On
another blog which doesn't allow comments, Gary Warner from the "University of Alabama at Birmingham", posts some quite sensible stuff about cyberwar.
However, as usual, I have some nits to pick and, as he doesn't allow comments ... (I'd also note that I am basing my comments on a UK MoD understanding of the International Law of Armed Conflict, so US military law, their UCMJ, may vary.)
Civilian Infrastructure Attacks
Declaration: "A direct attack on a civilian infrastructure that caused damage, even loss of life of civilians, would, I think, be a war crime." - Professor Daniel Ryan, National Defense University
Response: Didn't the United States blow up electrical plants, television and radio stations, bridges, roads, runways, and water treatment plants during the two Iraq Wars? Were those war crimes, too? Professor Ryan? We have to use a consistent definition. If its not a war crime to attack civilian infrastructure kinetically, why is it a war crime to do so electronically
Attacks on some civilian infrastructure are automatically war crimes: nuclear plants, dams and "cultural property". Attacks on some others are illegal in most circumstances: hospitals and religious sites come under this category. Although, if you are attacked from them, you can retaliate.
Attacks on other civilian infrastructure are subject to the "proportionality test". What military benefit do you achieve? If the enemy are using the local mobile phone network to organise their operations, then you could definitely make a case for blowing it up. Despite the impact on civilians. Identical comments apply to his example under "Electrical Grid Targeting".
Ninety-Five Percent?
Declaration: "Computers don't always have signs over them that say, 'I'm a military target' [or] 'I'm a civilian target,' " says Harvard's Goldsmith. "Also, the two things are intermixed. Ninety to 95 percent of U.S. military and intelligence communications travel over private networks."
Response: The Department of Defense has more than 7 million computers. I don't know how Army works, but I know the Navy Marine Corps Internet was at one time the largest private Intranet on the entire planet. The US Army has maintained a stand-alone Intranet since at least 2001, and has repeatedly had headlines about it being the largest stand-alone network in the world. Soldiers don't call down an airstrike and then update their Facebook pages and do a little online banking as the implication seems to infer.
All I'd say is "you'd be surprised!" Okay, they'll not use the same systems (SIPRNet isn't internet connected, NIPRNet is and the terminals are separate devices, even if you might have both of them, and a Coalition network terminal, on your desk) but there is a surprising mixing of comms links etc. And the IP address assignments will probably all be in the DoD or RFC1918 address spaces ... Anecdata: I've been on Google chat, under mortar fire in Baghdad, and trying to convince Clydesdale Bank to transfer money via internet banking under rocket attack in Basra.