StratCom Told of Cyberwar Posse Plans
You can almost hear Dirty Harry saying, “Go ahead. Make My Day.” That classic line captured the grudging respect some Americans have always felt for vigilante justice. The government isn’t doing enough, the argument goes, so we must take up the cudgel.
The latest version would not involve guns but distributed denial of service attacks using hundreds or thousands of computers linked together.
A network security expert has received emails proposing a cyber version of vigilante justice — thousands of computers would be linked together to strike back at those trying to cripple or destroy American computers. The networks would use distributed denial of service attacks — as the Russians did against Estonia and Georgia — to cripple those suspected of attacking our assets. The expert said he has informed Strategic Command of the effort, which raises disturbing policy issues. Since the computers would be on American soil and might well be used to attack computers on foreign soil they might be engaging in acts of war.
US policy on this subject is pretty vague, although we have said we might consider a cyber attack on our networks to be an act of war. But there are a lot of buts built in and no one has ever spelled out exactly what would legally constitute an “American” network or what level of damage would constitute an “attack.”
“The idea that civilians might respond because they don’t believe the government has responded correctly is a very dangerous situation to put ourselves in,” the security expert told me today. For example, when the Russians mounted their attack against Estonia, some 17 percent of the computers used in the attack were actually American machines that had been compromised, according to the expert. Given this complex web, would the US civilians be willing to launch counterattacks against machines located in the United States and owned by Americans? Or would they be willing to attack foreign machines and possibly create the impression that US forces were attacking a foreign computer network? That is the muddy and slippery slope this expert does not want to see his countrymen take.