[LINK] U.S. Plans for Cyber Warfare

Chirgwin, Richard Richard.Chirgwin@informa.com.au
Wed, 12 Feb 2003 07:52:58 +1000


Tom,
>As an example disabling a civilian power station or 
>dam via the Internet could be a war crime.
I thought, "even Wired couldn't write anything so silly", so I re-read the
story. 

I think the planners are well enough across the game to realise that such an
attack is only feasible IF the target is a host that's actually connected to
the Internet. They aren't, yet, and I fervently hope they never will be.
America is probably the only country in the world that so far presents a
significant target in this fashion.

I didn't ask permission to attribute this information, which came in an
interview this week with a second tier telco. But the answer to "how many
Internet-based utility control systems are there in Australia" was "none".
[There are some **private** IP networks carrying control data. But I don't
mean "Internet VPNs", I mean "I own the network, I run IP, and it doesn't
have an Internet gateway."]

The Wired article certainly suggests electronic-based attacks. But if you
want to get into (say) a sewage plant in Queensland, you have to do it by
old-fashioned wardialling - find a modem, login, and manipulate the target
system directly.

It's not hard to imagine that all those covert communications-gathering
systems have given the spooks a reasonable idea of how to contact a power
station's control computer; but it won't happen by the Pentagon grabbing a
handy script-kiddie and asking him to port-scan the Iraqi address space
until he finds the controls for the electricity grid!

Now, why do I beat this drum so frequently? Because: by allowing the urban
myth of "ruin the grid over the Internet" to take hold, we invite greater
surveillance and control of Internet-based communications. I note that the
Queensland sewage case is frequently and regularly cited in "Internet
threat" presentations, news reports and so on; even though it isn't true...

Richard Chirgwin
> -----Original Message-----
> From: Tom Worthington [mailto:tomw2@ozemail.com.au]
> Sent: Monday, 10 February 2003 11:38
> To: Brenda Aynsley; link
> Subject: Re: [LINK] U.S. Plans for Cyber Warfare 
> Importance: Low
> 
> 
> At 8/02/03 10:13, Brenda Aynsley wrote:
> >FYI ... U.S. Plans for Cyber Warfare 08:50 AM Feb. 07, 2003 PT... 
> >WASHINGTON -- President Bush has ordered the government to draw up 
> >guidelines for electronic attacks against enemy computer networks... 
> >http://www.wired.com/news/conflict/0,2100,57591,00.html?tw=wn_ascii
> 
> These guidelines would need to take into account Protocol 1, 
> Additional to 
> the Geneva Conventions, 1977, PART IV: CIVILIAN POPULATION" 
> <http://www.icrc.org/IHL.nsf/4e473c7bc8854f2ec12563f60039c738/
4bebd9920ae0aeaec12563cd0051dc9e?OpenDocument> 
which requires parties to a conflict to direct operations only against 
military objectives. As an example disabling a civilian power station or 
dam via the Internet could be a war crime.

Also the "Rules concerning the Control of Wireless Telegraphy in Time of 
War and Air Warfare", December 1922 - February 1923, might be interpreted 
as applying to the Internet:

"Article 1. In time of war, the operation of wireless stations continues to 
be organized, so far as possible, in such manner as not to interfere with 
the service of other wireless stations. This rule does not apply to the 
wireless stations of the enemy." 
<http://www.icrc.org/IHL.nsf/51b22df69e39d9d3c12563cd00587b41/6104f6a4c2566d
24c12563cd00518358?OpenDocument>



Tom Worthington FACS tom.worthington@tomw.net.au Ph: 0419 496150
Director, Tomw Communications Pty Ltd ABN: 17 088 714 309
http://www.tomw.net.au PO Box 13, Belconnen ACT 2617  

_______________________________________________
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link