US cyber warfare plans

NY Times:

When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.

When President George W. Bush ordered new ways to slow Iran’s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program — its results still unclear — to bore into their computers and undermine the project.

And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country’s power stations, telecommunications and aviation systems, or freeze the financial markets — in an effort to build better defenses against such attacks, as well as a new generation of online weapons.

Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.

Thousands of daily attacks on federal and private computer systems in the United States — many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls — have prompted the Obama administration to review American strategy.

President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks.

But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities.

Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons.

The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a “botnet” — a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled — before it could be unleashed in the United States.

Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy’s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers.

...
The key to getting to the botnets is to be able to plow back through the zombie computers they use to launch attacks. I have suggested tracker programs that could reach back and then destroy the computers that are attacking us. It sounds like our people have something like that already developed or planned. I think the principal should be something like the HARM anti radar missiles that destroy enemy radar as soon as it is turned on.

As far as the malicious chips go, the US already has experience with those kind of devices going back to the 1980s when Bill Casey's CIA arranged to have the Soviets "steal" some hardware designed to malfunction under their use.

The article is pretty long. The Times used a team of reporters to compile the information for the story. It discusses some of the nightmare scenarios envisioned by those who plan defensive efforts.

I think the most important area of focus should be on tracking back through the zombie systems to the perps. It would be an internet radar system that would provide a return address in the case of an attack.

Comments

Popular posts from this blog

Should Republicans go ahead and add Supreme Court Justices to head off Democrats

29 % of companies say they are unlikely to keep insurance after Obamacare

Is the F-35 obsolete?