back to article WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral

Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said. During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr's chief information security officer, admitted …

  1. Neil Barnes Silver badge

    Disproportionate response?

    While the notion of 'you encrypted my computer; eat thermonuclear destruction, you bastard' has a certain appeal to it, I can't help feeling that the approach of 'don't do this; I might nuke you' has one or two tiny issues. Not least of these is the difficulty of finding out who triggered the attack, as opposed to who actually carried it out.

    1. ItsMeDammit
      Mushroom

      That and the launch system no longer works until you pay up $300 in Bitcoin.

      1. Sgt_Oddball Silver badge

        More like..

        I'll nuke you once I can this 8" floppy drive running again.

    2. Anonymous Coward
      Anonymous Coward

      Re: Disproportionate response?

      I, for one, welcome our new NATO overlords.

      The reassurance provided by a military response to an NHS IT emergency caused by a lack of long term investment is bound to fix the issue. Particularly if it is a joint NATO effort rather than relying on just the UK military.

      I suspect it may even significantly cut waiting lists AND reduce CO2 at the same time, benefiting the planet in the long term...

      1. Anonymous Coward
        Anonymous Coward

        Re: Disproportionate response?

        The reassurance provided by a military response to an NHS IT emergency caused by a lack of long term investment.

        Try and get some of your facts straight. I'm on the inside and can tell you brand new imaging systems that were only months old were infected. And while there was some imaging systems running far older OS'es precautions had been taken to prevent attack on those specific devices and it worked. But those precautions were not taken by all trusts.

        That was something to behold, brand new Win7 based machines being taken down while XP machines were unaffected.

        Blaming investment is so easy to do, but no that wasn't the problem, despite what the press were initially saying at the time.

        1. Anonymous Coward
          Anonymous Coward

          Re: Disproportionate response?

          "Try and get some of your facts straight."

          I will try...

          "I'm on the inside and can tell you brand new imaging systems that were only months old were infected."

          So when they were installed, the potential for unmanaged devices (I assume the imaging systems didn't allow the use of non-vendor OS installs including security software) connected to the network was recognised and mitigated?

          Why wasn't it mitigated? Lack of funding for a suitable solution, lack of knowledge or poor risk management due to under-investment or incompetence?

          And yes - I have been involved in projects to install PACS imaging systems into hospitals and yes, we did recognise that there was a risk to both internal systems and the imaging systems and firewalls were used to mitigate some of that risk. But that was 20 years ago so surely that is considered standard operational practice rather than an optional feature. Or did the investment not cover firewalls. Almost as if there wasn't enough funding...

        2. Anonymous Coward
          Anonymous Coward

          Re: Disproportionate response?

          In our case we didn't have any XP machines at all, it was Windows 7 ones where were affected and we wouldn't have been infected if a really large contractor in charge of our ACLs had done their job and actually configured them as instructed - albeit we should never have trust them - hence us now having firewalls literally all over the place which we centrally manage.

          Also people need to stop thinking about the NHS as one organisation, there are 4 different NHSs at a high level each of them run rather differently (England, Scotland, Wales and NI) with different funding levels for IT, different priorities and each governed differently too.

        3. Medical Cynic

          Re: Disproportionate response?

          "brand new Win7 based machines"

          Only in the NHS...

    3. Christoph Silver badge

      Re: Disproportionate response?

      Hack your enemy, use their computers to attack US computers, sit back with a bag of popcorn.

    4. Doctor Syntax Silver badge

      Re: Disproportionate response?

      "Not least of these is the difficulty of finding out who triggered the attack, as opposed to who actually carried it out."

      There's also the little matter of who failed to keep their stash of undisclosed vulnerabilities secret.

  2. alain williams Silver badge

    Far better to spend the nuke money ...

    helping people & organisations to make their systems robust -- and with good, tested backups.

    1. DavCrav Silver badge

      Re: Far better to spend the nuke money ...

      "Far better to spend the nuke money ...

      helping people & organisations to make their systems robust -- and with good, tested backups."

      Nuclear weapons are hilariously cheap. All the big numbers you see are, essentially, lies. The most common one is to take the current cost of operating nukes, as a percentage of the MoD budget. Then the MoD budget is 2% GDP. With long-term GDP forecasts, you obtain a (stupid) estimate as to the cost of nuclear weapons. A good year for the economy? Cost of Trident replacement goes up massively.

      One obvious reason why it's stupid is that, in the event of Scottish independence, the cost of nuclear weapons goes down by about 10% with this `methodology'.

      But they are cheap compared with the cost of the NHS. Scrapping all nuclear weapons would not pay for a single year's inflation-linked increase in the NHS's budget. It would not be able to secure all government systems, if that is even possible.

      1. disgustedoftunbridgewells Silver badge

        Re: Far better to spend the nuke money ...

        The figure I've seen for the new Trident is £30b over 30 years. So ignoring inflation because I'm lazy, £1bn/year.

        John Prescott used to spend more of the governments money than that on Jaguars.

        1. Smooth Newt
          Meh

          Re: Far better to spend the nuke money ...

          The figure I've seen for the new Trident is £30b over 30 years. So ignoring inflation because I'm lazy, £1bn/year.

          It's rather more expensive than that. £31 billion was the 2015 National Security Strategy and Strategic Defence and Security Review estimate for the design and manufacture of four shiny new Dreadnought class submarines, and nothing else.

          Large MoD capital projects aren't known for coming in on budget, and the MoD have since added a further $10 billion to cover the cost overrun. The £41 billion figure doesn't include all the other things that are needed - warheads, missile rental, shore facilities, submarine running costs, crew and other personnel, regular maintenance and periodic refitting of everything (submarines, warheads, missiles etc), decommissioning and so on. Reuters estimated the lifetime cost at £167 billion, CND rather more (obviously).1

          1 https://www.theguardian.com/uk-news/2016/jul/17/trident-renewal-205bn-arguments-for-against

          1. W.S.Gosset Silver badge

            Re: Far better to spend the nuke money ...

            The alternative (no deterrence) is rather more expensive.

          2. DavCrav Silver badge

            Re: Far better to spend the nuke money ...

            "Reuters estimated the lifetime cost at £167 billion,"

            So over 30 years, around £5bn/year. NHS budget is around £150bn, 3% indexation cost, about £4.5bn. So i'm wrong. It just about covers the increase sue to inflation of the NHS budget.

      2. Claverhouse Silver badge

        Re: Far better to spend the nuke money ...

        So if they're lies, where does the money from the Treasury undoubtedly go to ?

        [ British Treasury, under the mighty ægis of Boris Johnson as First Lord of The Treasury; but it applies to every other Treasury that finances buying weapons. ]

      3. baud Bronze badge

        Re: Far better to spend the nuke money ...

        I think the cost of weapons balloon absurdly once you add nuclear submarines as delivery platforms.

    2. Anonymous Coward
      Anonymous Coward

      Re: Far better to spend the nuke money ...

      Backups are fine, restoration time is part of the problem particularly in health care where you have an electronic patient record. Every minute a system is down is another minute where additional work has to be done AFTER it's brought back online as data has to be manually entered etc.

      Just restoring to where you were isn't enough, you need capacity afterwards. Which is why resilience is more important, if only just.

      Resilience costs a fortune to do properly at scale though.

  3. Andy The Hat Silver badge

    NATO response

    ... infers a military response which infers a targeted response against a state or individual actors.

    Isn't one of the issues that 'they' have no real idea of the where or who to target? It has been touted to be "The Norks" or "The Chinese" or "The Russians" but maybe five blokes in a bedsit in Basingstoke routing stuff around the world. Are we just going to lob missiles indiscriminately at a few million square miles of inhabited land hoping that we hit a 'responsible' person?

    Follow the money and you'll find the perpetrators. Difficult, some would argue impossible, but the only reliable way ... We are not fighting a military campaign but in-your-face organised crime gang who, in the case referred to, have probably never heard of the NHS but they know their software has found an open network with lots of machines hanging off it which means a sizeable business and potential cash.

    The biggest problem we have now is MS not giving security updates to Win7 - tens of thousands of users with apparently stable systems which will gradually and invisibly become less secure. I would like to see at least high security updates being mandated by the powers that be ... If you have a monopoly you must have your arm twisted to assume some responsibilty for the product if the product is flawed.

    1. EricM
      FAIL

      Exactly, attribution is THE problem.

      "If the only tool you have is a hammer, every problem looks like a nail" comes to mind ...

      Applying military "thinking" to civil problems like computer security is a danger to public security.

      Is this just a General trying to appear relevant or NATO trying to do the same?...

      1. Headley_Grange Silver badge

        Re: Exactly, attribution is THE problem.

        Agreed, but if it were the case that some countries are more forgiving of hackers and don't try very hard to stop them as long as they don't target their hosts then those countries might start to look more like nails.

        Practically, if it were also the case that those countries are, in fact, as hard as nails and we wouldn't be daft enough to get the hammer out.

        1. EricM

          Re: Exactly, attribution is THE problem.

          I assume you are aware that Hacking attacks can - and in fact are - also be executed from the soil of the US, UK, Germany, France, etc.

          If so, how much of a nail are these countries?

          How appropriate would be military action in these cases?

          And why should other countries be more of a nail, just because we do not live there?

          Nope, thinking about responding to a Virus/Malware with military force is simply stupid.

          1. DavCrav Silver badge

            Re: Exactly, attribution is THE problem.

            "Nope, thinking about responding to a Virus/Malware with military force is simply stupid."

            There is something stupid around, but it isn't that thought. A terrorist attack by a nation state is a terrorist attack. The vector for that attack is irrelevant. If hackers, under the aegis of their government, manage to collapse the UK banking system, with the result of thousands of deaths and billions in damage, of course a military response is appropriate.

            An attempt to disrupt the entire UK health system is a terrorist attack. If it was caused by a group of individuals, and they can be found, then bring them to justice. If the host country refuses to do so, and there is sufficient evidence of their guilt, then the host country is complicit.

            1. ShadowDragon8685

              Re: Exactly, attribution is THE problem.

              That is, in fact, why Afghanistan was invaded in early 2002 - The Taliban were not Al Qaeda, but they were very chummy with Al Qaeda, permitted Al Qaeda to train and organize from their territory, and refused to round them all up and hand them over (the ones whom they didn't shoot dead in the doing, anyway), when we said "hey, this NGO based in your territory kind of did something that requires a retaliation in blood, would you kindly hand them over so we can see justice done?"

              The Taliban, then in essentially-absolute control of Afghanistan, said "come and get them!"

              And here we are today.

              If a nation-state is supporting the bad acts of attackers, even nontraditional attackers, then they are culpable accomplices. If they're unwittingly protecting them simply by virtue of the nontraditional attackers being based in their territory but not taking action against the nation-state which the nation-state would notice or take issue with, then said nation-state is not culpable; however, if they refuse to put an end to it themselves, then they become culpable accomplices.

              And a major, targeted attack at the NHS - even if made without knowing or *caring* who the target is, *even if it was a fire-and-forget virus that trawled the internet attacking opportunistically* - is the sort of thing that does qualify as an attack upon a nation. Just because Big Ben doesn't collapse doesn't mean it isn't a massive material attack with devastating, potentially life-threatening consequences.

              Is a military response justified? Yes. Would it be prudent and wise to look into other means first, such as actually following the trail to wherever it ends and then furnishing the nation in which those scumbags are sheltering with an extradition request? Absolutely, of course it is. If they refuse, then what options are on the table?

              Well, the first option, of course, should be economic sanctions; look, these brotherlovers attacked our healthcare system, we're not going to take that lying down. We're going to freeze all assets any of your citizens may have in any bank we can get ahold of - and since we invoked Article Five, that means all of NATO is doing likewise.

              Wouldn't it really, really be in your better interests to hand over Hoodie McHackerman and his pals to serve nice long prison sentences?

          2. Doctor Syntax Silver badge

            Re: Exactly, attribution is THE problem.

            "I assume you are aware that Hacking attacks can - and in fact are - also be executed from the soil of the US, UK, Germany, France, etc."

            I think you missed the phrase "more forgiving".

    2. Version 1.0 Silver badge

      Re: NATO response

      The WannaCry ransomware attack on NHS was just a malware infection, while the NHS might have been be a common recipient of the infected emails, the fact is we all were - the NHS internal structure just made them more vulnerable. I see these infection attempts every day at the mail server and delete them.

      We would be far better off spending the money on defense than chasing the perpetrators if we even knew who they were. All we can do is guess.

      1. Mike 137 Silver badge

        "better off spending the money on defense than chasing the perpetrators"

        A major problem is that infosec policy is largely driven by national security agencies, whose traditional role is anti-espionage and anti-insurgence.

        In defending against corporate cyber risk (and that includes public service providers) the motivation of the attacker is entirely secondary, if for no other reasons than [a] you're not going to find out until afterwards and [b] there's nothing you can do about it anyway. Your job is to counter the threat, regardless of the nature of the threat agent ("bad actor"). In the national security arena, on the other hand, attacker motivation is very important as you have the option of pre-emptively countering the threat agent. Consequently most national level infosec advice comes from a source with the wrong priorities.

    3. EvilDrSmith

      Re: NATO response

      Agreed that the first problem is to identify who actually launched the attack.

      Agreed also that better (i.e. effective) security on the computer systems is better than a military response after the attack.

      But a 'military response' may be appropriate in certain circumstances.

      They take out your health service computer network, so you could crash part of their power grid control system, but a missile into a single substation may cause less damage overall, is more visible (harder for them - whoever they are, to deny something happened), and leaves them (who ever they are) still unsure whether you can get into their systems but simply choose not to.

      But to re-iterate - yes, better to have robust systems in place in the first instance, and then treat attacks as criminal activity unless/until definite proof its a state action

    4. arthoss

      Re: NATO response

      hmpf, whether is state sponsored or not, it doesn't matter. Terrorism of any kind needs to be fought against, I personally agree with this idea and others. Artificially restricting the response to computer wars is the same as in A Taste of Armageddon - it will lead to nothing good in the long term, just lost resources, continuously, with nothing learnt.

    5. 's water music Silver badge
      Holmes

      Re: NATO response

      >>... infers a military response which infers a targeted response against a state or individual actors.

      Isn't one of the issues that 'they' have no real idea of the where or who to target? It has been touted to be "The Norks" or "The Chinese" or "The Russians" but maybe five blokes in a bedsit in Basingstoke routing stuff around the world. Are we just going to lob missiles indiscriminately at a few million square miles of inhabited land hoping that we hit a 'responsible' person?

      Printing out a screenshot of a ransomwared machine is going to be a lot cheaper than commissioning a WMD report so at least there is a cost saving in generating shonky excuses for dodgy military excursions.

      Don't let him look at the evidence------>

      1. Andy The Hat Silver badge

        Re: NATO response

        "They take out your health service computer network, so you could crash part of their power grid control system, but a missile into a single substation may cause less damage overall, ..."

        Excuse my ignorance but who are "they"? (I said they did not know the where or who ...)

        Unless you intend to stop the infection in your systems by blowing up your own electrical infrastructure and taking your infected systems offline is your idea, which may arguably work, but I feel would not be a wholly appropriate or sane response, I believe I have just well and truly rested my case against a military response ...

        1. EvilDrSmith

          Re: NATO response

          Ignorance fully excused, since you asked politely, and because your question is a (the?) critical question.

          Though as I noted:

          "Agreed that the first problem is to identify who actually launched the attack."

          and then later on: "and leaves them (who ever they are)".

          My (probably badly phrased) point was not that a military response is appropriate in all (or even the majority) of cases (which it clearly is not), but that it may be in some cases.

        2. Wellyboot Silver badge

          Re: NATO response

          Overt military action would likely only be taken when enough usable evidence was available for our politicians to risk sanctioning such an operation against another nation state or a group operating within a failed nation state.

          Ransomware from an identified crime gang may just result in the crime gangs membership (anywhere in the world) being thinned down with extreme prejudice and plausible deniability.

          1. Andy The Hat Silver badge

            Re: NATO response

            Evidence? Since when was that required?

            In hindsight I hereby unrest my case ... :-)

            1. James Hughes 1

              Re: NATO response

              https://en.wikipedia.org/wiki/Operation_Barras

              Good authority that 'thinning out' was used in this case - the fact there were some survivors is lucky for them.

    6. MarkSitkowski

      Re: NATO response

      I agree as to the impossibility of blame attribution. We've been under attack by a botnet since 2012, driven by some halfwit with no other life, who hacks servers in about 70 countries, and gets them to send out malicious crap. If we retaliated against each individual server, we'd cause mayhem in those 70-odd countries, while missing the fact that the C&C's are all in Turkey.

      There's also a botnet which does nothing but SYN/ACK attacks, which just leaves its dumb script running 24/7, cycling through spoofed IP addresses from up to 20 class-B networks each day. Again, finding the real source of all this parasitic activity is nigh-on impossible.

      No nukes, please, but a hit-squad would be very welcome...

      1. Alan Brown Silver badge

        Re: NATO response

        "If we retaliated against each individual server, we'd cause mayhem in those 70-odd countries, while missing the fact that the C&C's are all in Turkey."

        That's the big issue - but of course someone always gloa

        ts.

        That said - there are relatively strong supporting arguments for knocking out systems being used in a DDoS - amongst which being that it's a virtually guaranteed way of getting the attention of those who own the box and maybe getting it actually fixed.

    7. Alan Brown Silver badge

      Re: NATO response

      "We are not fighting a military campaign but in-your-face organised crime gang who..."

      ...SHOULD be facing a bunch of guys dressed in black whilst carrying serious weaponry and kicking in their front door.

    8. File Not Found

      Re: NATO response

      You mean ‘imply’ not ‘infer’, so I haven’t bothered with the rest of your rant.

      1. AndyD 8-)₹

        Re: NATO response

        I do wonder if the bankers who profess total inability to track ransomware money might try a bit harder if faced by a squad of armed troops asking the questions.

  4. IGotOut
    Mushroom

    Is this the same NHS...

    ...that is proping up the huge military budget, because they can't be arsed to look after ex service personnel...or is that the homeless charities.....I forget.

    Maybe some of that crazy NATO budget should be spent on personal AFTER they have been dumped into the wider world, rather than blowing up perpetrators of a random unplanned attack..

    1. EvilDrSmith

      Re: Is this the same NHS...

      NATO budget rules mean that pensions for former military personnel count as defence expenditure

  5. IGotOut

    So....

    Does this mean we're going to bomb Isreal and the US then?

    1. Anonymous Coward
      Anonymous Coward

      Re: So....

      Why do you think we have a nuclear deterrent? Two reasons. China, USA.

      Might be three now with Russia getting shirty.

  6. Anonymous Coward
    Anonymous Coward

    What happens ...

    ... when they run out of False Flags and RADA can't supply any more Bad Actors ?

  7. Pascal Monett Silver badge

    "the idea of a military response to the software nasty"

    Great idea. Something bad happens, go shoot someone. I approve.

    Now, who exactly are you going to shoot, and how are you going to get in range to do so ?

    Because, if I'm not mistaken, NATO rolling over Russian borders (or Chinese, or whatever) with tanks and troops is not exactly going to improve the situation.

  8. 0laf Silver badge
    Mushroom

    And if the attack just so happens to come from some abitious scrote in Atlanta is POTUS happy for us to pop a few cruise missiles into an apartment block in the commercial district?

    I suspect most NATO hawks are happy to make this statement in the belief that they only get attacked from 'bad' countries. Plus if it's organisaed crime in a less organised state does that justify high explosives in a city?

    1. paulll

      "And if the attack just so happens to come from some abitious scrote in Atlanta is POTUS happy for us to pop a few cruise missiles into an apartment block in the commercial district?"

      Soooo... are we putting you down as, "for," or, "against?"

      1. 0laf Silver badge
        Mushroom

        who doesn't like fireworks?

  9. Mike 137 Silver badge

    "WannaCry ransomware attack on NHS..."

    Let's get this straight once and for all. It wasn't an attack on the NHS. It was an indescriminate self propagating attack engine that happened to find the NHS wide open to compromise (along with lots of other organisations world wide).

    1. Allonymous Coward

      Re: "WannaCry ransomware attack on NHS..."

      This. Also, "half" the NHS?

      If I wanted misleading clickbait tech news I'd be reading Ars Technica or Gartner or Rory Cellan-Jones or something.

      D-minus journo effort, must try harder.

  10. Aodhhan

    It's all in history

    As the left in Europe begin to move further left, the European leaders began to invest less and less money into their own militaries and NATO.

    The Soviet Union was gone and the trouble in the Middle East and Africa was far away. At least, this is what they believed.

    Over the years, only Canada, the UK and USA maintained their militaries to agreed standards. Although, during the Obama years, this level was barely met--even though the war in Afghanistan was at its worse.

    China, for all the punch lines they have become, aren't stupid. They've always been great at taking advantage of opponent weaknesses... and if you aren't China--you are an opponent.

    China figured out, the leaders in Europe spent their money on each other--enriching those who helped them get into power. If these leaders have to start rebuilding their military, they won't be able to continue to make themselves and their friends even wealthier than they already are. The same families are in power now in Europe, that have been in power for the past 20 years. This should tell you something. Especially when the middle and lower economic classes have remain stagnant--and it many instances, have become worse.

    Kids used to leave the house when they were 17-20 years old with a decent job. Now it's closer to 30--maybe.

    Today, look at the families in charge of each European nation parliament; not to mention party leadership.

    It's not much different than 20 years ago. Except things for everyone but them have become worse. China has become stronger, and Germany has become Putin's lap cat.

    The left screams about the corruption of the right. As if this would even be possible, since the left has owned all the power for 20+ years.

    Today, people still listen to the left--as if they are the ones to follow, because the left has lied and use their friends to hide the truth. It's a sad state in Europe.

    The UK started to see this a few years ago, and has started change. It's funny... look at how those who were in power, resisted the UK empowering it's people over the government.

    The only way a country is going to become stronger, is by ensuring the people have the power. The more power you give to the government, the more you want the government to take care of you, the weaker the people become.

    Free this, free that... is what imprisons you. It's what Communism is. The carrot of free things on the long end of a stick, that you never get to... because it's used by those in power to get you to jump through hoops.

    Europe may have free health care, but it's poor health care. Really good medical personnel move the USA for better wages, equipment and standards.

    All that is left, is the bottom of the medical pool, with a long waiting list. You wait weeks to find out the government will only do so much for you, before it tells you it's too expensive to treat you. You didn't think those in power with all the money, are going to let you take their cash away to treat your cancer, did you?

    1. Claverhouse Silver badge
      WTF?

      Re: It's all in history

      Oh God...

      1. TimMaher Bronze badge
        Facepalm

        Re: It's all in history

        I’m glad you said that.

        Not sure about any god being involved though.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's all in history

          It's surely the output from a bot that scans the Internet for rants and then just takes the second sentence from each one, joining them together. After 20 it considers the 'post' complete, posts it and moves on.

    2. Alan Brown Silver badge

      Re: It's all in history

      "China, for all the punch lines they have become, aren't stupid."

      That whooshing sound was the point flying above your head.

      China is so RIDDLED with attackable systems that it's used as the jumping off point for attacks on the world _BY_ the world and its dog (especially the Unicom network)

      Very few of the attacks coming FROM Chinese network space have actual honest to goodness Chinese origins and this is compounded by the same mentality that sees train crash carriages hastily buried in trenches complete with victims inside, or doctors reporting the beginnings of a Coronavirus outbreak arrested and charged with public order offences - public officials not only utterly refuse to acknowledge they have problems, they actively shoot the messengers, so things don't get fixed until there's a massive clusterfuck already in progress.

      Militaries tend to cooperate with each other on international basis' a lot more effectively than civil police groups do - even notional "enemies" do, mainly because they can't afford for mistakes to get out of control - which means that tracking down organised crime gangs would be a lot easier - and those gangs are a lot closer to home than you realise. Follow the money.

      Police investigation of "cyber" anything is getting better but they're hampered by the noxious habit of putting their hands up in the air and dropping it in the too-hard basket as soon as it crosses a border instead of seeing where the rabbit hole leads. (Bury St Edmonds in one case, and that only got enthusiasm because the twit in question targetted the police themselves)

      1. baud Bronze badge
        Black Helicopters

        Tinfoil hat mode ON

        > China is so RIDDLED with attackable systems that it's used as the jumping off point for attacks on the world _BY_ the world and its dog

        Perhaps the Chinese are leaving their network open so that they've got plausible deniability for any attack coming from their territory?

        Well, more likely they are just using compromised servers in other countries, just like everyone else.

  11. Anonymous Coward
    Anonymous Coward

    Plotting a path for WW3?

    Normalise military escalation in response to cyber attack. CHECK

    Normalise public acceptance of cyber attacks being attributed to foreign states, merely because they were launched from a server hosted there. CHECK

    Normalise critical national infrastructure being exposed to internet penetration due to cost saving measures. CHECK

    Normalise the perception that exposure of false reporting by mainstream media is "fake news". CHECK

  12. Claptrap314 Silver badge

    Strategic ambivalence

    Proportionate response only makes sense in a fairly narrow range of scenarios. The biggest problem with proportionate response is that it allows the adversary to control your level of response. It is quite easy to create a list of ways that one country can mess with another short of a military attack. The entire point of the term casus belli is that the justification for war need not be "proportionate". So, some minor member of nobility gets assassinated by a rebel faction & now the Austro-Hungarian Empier and Russia are at war. Or some French Diplomat asks a Prussian diplomat if they will carry out their promise for territorial accession & now the French are at war with the Prussians.

    What the general has stated is that "mere" attacks on the IT infrastructure will be treated just like anything else--a potential justification to strike back at a time and in a way that is chosen by NATO.

    Of course, attribution is a major problem. But spycraft has had to deal with such issues for millennia. They make the determination as best they can, and the base their responses on the reliability estimates of these determinations as well.

    1. MarkSitkowski

      Re: Strategic ambivalence

      "Proportionate response only makes sense in a fairly narrow range of scenarios..."

      We've found that the best proportionate response is an automated one: Our IDS analyses incoming queries and parses them to check for malicious content (no white/black lists - that's too last decade).

      When it finds nasty content, it looks up the ISP who owns the IP address and sends a report, quoting the log entry. The ISP then either removes the malware which sent the crap, or cancels the hacker's account.

      Best responses have been from Russian ISP's: "The user has been terminated..."

      1. Claptrap314 Silver badge
        Pint

        Re: Strategic ambivalence

        Dude--you gotta think of the screens. Put in a little warning before you drop one like that.

  13. mediabeing

    It was just too difficult for you to remind readers what the letters, 'NHS' stands for?

    Phooey.

  14. danbi
    Joke

    it's about time

    When is Microsoft being nuked?

  15. Strangelove

    There is an assumption here by many that all military action is large, missile and shooting stuff.

    It is not, and the range of military responses should be expanded to include both electromagnetic and cyber counterstrike capabilities as well. This in effect permits actions that would otherwise be illegal.

    77 Brigade may be well known, but other countries will have their more or less well advertised equivalent, and much as Russia can take itself off the internet before doing something very nasty, I am pretty sure at a push we can do similar too, though it may need more signatures.

  16. Anonymous Coward
    Anonymous Coward

    Nuke and pave

    IRL, as well as software. Future NATO RoE ? I suppose that this might be an effective deterrent.

    (scuttles off to find a prototype W76-2 "limited yield" warhead to lob at the scumbags responsible for Wannacry)

  17. Aussie Doc
    Pint

    Yeah, sure.

    Meanwhile at Beer O Clock in Oz, my customers think Cyber World is a Disney place in Cyberia.

    Cheers - been a long week.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020