Leituras: Nação & Defesa nº 133, Cibersegurança

Em Utopia, liberdade e soberania no ciberespaço: o regresso do Leviatã são discutidos os desafios que o ciberespaço e o risco de ciberataques acarretam para a soberania do Estado e para a liberdade do cidadão. A utopia libertário-anárquica, que dominou nos primórdios da Internet, está progressivamente a dar lugar a mecanismos  de controlo e de afirmação da soberania estadual, nomeadamente através da criação de “fronteiras” no ciberespaço. Esta tendência, embora sob formas diferentes, pode detectar-se quer nos Estados autoritários, quer nas democracias liberais ocidentais. Encontra-se também na organização das forças armadas, através da criação de cibercomandos, e nas OIGs ligadas à segurança e defesa como a NATO, onde se passou a incluir ameaça de ciberataques no conceito estratégico.

EUA planeiam escudo contra ciberataques

The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.

An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.

Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.

"The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," said one internal Raytheon email, the text of which was seen by The Wall Street Journal. "Perfect Citizen is Big Brother." [...]

Ver notícia no Wall Street Journal

A ameaça a partir da Internet: Ciberguerra

Throughout history new technologies have revolutionised warfare, sometimes abruptly, sometimes only gradually: think of the chariot, gunpowder, aircraft, radar and nuclear fission. So it has been with information technology. Computers and the internet have transformed economies and given Western armies great advantages, such as the ability to send remotely piloted aircraft across the world to gather intelligence and attack targets. But the spread of digital technology comes at a cost: it exposes armies and societies to digital attack.

The threat is complex, multifaceted and potentially very dangerous. Modern societies are ever more reliant on computer systems linked to the internet, giving enemies more avenues of attack. If power stations, refineries, banks and air-traffic-control systems were brought down, people would lose their lives. Yet there are few, if any, rules in cyberspace of the kind that govern behaviour, even warfare, in other domains. As with nuclear- and conventional-arms control, big countries should start talking about how to reduce the threat from cyberwar, the aim being to restrict attacks before it is too late. [...]

Ver artigo em The Economist

‘Combatendo os ciber belicistas‘ in Wall Street Journal

A recent simulation of a devastating cyberattack on America was crying for a Bruce Willis lead: A series of mysterious attacks—probably sanctioned by China but traced to servers in the Russian city of Irkutsk—crippled much of the national infrastructure, including air traffic, financial markets and even basic email. If this was not bad enough, an unrelated electricity outage took down whatever remained of the already unplugged East Coast.

The simulation—funded by a number of major players in network security, organized by the Bipartisan Policy Center, a Washington-based think tank, and broadcast on CNN on a Saturday night—had an unexpected twist. The American government appeared incompetent, indecisive and confused (past government officials, including former Secretary of Homeland Security Michael Chertoff and former Deputy Secretary of State John Negroponte, were recruited to play this glamorous role on TV). "The U.S. is unprepared for cyberwar," the simulation's organizers grimly concluded.

The past few months have been packed with cyber-jingoism from former and current national security officials. Richard Clarke, a former cybersecurity adviser to two administrations, says in his new book that "cyberwar has already begun." Testifying in Congress in February, Mike McConnell, former head of the National Security Agency, argued that "if we went to war today in a cyberwar, we would lose." Speaking in late April, Director of Central Intelligence Leon Panetta said that "the next Pearl Harbor is likely to be a cyberattacking going after our grid."

The murky nature of recent attacks on Google—in which someone tricked a Google employee into opening a malicious link that eventually allowed intruders to access parts of Google's password-managing software, potentially compromising the security of several Chinese human rights activists—has only added to public fears. If the world's most innovative technology company cannot protect its computers from such digital aggression, what can we expect from the bureaucratic chimera that is the Department of Homeland Security? [...]

Ver notícia integral no Wall Street Journal

Leituras: ‘Networks and Netwars. The Future of Terror, Crime, and Militancy‘ de John Arquilla e David Ronfeldt

Iraque: a ciberguerra que não chegou a ser

por John Markoff e Tom Shanker

It would have been the most far-reaching case of computer sabotage in history. In 2003, the Pentagon and American intelligence agencies made plans for a cyberattack to freeze billions of dollars in the bank accounts of Saddam Hussein and cripple his government’s financial system before the United States invaded Iraq. He would have no money for war supplies. No money to pay troops.

“We knew we could pull it off — we had the tools,” said one senior official who worked at the Pentagon when the highly classified plan was developed.

But the attack never got the green light. Bush administration officials worried that the effects would not be limited to Iraq but would instead create worldwide financial havoc, spreading across the Middle East to Europe and perhaps to the United States.

Fears of such collateral damage are at the heart of the debate as the Obama administration and its Pentagon leadership struggle to develop rules and tactics for carrying out attacks in cyberspace.

While the Bush administration seriously studied computer-network attacks, the Obama administration is the first to elevate cybersecurity — both defending American computer networks and attacking those of adversaries — to the level of a White House director, whose appointment is expected in coming weeks.

But senior White House officials remain so concerned about the risks of unintended harm to civilians and damage to civilian infrastructure in an attack on computer networks that they decline any official comment on the topic. And senior Defense Department officials and military officers directly involved in planning for the Pentagon’s new “cybercommand” acknowledge that the risk of collateral damage is one of their chief concerns.

“We are deeply concerned about the second- and third-order effects of certain types of computer network operations, as well as about laws of war that require attacks be proportional to the threat,” said one senior officer.

This officer, who like others spoke on the condition of anonymity because of the classified nature of the work, also acknowledged that these concerns had restrained the military from carrying out a number of proposed missions. “In some ways, we are self-deterred today because we really haven’t answered that yet in the world of cyber,” the officer said.

In interviews over recent weeks, a number of current and retired White House officials, Pentagon civilians and military officers disclosed details of classified missions — some only considered and some put into action — that illustrate why this issue is so difficult.

Although the digital attack on Iraq’s financial system was not carried out, the American military and its partners in the intelligence agencies did receive approval to cripple Iraq’s military and government communications systems in the early hours of the war in 2003. And that attack did produce collateral damage.

Besides blowing up cellphone towers and communications grids, the offensive included electronic jamming and digital attacks against Iraq’s telephone networks. American officials also contacted international communications companies that provided satellite phone and cellphone coverage to Iraq to alert them to possible jamming and to ask their assistance in turning off certain channels.

Officials now acknowledge that the communications offensive temporarily disrupted telephone service in countries around Iraq that shared its cellphone and satellite telephone systems. That limited damage was deemed acceptable by the Bush administration.

Another such event took place in the late 1990s, according to a former military researcher. The American military attacked a Serbian telecommunications network and accidentally affected the Intelsat satellite communications system, whose service was hampered for several days.

These missions, which remain highly classified, are being scrutinized today as the Obama administration and the Pentagon move into new arenas of cyberoperations. Few details have been reported previously; mention of the proposal for a digital offensive against Iraq’s financial and banking systems appeared with little notice on Newsmax.com, a news Web site, in 2003.

The government concerns evoke those at the dawn of the nuclear era, when questions of military effectiveness, legality and morality were raised about radiation spreading to civilians far beyond any zone of combat.

“If you don’t know the consequences of a counterstrike against innocent third parties, it makes it very difficult to authorize one,” said James Lewis, a cyberwarfare specialist at the Center for Strategic and International Studies in Washington.

But some military strategists argue that these uncertainties have led to excess caution on the part of Pentagon planners.

“Policy makers are tremendously sensitive to collateral damage by virtual weapons, but not nearly sensitive enough to damage by kinetic” — conventional — “weapons,” said John Arquilla, an expert in military strategy at the Naval Postgraduate School in Monterey, Calif. “The cyberwarriors are held back by extremely restrictive rules of engagement.”

Despite analogies that have been drawn between biological weapons and cyberweapons, Mr. Arquilla argues that “cyberweapons are disruptive and not destructive.”

That view is challenged by some legal and technical experts.

“It’s virtually certain that there will be unintended consequences,” said Herbert Lin, a senior scientist at the National Research Council and author of a recent report on offensive cyberwarfare. “If you don’t know what a computer you attack is doing, you could do something bad.”

Mark Seiden, a Silicon Valley computer security specialist who was a co-author of the National Research Council report, said, “The chances are very high that you will inevitably hit civilian targets — the worst-case scenario is taking out a hospital which is sharing a network with some other agency.”

And while such attacks are unlikely to leave smoking craters, electronic attacks on communications networks and data centers could have broader, life-threatening consequences where power grids and critical infrastructure like water treatment plants are increasingly controlled by computer networks.

Over the centuries, rules governing combat have been drawn together in customary practice as well as official legal documents, like the Geneva Conventions and the United Nations Charter. These laws govern when it is legitimate to go to war, and set rules for how any conflict may be waged.

Two traditional military limits now are being applied to cyberwar: proportionality, which is a rule that, in layman’s terms, argues that if you slap me, I cannot blow up your house; and collateral damage, which requires militaries to limit civilian deaths and injuries.

“Cyberwar is problematic from the point of view of the laws of war,” said Jack L. Goldsmith, a professor at Harvard Law School. “The U.N. Charter basically says that a nation cannot use force against the territorial integrity or political independence of any other nation. But what kinds of cyberattacks count as force is a hard question, because force is not clearly defined.”

http://www.nytimes.com/2009/08/02/us/politics/02cyber.html?_r=2&scp=4&sq=irak%20war&st=cse

JPTF 2009/08/03