topic. It calls into question the intersection of governments, technology, and rule of law. The whole point of the article is destroyed if you just say it's all the same. It's not.
Every bad thing in the world can't be erased by an over-application of equivocation. That kind of thing is for spinners. We head down this road next you'll be telling me that China owns vast hunks of ocean and various islands that everybody else says they don't.
Nations unfortunately engage in a lot of belligerant actions that can easily spiral out of control. The long term risk with the USA conducting operations in international waters around China - which they are perfectly entitled to do so - is that areas of contested territory such as the Spratly islands in the South China Sea could easily become flashpoints for needless conflict.
It is a flashpoint irrespective of whether we're there. That area has been contested for years. It's not belligerence on our part to attempt to maintain order.
If you really want to compare, than take Taiwan. An island just off the coast that China claims should be under its control and than is currently not. Same situation as Cuba a few decated ago, the US delivers all kinds of arms and military knowledge and China is not happy about it.
Cuba was explicitly given up by Spain to be occupied, but explicitly not annexed, by the United States because of the Teller Amendment (http://en.wikipedia.org/wiki/Teller_Amendment). Thus, while the US may have governed Cuba at one time, it never owned it.
> the US never claims Cuba should be part of Florida
In a way, it does.
Consider: if Cuba were to become a capitalist country, how much of its land and other natural resources would be immediately purchased by US nationals?
Americans can take de-facto ownership of foreign countries without re-coloring any maps.
Well, US nationals of Cuban extraction, from Miami, who always wanted to go back there. But you might as well say that Britain claims to own Spain from the number of Brits who retire there.
There are a lot of things that America does to other countries that would be taken as acts of war if they were done to America.
Is this the foreshadowing of a second Cold War, albeit with a different super power and in completely new battlefields? The only problem, as mentioned elsewhere in the thread is that unlike conventional warfare, spoofing the origin of these "weapons" is relatively easy.
Does anyone know of whether people have thought of things like Mutually Assured Destruction in the context of e-commerce and the internet?
Or if Americans discovered that the Chinese had interception equipment in critical telecom switching stations throughout the world that allowed them to divert America's commercial and governmental communications to Chinese supercomputers for decryption.
Based on the way the American IC reacts, we already believe they do this quite broadly. It's called Huawei Technologies Co. Ltd. http://www.huawei.com/en/
I've always wondered what the US would do if China started flying sigint surveillance planes along the edge of US territorial airspace.
Probably about what the United States did for decades when the Soviet Union fly sigint surveillance planes along the edge of US territorial airspace. That is, just fly its own planes in international airspace, which has been its practice for a long time. "National means of verification" are what make arms control treaties and other confidence-building measures between nations work.
Interesting paper, but not a smart approach. Well, a very ...uhm American approach to the problem. Unilateral.
Better would be to think about an internationally accepted (within the UN framework) mechanism to deal with these attacks. Define what is permissible and what is "over the line". Then define required actions and accepted sanctions when an attack occures.
Governments will always blame it on some "hackers". But a mechanism could define how a government MUST procede when a grave attack is carried out from within its territory. Maybe it MUST accept that law enforcement of the target nation has the right to check equipment used in the offending nation.
Overall, such an international mechanism should be set up to make it more difficult to sneakily carry our those attacks and hide behind some "hackers" accusation.
However, I doubt that the US would be willing to submit to such a mechanism. Because I believe they would be sitting more often on the offending site than on the target site. Until now, the US has not even submitted to the International Court of Justice (ICJ) and similar important mechanisms to stop and procecute attrocities against humanity committed during war. The US knows very well why they don't submit to such a court, of course. Same would most likely be the case for any international mechanism against government cyber crimes.
No, they have Security Council veto votes. This has nothing to do with the UNSC.
However, it would only be useful if nations like the US and China could be made to participate, so negotiating this would not be easy. At the end however, it would be beneficial for all participants.
Now, why would it be a bad idea? Any argument, or "just because"?
A lot of people don't like the UN.
A lot of people don't like the ICJ.
How does the UN or ICJ provide "similar important mechanisms to stop and procecute attrocities against humanity committed during war" ?
The whole war crimes thing is kind of a farce, if we look at the Nuremberg counts 1 & 2; we must ask ourselves how was russia on the bench instead of in front of it? There are much better critiques than I can muster right now.
«how was russia on the bench instead of in front of it?»
They didn't lose a war; if I recall correctly, it wasn't until Stalin died and Khrushchev gave the Secret Speech that we learned of how bad Stalinist abuses were.
Counts:
1. Participation in a common plan or conspiracy for the accomplishment of a crime against peace
2. Planning, initiating and waging wars of aggression and other crimes against peace
Russia & Germany planned to divide Poland; how was Russia's invasion different than the Germans?
As to the comment - "They didn't lose the war" is exactly my point, that's not justice.
Your discussion goes into the completely wrong direction. And you are discussion something that happened 60 years ago. Not only the microchip, the international system too, has evolved a lot since then. A lot.
>> that's not justice.
Nobody ever said it was justice. The UN and the ICJ are only just a first step to finally free the international system from anarchy. Think of it as programming by punching holes in cards. There is still a long way ahead, but it is a good beginning.
Well, "a lot of people" don't like courts, either. But we still have them, because its the best system we have come up with, so far, to make the world a better and more livable/secure place for everybody. Maybe there is a better way, but humanity hasn't discovered it yet.
Violence and threats have, in the past, shown that they are always the worse option in the long term. Unilatral violence just looks appealing to the simple minded, because its easy to understand. I still hope that politics is not entirely many by the simple minded, though.
If you want to learn about the UN or ICJ, there is a lot of academic material out there on the tubes. It is a much to complex issue to be "quickly" discussed on a hacker board. You probably would not discuss Erlang in a political science forum either ;)
I am pretty well informed on both the UN & ICJ and while I can say I agree with what their goals are I think the means and implementation are completely incorrect. I think that not intervention and human relief/asylum/evacuation are the ways to deal with international problems.
I prefer a loosely integrated system where it's hard for anyone group to gain control. This requires decentralization & a lack of strong international organizations.
I'd like to note, that I'm interested in stability & corruption - worst case scenarios, etc. If you have anything you recommend that addresses those issues I'd like to read it. And lastly, I'd like to quote milton friedman: "One of the great mistakes is to judge policies and programs by their intentions rather than their results."
I agree with you view on crisis reaction, that is not intervention and hunman relief. And the UN does that most of the time. That is why Blue Helmets are usually regarded as "useless" by many, because they don't fight. Unfortunately, that leeds to bad press and public opinion.
The UN is important as a mechanism of creating trust between nations, as a standardized communication platform. That is its main purpose. It publishes treaties, it has specialized forums to deal with different policy topics and create common rules, etc.
A loosely integrated system leads to the most physically powerful group to control everybody else, with no rules what so ever. Then Rumsfeld's "Enemy Fighters" (for who the Genevoa Convention does not count according to the Bush Government) would be the norm, not the shameful exception. That does not sound like a good idea.
I agree that the UN and the ICJ have tons of shortcomings, but its the best humanity has been ably to come up with so far to organize the international system.
A while back my gmail account was hacked by someone with a chinese IP. It made me wonder.
What if they goal of all this is to build a giant database of identities and known passwords. Say the chinese govt has 50 million online identities each associated with an email address, and known passwords for each.
If they do decide to launch a massive cyber attack, it doesn't matter what security we have in place; they could just log in.
They wouldn't need to find backdoors, they could log in as customers to every major bank and start moving things around. It wouldn't matter if the banks caught it, the only way to stop it would be to shut down all transaction--which would cause the panic the attackers are looking for.
They could do this with any public website, and with enough computing power and bandwidth, do it fast enough to really cause a problem.
Just imagine if they had 0.1% of all public logins and passwords.
Same thing happened to me last year. Freaked me out, I know that that password was the same for a few sites (I know I know but I keep a few levels of passwords) So they had to obtain it from one of those. I never received a message from anywhere telling me that my info had been leaked which means some sites I vist I can't trust. I have no way of knowing which.
Ya, that sounds about right. The sad truth is that defending our cyber space, or cyber space in general, is a Sisyphean task. No one can do it, least of all the government. There are just too many vectors of attack and too many targets and, frankly, not enough people who know anything about cyber-security. Even people who do know about security are routinely hacked, see Google, RSA, Lockheed, et al.
The only rational way to combat catastrophic cyber warfare is to disuade our enemies from engaging in it. Some say it has worked for us before, MAD[0] (note section on criticism, which obviously plays here). As mentioned in the WSJ[1] a few weeks ago:
"One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation."
This notion that a cyber attack could result in a real military response must be delivered to the highest levels of decision making throughout the world. We can only hope that the message is received.
Obviously, we must do all we can on defense but no defense will be foolproof. It is just not possible. Stating our intentions in the event of a devastating cyber attack is the only real option we have.
Everything short of national catastrophe should be dealt with in other ways. Industrial espionage is a major consideration but that should be taken to arbitrage at forums like the WTO. I'm all for free trade and everything it has to offer as long as there is an even playing field. At the risk of conflating issues I will simply say that China's ongoing espionage is an extension of unfair trading practices that work to create an uneven playing field between them and everyone else.
Well, the difference is that when someone fires nuclear ICBMs everyone typically knows unambiguously where the missiles came from and where they went.
To me, drumbeating over hacker threats is just a preparation to give the government yet another carte blanche to do whatever they want. At some point, there will be a grave "cyberattack" which the government detects and there will be lies, lies, lies, and more lies about it, which nobody external will be in a position to contradict, and the government will take it as political justification for retaliating in whatever manner they wish against Iran, China, North Korea, or an as-yet-unnamed enemy of the day.
As a citizen of the USA, the only way I would be comfortable treating a "cyberattack" as an act of war is if there were some kind of transparent, independent, and obviously competent commission evaluating the attack, and I have no faith that such a thing would ever happen in the event of some attack on government information.
> The only rational way to combat catastrophic cyber warfare is to disuade our enemies from engaging in it.
Well, there is one other way. The Chinese have a proverb for it - "以毒攻毒". Fight fire with fire.
No doubt the Chinese government is doing the same sort of stuff to other governments as well. It may be possible to gain leverage with them by socioeconomically isolating by exposing their misdeeds. If we're good enough, we could even stir up foment within China.
I think you're missing the point. It's not that the US doesn't spend enough time and money on security. It's that hacking a system is a lot easier than securing it. A hacker only has to find 1 hole to exploit - the security expert has to find (and secure) them all.
For me, this issue is a higher level debate. As we move further toward the dystopian future of a blurry mess of city-state-like government rule, where corporate interests are openly the agenda of the government focus - network security will be more paramount than physical (militaristic) security.
There will always be the deterrent of 'metal-on-target' physical force - and that deterrent will always not be enough to dissuade some groups from standing up and fighting for [whatever].
Governments really are a self-serving concept, where they exist to extract resources from the base they rule over to support themselves. The exchange is sold to the constituency as "safety" or "national security" -- but the safety and security are really there to protect the source of the governments resources -- not protect the individual people in any way shape or form. The government cant have the source of its income and resources being killed or destroyed.
As we get further into this information age (which we are just barely into its infancy) we will see that we really have economic factions at play (this is the premise for the NWO, BTW - a range of economic centers which all produce and trade in an incestuous way and historical nationalistic definitions have given way to resource/production classifications) who are ruling organizations that manage policy and law that specifically protects their economic interests (of the military industrial complex).
This is not too different than what we already have today - but it is not quite as openly obvious to people yet that this is where we are heading.
In this next phase of civilization - we will see that information warfare will be constant and (mostly) secret.
I posted previously about the Chinese hacking Lockheed when I worked there a few years ago (spear phishing, but super sophisticated) and had a bunch of people on HN not believe it.
We are at war with china already - and many have predicted that it will become physical in the next 20 years -- who knows if it will - but the information war will continue for sure.
The governments effectively have a resource base that they extract value from in order to prop up their existence. The corporate sector that serves the government infrastructure is a constant and evil feedback loop into which all this plays.
What we are seeing is the shifting of the arms race from physical to digital.
The US has just assumed a position of "we do whatever the fuck we want" (hence the global reach of sigint NSA and echelon) and china is pretty brazen in its tactics of smiling at the market place while not-so-secretly mounting massive cyber attacks against your digital borders.
While the US has massive head start in tech right now - the chinese have been doing an utterly amazing job of securing pretty much all the resources in Africa.
It is my opinion, that economic war has been waged against Africa and countries with oil in the mid-east in order to suppress progress and advancement in those areas as a method of ensuring their resources are not developed or harvested so that they are effectively stored for later extraction by corporate interests of the US and other nations where the production cost to market value is really high. E.g. Iraq, the number 2 oil reserve in the world has been prevented from developing its oil production capabilities through flimsy at best political BS and outright lies at worst in order to ensure their oil does not reach peak while at the same time the global market and oil price goes up.
We have effectively put a permanent army in place to protect those fields and control (and profit from) its later production. Much like we have done with the global supply of opium from Afghanistan.
No, MAD doesn't help in this case. The other side always has plausible deniability. Did an attack really come from China or was it perpetrated by crackers in a third country routing traffic through pwned Chinese PCs? How can you ever be sure? If the US government makes a false accusation even once and is proven wrong then they lose all credibility going forward.
Even that doesn't help. There are a zillion possible beneficiaries to any major attack, and some attackers do it for the lulz with no benefit at all. If you can't reliably identify where an attack originated then deterrents are meaningless.
I forget where (Terminator 2?) but there was definitely an SF story somewhere where the aggressor launched a nuclear attack at their victim's enemy rather than straight back at the victim they'd gained control of, because the likely counterattack was more powerful than the first strike.
I don't know to what extent military personnel these days actually have visibility of where the strategic weapons they control are targetted but I suspect that they might refuse to launch on targets in their own country.
The scenario is from the Terminator series.. I always thought it was simpler to just press "LAUNCH" than to reconfigure all the targets. From the perspective of Skynet, the Russian response would be faster than relocating all the missiles in the US, then launching, so that's the course of action.
Non-state entities like Anonymous, et. al, exist on the same playing field as China, yet there is no military response to be had for them, short of treating the internet itself as a form of "nuclear arms" and putting correspondingly enormous restrictions on it for civilians - something which is not likely to happen anytime soon, given how much the world economy is starting to rely on this infrastructure.
The pentagons posturing on using force in retaliation to cyber attacks, would be a hard sell [to the public] to ever actually perform one of these retaliations... Especially with such a prominent target as China.
Rather than an arms race in cyber-warfare, is it possible to work out why these attacks are occurring?
A militarily non-aggressive nation (outside of its own borders) continuously attacking external targets for no reason, feels like we are missing some of the story.
I'm pretty sure the US public would require retaliation in the event of, say, a prolonged regional blackout, a breached dam, a meltdown at a nuclear facility or any other number of real world insanity caused by a cyber attack.
"for no reason" I'm sure there are reasons. LulzSec does it for the "lulz". China has their own reasons, whatever they are they are and we can sit and discuss them but there needs to be red lines. Figuring those reasons out does not mean we should not have a well known military posture in certain eventualities.
Why is this cyber "warfare" and not just another way of spying - something all countries do without it being an act of war? The only thing we've seen close to "cyberwar" is Stuxnet and that was most likely the U.S. and Israel.
"Cyber warfare" has far more in common with international espionage than actual warfare. China and the US have been constantly spying on each other for 65 years, maybe longer. Rarely do such actions constitute grounds for a war.
The big differences now is that the espionage extends to a significant number of non-government actors, and that there's a greater degree of plausible deniability to any attacks. Still, the Chinese are capable of physically blowing up a lot of American infrastructure (and vice versa), and the Chinese may be capable of disguising a physical attack as a terrorist attack.
Cyber-warfare is another vector allowing states to attack each other, but it's still less powerful than conventional warfare, and not that much more powerful than conventional espionage.
From the article: "The targeting of specific U.S. officials is not something that a mere hacker gang could do."
This is patently false. Anyone could target a U.S. official, and many could even succeed. Nevertheless, the other arguments the article presents are sufficient to support its conclusion.
Perhaps this kind of thing is going to eventually fundamentally change the way we build software? In most of the common development stacks is an afterthought if it's addressed at all. If even security "experts" are getting hacked something is deeply wrong.
The Aurora attacks were followed by systematic penetrations of one industry after another. In the so-called Night Dragon series, attackers apparently in China went after major oil and gas companies, not only in the U.S. but throughout the world
---
One more "for" argument: in Asia, China's been accused by Phillippines and Vietnam, as well as Japan of aggressively invading their territorial waters, islands. Those areas are likely rich of oil. Actions such as sending war boats to damage fishing boats are a sign of China's ambition to seek more oil, oil and oil...
Why make an unsubstantiated link between the hacking incidents and the South China Sea conflicts? The South China Sea has been a source of territorial conflicts though-out history.
In modern times there have been brief shooting conflict between China & Vietnam in 1974, and 1988 [1], and there have been numerous incidents since.
If you look at Paracel Islands, yeah, maybe China's close to it. But if you look at Spratly islands, which are very much territories of either Vietnam, Indonesia or the Phillipines.
And China is to claim it? http://en.wikipedia.org/wiki/File:South_China_Sea.jpg
Plus, the attacks happened around Spratly islands, 2 days right after Shangri-la Dialogue, with the participation of top military bosses, including Robert Gates, where China promised to use peace talks to resolve the problem.
My 2 cents here:
1. China has always been a world of its own, it acts by its rules and what it promises is just what is says, what it does is another thing.
2. China has become BIG, and worse, it IS aggressive. We'd better be prepared for a coming war, be it cyber or economical or traditional.
Every old nation has territories which would be hard to claim if not for historical reasons. To take my own country as an example, the justification for France to own Guyane, Guadeloupe, reunion island, etc... is slim at best (France just happened to be a former colonial power).
As for your points 1 and 2, do you think people don't attribute those to the US as well ? Point 1 in particular falls into what is called unilateralism - a pervasive notion in the political discourse of the US since their inception. My point is not to fall into superficial anti americanism: it i simply in the best interest of the US to act this way, and most countries pushing for multilaterilsm are countries without the power to act differently anymore. But moral, fairness has absolutely nothing to do with it.
China are aggressive in what they believe is 'their' territory, and nothing else. They have no (modern) history of invading or even being involved in other conflicts around the world. Most [large] countries could not boast a similar history.
On the UN security council they veto most aggressive action the US/England/EU press. If further pressed they generally abstain from the vote. Other than territorial disputes where do you get the idea they are 'aggressive' ?
China is out to protect it's interests just like every other nation. The worry is, they are big, and CAN protect their interests. The western super powers are not used to being challenged like this.
Yeah, even Napoleon Bonaparte once said: "China? There lies a lion, let her sleep, for once she's awake, she will shake the world"
Another point is, I can't remember who (pretty famous analyst) said this, but something like: "There's nothing wrong with China's getting richer and stronger. The only problem is China was once depressed by other countries like Japan, England... And like a child, when he grows up, he will take _revenge_ "
So China is not just-like-every-other-nation like you said
What useful `cybersecurity' legislation could you possibly pass? The only thing I can think of is "do not connect x, y, and z systems to the internet," but that still leaves plenty of ground.
Well, I won't be surprised when the powers-that-be put forward a plan for a "method" to cut us off from the rest of the internet. And it will be accepted, because they'll have convinced the public there are too many harmful cyber attackers out there. National Security, don'tcha know.
It's also tremendously easy to detonate a bomb on American soil a kill a lot of people. Yet they're still strip searching small children and hammering us with radiation at the airport.
There are a lot of things that America does to other countries that would be taken as acts of war if they were done to America.