From the NetSec mailing list...
June 6, 2010
Nato warns of strike against cyber attackers
Michael Smith and Peter Warren
NATO is considering the use of military force against enemies who launch
cyber attacks on its member states.
The move follows a series of Russian-linked hacking against Nato members and
warnings from intelligence services of the growing threat from China.
A team of Nato experts led by Madeleine Albright, the former US secretary of
state, has warned that the next attack on a Nato country �may well come down
a fibre-optic cable�.
A report by Albright�s group said that a cyber attack on the critical
infrastructure of a Nato country could equate to an armed attack, justifying
Article 5 is the cornerstone of the 1949 Nato charter, laying down that �an
armed attack� against one or more Nato countries �shall be considered an
attack against them all�.
It was the clause in the charter that was invoked following the September 11
attacks to justify the removal of the Taliban regime in Afghanistan.
Nato is now considering how severe the attack would have to be to justify
retaliation, what military force could be used and what targets would be
The organisation�s lawyers say that because the effect of a cyber attack can
be similar to an armed assault, there is no need to redraft existing
Eneken Tikk, a lawyer at Nato�s cyber defence centre in Estonia, said it
would be enough to invoke the mutual defence clause �if, for example, a
cyber attack on a country�s power networks or critical infrastructure
resulted in casualties and destruction comparable to a military attack�.
Nato heads of government are expected to discuss the potential use of
military force in response to cyber attacks at a summit in Lisbon in
November that will debate the alliance�s future. General Keith Alexander,
head of the newly created US cyber command, said last week there was a need
for �clear rules of engagement that say what we can stop�.
The concerns follow warnings from intelligence services across Europe that
computer-launched attacks from Russia and China are a mounting threat.
Russian hackers have been blamed for an attack against Estonia in April and
May of 2007 which crippled government, media and banking communications and
They also attacked Georgian computer systems during the August 2008 invasion
of the country, bringing down air defence networks and telecommunications
systems belonging to the president, the government and banks.
Alexander disclosed last week that a 2008 attack on the Pentagon�s systems,
believed to have been mounted by the Chinese, successfully broke through
into classified areas.
Britain�s Joint Intelligence Committee cautioned last year that Chinese-made
parts in the BT phone network could be used to bring down systems running
the country�s power and food supplies.
Some experts have warned that it is often hard to establish government
involvement. Many Russian attacks, for example, have been blamed on the
Russian mafia. The Kremlin has consistently refused to sign an international
treaty banning internet crime.
Obviously NATO is not concerned with proving the culprit of an attack an
albeit close to impossibility. Considering that many attackers
compromise so many machines, what's to stop someone from instigating. I
can see it coming now:
hping -S 188.8.131.52 -a 184.108.40.206 -p ++21 -w 6000
hping -S 220.127.116.11 -a 18.104.22.168 -p ++21 -w 6000
So NANOGer's, what will be the game plan when something like this
happens, will you be joining NATO and pulling fiber. I wonder when all
types of warm-fuzzy filtering will be drafted into networking: "Thou
shall re-read RFC4953 lest you want Predator strikes on your NAP