When the Director of CSIS calls for kinetic responses to cyberattacks, we should all sit up and take note. We should also all be very concerned. The proposed rules of engagement in this article include:The United States can and will use all elements of state power to effectively defend the homeland against any threat, in any domain. The Department of Defense stated a version of this policy in the context of integrated deterrence, but it is worth a high-level official saying it again. The official should point out that U.S. policy refuses to target civilian critical infrastructure, so a proportional response to a cyberattack on our critical infrastructure would be serious and likely include economic or military measures.The article directly calls out the challenges of attribution and understanding of intent, but defaults to a retaliatory stance for reasons that are, in my opinion, deeply hypothetical—especially the hand-wavy claim that "AI" is going to make these threats more dangerous. There is absolutely no evidence for that claim.
The cyberwar might be here, but every day the intelligence community and military make de-escalatory choices about how to respond to these attacks. I contend we're better off for them doing so.
www.lawfaremedia.org/article/the-united-states-needs-a-new-way-to-think-about-cyber
Conversation
Notices
-
Embed this notice
Taggart :donor: (mttaggart@infosec.town)'s status on Tuesday, 30-Jan-2024 02:12:52 JST 
Taggart :donor:
-
Embed this notice
Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:23 JST 
Marcus Hutchins :verified:
@bontchev @mttaggart You're assuming that all intel operators are A tier, and that they're trying their best to hide. This was during a time when Russia was sending operatives into Ukraine to stir up trouble and having them "disguise" themselves by removing the name badges on their standard issue RU military uniforms.
-
Embed this notice
VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:24 JST 
VessOnSecurity
@malwaretech @mttaggart It was a *very* sloppy job. If they were pros and wanted to *disguise* a destructive attack as ransomware, they would have made a real ransomware and just not deliver the keys once ransom was paid.
No, it was some retarded guy patching incompetently known ransomware. And only part of it; there was also a different, file-encrypting part that wasn't destructive - meaning you could decrypt, if you had the key. The only explanation for both parts to exist (i.e., it was neither obviously destructive, nor real ransomware) is that whoever did it, didn't know what they were doing.
-
Embed this notice
Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:27 JST
Marcus Hutchins :verified:
@bontchev @mttaggart I don't think NotPetya was cyber criminals, I think it was directly deployed by RU intelligence, they only tried to make it look like Petya so it'd just seem like ransomware gone wrong.
-
Embed this notice
VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:28 JST
VessOnSecurity
@malwaretech @mttaggart Maybe but the official narrative is still "North Korea unleashed WannaCry" and "NotPetya was the work of the Russian intelligence agencies".
Neither of which is true or, more exactly, the truth is much more nuanced than this.
The WannaCry case was pretty close to the hypothetical scenario I described (except some British security researcher prevented it from causing major damage to the USA 😀 ) and NotPetya was the Russian intel agencies giving the tools and access to some retarded cyber criminals, along with the general direction to "cause grief to Ukraine" and then not bothering to supervise the operation because, hey, it's the Russians we're talking about.
Maybe someone with better access to classified info in the US intel community does know better (e.g., they were careful enough to say that "the Russian intel agencies are *responsible* for NotPetya" - which is true - and not that they actually did it) but they never bothered to correct the official narrative, so we don't know for sure that this is the case.
Mistakes are very easy to make in this area and I dread to think what the results will be if the generals' first thought is to look for the "nuke 'em" button every time somebody port scans their secretary's PC...
-
Embed this notice
Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:29 JST
Marcus Hutchins :verified:
@bontchev @mttaggart WannaCry did cause billions in damages and still didn't result in a kinetic response. Also I can assure you the kind of attribution they are doing before a serious response is not "oh look, it came from a computer in China".
-
Embed this notice
VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:31 JST
VessOnSecurity
@malwaretech @mttaggart Let us consider an, ahem, hypothetical scenario.
North Korea sends a bunch of kids to study in China and tells them "make X mount of dollars annually for the Party or else".
Kid starts writing a ransomworm. In mid-development, worm escapes, gets to the USA, and due to a lack of any kill switches in it, causes billions of dollars of damage. Worm's origin is traced to China.
Was this an attack? Did China attack the USA? Did North Korea? Was it an operation of the North Korean government? Should the USA nuke either or both of these countries?
-
Embed this notice
VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:32 JST
VessOnSecurity
@malwaretech @mttaggart I agree with the general sentiment - when your country is attacked, no matter how, you respond appropriately and proportionally, no matter how.
The thing I have a problem with is trusting a bunch of bureaucrats with military ranks to determine correctly that (a) it was an attack, (b) who attacked them, and (c) what exactly "appropriately and proportionally" is in this case.
-
Embed this notice
Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:33 JST
Marcus Hutchins :verified:
@mttaggart As far as I'm aware there has never been any policy that cyber attacks are treated as fundamentally different to kinetic ones. A lot of the public have this idea in their head that cyber should only be responded to with cyber, but that has never been the case. There is absolutely no difference between a cyber attack on, say, a power grid, and blowing up substations. Both the intent and effect is the same, the means by which the attack is orchestrated literally does not matter at all.
The entire idea of "cyber war" is logically incoherent nonsense imo.
-
Embed this notice
All GNU social JP content and data are available under the