SecurityArchitecture.comOld security issues keep coming up
In an otherwise unremarkable Washington Post article about the Department of Defense’s plan to create a “cyber-command” run out of the Pentagon, a couple of points raised in the article demonstrate the persistence of some information assurance themes about both data integrity and the legal and ethical aspects of cyber warfare.
In the article by Post staff writer Ellen Nakashima, U.S. Strategic Commander General Kevin P. Chilton’s concern about maintaining the integrity of mission-critical information is quoted: “So I put out an order on my computer that says I want all my forces to go left, and when they receive it, it says, ‘Go right.’ . . . I’d want to defend against that.” This is a simple example of the data integrity problem known as “Byzantine failure,” a topic of great interest to us and one that underlies some of our ongoing research into integrity assertions.
The article also mentions a recent report from the National Research Council that called for a national policy on cyber attack to address, among other things, the legal and otherwise defensible bases upon which a military sort of response to a cyber attack would be justified. As Nakashima puts it, “If a foreign country flew a reconnaissance plane over the United States and took pictures, for instance, the United States would reserve the right to shoot it down in U.S. airspace, experts said. But if that same country sent malicious code into a military network, what should the response be?” The general legal line of thinking follows the Computer Security Act and the PATRIOT Act to essentially give the U.S. the right to defend itself from attack, even if that means responding in kind against an online adversary. The ethical implications of such a presumed stance are not at all clear, especially given the frequent use of secondary servers and compromised hosts to launch attacks. If an intrusion or attack is detected and traced to a source at a university, or a hospital, or a government data center, disabling the apparent attacker, even when technically feasible, may not always be the right thing to do.
