Let’s Put Real War In To Cyberwar

Thursday, April 19, 2012

Joel Harding


So my mind began spinning up…   uh, oh.  You know trouble is brewing whenever I start thinking.  Just ask my students…

Why isn’t cybersecurity effective?  Because we’ve already admitted defeat.  Here, here and here.

Way back when dinosaurs were still walking the earth (or so it seems), I was an infantry officer.  This was after many years as a Special Forces enlisted soldier on an ODA, so I was a wee bit more motivated than most 2LTs.

One of the sayings we always repeated was ‘in the absence of orders, attack.’  I feel badly for my poor first Platoon Sergeant, he retired about eight months after I took over. 

I ran the heck out of him. On every training exercise I always said something like “Attack.  Take that hill!”  Of course we’d fire and maneuver and beat the heck out of our poor bodies and arrive at the top of the hill bloody, exhausted and drenched in sweat. 

After a while, here would come my poor Platoon Sergeant, dragging his rifle on the ground saying “I’m too old for this stuff” (obscenities artfully edited).  But I tell you, these guys were good.  I’m sure the whole Soviet intelligence apparatus were quaking in fear at the thought of taking on my platoon… well, that’s how we felt! But I digress.

What I’m trying to say, is that currently hackers have nothing to fear.  The most that can happen is their computer might be confiscated, they might spend a few cozy months languishing in some minimum security prison, and then get recruited into an offensively oriented corporation or even into the military upon their release. 

I mean, what kind of “carrot and stick” strategy do we have that is all carrot and no stick?

How about a little “active defense”?  I’m not talking about the ‘active defense‘ waged against the Zapatistas in 1998, which the attorneys judged this tactic to be offensive in nature, and therefore illegal. 

I’m talking about a tiny little 250 pound, metal encased, kinetic type explosive, laser guided munition that would put a little fear into any little punk attacking a US website.  Permanently.  That might make a potential script kiddie rethink his lifestyle sometime down the road, don’t you think?

Attribution, you say?  Well… let’s wait for that one perfect test case where we know the little punk has his fingers on the keyboard and then worry about the collateral damage…  Illegal?  Oh come on.  Cyber punk is stealing Intellectual Property worth perhaps billions to some countries and you’re worried about removing this parasite?

Well…  okay.  My fantasy is over.  But please, before you read your next blog, think how effectively the message would resonate throughout the illegal hacker community if one of these little festering bugs was ‘accidentally’ squashed.

…or don’t.  Just ‘leak’ a rumor that we did… and yes, I am for hire.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Legal Cyber Security Cyber Crime Attacks hackers Information Security Infosec Cyber Offense Attribution
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.