 |
| Posted: July 16, 2009 |
 |
|
|
|
|
 |
|
On the Fourth of July, cyber attacks started targeting computers at the White House, the Pentagon and other major U.S. government agencies. The New York Stock Exchange and the South Korean government were also targets. Who and what are behind the attacks? Two experts take your questions. |
|
|
|
|
|
|
|
|
|
|
| Raymond of Lorton, Va., asks: |
|
| When another nation launches a cyber attack on the United States government, why is it never discussed in the context of an act of war? Is it not politically correct for the media? |
|
|
 |
|
|
|
| Randy Sabett responds: |
|
 Even just a few years ago the notion of war in cyberspace was something you would mainly hear in the context of fictional movies. I would hesitate, however, in using the word "never" in today's environment. Things have changed to the point where what used to be euphemistically referred to as "active defense" is now beginning to be openly discussed amongst a number of different stakeholders (including the government). I believe that the media will begin to pick up on cyber warfare as the general issue of cyber security continues to gain attention. For a really interesting discussion of this topic, see the testimony of Lt. Gen. Keith Alexander (the director of NSA from May 5 on "Cyberspace as a Warfighting Domain" in front of the House Armed Services Committee. Alexander's testimony beginning about 35:52 of the webcast talks about legal norms and authorities related to what the government can do in response to being attacked. About 37:45, he begins to directly address the issues of what constitutes an act of war in the context of cyberspace. As General Alexander points out, one of the most difficult issues in cyber attack situations is attribution. This is the question of "who is actually launching the attack?" Because attackers are often able to do a really good job of hiding their tracks (often through legitimate systems), it can be virtually impossible to quickly learn the source of an attack. In trying to respond to an attack (particularly if you are talking about an offensive response), you need to be able to find out at network speed who is responsible. We have not yet achieved that capability. The results of incorrect attribution and, as a result, a misguided attack would be very bad. This leads to the broader issue of authentication, which I get into in my response below to Andy of St. Louis.
|
|
| Rod Beckstrom responds: |
|
 In the case of the recent attacks, it is not clear that a nation-state conducted or sponsored these attacks. Also, these attacks were not more disruptive than many others that occur regularly across cyberspace and in my opinion are not usefully discussed in this context. More generally, little agreement exists as to what constitutes an act of war in cyberspace. The U.S. and other nations need to more clearly articulate what falls in this category as a matter of both national policy and international cooperation.
|
|
|
  |
|
|
|
|
