ZDNet report a update in NATO policy regarding cyber-defence:
Reflecting how all international conflicts now have some digital component, NATO has updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons.
The organisation's new cyber defence policy clarifies that a major digital attack on a member state could be covered by Article 5, the collective defence clause. That states that an attack against one member of NATO "shall be considered an attack against them all" and opens the way for members to take action against the aggressor - including the use of armed force - to restore security.
That NATO is updating its cyber defence strategy now shows how rapidly cyber warfare has jumped up the agenda. While defence strategies are usually expected to last a decade, its last cyber strategy was only published three years ago.
Related Stories
Ars Technica reports:
The Defense Advanced Research Projects Agency is preparing to kick off the Cyber Grand Challenge, a tournament that will pit 30 teams of security researchers from industry, academia, and "the larger security community" against each other in a capture-the-flag style battle of network warfare domination. The contest, which is designed to help DARPA identify the best in automated network and computer security defense systems, will culminate in a final battle to be held at the DEF CON security conference in Las Vegas in 2016.
The winning team of the tournament will take home a cash prize of $2 million. The second and third place teams will be awarded $1 million and $750,000, respectively.
"DARPA anticipates that the two-year Challenge and its culmination in an event synchronized with DEF CON will not only accelerate the development of capable, automated network defense systems, but also encourage the diverse communities now working on computer and network security issues in the public and private sectors to work together in new ways," an agency spokesperson said in an official statement on the event. "This dynamic is crucial if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses."
http://www.darpa.mil/NewsEvents/Releases/2014/06/03.aspx
For those interested in taking a crack at the $2 million jackpot, you can register a team through the challenge's "competitor portal."
An international operation involving law enforcement agencies and private sector companies is combating the threat from a type of malicious software (malware) used by criminals to steal from bank accounts. In the first project of its kind for a UK law enforcement agency, the National Crime Agency has brought together partners from the law enforcement and private sectors, including the FBI, Europol, BAE Systems Applied Intelligence, GCHQ, Dell SecureWorks, Kaspersky Lab and the German Federal Police (BKA) to jointly address the Shylock trojan.
As part of this activity, law enforcement agencies are taking action to disrupt the system which Shylock depends on to operate effectively. This comprises the seizure of servers which form the command and control system for the trojan, as well as taking control of the domains Shylock uses for communication between infected computers. This has been conducted from the operational centre at the European Cybercrime Centre (EC3) at Europol in The Hague. Investigators from the NCA, FBI, the Netherlands, Turkey and Italy gathered to coordinate action in their respective countries, in concert with counterparts in Germany, Poland and France.
Shylock - so called because its code contains excerpts from Shakespeare's Merchant of Venice - has infected at least 30,000 computers running Microsoft Windows worldwide. Intelligence suggests that Shylock has targeted the UK more than any other country, although the suspected developers are based elsewhere. The NCA is therefore coordinating international action against this form of malware.
Symantect describe the Trojan here, although this assessment was made in 2011 and the number of infections is significantly lower than the current estimates stated above.
(Score: 4, Insightful) by Runaway1956 on Saturday July 05 2014, @05:42PM
If some snot nosed script kiddie hacks my computer, I can respond with my Colt .45? Seems about right - he screws up some electrons, I get to shoot him dead.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 05 2014, @06:32PM
This means that one second after the new policy took effect, France and the UK launched nukes at the source of the most severe cyber attacks against member states - Fort Meade, Maryland.
(Score: 3, Interesting) by AnonTechie on Saturday July 05 2014, @08:31PM
Seriously, what the hell does this mean ... is NATO going to attack some country because some teenagers (or, script kiddies if you prefer) managed to exploit a vulnerability ??
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 1) by Ethanol-fueled on Sunday July 06 2014, @02:59AM
It means that some big scary hacking event, like shutting down a city's power grid or causing floods or an explosion, will happen soon inside the United States.
Only the United States (or Mossad, assisted by information supplied by the United States) will have the knowledge and technical capability to pull it off, but it will be blamed on Russia or Islamic terrorists. Pre-prepared laws will be signed in haste by Republicans and Democrats, and as a result of that all who wish to connect to the internet must by law have a key which will identify them while all of their activity online will be monitored.
It will eventually lead to targeted killings based on operating a computer rather than actually committing terrorism.
(Score: 3, Interesting) by Rune of Doom on Sunday July 06 2014, @04:13AM
I'm not sure it will be quite as bad as Ethanol-fueled describes, but I think its definitely something along those lines. Basically, this is NATO saying, "We want it to be really easy to come up with a technically legal causus belli". Which slides into a pet nightmare of mine: consider all the government of the US has done without a formal Declaration of War. Now imagine how much power it would claim it had with one.
Of course, I do have to wonder if they've considered the flip side: just from what Snowden has exposed, the NSA (and thus the US) has probably committed Acts of War against damn near every state on the planet, and violated the NATO governing documents all to hell. It would be utterly hilarious if, a year or two from now, Germany or some other state uses this as an excuse to say, "We're out of NATO".
(Score: 1, Insightful) by Anonymous Coward on Saturday July 05 2014, @06:04PM
Once they figure out how to make cyber weapons scary enough - will we get to see an effective cyber retaliation to a real attack?
However this seems really backwards. There tends to be a lot of money in militarization. Especially with network security it should be doable and cheaper - so how about instead secure the internet and go for pacification?
Since this is not done one conclusion that can be drawn is that it is not about defense at all - but instead about ensuring offensive capabilities. Of course that's exactly what we were shown by Snowden's and similar revelations.
Another conclusion that this seems to suggest is that the secret services of the world are actively going to war against the worlds population. May I suggest that instead of playing that game we work towards proper and easy to use end to end encryption for all communications? Making a secure phone call or sending a secure mail should be at least as simple as an OTR chat. Unfortunately it's not.
I want to go back to thinking of conspiracy theorists as being nuts...
(Score: 3, Insightful) by tathra on Saturday July 05 2014, @08:23PM
just because they were right about one thing doesn't mean they're right about anything else. as the saying goes, "even a stopped clock is right twice a day". we did land on the moon, jews did not do 9/11, time is not cubed, and there is not a world-wide cabal of 'scientists' actively suppressing the true facts about the world with regard to geocentricism/the earth being flat/creationism/global warming.
(Score: 4, Insightful) by lx on Saturday July 05 2014, @07:15PM
So when do we start nuking Britain [spiegel.de] and the US [spiegel.de]?
(Score: 3, Interesting) by tathra on Saturday July 05 2014, @08:16PM
i think the whole world is currently set up for MAD, so that if any state-sponsored nukes go off, the world will be left uninhabitable. of course, the US especially has a track record of paying small extremist groups to do their dirty work for them (looking at you, Taliban), but it'd be really difficult to do that more than once or twice due to the risk and other factors involved, and it'd probably require finding a nuke on the black market since if they supplied the nuke themselves, it'd be possible to track it back, meaning that country would cease to exist.
(Score: 2, Interesting) by Ethanol-fueled on Sunday July 06 2014, @03:08AM
Not only that, but at least two nuclear-armed countries (first Israel and recently Russia, for example) have admitted that they will use the Samson Option, [wikipedia.org] which means that they will use nuclear weapons against aggressors beating them in conventional (where Nuclear, biological, or chemical WMD are not used by the enemy) warfare.
As terrible as it is, threatening the Samson Option is a good thing because it discourages conventional war as well as nuclear war. Then we can actually be civilized and resolve issues with actual dialogue.
(Score: 0) by Anonymous Coward on Monday July 07 2014, @05:44AM
Destroy the world because you're losing against one opponent? That is evil.
(Score: 1) by Ethanol-fueled on Monday July 07 2014, @10:53PM
No, the Samson option is not indiscriminately launching nukes everywhere (that is a common misconception), it is only using them against the entity that is attacking you.
(Score: 2, Insightful) by hendrikboom on Sunday July 06 2014, @03:37AM
Now if it were only possible to find out who the attackers are....