Grasping around for a new enemy: Pentagon redefines hacking as act of warfare

Paul Raven @ 02-06-2011

So, with OBL offed and Al Qaida effectively beheaded (as if it hadn’t already been waning considerably in its ability to achieve anything of note), the defence budget of the US needs a new enemy to justify its continued expansion. But no one with sense would start an old-school land war these days (missions of liberation and the insurgencies they provoke are an entirely different category, of course), so what is there that merits a bit of saber-rattling?

“People we don’t like who also have nukes or are trying to get them” is a hardy perennial, but most of them have gathered enough friends (or mutual enemies-of-their-enemy) that it’s getting hard to make anyone care other than the lapdog allies over on Airstrip One. Something current, scary and poorly-understood would be ideal… something like the nebulous and poorly-defined notion of “cyberwarfare”, perhaps?

The Pentagon’s first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country’s military.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.

Recent attacks on the Pentagon’s own systems—as well as the sabotaging of Iran’s nuclear program via the Stuxnet computer worm—have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact.

The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack’s origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military.

I expect that open-endedness is a feature rather than a bug, because it offers a great opportunity to put the great economic enemy in the frame: if China’s consolidating the stranglehold on your economy which your own foreign and fiscal policies practically begged them to begin, it’s time to puff up your chest and get stern with them commies! Don’t take it from me, though – here’s Thomas P M Barnett with a plainly-titled post at TIME: “According to new Pentagon cyber strategy, state-of-war conditions now exist between the US and China“. Ouch.

In other words, if you, Country C, take down or just plain attack what we consider a crucial cyber network, we reserve the right to interpret that as an act of war justifying an immediately “equivalent” kinetic response (along with any cyber response, naturally). If this new strategy frightens you, then you just might be a rational actor.

Theoretically, this means if you, Country C, hack and disable the net of crucial US installation X, America can fire missiles at your equivalent civilian or military installation (C)X. Of course, by responding to your “act of war,” we are initiating our own war response, meaning we’d need presidential approval to start the fireworks. But the key point is, by hacking something that we consider to be national security-sensitive, you leave yourself open to a state-of-war response from the United States at the time of its choosing, so be forewarned.

Which facilities fall into this “eye for an eye (or ear or . . .)” category? Naturally, America shouldn’t say, so as to keep Country C in the dark (the essence of deterrence), but putting us in the dark (take-down of an electric grid) is an obvious one cited in the WSJ piece. Again, theoretically, almost anything can be described as crucial on some national security scale (e.g., hack Monsanto in just the right way and maybe you put US food security at risk), because the small damage that you, Country C, choose to create in our nets might easily cascade into something far larger, so virtually any hack emanating from your networks puts you at risk for a US war response.

(I wonder what the reaction would be to an equivalent policy elsewhere? Let’s say – strictly hypothetically, of course – that Big Nation-state A is revealed to have funded and built some sort of infrastructural sabotage virus with the strict intent of targetting the facilities of Nation-state B; will the US fully understand Nation-state B declaring war on A, or will that be considered a disproportionate act by a rogue state? Guess it’ll depend on which of the two the Pentagon is more interested in keeping on-side.)

Seriously, though: when a pro-intervention pro-globalisation type like Barnett thinks this is a bad play, it’s got to be a real dick move:

This is an destabilizing step sideways in our security relationship with China: Beijing is being warned that its current and ongoing behavior can – at any time – be loosely interpreted as an act of war. Whatever situations or crises ensue, that handy rationale is now always sitting in the Pentagon’s back pocket, because I guarantee you, whenever big-war enthusiasts want to play that card, the Defense Department will be able to muster – at a moment’s notice – a long list of Chinese hacking attacks over the previous X hours/days/weeks/months. So when the President asks, “Do we have evidence that the Chinese are targeting us at this time for cyber-sabotage?” The answer will always be yes.

[…]

Bottom line? Strangelove has re-entered the Building.

That last line implies Strangelove ever left the building; I suspect he’s been stored in boardroom cupboards against the appropriate moment.

Deliberate or otherwise, the daftest thing here is that the Pentagon can grok that “cyberwarfare” is a threat, but doesn’t seem to entirely grok the fact that cyberwarfare doesn’t need to be a function of nation-state level decision-making. Indeed, the real threat is from non-nation-state actors, wherever they may be based. NATO seems wise to this, though, with the General Rapporteur issuing dire warnings to Anonymous, Wikileaks and their ilk:

Describing the rise of the group from its beginnings on internet picture message board 4chan, via campaigns against the Church of Scientology and, more recently, in support of whistle-blowing website Wikileaks, the report continues: “Today, the ad hoc international group of hackers and activists is said to have thousands of operatives and has no set rules or membership.”

The report goes on to lay out a stark warning to the group’s nameless participants:

“It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted.”

Well, good luck with that, folks. If you thought trying to tame countries full of warring factions whose only common ground was a desire to get shot of the meddling infidels was no picnic, declaring war on the fluid alliances and ad-hocracies of the intertubes is going to be a long and frustrating game of whack-a-mole which, I fully suspect, you have no chance of winning. After all, Anonymous doesn’t have anything you can aim a missile at, does it?


The Troll Crusade: Anonymous, Scientology and all that

Paul Raven @ 06-10-2009

Anonymous - they are legion.To paraphrase the lovely Pat Cadigan, reality is always weirder than fiction… because fiction is constrained by the need to appear plausible. Which is why, had someone tried to write a novel about an ad-hoc tribe of sociopaths united by membership of an internet bulletin board attempting to take down a notoriously weird young religion created by a fast-talking science fiction writer that numbers some of the biggest names in Hollywood among its ranks, they’d have probably been laughed out of the slush pile with a form rejection slip. [image by Sklathill]

But Chanology, the Anonymous crusade against Scientology, is a very true story, and one that’s still being told. Julian Dibbell has a good long-form piece in Wired all about it, and it’s a fascinating read… not to mention ideal source-material for writers of near-future speculative fiction. Dibbell highlights the real driving motive behind the fluid alliance of Anonymous, which is much less the desire to right wrongs than it is the desire to wind up a legendarily uptight organisation – a desire that focusses inward as well as outward, like an irascible hydra whose heads turn on one another as often as they strike at their enemies.

Dibbell also points out that while Anonynous may represent the arrival of “the kind of ad hoc, loosely coupled social activism that many have hoped the ad hoc, loosely coupled architecture of the Internet would engender,” it may also represent its apogee. Anonymous and Scientology are almost made for one another, so perfectly diametrically opposed at an ideological level that they can’t help but feed the flames of the conflict; potential future opponents may well learn from Scientology’s mistake, and avoid feeding the trolls.

What interests me most about Anonymous as an amorphous (id)entity, though, is the potential it has for temporal continuity independent of its current membership. It’s a banner that any rebellious or angry group could raise at any point in the future, because although its methods and aims are fundamentally individualistic, its public face is exactly the opposite. Like the Luddites and the saboteurs before them, all that’s needed to join the cause is an awareness of its existence… and of its power to enrage the forces of order. Even if Chanology fizzles out against the superior legal firepower of Scientology, I suspect we’ll not have heard the last of Anonymous.