From a recent story on fedscoop:
The U.S. military's top cyber warfare unit is working to develop weapons distinctly different from those used by the intelligence community. . . . [Cyber Command] is looking for tools that can be definitively traced back to the United States military, diverging from the ultra-stealth exploits often used at bureaus like the National Security Agency. . . . “In the intelligence community you never want to be caught, you want be low and slow, you never really want to be attributed. There’s a different paradigm from where you are at in the intelligence community," said [the leader of] the Department of Defense’s capability and tool development project within Cyber Command. "But there’s another space over here, where maybe you definitely want to be louder, where attribution is important to you and you actually want the adversary to know.” . . . .The development of “loud” offensive cyber tools, able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past.
Taking this requirement at face value raises a number of interesting issues:
a birthday gift!
- If the tool itself has to carry attribution markers identifying the United States as the perpetrator, how will we prevent Elbonia from scanning for those attribution markers and blocking artifacts with such markers from acting?
- How do we prevent Zendia (a third party) from usurping U.S. attribution markers and using them in its own cyber weapons, thereby falsely implicating the United States for such use?
- One can imagine technical answers to these questions. One obvious answer is that every cyber weapon used has to contain some kind of special code (a digital “Stars and Stripes” insignia specific to the instance of the weapon being used) embedded inside. To prevent Elbonia from scanning for it, the insignia is encrypted, but when the United States wants to claim responsibility, it provides the weapon-specific decryption key to Elbonia. But in that case, why not just call the Elbonian embassy and describe the circumstances of the attack with a high degree of specificity?
- Is enabling a national attribution marker required by the laws of war? Fighter planes and cruise missiles carry a U.S. insignia; soldiers wear U.S. uniforms. But bullets do not. Is a cyber weapon more like a platform or soldier, or more like a bullet?
- Perhaps the "loudness" of the new cyber weapons isn't a technical issue, or isn't just a technical issue. Could unique tactics and procedures be developed that would be part of "assured attribution"? Could such tactics and procedures continue to be effective?
I look forward to further explanations and developments.