Feral Jundi

Sunday, December 18, 2011

Legal News: Congress Legalizes Cyber War

In language discussing the bill, conferees say that because there is no historical precedent for what constitutes traditional military activities in cyberspace, “it is necessary to affirm that such operations may be conducted pursuant to the same policy, principles and legal regimes that pertain to kinetic capabilities.”

This is big news, and historical. The rules and laws of kinetic war now apply to Cyber War, and this brings up all sorts of ideas. For example, will we see more Cyber Lance type activities?  Maybe a US special forces team combined with civilian hackers to locate and kill/capture enemy hackers or whomever?  Who knows, and who knows how these new rules will apply?

Perhaps we will see the same issues that have popped up for today’s modern wars. Especially with the hybrid of private and public forces in conflict. I say this, because the US does not have the monopoly on ‘hacking force’. If they want the best, they can try to develop that capability internally, but inevitably they will have to reach out to private companies or individuals that are experts in these fields and pay them to do it.

Here is one quote below that really perked me up. Check it out:

Since the military cannot afford to pay enough to recruit qualified software and Internet engineers for this sort of work, it has turned to commercial firms. There are already some out there, companies that are technically network security operations, but will also carry out offensive missions (often of questionable legality, but that has always been an aspect of the corporate security business.)
Some of these firms have quietly withdrawn from the Internet security business, gone dark, and apparently turned their efforts to the more lucrative task of creating Cyber War weapons for the Pentagon. It may have been one of these firms that created, or helped create, the Stuxnet worm.

I read this and thought, why not just fire up the Letter of Marque and Reprisal and give these firms the legal authority and protections necessary to take part in offensive operations?  The LoM is sitting right there in the War Powers clause in the US Constitution, and it just seems to me that we are missing the boat when it comes to doing this stuff. We could be legally authorizing the companies to steal funds and intellectual property from all sorts of enemies out there, and label these companies cyber privateers. (which if the military helped at all, would those commanders or the US be entitled to a cut? lol)

My other thought about all of this is when will we see a Cyber Weapon used in such a way as to actually kill like a real weapon?  And with this public/private partnership we will have, we could potentially see IT Security companies build these weapons, and possibly even launch it. Just imagine if Stuxnet actually caused deaths in some weapons plant or nuclear facility? That would definitely put the ‘War’ in Cyber War. Very interesting….-Matt 

 

America Legalizes Cyber War
December 18, 2011
The U.S. Congress approved a new law on December 14th that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war, also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war).
The U.S. Department of Defense has long advocated going on the offensive against criminal gangs and foreign governments that seek (and often succeed) to penetrate U.S. government and military Internet security, and steal information, or sabotage operations. Over the past year, and without much fanfare, the Department of Defense has been making preparations to do just that.

(more…)

Tuesday, May 31, 2011

Building Snowmobiles: The Cyber Lance

I want to thank Matt from Facebook for bringing up this quote from Starship Troopers. I found the movie clip of the quote and it clearly shows the weakness of cyber warfare. It shows why you must have a direct action/physical security component mixed with your cyber warfare/information operations unit.

The simple reason why is that all it takes for your enemies to ruin your ‘hacking’ ventures, is for them to kill your hacker and physically destroy his equipment. To ‘throw a knife into the hand of the guy that pushes the buttons’, to paraphrase the quote up top.

Or worse, that hacker could be tortured and key information could be extracted in order to conduct a larger attack. The value of what that hacker knows (a nation or company’s secrets), or what they know how to do (hacking a nation or company), makes them a high value target.

In other words, today’s freelance hacker or even government/military hacker, is a highly valuable asset to a nation or a company. That highly valuable asset must be defended, and have a highly evolved physical and cyber offensive capability in order to compete and survive in today’s world.

So in order to deal with this new reality I have developed and defined a new term that I wanted to share with the readership. Enter the ‘cyber lance’.

Basically, a cyber lance is a combined arms team within a privateer company or military unit. Or it could be an outsourced team. The lance part comes from the french term Lances fournies, or ‘lances fournished’. Here is the definition from wikipedia.

The Lances fournies (French: “lances furnished”) was a medieval army squad that would have surrounded a knight in battle, consisting of a four to ten man team built of squires, men-at-arms (usually mounted swordsmen), archers, attendants (pages) and the knight himself. These units formed companies under a captain either as mercenary bands or in the retinue of wealthy nobles and royalty.
A Lance was usually led and raised by a knight in the service of his liege, yet it is not uncommon in certain periods to have a less privileged man, such as a sergeants-at-arms, lead a lance. More powerful knights, also known as a knight bannerets, could field multiple lances.

And of course the cyber is used to refer to anything to do with the internet or computing. I particularly like this etymology of cyber from wikipedia:

By the 1970s, the Control Data Corporation (CDC) sold the “Cyber” range of supercomputers, establishing the word cyber- as synonymous with computing. Robert Trappl credits William Gibson and his novel Neuromancer with triggering a “cyber- prefix flood” in the 1980s.

What’s cool about a cyber lance, is that a company can actually define it’s size to a client. They can say ‘we have 20 cyber lances’ or ‘cyber lancers’ (whatever sounds better to the user)
The other reason why I like the cyber lance concept, is that it mixes physical security with cyber security. It also mixes physical offense, with the cyber offense.  You must have one with the other as the world of cyber warfare continues to evolve. The cyber lance defines that combined arms group of hackers and shooters. The way I envision it, it could be as simple as a protective detail assigned to a hacker, or as involved as a special forces type team that does both the protection of a hacker, and conducts offensive operations based upon the information gained by that hacker. It is a fusion of the cyber and the physical, and all the potential actions that can come out of that combination.
I also like the etymology of lance corporal.  If you have ever served in the Marines, you more than likely were a ‘Lance Corporal”. Although the lance part refers to lancepesade.

From the Italian lanzia spezzata, which literally means “broken lance” or “broken spear”, but which was used to denote a seasoned soldier (the broken spear being a metaphor for combat experience, where such an occurrence was likely).

Or if you have ever heard of the term ‘free-lance photographer’ or ‘free-lancer‘ (etymology- medieval mercenary warrior) , then now you know the origins of the term. I think it works pretty nicely for cyber lance. So to me, cyber lance makes perfect sense in the context of what I am talking about here.
The cyber lance is also flexible in it’s usage. They could be all military units, or a  private cyber lance contracted out to the government or companies. A cyber privateer or cyber pirate company would have several groups of cyber lances as an organizational idea. Each cyber lance is just a unit or term to describe this hardened ‘hacker team with teeth’. It also goes back to the idea of combined arms, or mutually supporting groups within a unit. This concept is very much a part of the building snowmobiles mindset.

Combined arms is an approach to warfare which seeks to integrate different branches of a military to achieve mutually complementary effects (for example, using infantry and armor in an urban environment, where one supports the other, or both support each other). Combined arms doctrine contrasts with segregated arms where each military unit is composed of only one type of soldier or weapon system. Segregated arms is the traditional method of unit/force organisation, employed to provide maximum unit cohesion and concentration of force in a given weapon or unit type.

A cyber lance also promotes the idea of ‘team’, as opposed to an individual.  I believe cells or teams are far more capable for the attack and defense, as opposed to just an individual. The security of a nation or company, or the prosecution of that nation or company’s best interest would best be placed into the hands of a team, as opposed to just one individual.  Primarily because teams would actually have the ‘teeth’ necessary to capture or kill ‘individuals’, or defend against an attacking force. A cyber lance could also be attacked by a cyber lance, or a group of cyber lances that would make up a cyber privateer company.

Another key component of the cyber lance is it’s ability to work within the borders of another country or navigate the complexities of the commons called cyber space. A small team can be surgical and have a light foot print.  It also falls in line with the concepts of netwar, and offense industry which was a past building snowmobiles post.
Finally, as hackers become more valuable and more capable, it will be of national interest to protect these assets. The cyber lance could very well be the next chapter or paragraph in the world of combined arms and cyber warfare. It will also take the combination of the hacker’s mind and the tactical and strategic thinking of a special operations team to think of all the ways a cyber lance could be used for the defense or offense. The end result could lead to the destruction of a nation’s key national security assets, or the preservation of a nation’s vital national security assets. That is what makes a cyber lance a very important and lethal building snowmobiles concept. –Matt

Powered by WordPress