The undeclared, unwinnable cyberwar is now

Normally the U.S. government is quiet about it's offensive cyberwar strikes, but that changed in the past few weeks.
First there was the alarming NY Times article.

Over the past weekend, The New York Times reported that US Cyber Command has penetrated more deeply than ever before into Russian electric utilities, planting malware potentially capable of disrupting the grid, perhaps as a retaliatory measure meant to deter further cyberattacks by the country's hackers. But judging by Russia's response, news of the grid-hacking campaign may have already had the immediate opposite effect: The Kremlin warned that the intrusions could escalate into a cyberwar between the two countries, even as it claimed that Russia's grid was immune from such threats.
... since 2017, Trump has been elevating Cyber Command's authority and reversing Obama administration rules that required other agencies' sign-off before it launched an offensive hacking operation.

Then just a couple days ago there was an equally alarming WashPost article.

With an OK from the US president, the Pentagon this week launched cyberstrikes that took down Iranian computer networks used to control missile launches, says a report in The Washington Post, which cites unnamed people familiar with the matter.
...
Last Saturday, The New York Times reported that US Cyber Command had moved from a defensive to offensive posture, apparently under a military authorization bill Congress passed in 2018 that gives the go-ahead for "clandestine military activity" in cyberspace to "deter, safeguard or defend against attacks or malicious cyberactivities against the United States."

At the moment it's easy to say "So what. Why should I care?"
But that false sense of impunity won't last very long.
Iran is already searching for a way to strike back.

There are several ways that cyberwars are different from regular wars.

1) No reason to limit the arms race; No reason not to put your weapons on their border

One thing is clear: Cyberspace is now seen by officers and officials as just another “domain” of warfare—along with air, land, sea, and space. But there’s something different and more dangerous about this domain: It takes place out of sight, its operations are so highly classified that only a few people know what’s going on there, and it creates an inherently hair-trigger situation, which could unleash war in lightning speed with no warning.
...It’s this instantaneity that creates a danger. If a lot of countries are inside one another’s networks, if they’re all able to shift from just-looking-around to unleashing-an-attack in no time, and if these countries are capable of launching an attack and are susceptible to receiving an attack, then this creates a hair trigger. In a crisis, one or more of these countries might launch a cyberattack, if just to preempt one of the other countries from doing it first. The very existence of the implants makes a preemptive attack more likely.

2) Cyberweapons can be easily used against you

Recent disclosures by Symantec and the New York Times suggest a recent Chinese cybersecurity hack against U.S. interests involved re-purposing and then attacking us with a cyberweapon using previously deployed, NSA-manufactured hacking code. They had intercepted after it was used against them.

The age of unwinnable cyberwar is upon us.

Think of this situation as analogous to neighbors throwing rocks at each other. Obviously, the first thrown rock is easily retrieved and re-launched at the opposing side. And subsequently so. This can go on forever until one side either gains strength in additional attackers, or escalates by deploying a new weapon.

3) The U.S. has a lot more to lose

"The idea that we can use cyber offense capabilities to impose sabotage-like effects, and to do so in increasingly large scale and costly ways until they get it through their head that they can’t win, I don’t think that's going to work," says Tom Bossert, who served as White House homeland security advisor and the president's most senior cybersecurity-focused official until April of last year. "I want to make sure we don’t end up in an escalatory cyber exchange where we lose more than they do."
Bossert points out that in many respects the US economy and infrastructure is far more reliant on digitization and automation than Russia's, giving the Kremlin an inherent advantage in any future no-holds-barred cyberwar. He paraphrases former secretary of defense Ash Carter: "If you're doused in gasoline, don't start a match-throwing contest."

We have so much more to lose from a cyberwar than literally any other nation.
If the internet gets disrupted what do you think will happen to our enormous tech companies and financial institutions?
It's like playing chicken when you are driving a Bentley and the other guy is driving a Ford. Even winning is losing in this case.

Share
up
26 users have voted.

Comments

edg's picture

that some of the same people that claim Russia gave the 2016 election to Trump can say with a straight face that we can win a cyberwar. If we can't even protect our national elections against $100K in Facebook ads, how in the heck can we win a war?

up
19 users have voted.

@edg
then everything looks like a nail.
That's my take.

Personally I'm looking forward to the day someone unleashes a virus that completely takes down the internet for several days.
North Korea would be unaffected by this. While the California economy and NASDAQ would implode.

So why would we want to start this war?

up
17 users have voted.
Pricknick's picture

@gjohnsit

Personally I'm looking forward to the day someone unleashes a virus that completely takes down the internet for several days.

Not so much as to see institutions suffer, as to see how the ordinary citizen loses their fucking mind.
Take the internet...... chaos.
Take the cellular network....... pandemonium.
Fire up the ham radio.

up
7 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

Hawkfish's picture

@gjohnsit

In which part of the plot involves a rather clever - and non-technical way to make the net useless for social information transfer.

up
3 users have voted.

We can’t save the world by playing by the rules, because the rules have to be changed.
- Greta Thunberg

mimi's picture

@gjohnsit
would that mean that all electrical grids would not function anymore? If that should be the case and the consequence, which I donÄt know, then I wouldn't wish on anyone the consequences of such a xomplete internet shutdown.

up
2 users have voted.
Pricknick's picture

@mimi
we deserve to be in the dark.

up
2 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

@mimi
what it would mean is no credit transactions.

up
3 users have voted.
k9disc's picture

"They're trying to steal what we've already rightfully stolen...

Plato, Aristotle, Socrates? Morons."
@edg

up
2 users have voted.

“Tactics without strategy is the noise before defeat.” ~ Sun Tzu

We are the mighty USA, certainly we're the only ones who know how to do anything and we always win, right? S/

up
13 users have voted.
WoodsDweller's picture

...is the low barrier to entry.
Making nukes takes a supply of ores, centrifuges to concentrate fissile material, tests to assure your warheads actually work. It's expensive and damned hard to hide.
Missiles that can reach across thousands of miles to deliver a warhead are similarly hard to develop and probably impossible to test secretly.
Bioweapons are much easier to develop, but hard to deliver effectively.
Cyber attacks take nothing more than basic equipment. Any government, probably any non-state organization, can develop weaponized code. How long until they are available on the black market for a few bitcoins? Are they already?
Will the big, bad, Russians cyber us? How about those scary Iranians? That's one thing. What about Madagascar or Ecuador attacking us? How about the terrorist organization of the month? How about black ops from big corporations (just how good would computer forensics be against this sort of thing?). How about a dozen goofballs with an axe to grind?

up
15 users have voted.

The truth is never as interesting as wild speculation.

@WoodsDweller

Cyber attacks take nothing more than basic equipment

When it comes to cyberwar, the real weapons are the skills of the hacker.

On the flip side, it's real hard to play defense.
If JP Morgan Chase can get hacked then anyone can get hacked.

up
12 users have voted.

@gjohnsit
It was with the phone phreaker called "Captain Crunch". He claimed that with six Apple II's he could bring down the entire phone network of California.

Note:
His nickname because one day he bought a box of Captain Crunch cereal. It contained a toy whistle as a prize. He blew the whistle into a phone and found that it opened an unregistered long distance trunk line. Now who in the world would think of doing that!

Note2:
AT&T spent millions buying up and boxes of cereal and destroying them. They also paid the cereal company (General Mills?) more millions to change the pitch on the whistle so it no longer did that.

up
15 users have voted.

Sanders-Gabbard 2020 !

Hawkfish's picture

@The Voice In the Wilderness

Because of course he measured the pitch. When I was in college , MIT students were already using this information to route calls from the hall pay phone around the world and then down the hall.

Reportedly ATT was so pissed they threatened to remove the phone unless the resultant bill was paid. The story goes that when they came to empty the phone a week later, it was full of pennies and a wooden nickel - neither of which would fit through the coin slots. In other words they had responded to the threat by picking the lock on the coin box. The moral being: don’t get pissy with smart nerds ...

up
10 users have voted.

We can’t save the world by playing by the rules, because the rules have to be changed.
- Greta Thunberg

@Hawkfish
Never mess with an engineer over a tech item.

up
2 users have voted.

Sanders-Gabbard 2020 !

snoopydawg's picture

@WoodsDweller

Assange released vault 7 last year or so ago.... gee maybe Comey should have kept that deal huh?

up
16 users have voted.

America is a pathetic nation; a fascist state fueled by the greed, malice, and stupidity of her own people.
- strife delivery

After stuxnet, which supposedly was loaded with a USB device, wouldn't the Iranians at least harden their systems, including taking the most important offline? Did they learn nothing from that intrusion?

If malware was placed on their system can it not be isolated and reverse engineered? It would take some time but the intrusion entry point could be detected, in theory anyway, and then hardened to thwart any future attacks in the same manner.

Why would we tell them that the US penetrated their network? Why tip our hand?

It doesn't make sense except as a cover your ass for Trump.

up
15 users have voted.
Pluto's Republic's picture

@JtC

...that the NYTimes "reported" on is already being designated as "fake news."

up
12 users have voted.

The purpose of a writer is to keep civilization from destroying itself.
– Albert Camus

@Pluto's Republic
But I have zero doubt that the cyberwar is real

up
9 users have voted.
Pluto's Republic's picture

@gjohnsit

No question there. And that's one way to bring death and destruction right into the people's homes.

When the US decided to forego diplomacy for US terrorism and war crimes, like sanctions, instead — they put every American into harm's way. The American People have refused to control their government. Unless they stand up and declare to the world that they do not have a democracy, it looks like they are the ones behind these actions. They are paying the entire bill, after all.

When this Empire madness turns to shit, who do you think will pay the price?

up
13 users have voted.

The purpose of a writer is to keep civilization from destroying itself.
– Albert Camus
snoopydawg's picture

@Pluto's Republic

the old world came up into the new world to destroy magic. People in the old one happily lived in poverty because they had been told their whole lives that magic was bad. This is exactly what people here have been doing for far too long. Lots of people are saying that Trump should go to war with Iran because they are the biggest sponsors of terrorism in the world and that people in Iran say "death to America." Do they care that many of us are living in poverty because the military sucks up all the money? Not at all because they also think that our military is spreading freedoms and democracy in those backward countries. No wonder we can't get an anti war movement going. Wish I knew how to change this.

up
8 users have voted.

America is a pathetic nation; a fascist state fueled by the greed, malice, and stupidity of her own people.
- strife delivery

@JtC
There are always new vulnerabilities.
All anyone can do is unplug it from the internet. (See Battlestar Gallactica episode 1)

up
9 users have voted.

@gjohnsit
Even as I was clicking on the Subject line link to your comment, I was thinking of BG Episode 1.

up
7 users have voted.

The earth is a multibillion-year-old sphere.
The Nazis killed millions of Jews.
On 9/11/01 a Boeing 757 (AA77) flew into the Pentagon.
AGCC is happening.
If you cannot accept these facts, I cannot fake an interest in any of your opinions.

@gjohnsit
but why help them by by exposing vulnerabilities?

Stuxnet proved that being offline isn't foolproof.

This stinks of FUD and CYA.

up
9 users have voted.
snoopydawg's picture

@JtC

Why did they say that we were cyber attacking Russia and in the same breath say that Trump wasn't told because he might have said something to Russia about it. Doh! Then everyone focused on how Trump isn't to be trusted instead of asking why the Times spilt the beans. More mind games.

up
12 users have voted.

America is a pathetic nation; a fascist state fueled by the greed, malice, and stupidity of her own people.
- strife delivery

wendy davis's picture

@JtC

'They tried hard, but failed’: Iran foiled all US attempts to carry out cyber-attacks', june 24, 2019, RT.com

"Iran successfully prevented US cyber-attacks that targeted its infrastructure, the country’s information minister said after Washington was reported to have crippled Tehran’s missile control sites with a retaliatory cyber-strike.

Minister for Information and Communication Technology Mohammad Javad Azari-Jahromi appeared to deny reports in the US media that a massive cyber-offensive had disabled Iranian computer systems that control rocket and missile launches on Thursday.

Neither the Pentagon nor the White House commented on the reports, which claimed that the strike had been carried out by US Cyber Command in cooperation with US Central Command to avenge the downing of an unmanned US Navy drone by Iran on Thursday morning.

Stopping short of directly addressing rumors that the attack had taken place, Jahromi said that Iran has vast experience of thwarting these kind of assaults, having foiled some “33 million attacks with the [national] firewall, only within the last year.”

He specifically referred to Stuxnet, a computer worm jointly developed by the US and Israel, which was used to infiltrate Iran’s nuclear facility networks in 2009-2010.
The Washington Post reported earlier that the alleged cyber-strike had incapacitated Iran’s military command posts and control systems.

The Trump administration has been pursuing a hawkish cyber-strategy. Signed by Trump last September, the document rolled up many of the constraints that limited the usage of offensive cyber-operations in retaliation against foreign actors."

up
11 users have voted.

up
12 users have voted.

@gjohnsit
thanks. Bernie gets it right, IMHO.

up
11 users have voted.