Well, the difference is that when someone fires nuclear ICBMs everyone typically knows unambiguously where the missiles came from and where they went.

To me, drumbeating over hacker threats is just a preparation to give the government yet another carte blanche to do whatever they want. At some point, there will be a grave "cyberattack" which the government detects and there will be lies, lies, lies, and more lies about it, which nobody external will be in a position to contradict, and the government will take it as political justification for retaliating in whatever manner they wish against Iran, China, North Korea, or an as-yet-unnamed enemy of the day.

As a citizen of the USA, the only way I would be comfortable treating a "cyberattack" as an act of war is if there were some kind of transparent, independent, and obviously competent commission evaluating the attack, and I have no faith that such a thing would ever happen in the event of some attack on government information.

> The only rational way to combat catastrophic cyber warfare is to disuade our enemies from engaging in it.

Well, there is one other way. The Chinese have a proverb for it - "以毒攻毒". Fight fire with fire.

No doubt the Chinese government is doing the same sort of stuff to other governments as well. It may be possible to gain leverage with them by socioeconomically isolating by exposing their misdeeds. If we're good enough, we could even stir up foment within China.

The English have a proverb - "People in glass houses shouldn't throw stones".

China spends a lot of time and money keeping their internet, um, secure.

I think you're missing the point. It's not that the US doesn't spend enough time and money on security. It's that hacking a system is a lot easier than securing it. A hacker only has to find 1 hole to exploit - the security expert has to find (and secure) them all.

My point was, you could retaliate by cracking their system open. Which would really irritate them.

Oh, OK. The sarcasm in your previous post was a little ambiguous, so I wasn't sure what point you were trying to make.

Apropos username.

For me, this issue is a higher level debate. As we move further toward the dystopian future of a blurry mess of city-state-like government rule, where corporate interests are openly the agenda of the government focus - network security will be more paramount than physical (militaristic) security.

There will always be the deterrent of 'metal-on-target' physical force - and that deterrent will always not be enough to dissuade some groups from standing up and fighting for [whatever].

Governments really are a self-serving concept, where they exist to extract resources from the base they rule over to support themselves. The exchange is sold to the constituency as "safety" or "national security" -- but the safety and security are really there to protect the source of the governments resources -- not protect the individual people in any way shape or form. The government cant have the source of its income and resources being killed or destroyed.

As we get further into this information age (which we are just barely into its infancy) we will see that we really have economic factions at play (this is the premise for the NWO, BTW - a range of economic centers which all produce and trade in an incestuous way and historical nationalistic definitions have given way to resource/production classifications) who are ruling organizations that manage policy and law that specifically protects their economic interests (of the military industrial complex).

This is not too different than what we already have today - but it is not quite as openly obvious to people yet that this is where we are heading.

In this next phase of civilization - we will see that information warfare will be constant and (mostly) secret.

I posted previously about the Chinese hacking Lockheed when I worked there a few years ago (spear phishing, but super sophisticated) and had a bunch of people on HN not believe it.

We are at war with china already - and many have predicted that it will become physical in the next 20 years -- who knows if it will - but the information war will continue for sure.

The governments effectively have a resource base that they extract value from in order to prop up their existence. The corporate sector that serves the government infrastructure is a constant and evil feedback loop into which all this plays.

What we are seeing is the shifting of the arms race from physical to digital.

The US has just assumed a position of "we do whatever the fuck we want" (hence the global reach of sigint NSA and echelon) and china is pretty brazen in its tactics of smiling at the market place while not-so-secretly mounting massive cyber attacks against your digital borders.

While the US has massive head start in tech right now - the chinese have been doing an utterly amazing job of securing pretty much all the resources in Africa.

It is my opinion, that economic war has been waged against Africa and countries with oil in the mid-east in order to suppress progress and advancement in those areas as a method of ensuring their resources are not developed or harvested so that they are effectively stored for later extraction by corporate interests of the US and other nations where the production cost to market value is really high. E.g. Iraq, the number 2 oil reserve in the world has been prevented from developing its oil production capabilities through flimsy at best political BS and outright lies at worst in order to ensure their oil does not reach peak while at the same time the global market and oil price goes up.

We have effectively put a permanent army in place to protect those fields and control (and profit from) its later production. Much like we have done with the global supply of opium from Afghanistan.

Its all about control.

No, MAD doesn't help in this case. The other side always has plausible deniability. Did an attack really come from China or was it perpetrated by crackers in a third country routing traffic through pwned Chinese PCs? How can you ever be sure? If the US government makes a false accusation even once and is proven wrong then they lose all credibility going forward.

To find out where an attack originated, it is probably better to ask who it benefits.

Even that doesn't help. There are a zillion possible beneficiaries to any major attack, and some attackers do it for the lulz with no benefit at all. If you can't reliably identify where an attack originated then deterrents are meaningless.

I forget where (Terminator 2?) but there was definitely an SF story somewhere where the aggressor launched a nuclear attack at their victim's enemy rather than straight back at the victim they'd gained control of, because the likely counterattack was more powerful than the first strike.

I don't know to what extent military personnel these days actually have visibility of where the strategic weapons they control are targetted but I suspect that they might refuse to launch on targets in their own country.

And sometimes they might refuse to launch on targets in the enemy's country. http://lesswrong.com/lw/jq/926_is_petrov_day/

The scenario is from the Terminator series.. I always thought it was simpler to just press "LAUNCH" than to reconfigure all the targets. From the perspective of Skynet, the Russian response would be faster than relocating all the missiles in the US, then launching, so that's the course of action.

Supposedly (no way to verify) with US and Russian missiles there is now always a targeting step required before launch. http://en.wikipedia.org/wiki/United_States_%E2%80%93_Russia_...

I suspect that they only agreed to that once it became possible to retarget missiles very quickly.

Non-state entities like Anonymous, et. al, exist on the same playing field as China, yet there is no military response to be had for them, short of treating the internet itself as a form of "nuclear arms" and putting correspondingly enormous restrictions on it for civilians - something which is not likely to happen anytime soon, given how much the world economy is starting to rely on this infrastructure.

The pentagons posturing on using force in retaliation to cyber attacks, would be a hard sell [to the public] to ever actually perform one of these retaliations... Especially with such a prominent target as China.

Rather than an arms race in cyber-warfare, is it possible to work out why these attacks are occurring? A militarily non-aggressive nation (outside of its own borders) continuously attacking external targets for no reason, feels like we are missing some of the story.

I'm pretty sure the US public would require retaliation in the event of, say, a prolonged regional blackout, a breached dam, a meltdown at a nuclear facility or any other number of real world insanity caused by a cyber attack.

"for no reason" I'm sure there are reasons. LulzSec does it for the "lulz". China has their own reasons, whatever they are they are and we can sit and discuss them but there needs to be red lines. Figuring those reasons out does not mean we should not have a well known military posture in certain eventualities.

Just to prove they can, perhaps.

Why is this cyber "warfare" and not just another way of spying - something all countries do without it being an act of war? The only thing we've seen close to "cyberwar" is Stuxnet and that was most likely the U.S. and Israel.