August 15, 2011, 3:49 PM — The U.S. military command has decided the online world is the fifth domain in which to conduct warfare – in addition to land, sea air, land and space. Seventh if you include Congressional budget hearings; eighth is you include the global media.
According to its own admissions and the evaluation of the non-partisan Government Accountability Office (GAO) – the SAT grading service for the federal government – the Pentagon has been trying and failing for 20 years to define, defend against and fight acts of cyberwar, but in so chaotic and fractious a fashion that the result is very little practical defense against hacks of any type.
Slate's Jeffrey Carr correctly pointed out Friday that the military can't even define what cyberwar or a cyberattack are, let alone how to defend against them.
The Pentagon announced a new cyberstrategy in early July. A week later even pro-military members of Congress were asking the Pentagon to clarify what the hell it was talking about.
One problem is the difficulty in differentiating between a cyberattack designed to destroy rather than those designed primarily for espionage. Another is differentiating between attacks on military command-and-control systems (which show commanders what's going on in the field and allow them to give orders) rather than those that run air traffic control, radar networks and other infrastructure, and attacks on military contractors that are designed for either destruction or to steal critical information about U.S. weapons systems.
Stuxnet, for example, was malware aimed specifically at the systems controlling centrifuges in Iranian nuclear-fuel processing centers. It infiltrated via Windows PCs, then messed with the controls of the centrifuges subtly, slowing down Iran's progress toward developing nuclear weapons.
Shady Rat isn't so much a persistent attack as five years worth of bad security, pathetic attempts at limiting the access foreign intelligence services have to military and government systems in the U.S. and a report giving a single nickname to the whole long fiasco, without specifically blaming the most likely state sponsors of the attack: China, with a little Russian opportunism thrown in, according to many analysts.