Leaked Obama brief reveals US cyber defense, offense policy The Obama administration has told government agencies to compile a list of potential targets for offensive cyberwarfare actions, where such actions could benefit the interests of the United States, a leaked report reveals. President Obama signed off on Presidential Policy Directive 20 last November, but its full contents have …
Strangely, given their Liberal background, The Guardian has always been a leading light for the US haters. Sometimes it was so extreme as to be senseless, including their infamous celebration of the assassination of Abraham Lincoln! Considering how Lincoln abolished slavery it seems ludicrous that The Guardian's take on his death was "Of his rule, we can never speak except as a series of acts abhorrent to every true notion of constitutional right and human liberty ..." Their rather bizarre selection of causes to support over the years has included the Communists in the Spanish Civil War, establishment of the State of Israel in 1948, yet bitterly opposing the introduction of the National Health Service in the UK. It seems they are just too addicted to being sensationalisticly anti.
Re: On the whole, the directive requires the US government to conduct OCEO and DCEO only in ways consistent with the US Constitution and applicable United States and international laws – "and, as applicable, the law of armed conflict."
That's OK, then. In related news, they will also be supporting the new program allowing pedophiles to pair up with kids 'consistent with keeping children safe'.
OMG. Is there ever going to be anything outrageous enough to get a rise out of the public?
... in all my years of network security related work (that's over a third of a century, for those of you not paying attention), I have NEVER met a manager who uses the term "cyber" seriously who has any clue whatsoever about how the actual system works. It's a buzzword that self-selects people who can be safely ignored. Handy flag, that.
This post has been deleted by its author
Agreed - it's a damn useful shibboleth.
Anyone who applies the prefix "cyber"1 to anything other than cybernetics is demonstrating at least a failure of comprehension and a lack of technical sophistication, and probably an inability to think critically.2 And the "cybernetics" exemption only applies to those who can demonstrate an understanding of Norbert Wiener's work.
(Disclosure: I had an article in the special issue of Works and Days that carried the subtitle "The Geography of Cyberspace". In my defense, I did not choose the subtitle, and I was young and needed the CV line.)
1Or, worse, uses it as a freestanding term; that should be a flogging offense.
2Double points off for "cyborg", unless citing the work of Clynes and Klein, Halacy, Caidin, or Haraway; and then it should be accompanied by disclaimer, and preferably an observation on the infelicity of the term. (All organisms are cybernetic, in that they self-regulate using feedback mechanisms, so the term is a tautology if taken literally, and just dumb if taken in the sense coined by Clynes and Klein. And "Cyborg Manifesto" is probably Haraway's weakest work.)
"Would "Offensive Cyber Effects Operations" also qualify?"
Not generally, because done properly the originator can't be proved, and going to war with made up evidence now has a very bad name.
But if electronic attacks aren't an act of war, this means it is opening up new "cold war" opportunities between nations, and better still, almost everybody can come to this party. And this new cold war includes proxy fighting, and proxy targeting (eg take a European nation's financial sector off line, implicate the real target, then when the US want to act against the target, they get a more receptive hearing).
Personally I'd think the Yanks would be better off putting the resource into defending their own infrastructure and working out better tracing of attacks,rather than wasting their time trying to find ways of turning off the fridges in Tehran.
The revelations about the NSA having backdoors into most major US internet companies has been likened to getting caught with your pants down.
Having an active plan to develop and launch cyber attacks, along with various sources who claim they do this all the time already - that's like getting caught with your pants down, cock in hand, with a box of tissues and an array of embarrassingly deviant reading material in front of you.
No, most governments have "active" plans for all kinds of contingencies, this one just happens to be about electronic warfare instead of the physical world. Would you rather governments NOT have active plans to develop and launch cyber attacks? I'm hoping my government has all kinds of such plans and they are regularly evaluated and updated as threats emerge or wane.
that's like getting caught with your pants down, cock in hand
This is the public posture which the US Federal government has always preferred: viz Manifest Destiny, the Opening of Japan, the war on Communism, and so forth. It may have taken Teddy R. to coin the phrase, but our unofficial motto has ever been "We have a Big Stick".
These latest revelations are perfectly in keeping with this policy. The Feds love to say "no one else should do this, but we may"; it's a demonstration of power. Individual figures in the Federal government may on occasion be embarrassed, but the institution as a whole is immune to that condition.
The combined internet has progressed to a "real" landscape, where just about everything and anyone in the physical world has a "presence". With the added advantage that you do not have to travel at all to "reach" a particular place or person. Where there are checkpoints, walls or doors in place, their actual quality in keeping unwanted eyes out varies, and there have always been people who have made it a career to sneak by such obstacles, for several sets of reasons.
Unless you've been living under a rock, it's really hard to not realise that the more the internet resembles the physical world, the more it will be subject to actions equivalent to the real world, including crime, (counter)intelligence, and indeed warfare. No nation state can afford to not engage in activities in these areas, as it would not only leave a nation extremely vulnerable, but it would also mean that if they ignore this arena they are essentially failing in the duty of protecting their citizens.
So the US has proper protocols in place to conduct "cyberwarfare". Whoop-te-doo! Amazing, Mike! The US intelligence agency has ways of getting their data from the Source, and actually shares the relevant bits with it's allies. Oh shocker! It's not as if the US has not had a fat finger in world politics and (counter)intelligence since the post WW II pen-and-paper era. I would be really, really, shocked if the US had not been engaging in the same activities in the "cyber" landscape. After all, no-one else would be so dastardly to try this.. [/sarcasm]
But you don't think it's a tad hypocritical to keep complaining about the Chinese hacking for military secrets and commercial gain, when you know that your own country is doing exactly the same, and you've even signed the documents to authorize it?
I can only imagine the smirk on Xi Jinping's face when Obama raises the subject at the summit, as he claimed he would before all this erupted.
"Funny, these things are leaked to the press right before the US negotiates at the highest level with the chinese about these things."
Here's the thing.
If you're going to play the "moral high ground" card in international affairs ("We don't do this sort of thing, that's only authoritarian Godless Commies (TM) that do this sort of thing") you'd better either a) Not be doing them
b)Not leave the evidence around for someone to find.
Otherwise be honest and admit it. The US is no better in this regard than China.
Running around like a headless chicken when the proverbial shit hits the fan is. So yes, it makes sense to have plans in case war breaks out.
Thus, I do not find it at all surprising that there are plans in place for both defensive and offensive action. What is a problem is their constant data gathering on everything. Adding more data to a pool indiscriminately is like wall-of-death fishing: you catch and kill all sorts of stuff you did not intend to. I also do not buy the argument that they have "advanced data-mining algorithms". Data mining is a fancy word for pattern recognition in big data. To stay in the parlance of mining, let data be the ore, and information be the metal you want to extract. As the percentage of metal in the ore becomes lower, it makes less and less sense to extract the ore from the ground in the first place, unless the metal is very very precious. Even then, it is possible to be sidetracked by things that look like the metal, but aren't. Fool's gold (iron pyrite) springs to mind.
Likewise, if you gather data about everybody, looking for a minute percentage of people that actually hate the US sufficiently to do it real harm, the chances are false positive rates will skyrocket. This is a very real danger. It is much better to gather information in a far more directed manner, instead of implicitly suspecting everybody of ill will (which in itself seems to be a self-fulfilling mode of action).
As I have said over and over again: adding hay does not make finding needles easier. In mining parlance, there may be gold in them there hills, but it is better to drive a well-chosen shaft than indiscriminately removing the whole range of hills from the face of the earth, and sifting through tons of worthless rubble.
Given that the earlier leaks were about the far more dangerous data snooping, a cynic (who? me?!), might think this leak is there to distract from the more dangerous issues.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
