- Registration time
- Last login
- Online time
- 976 Hour
- Reading permission
Is it better to fight fire with fire, or just use a great big missile? |
When it comes to nation state responses to cyber-attacks, the answer appears to be both.
While the British government said this week that it is developing cyber-weapons to respond to debilitating attacks on critical national infrastructure, such as the electricity grid, the Pentagon says it may use traditional "kinetic" hardware to respond to such incursions.
The UK Ministry of Defence says cyber-weapons will soon be an integral part of the UK military's arsenal.
The Government Communications Headquarters (GCHQ) in Cheltenham, the successor to the second world war code-breaking and intelligence centre at Bletchley Park, are in the vanguard of agencies developing these smart cyber-weapons, says the MoD.
But in the US, a far more aggressive approach is expected to be outlined in a cyberwar strategy document due for publication next month - doubtless fuelled by the online attacks on major US businesses like Mastercard and PayPal in 2010 and on aerospace contractor Lockheed Martin in the past week.
Act of war
According to details leaked to The Wall Street Journal, the Pentagon is planning to treat any form of computer sabotage aimed at critical civilian or military infrastructure as an act of war and will respond accordingly.
A Pentagon official told the newspaper: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
The rationale seems to be that orchestrating an attack on a power grid would be hard to pull off without nation state support - and nation states make pretty big targets.
But proving who is responsible for a cyberattack is far from easy.
As New Scientist reported in 2009, it is easy to disguise the source of a cyberattack by spoofing internet packet source addresses.
That means the smokestack being targeted by the Pentagon could actually be in an innocent country.
Or as lawyer Charles Williamson of the US air force in Europe put it in our 2009 report: "If Hamas hijacked a server in the US to attack Israel, could Israel hit the US server?"
Unfortunately, he said, there is no cut-and-dried answer in international law.
Even the effectiveness of defensive and offensive cyber-weapons could be problematic.
The UK government is particularly bad at managing IT-related projects, even by the standards of other developed nations, notes Ross Anderson, a computer security engineer at Cambridge University.
"Don't expect any magic answers," he says.
1 June 2011.