Tag Archives: sovereign territory

When Is Electronic Espionage an ‘Act of War?”

Is the U.S. engaged in a “cyber war?” 

Until recently the identity of the perpetrators of cyber-attacks against U.S. networks, infrastructure and the military were clouded in suspicion and not spoken of out loud.  There has been much speculation about cyber war or a cyber-Pearl Harbor, but no official declaration of what constitutes cyber war or naming of names, until now. 

In March, General Keith Alexander, speaking before Congress, and in May, Secretary of Defense Leon Panetta, during an interview with ABC News, outwardly named China as the main perpetrator and identified criteria for defining cyber war.  General Alexander, the Director of NSA and CYBERCOM commander, stated, “China is stealing a ‘great deal’ of military-related intellectual property from the United States and was responsible for last year’s attacks against cyber security company RSA . . . .”[1] Secretary of Defense Panetta said, “Well, there’s no question that if a cyber attack, you know, crippled our power grid in this country, took down our financial systems, took down our government systems, that that would constitute an act of war.”[2]

Over the last year the Department of Homeland Security (DHS) has voiced their concern over the vulnerability of our critical infrastructure, oil and gas refineries, electric grids and nuclear reactors, to potential cyber-attacks. If you are not fully convinced of the threat, consider the “Shady RAT (remote access tool)” report by McAfee wherein they identify companies and governments which recently discovered that hackers have been in their networks for the last five or six years undetected.[3]

One might conclude that a clear picture is emerging, but is it? 

During the Cold War, when government secrets were stolen, it was treated as espionage or spying.  Remember all of the spies tried for espionage: Aldrich Ames, Robert Hansen, the shoot down of Gary Powers and the U2 spy plane over the USSR.  What if a nation placed “sleeper cells” in its adversary’s country ready to attack critical infrastructure if a war broke?  Would this be considered spying and part of the “cat and mouse” game or grounds for a retaliatory strike?

Does the fact that these activities can now be accomplished electronically from the safety and comfort of your own nation change the playing field?  At the time, we probably considered the flights of the U2 relatively safe since it flew above the threat zone of anti-aircraft guns.  Does stealing terabytes of military secrets or planting logic bombs in critical infrastructure (to be launched in a moments’ notice to disable the infrastructure) cross the line from espionage to war or an “act of aggression?”  

This and many similar scenarios are now the new normal and must be defined as nations and the international community grapple with technology and current and future capabilities.  Where should the line be drawn?  Do we just accept, that an adversary, via computers, can now access and potentially steal, manipulate, or destroy information and functionality, or should nations aggressively draw the line now and openly retaliate in protest?

Obviously, as Secretary of Defense Panetta stated, if you disrupt critical infrastructure, deny critical communications, or blind a military defense system, the line has likely been crossed.  Certainly defacing a website does not even come close to being an act of war or aggression.  What about stealing terabytes of military secrets to later be used to disable your adversary’s defenses?  Possibly!  For now the line will be defined by the reactions of various nations faced with cyber-attacks.  If a nation does nothing or retaliates with a similar attack, e.g. theft for theft, then a line has been drawn and a precedent set.

A similar problem is the issue regarding Iran and nuclear weapons.  Is Iran’s pursuit of nuclear weapons and statements attributed to them about annihilating Israel and the West enough provocation to take aggressive action to prevent them from obtaining a bomb?  Clearly no one wants to escalate the situation but most agree something must be done before it is too late.  Similarly, in the cyber arena, all interested parties are reacting very cautiously in their response to cyber-attacks, likely to avoid escalation and the setting of precedence. 

In the Estonian and the Georgian conflicts the reaction was to block, clean up, and speculate about who may have launched the attacks and only the media claimed cyber war.  Not until recently has one nation, e.g. the U.S., been so vocal about who is using cyber espionage and attacks to invade and plague their networks.

[1] NSA Chief: China Behind RSA Attacks, J. Nicholas Hoover, Information Week Government (Mar. 27, 2012) http://www.informationweek.com/news/government/security/232700341.

[2] Leon Panetta: A Crippling Cyber Attack Would Be ‘Act of War’, Jake Tapper, ABC News (May 27, 2012) http://abcnews.go.com/blogs/politics/2012/05/leon-panetta-a-crippling-cyber-attack-would-be-act-of-war/.

[3] McAfee: Operation Shady RAT, http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf.

Fox News Exclusive: WikiLeaks

Many interesting issues are raised in the scenario contemplated in a recent Fox News Exclusive titled, “WikiLeaks to move servers offshore, sources say.”  I am interested since I am quoted numerous times about international law issues; but regardless, this topic could raise some interesting discussion.

The issue is similar to the concept of Sealand, the man-made platform off the coast of England whose owners claim it belongs to no nation and they are their own sovereign territory.  At one time Havenco placed a server farm on Sealand and offered server space.  The only restriction in the terms of service was no child porn.  Anyone could rent server space and keep anything, other than child porn, on the servers regardless of the data’s legality, e.g. copyrighted material, terrorist info, data related to various criminal activity such as stolen info, money laundering, etc.  It seems the server farm went out of business at some point in the early 2000’s, but that is not confirmed.

Placing servers in international territory, let’s say on a ship in international waters, raises some interesting legal questions, especially international law, when a nation feels it needs to seize or prevent whatever activity is occurring on those servers.  In some regards this situation may be easier, legally speaking.  If the server owners claim no law controls their actions, well then, what law can they cite to that would prevent a nation from taking action, especially if the nation believes their national security is threatened?  If the server owners claim to be citizens of a particular nation then that nation’s laws apply to them and they may potentially be captured and extradited, or just snatched up out of international waters by the offended nation.  It gets trickier when you have a nation that has no laws to criminalize the activity.  This was the case with the creator of the “I Love You” virus.  The Philippines could not prosecute since they had no law criminalizing the activity.

Many very interesting issues to consider and discuss.  Anyway, here is a link to the Fox News article:   “WikiLeaks to move servers offshore, sources say”.  Enjoy and I would love to hear your comments.