Skip navigation

Category Archives: CNA

The Great DDoS Is A Shot Across The Bow

A massive DDoS against Dyn DNS today that made it difficult for large portions of the East Coast to access many popular websites (Twitter, Reddit and Spotify, to name a few), is very likely a warning shot fired by a state actor.  With the general election just around the corner, is this a sign of things to come?

CIA Overtly Preparing Cyber Strike – Is This the New Deterrence?

The CIA is apparently preparing for a cyber operation intended to embarrass Russia in retaliation for Russian hacking of US political targets.  This is the next logical step after publicly attributing the hacks to Russia, but one has to wonder if this is the proper way to implement deterrence in the cyber realm.  The principles of Mutually Assured Destruction are every bit as relevant today as during the Cold War, but if the US is going to start meeting tit  for tat, I expect NSA and CYBERCOM to start aggressively ramping up their recruitment efforts.

SIPRnet Outage == Rogue Drone Strikes?

It has recently come to light that the SIPRnet infrastructure at Creech Air Force Base crashed on September 9th, but where the story gets interesting is that, in the subsequent couple of weeks, US drone strikes in various locales resulted in a LOT of collateral damage, from civilian casualities to full-on attacks against US-aligned Syrian rebels.  Creech Air Force Base is located in Nevada and most of the drone strikes around the globe are controlled from its dimly-lit command center, so there is definitely room for a theory that there is a correlation between the crash and the “rogue” drone strikes.  An upcoming “surprise” security audit (pentest) might reveal some answers, but it is unlikely that that answer will ever be unclassified. Very interesting, regardless.

Hacking Back – A Frontier Dispute?

A recent article on DefenseOne has suggested that companies who are breached by attributable actors can ethically and legally hack back in retaliation, citing a 1984 lawsuit between the United States and Nicaragua. Based upon a skirmish in an unclaimed area of Antarctica, it was determined that no one would be held liable over ‘frontier disputes’, since no one has territorial claim to the area.

Apparently, since cyberconflicts happen in terra incognita, as long as no physical property is destroyed, retaliation for breaches are legal.  I suppose that any data is fair game, but if you start bricking devices or blowing up gas pipelines (like in 1982), you’re gonna have a bad time.

German CNO Unit Fights Without Fighting in Afghanistan

It was recently revealed that, following the kidnapping of a German aid worker working in Afghanistan, the Bundeswehr conducted a cyber operation to compromise an Afghan cell phone provider.

Commando units stood by, ready to storm the location of the kidnapped aid worker and mount a rescue operation, but it proved unnecessary; by hacking the cell phone network (in my opinion, likely an SS7-based attack), Bundeswehr personnel were able to compromise the phones of the kidnappers and monitor their conversations, eventually (correctly) concluding that the kidnappers would make good on their promise to release the hostage, once a ransom was paid.

Cyber-enabled kinetic operations are certainly not new, but the ability to fight without fighting is an interesting aspect not often considered. CNA enables CNE, which may be all that it necessary to finish the fight.

NATO to extend Article 5 protection to include cyber attacks

NATO’s Article 5 has traditionally been a provision that allows for any member state to invoke a collective military response to any land, air or sea military attack against their nation.  Effectively, an attack on one is an attack on all, and this rule played a large role in keeping the peace during the Cold War, with the USSR having its own version within the Warsaw Pact.

In June of this year, NATO stated that cyber attacks are now included under Article 5, allowing for a cyber attack on any member state to receive a collective kinetic military response. Hillary Clinton has made similar statements on the campaign trail, indicating that cyber attacks should be treated like any other attack.

What remains to be seen are any sort of solid guidelines for determining what qualifies as an attack and what qualifies simply as traditional espionage.  The differentiation between Computer Network Attack (CNA) and Computer Network Exploitation (CNE) are used within the US Government, but many aspects of each overlap.

The rules are in-place, but a precedent must be set before any type of true deterrence can come into play.