. "4 An Intelligence Community Perspective on Cyberattack and Cyberexploitation." Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities. Washington, DC: The National Academies Press, 2009.
The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
An election is to be held in Zendia, and the predicted margin of victory between the favored and disfavored parties is relatively small. This election will be the first Zendian election to use electronic voting, and the Zendian election authorities have obtained electronic voting machines to administer this election from Ruritania. U.S. intelligence operatives intercept the CD-ROM containing a software update from the Ruritanian vendor en route to Zendia, and substitute a new CD-ROM in the package containing the original update plus additional functionality that will tilt the election toward the favored party.
A disfavored party is in power in Zendia, and the U.S. government wishes to weaken it. U.S intelligence operatives conduct a cyberattack against the Zendian Social Services Agency by compromising employees of the agency, using the USB flash drive technique described above. Obtaining access to the Social Services Agency databases, the United States corrupts the pension records of many millions of people in the country. In the next election, the disfavored ruling party is voted out of office because of the scandal that resulted.7
Two traditionally adversarial nations are armed with nuclear weapons, and the United States has been conducting intelligence collection operations against these nations for many years. Through a mix of human and technical means, it has been successful in learning about cyber vulnerabilities in the nuclear command and control networks of each nation. During a crisis between the two nations in which both sides have launched conventional kinetic attacks against the other side’s territory and armed forces, nuclear confrontation between them is imminent. The U.S. government makes a decision to corrupt the transmission of any nuclear launch orders transmitted through those networks in order to prevent their use.8
Zendia is an authoritarian nation that recognizes the value of the Internet to its economy, but as an instrument of political control, it actively censors certain kinds of Internet content (e.g., negative stories about the Zendian government in the foreign press) for its population. Its censor-
7
This scenario is based on the Japanese election in 2007, in which the ruling party lost resoundingly. Many analysts attributed the loss to the fact that the Japanese Social Insurance Agency was revealed to have lost pension records for 50 million people. Although no evidence suggests that cyberattacks played any role in this scandal, it is easy to see how in an age of increasingly automated records, such attacks might well have such a large-scale effect. See Pino Cazzaniga, “Election Defeat Marks Abe’s Political Future,” AsiaNews.it, July 30, 2007, available at http://www.asianews.it/index.php?l=en&art=9962.
8
In 1996, a scenario with many similar elements involving India and Pakistan was proposed by John Sheehan, then-commander-in-chief of the U.S. Atlantic Command. See Bradley Graham, “Cyberwar: A New Weapon Awaits a Set of Rules,” Washington Post, July 8, 1998, p. A1.
