June 8, 2013
Caitlin Hayden, spokesperson for the National Security Council (NSC) announced the President Obama signed a directive that calls for the national security and intelligence agencies to create a list of potential cyber targets for the development of offensive cyber operations.
Hayden’s statement read: “This directive will establish principles and processes that can enable more effective planning, development and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action.”
This week, Obama responded to the revelation in the mainstream media that the National Security Agency (NSA) was collecting data on all Americans under the guise of discovering terroristic plots.
Obama said that this “modest encroachment on privacy . . . helps us prevent terrorist attacks.”
According to the president Americans must accept this “trade-off” that creates balance between privacy and safety. He said: “Nobody is listening to your telephone calls. That’s not what this program is about. In the abstract you can complain about Big Brother and how this is a potential program run amok, but when you actually look at the details, I think we’ve struck the right balance. There are trade-offs involved.”
In defense of unnecessary government surveillance on all Americans, Obama said: “You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience. We’re going to have to make some choices as a society.”
In 2012 Obama signed a secret policy directive that gives the military complete control over the internet should the US come under a cyber attack. Being called Presidential Policy Directive 20, the alleged document (being classified) is a guideline that explains how specific federal agencies will be empowered by the Obama administration to intercept online “breaches of security” – including hacking and other digital attacks.
This document assures that the US government is taking the offensive and proactive approach to digital security where network defense is recognized as operations designed to ensure defense of national security. Whether it mean shutting down main servers or local computers that have been identified as targets, a complete shutdown of internet access (although it requires cybersecurity legislation) would not be out of the realm of possibility.
The military’s role in cybersecurity with regard to digital attacks will be to ensure US digital information, data, and privacy be protected. This new responsibility with be worked in conjunction with law enforcement network defenses that are being used to para-militarizing the web using cyber units.
In the Obama cybersecurity executive order is a compromise by the administration offered to those concerned about Big Brother controls invading US citizen’s privacy on the Web. One concession outlined is the sharing of internet traffic information by the US government and private sector corporations involving critical infrastructure and electrical grid. Social media companies would not be held under the same mandate.
Department of Homeland Security (DHS) Secretary Janet Napolitano, will be given the sole power of oversight to reference top-secret intelligence reports only known to her to bases identification of cyberthreats and individual targets.
Napolitano conveyed concern about the possibility of “attacks on our nation’s control systems — the control systems that operate our utilities, our water plants, our pipelines, our financial institutions.”
In October of last year, DHS began combining resources to create a digital militia that will come to the aid of the US government to protect against cyber threats. Their focus will be all digital government infrastructures, industry, academia and any cyber “emergencies” that may manifest without warning.
Telecommunications corporations are mandated to report “sensitive information” to DHS and provide tat to establish patterns of internet behavior to be deciphered by federal surveillance agencies.
The NATO Co-operative Cyber Defense Center of Excellence (CCDC) has written the Tallinn manual defining international law with regard to cyber-attack perpetrated by a government and how they contribute to military retaliation.
The purpose of the CCDC is to work with NATO; as well as “academia and the private sector.” They are an international military organization (IMO) who has entertained General Keith Alexander, commander of US CYBERCOM and the director of the National Security Agency (NSA) to deliver speeches at conferences held at the CCDC.
Alexander said the Central Security Service and the Department of Defense (DoD) are collaborating to collect international intelligence for the purpose of developing a “national security information system” directed toward protecting national infrastructure.
In the manual, the CCDC defines cyber-attack as “reasonably expected to cause injury or death to persons or damage or destruction to objects.”
A cyberwar is conducted with an expectation of causing physical harm, according to the CCDC.
The manual was authored by an “international group of experts: consisting of British lawyers and retired military personnel. There is a strong admonishment toward using cyber-attacks against citizens, hospitals, nuclear power stations and damns. It is expected that should a cyber-attack befall one of these than it would result in tremendous loss of life and be retaliated with “military objectives.”
Cyber-attacks can incur a drastic response from governments; including the use of conventional weapons. The manual explains that hacktivists will be classified as legitimate targets, even though they are technically citizens.
A hacktivist is defined as “a private citizen who on his or her own initiative engages in hacking for, inter alia, ideological, political, religious, or patriotic reasons.”
The manual states: “An act of direct participation in hostilities by civilians renders them liable to be attacked, by cyber or other lawful means.”
The crude definition of whether or not a hacktivist is engaging in “direct participation in hostilities” and become a target was stated as: “”Consider the example of an individual hacktivist who has, over the course of one month, conducted seven cyber-attacks against the enemy’s command and control system. By the first view the hacktivist was only targetable while conducting each attack. By the second he was targetable for the entire month. Moreover in the absence of a clear indication that the hacktivist was no longer engaging in such attacks, he or she would have remained targetable beyond that period.”
Indeed, it is expected that physical wars will be fought over “cyber operations alone might have the potential to cross the threshold of international armed conflict” and hacktivists would be expected to become targets because of their participation in online attacks.
This includes denial-of-service site crashes that are a favorite of hacktivists. The manual authorizes a nation to impose “proportionate counter-measures” to mitigate hacktivist’s attacks and use actual force when necessary.
CYBERCOM was created by the DoD to combine “military missions” and “cyberspace operations . . . [to] conduct full spectrum military cyberspace operations.”
The DoD cyber-soldiers are trained in “managing information, securing information, and ensuring our ability to operate.” Because of hacktivist attacks, the advantage must be had by the US Military.