US cyber strategy legalises espionage on friends and foes alike

Associated Press runs the story on the fresh information about US cyber-warfare strategy.

For example there’s the legalised continuation of espionage of friends and enemies alike by the US. Whilst most other countries have the decency to at least vehemently deny any such actions, the US decided to proudly, and - at least based on the AP article - publicly, declare it.


As an example, the new White House guidelines would allow the military to transmit computer code to another country’s network to test the route and make sure connections work - much like using satellites to take pictures of a location to scout out missile sites or other military capabilities.

The digital code would be passive and could not include a virus or worm that could be triggered to do harm at a later date. But if the U.S. ever got involved in a conflict with that country, the code would have mapped out a path for any offensive cyberattack to take, if approved by the president.

And of course there’s the question of routing your counter-attacks through a number of hops. Not sure why you’d do that when you’re publicly countering an act of war. Unless, of course, it’s not really an act of war and all you are doing is espionage.


Important questions linger about the role of neutral countries.[…]

That issue was clear during the cyberattack against Estonia in 2007 that used thousands of infected computers to cripple dozens of government and corporate websites.

Estonia has blamed Russia for the attack. But, according to Robert Giesler, the Pentagon’s former director of information operations, 17 percent of the computers that attacked Estonia were in the United States. He said the question is: Did the Estonians have the right to attack the U.S. in response, and what responsibility did the U.S. bear?

Under the new Pentagon guidelines, it would be unacceptable to deliberately route a cyberattack through another country if that nation has not given permission - much like U.S. fighter jets need permission to fly through another nation’s airspace.

Which brings up an interesting point: which neutral country would allow themselves to be the final stepping stone in a counter-attack? There’s all the “Chinese government hacked this” and “Chinese government hacked that” “facts” based solely on the IP address of the final stepping-stone. The attacked country will assume that the up-until-then neutral country is attacking them. And the conflict spreads. Interesting times ahead.