[iwar] [fc:White.House.Officials.Debating.Rules.for.Cyberwarfare]

From: Fred Cohen (fc@all.net)
Date: 2002-08-24 07:47:58
Next message: Fred Cohen: "[iwar] [fc:As.Threat.of.Cyber.Attacks.Grows,.Security.Specialists.Blame.Faulty.Software]"
Previous message: Fred Cohen: "[iwar] [fc:Bracing.for.the.Digital.Crackdown]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200208241447.g7OElws20541@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Sat, 24 Aug 2002 07:47:58 -0700 (PDT)
Subject: [iwar] [fc:White.House.Officials.Debating.Rules.for.Cyberwarfare]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
                      "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<title>stdin: (ai) White House Officials Debating Rules for Cyberwarfa</title>
<meta name="Author" content="Axelrod, Seth (Seth.Axelrod@trw.com)">
<meta name="Subject" content="(ai) White House Officials Debating Rules for Cyberwarfare">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<h1>(ai) White House Officials Debating Rules for Cyberwarfare</h1>
<!-- received="Thu Aug 22 04:36:11 2002" -->
<!-- isoreceived="20020822113611" -->
<!-- sent="Thu, 22 Aug 2002 07:34:46 -0400" -->
<!-- isosent="20020822113446" -->
<!-- name="Axelrod, Seth" -->
<!-- email="Seth.Axelrod@trw.com" -->
<!-- subject="(ai) White House Officials Debating Rules for Cyberwarfare" -->
<!-- id="379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com" -->
<!-- expires="-1" -->
<strong>From:</strong> Axelrod, Seth (<a href="mailto:Seth.Axelrod@trw.com?Subject=Re:%20(ai)%20White%20House%20Officials%20Debating%20Rules%20for%20Cyberwarfare%2526In-Reply-To=%2526lt;379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com"><em>
Seth.Axelrod@trw.com</em></a>)<br>
<strong>Date:</strong> 2002-08-22 04:34:46
<p>
<!-- next="start" -->
<ul>
<li><strong>Next message:</strong> <a href="2815.html">Cancer-less Life: "cc: Quite 
Smoking in 90-days -  Guaranteed - Proven Results                            10.35"</a>
<li><strong>Previous message:</strong> <a href="2813.html">David Hansen: "Re: Labour 
MP demands action on email porn"</a>
<!-- nextthread="start" -->
<!-- reply="end" -->
<li><strong>Messages sorted by:</strong> 
<a href="index.html#2814">[ date ]</a>
<a href="thread.html#2814">[ thread ]</a>
<a href="subject.html#2814">[ subject ]</a>
<a href="author.html#2814">[ author ]</a>
<a href="attachment.html">[ attachment ]</a>
</ul>
<hr noshade><p>
<!-- body="start" -->
<pre>
Return-Path: &lt;<a href="mailto:access@g2-forward.org?Subject=Re:%20(ai)%20White%20House%20Officials%20Debating%20Rules%20for%20Cyberwarfare%2526In-Reply-To=%2526lt;379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com">access@g2-forward.org</a
>
Delivered-To: <a href="mailto:fc@all.net?Subject=Re:%20(ai)%20White%20House%20Officials%20Debating%20Rules%20for%20Cyberwarfare%2526In-Reply-To=%2526lt;379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com">fc@all.net</a>
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) 
for fc@localhost (single-drop); Thu, 22 Aug 2002 04:36:11 -0700 (PDT)
Received: (qmail 26929 invoked by uid 510); 22 Aug 2002 11:32:58 -0000
Received: from sdsl-64-32-243-163.dsl.iad.megapath.net (HELO g2-forward.org) (64.32.243.163) 
by all.net with SMTP; 22 Aug 2002 11:32:58 -0000
Received: from trw.com by g2-forward.org with SMTP; Thu, 22 Aug 2002 07:35:52 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
Content-Type:  multipart/alternative;	boundary="----_=_NextPart_001_01C249CF.EAA30626"
Subject: (ai) White House Officials Debating Rules for Cyberwarfare 
Date: Thu, 22 Aug 2002 07:34:46 -0400
Message-Id:  &lt;379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: White House Officials Debating Rules for Cyberwarfare 
Thread-Index: AcJJz+qBK/EDwpNcQLayORi3Fi0Krg==
From: "Axelrod, Seth" &lt;<a href="mailto:Seth.Axelrod@trw.com?Subject=Re:%20(ai)%20White%20House%20Officials%20Debating%20Rules%20for%20Cyberwarfare%2526In-Reply-To=%2526lt;379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com">Seth.Axelrod@trw
.com</a>
Bcc: 
X-OriginalArrivalTime: 22 Aug 2002 11:34:46.0565 (UTC) FILETIME=[EAC54550:01C249CF]
Sender: &lt;<a href="mailto:access@g2-forward.org?Subject=Re:%20(ai)%20White%20House%20Officials%20Debating%20Rules%20for%20Cyberwarfare%2526In-Reply-To=%2526lt;379A8DC2FD20134CBC091ED3E135B0F370DAEE@RMTVA-XVC01.info.trw.com">access@g2-forward.org</a>
Precedence: Bulk
X-Spam-Status: No, hits=-0.9 required=5.0 tests=AI_LIST,INVALID_MSGID,SUPERLONG_LINE,BIG_FONT,MISSING_HEADERS 
version=2.20
X-Spam-Level: 

Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
  

White House Officials Debating Rules for Cyberwarfare 

By Ariana Eunjung Cha and Jonathan Krim
Washington Post Staff Writers
Thursday, August 22, 2002; Page A02 

The Bush administration is stepping up an internal debate on the rules
of engagement for cyberwarfare as evidence mounts that foreign
governments are surreptitiously exploring our digital infrastructure, a
top official said yesterday. 

Richard A.  Clarke, head of the Office of Cyberspace Security, said the
government has begun to regard nation-states rather than terrorist
groups as the most dangerous threat to this country's computer security
after several suspicious break-ins involving federal networks. 

"There are terrorist groups that are interested.  We now know that al
Qaeda was interested.  But the real major threat is from the
information-warfare brigade or squadron of five or six countries,"
Clarke said in an interview with Washington Post editors and reporters. 

The White House last week called in Gregory J.  Rattray, an Air Force
officer and author of "Strategic Warfare in Cyberspace," to accelerate
the process of sorting out the legal and ethical issues surrounding such
attacks. 

In one series of incidents in 1999 and 2000, unidentified hackers
downloaded scores of "sensitive but unclassified" internal documents
from the Los Alamos and Livermore national laboratories and the Defense
Department.  Investigators traced the electronic trail back to an
unnamed foreign country; officially, the government there denied being
involved, but the intrusions suddenly stopped, he said. 

U.S.  officials also believe it is possible that a foreign government
helped create the Code Red virus that took control of 314,000 servers
last year and directed them to attack White House computers. 

For the past nine months, Clarke -- who reports both to Homeland
Security Director Tom Ridge and national security adviser Condoleezza
Rice -- has been preparing a plan that will involve the government,
private companies and average citizens in defending against future
attacks.  This national strategy will be outlined next month in Silicon
Valley. 

Among the recommendations is that Internet service providers for cable
and DSL companies package their faster always-on services with
"firewalls," or security software that repels outside intrusion and
monitors what information is sent out to the Internet.  Clarke said many
people have connected to the Internet through such services in recent
years without being told their computers are open to intruders. 

"Our goal is not to prevent cyberattacks but to withstand them," Clarke
said. 

Clarke said the country has made some progress in shoring up its
defenses since Sept.  11 but it will be years before it can fix the
numerous vulnerabilities that have existed on the Internet since its
creation.  He said the government also is assessing whether some
critical computers should be disconnected from the Internet or run on a
private network. 

Federal agencies have increased their information technology spending to
$4.5 billion in the fiscal year beginning in October, up 64 percent from
the previous year.  Major software companies such as Microsoft Corp. 
and Oracle Corp.  have made security a top priority.  But companies in
other sectors, especially telecommunications, have been slower to
respond because of financial difficulties, Clarke said. 

Meanwhile, Clarke said, more and more countries, especially poorer ones,
are coming to see the advantage of cyberwarfare over traditional
warfare.  Such efforts are less expensive, costing thousands of dollars,
compared with billions for a nuclear weapons program.  Cyberattacks also
are easier to conceal. 

The specter of more significant cyberattacks from enemy countries has
pushed the U.S.  government to explore how far it should go in its own
use of technology in war. 

The U.S.  military's use of cyberwarfare so far has been limited mostly
to defensive efforts and information collection. 

After the NATO campaign in Kosovo in 1999, Gen.  Henry H.  Shelton,
chairman of the Joint Chiefs of Staff, disclosed that the military had
jammed Serbian computer networks.  But Clarke said the United States has
yet to engage in a major attack that damages other systems. 

Clarke describes the situation today as analogous to the dilemma the
U.S.  government faced several decades ago when it had nuclear
capability but lacked rules on when or how to use the weapons. 

Under the Geneva Convention, the operative international law of war,
attacks on noncombatants are prohibited.  Thus, a cyberattack on the
banking system or electricity grid of a country believed to be helping
terrorists would raise unresolved legal issues because of the damage it
might inflict on innocent people. 

"It's okay to blow up a bridge and kill everyone, including civilians"
if the bridge is believed to serve a military purpose, said Mark Rasch,
a technology security consultant and former Justice Department
prosecutor.  "But it might not be okay to hack into computer systems"
that are not obviously serving a military purpose. 

And it could be particularly hard to control the impact of an electronic
attack.  For example, any virus the military might unleash on its
enemies would probably spread beyond the target because so many of the
world's computers are linked to the Internet. 

Some officials in the Bush administration also are concerned about
creating dangerous precedents by launching the first major Internet
attack given that the United States could have more to lose than any
opponent in such a conflict. 

American businesses and governmental entities depend on technology to a
far greater degree than do relatively undeveloped countries and
loose-knit terrorist groups -- and retaliation could be a major danger. 

"We live in the largest glass house on the street when it comes to
that," said Daniel T.  Kuehl, a professor at National Defense
University, an education arm of the military. 

Staff writer Vernon Loeb contributed to this report. 

� 2002 The Washington Post Company

------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/mG3HAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:As.Threat.of.Cyber.Attacks.Grows,.Security.Specialists.Blame.Faulty.Software]"
Previous message: Fred Cohen: "[iwar] [fc:Bracing.for.the.Digital.Crackdown]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT