<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>You are comparing one private sector report to another. :)</div><div><br></div><div>In stuxnet and flame they appeared to be highly targeted initially, with the added nuisance that whoever created them grossly overestimated their ability to contain its spread and not allow it to escape into the wild.<br><br>As for china, there is plenty of added evidence of targeted attacks from there, including against civil society groups and religious organizations that it peoscribes, chinese people prosecuted internationally for espionage etc. The mandiant report was nothing particularly new from the standpoint of knowing that china does this. The interesting part there was tracing and exposing specific individuals.</div><div><br>--srs (iPad)</div><div><br>On 24-Mar-2013, at 7:12, Diego Rafael Canabarro <<a href="mailto:diegocanabarro@gmail.com">diegocanabarro@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div>Is the Mandiant Report your authoritative source? A firm interested in selling solutions for "cyber defense"? All the reports related to the Stuxnet from Symantec, Kaspersky Labs, etc. they all point out to the fact that Stuxnet, Flame and others spread through computers not "aimed" as targets. Specially in the case of Flame, loads of banks were affected. <div>
<br></div><div>Who to trust?<br><div><div><br></div><div><div><br><div class="gmail_quote">On Sat, Mar 23, 2013 at 9:35 PM, Suresh Ramasubramanian <span dir="ltr"><<a href="mailto:suresh@hserus.net" target="_blank">suresh@hserus.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Do you have evidence to the contrary, that the USA has actually targeted civilian facilities for cyberwarfare, diego? Or else this becomes the classic "prove that you don't beat your wife" conundrum.<br>
<br>As for china a substantial part of their local crackers engage in everything from industrial espionage to creating fake accounts on Facebook to artificially pump up the 'likes' for a product's Facebook page. This, from teams at least nominally employed by the Chinese army for their own espionage and warfare.</div>
<div><br></div><div><a href="http://www.thedailybeast.com/articles/2013/02/19/this-is-how-china-hacks-america-inside-the-mandiant-report.html" target="_blank">http://www.thedailybeast.com/articles/2013/02/19/this-is-how-china-hacks-america-inside-the-mandiant-report.html</a></div>
<div><br>--srs (iPad)</div><div><div class="h5"><div><br>On 24-Mar-2013, at 3:42, Diego Rafael Canabarro <<a href="mailto:diegocanabarro@gmail.com" target="_blank">diegocanabarro@gmail.com</a>> wrote:<br><br></div>
<blockquote type="cite">
<div>Just to add to that, I attach you one of the best articles in my humble opinion. Mostly, because it is one of the few that enters the technicalities of cyberspace to show how disguised are responses to cyber things.<div>
<br>
</div><div>There's also one thing that pisses me off.</div><div>When China allegedly hacks the US, that's evil. When the US performs actions against countries in the Middle East, it is part of the good old salvation! </div>
<div><br></div><div>It is interesting to observe some commentators: the difference between the two countries would be that "the US only targets military facilities, and the bloody Chinese target civilian and military systems without distinction." Evidence for that? Private sector reports and public officials speeches. </div>
<div><br><div><br><div class="gmail_quote">On Sat, Mar 23, 2013 at 6:01 PM, Ian Peter <span dir="ltr"><<a href="mailto:ian.peter@ianpeter.com" target="_blank">ian.peter@ianpeter.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div style="font-size:12pt;font-family:'Calibri'">
<div>A few more links on this </div>
<div> </div>
<div><a title="http://www.ccdcoe.org/249.html" href="http://www.ccdcoe.org/249.html" target="_blank">http://www.ccdcoe.org/249.html</a> – the
full 215 page document can be read on line here (the main download site appears
to be jammed)</div>
<div> </div>
<div><a title="http://blogs.computerworld.com/cyberwarfare/21945/rules-cyberwarfare-manual-hacktivists-can-be-killed-hacking-pacemakers-may-be-ok" href="http://blogs.computerworld.com/cyberwarfare/21945/rules-cyberwarfare-manual-hacktivists-can-be-killed-hacking-pacemakers-may-be-ok" target="_blank">http://blogs.computerworld.com/cyberwarfare/21945/rules-cyberwarfare-manual-hacktivists-can-be-killed-hacking-pacemakers-may-be-ok</a>
– a blog that includes the suggestion that hacking pacemakers is probably
OK</div>
<div> </div>
<div><a title="http://www.smh.com.au/it-pro/security-it/first-cyber-war-manual-released-20130320-2gegk.html" href="http://www.smh.com.au/it-pro/security-it/first-cyber-war-manual-released-20130320-2gegk.html" target="_blank">http://www.smh.com.au/it-pro/security-it/first-cyber-war-manual-released-20130320-2gegk.html</a>
– a three day old pre publication review.</div>
<div> </div>
<div> </div>
<div style="font-size:small;font-style:normal;text-decoration:none;font-family:'Calibri';display:inline;font-weight:normal">
<div style="FONT:10pt tahoma">
<div><font size="3" face="Calibri"></font> </div>
<div style="BACKGROUND:#f5f5f5">
<div><b>From:</b> <a title="ian.peter@ianpeter.com" href="mailto:ian.peter@ianpeter.com" target="_blank">Ian Peter</a> </div>
<div><b>Sent:</b> Sunday, March 24, 2013 8:30 AM</div>
<div><b>To:</b> <a title="diegocanabarro@gmail.com" href="mailto:diegocanabarro@gmail.com" target="_blank">Diego Rafael Canabarro</a> ; <a title="governance@lists.igcaucus.org" href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a>
</div><div><div>
<div><b>Subject:</b> Re: [governance] Tallin Manual - a Cyber Warfare
convention?</div></div></div></div></div>
<div> </div></div><div><div>
<div style="font-size:small;font-style:normal;text-decoration:none;font-family:'Calibri';display:inline;font-weight:normal">
<div dir="ltr">
<div style="font-size:12pt;font-family:'Calibri'">
<div>Thanks for sharing that paper Diego – you raise some interesting and
important points.</div>
<div> </div>
<div>My own personal approach to this is cyber-quaker - all cyberwarfare is
immoral. However I appreciate and support interventions like those of the Red
Cross that suggest we try to at least stem the worst of behaviours in this sea
of immorality, and create some rules. </div>
<div> </div>
<div>Tallinn falls a long way short because it doesnt understand
cyber-infrastructure and its inter-connectedness. Lots of other reasons too, and
as Parminder points out this is the powerful voices and many more are not being
heard or considered. Not sure of the way forward here, but the Tallinn approach
involves significant human rights issues as you say.. </div>
<div> </div>
<div>Ian Peter</div>
<div style="font-size:small;font-style:normal;text-decoration:none;font-family:'Calibri';display:inline;font-weight:normal">
<div style="FONT:10pt tahoma">
<div> </div>
<div style="BACKGROUND:#f5f5f5">
<div><b>From:</b> <a title="diegocanabarro@gmail.com" href="mailto:diegocanabarro@gmail.com" target="_blank">Diego Rafael Canabarro</a> </div>
<div><b>Sent:</b> Sunday, March 24, 2013 5:32 AM</div>
<div><b>To:</b> <a title="governance@lists.igcaucus.org" href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a> ;
<a title="suresh@hserus.net" href="mailto:suresh@hserus.net" target="_blank">Suresh
Ramasubramanian</a> </div>
<div><b>Cc:</b> <a title="parminder@itforchange.net" href="mailto:parminder@itforchange.net" target="_blank">parminder</a> </div>
<div><b>Subject:</b> Re: [governance] Tallin Manual - a Cyber Warfare
convention?</div></div></div>
<div> </div></div>
<div style="font-size:small;font-style:normal;text-decoration:none;font-family:'Calibri';display:inline;font-weight:normal">
<div>I would like to share a paper which is be presented at the MPSA Annual
Convention. We aim at evaluating three widespread claims surrounding
cyberwarfare. And we briefly evaluate the case of Brazil. As it is a draft
paper, please, feel free to add to that as much as you deem necessary. (paper
attached) Intellectual production on the field is either overwhelmingly carried
by (or performed in replication of) reports of governmental and
intergovernmental agencies. </div>
<div> </div>
<div>Maybe the greatest task for civil society is to push a qualitative
discussion of the issue of agency on cyberspace, as well as of the real scope of
different sorts of activities. Technically and politically speaking.</div>
<div> </div>
<div>Despite of my strong disagreement with great part of the Tallin Report (and
with NATO approach as a whole), it is really important to have such discussions
conducted in an open manner. Specially because some of the tenets of
cybersecurity orthodoxy endanger loads of fundamental rights. </div>
<div> </div>
<div>
<div> </div>
<div class="gmail_quote">On Sat, Mar 23, 2013 at 12:53 PM, Suresh Ramasubramanian
<span dir="ltr"><<a href="mailto:suresh@hserus.net" target="_blank">suresh@hserus.net</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div>
<div>If civil society can speak knowledgeably in this area, its inputs would
be welcomed in a multitude of fora engaged on this issue. I have not,
unfortunately, seen much of that on this list at any rate.</div>
<div> </div>
<div>To answer Ian's comment, there is a distressing trend in more than one
nation to use non state actors (including criminal botmasters) to carry out
ddos attacks and break into foreign networks for espionage, this is more
or less similar to other nations using jehadis and mujahideen to carry out
attacks that would be politically and strategically infeasible for their armed
forces to carry out.</div>
<div> </div>
<div>So while some of the models could do with an update, it is absolutely
essential that this practice be internationally recognized as
unacceptable.<br><br>--srs (iPad)</div>
<div>
<div>
<div><br>On 23-Mar-2013, at 14:44, parminder <<a href="mailto:parminder@itforchange.net" target="_blank">parminder@itforchange.net</a>> wrote:<br><br></div>
<blockquote type="cite">
<div>
<div> </div>
<div>On Saturday 23 March 2013 11:43 AM, Ian Peter wrote:<br></div>
<blockquote type="cite">
<div dir="ltr">
<div style="FONT-FAMILY:'Calibri';FONT-SIZE:12pt">
<div>I just read through the principles outlined in this document and am
extremely concerned at some of the implications of extending normal
warfare “principles” to cyber infrastructure, attempts to define
territoriality in this space, and some of the concepts that applied in
guns and warships style conflicts being extended into cyberspace – like
combatants wearing uniforms to distinguish themselves from civilians. And
many other arguments based on 1940s international law that really should
not apply.</div>
<div> </div>
<div>This, unfortunately, is a document from “credible” sources and is
likely to have impact on NATO thinking. Therefore it is extremely
concerning. I am interested in the reactions of people on this list who
are more knowledgeable in this area.</div></div></div></blockquote><br>I
dont claim to be more knowledgeable, but from the little I know how
political affairs get conducted: it is best to have larger, more open
discussions on such issues, where the less powerful countries are also
involved. While some were always more equal then others, the trend has
worsened in the IG space, where it is also almost normatively accepted that
it is ok that the game be played among the biggies. Civil society normally
plays the normative and democracy-seeking role, and expanding global
governance spaces to include smaller countries equally, but regrettably, not
in the IG space.<br><br>Secondly, and there have been some strange comments
in this regard as late as in the last few day - lets understand and accept
that Internet governance is not about some rather insignificant issue of
CIRs management, it is about so many much bigger issues, very central to the
future of our societies. Again, civil society has a big role in defining
this larger issue-scape rather than digging our collective head in the CIR
sands, becuase it gives us a very good and saleable slogan of
'mutistakeholderism is sought to be replaced by UN inter-gov-ism'. And the
most powerful countires want us to keep using this slogan exclusively and do
nothing else. In all other IG areas, the strong control of Northern
governments on how our future is evolving is so very clear that is does not
admit to 'MSism being replaced by UNism" slogan, and thus civil society
should be kept away from grasping and taking up these more important other
IG issues. <br><br><br>parminder <br>
<blockquote type="cite">
<div dir="ltr">
<div style="FONT-FAMILY:'Calibri';FONT-SIZE:12pt">
<div> </div>
<div>Ian Peter</div>
<div style="FONT-STYLE:normal;DISPLAY:inline;FONT-FAMILY:'Calibri';FONT-SIZE:small;FONT-WEIGHT:normal;TEXT-DECORATION:none">
<div style="FONT:10pt tahoma">
<div> </div>
<div style="BACKGROUND:#f5f5f5">
<div><b>From:</b> <a title="ian.peter@ianpeter.com" href="mailto:ian.peter@ianpeter.com" target="_blank">Ian Peter</a> </div>
<div><b>Sent:</b> Saturday, March 23, 2013 1:40 PM</div>
<div><b>To:</b> <a title="governance@lists.igcaucus.org" href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a> </div>
<div><b>Subject:</b> [governance] Tallin Manual - a Cyber Warfare
convention?</div></div></div>
<div> </div></div>
<div style="FONT-STYLE:normal;DISPLAY:inline;FONT-FAMILY:'Calibri';FONT-SIZE:small;FONT-WEIGHT:normal;TEXT-DECORATION:none">
<div dir="ltr">
<div style="FONT-FAMILY:'Calibri';FONT-SIZE:12pt">
<div><span><font color="#333333"><font face="Helvetica"><span><font style="FONT-SIZE:10.5pt">As Samuel Morse might have remarked, “What God
hath wrought”.</font></span></font></font></span></div>
<div><span><font color="#333333"><font face="Helvetica"><span></span></font></font></span> </div>
<div><span><font color="#333333"><font face="Helvetica"><span><font style="FONT-SIZE:10.5pt">A </font></span><font style="FONT-SIZE:10.5pt">landmark document created at the request of NATO
has proposed a set of rules for how international cyberwarfare should be
conducted. Written by 20 experts in conjunction with the International
Committee of the Red Cross and the US Cyber Command,
the</font></font></font></span><font style="FONT-SIZE:10.5pt"><a href="http://issuu.com/nato_ccd_coe/docs/tallinnmanual?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Flight%2Flayout.xml&showFlipBtn=true" target="_blank"><i><font color="#fb4834"><font style="TEXT-DECORATION:none" face="Helvetica">Tallinn Manual on the International Law Applicable to Cyber
Warfare</font></font></i></a></font><span><font face="Helvetica"><font style="FONT-SIZE:10.5pt"><font color="#333333"><span> </span>analyzes
the rules of conventional war and applies them to state-sponsored
cyberattacks.</font></font></font></span></div>
<div> </div>
<div><a title="http://www.theverge.com/2013/3/21/4130740/tallin-manual-on-the-international-law-applicable-to-cyber-warfare" href="http://www.theverge.com/2013/3/21/4130740/tallin-manual-on-the-international-law-applicable-to-cyber-warfare" target="_blank">http://www.theverge.com/2013/3/21/4130740/tallin-manual-on-the-international-law-applicable-to-cyber-warfare</a></div>
<div> </div>
<div> </div></div></div>
<hr>
____________________________________________________________<br>You
received this message as a subscriber on the
list:<br> <a href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a><br>To be removed from the
list, visit:<br> <a href="http://www.igcaucus.org/unsubscribing" target="_blank">http://www.igcaucus.org/unsubscribing</a><br><br>For all
other list information and functions, see:<br> <a href="http://lists.igcaucus.org/info/governance" target="_blank">http://lists.igcaucus.org/info/governance</a><br>To edit
your profile and to find the IGC's charter,
see:<br> <a href="http://www.igcaucus.org/" target="_blank">http://www.igcaucus.org/</a><br><br>Translate this email: <a href="http://translate.google.com/translate_t" target="_blank">http://translate.google.com/translate_t</a><br>
</div></div></div></blockquote><br></div></blockquote>
<blockquote type="cite">
<div><span>____________________________________________________________</span><br><span>You
received this message as a subscriber on the
list:</span><br><span> <a href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a></span><br><span>To be
removed from the list, visit:</span><br><span> <a href="http://www.igcaucus.org/unsubscribing" target="_blank">http://www.igcaucus.org/unsubscribing</a></span><br><span></span><br><span>For
all other list information and functions,
see:</span><br><span> <a href="http://lists.igcaucus.org/info/governance" target="_blank">http://lists.igcaucus.org/info/governance</a></span><br><span>To
edit your profile and to find the IGC's charter,
see:</span><br><span> <a href="http://www.igcaucus.org/" target="_blank">http://www.igcaucus.org/</a></span><br><span></span><br><span>Translate
this email: <a href="http://translate.google.com/translate_t" target="_blank">http://translate.google.com/translate_t</a></span><br></div></blockquote></div></div></div><br>____________________________________________________________<br>
You
received this message as a subscriber on the list:<br>
<a href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a><br>To
be removed from the list, visit:<br> <a href="http://www.igcaucus.org/unsubscribing" target="_blank">http://www.igcaucus.org/unsubscribing</a><br><br>For all other
list information and functions, see:<br> <a href="http://lists.igcaucus.org/info/governance" target="_blank">http://lists.igcaucus.org/info/governance</a><br>To edit your
profile and to find the IGC's charter, see:<br> <a href="http://www.igcaucus.org/" target="_blank">http://www.igcaucus.org/</a><br><br>Translate this email: <a href="http://translate.google.com/translate_t" target="_blank">http://translate.google.com/translate_t</a><br>
<br></blockquote></div><br><br clear="all">
<div> </div>-- <br>Diego R. Canabarro
<div><font face="arial, helvetica, sans-serif"><span style="TEXT-ALIGN:left;VERTICAL-ALIGN:top"><a href="http://lattes.cnpq.br/4980585945314597" target="_blank">http://lattes.cnpq.br/4980585945314597</a></span> </font><br>
<br>--<br>diego.canabarro
[at] <a href="http://ufrgs.br" target="_blank">ufrgs.br</a></div>
<div>diego [at] <a href="http://pubpol.umass.edu" target="_blank">pubpol.umass.edu</a><br>MSN: diegocanabarro [at] <a href="http://gmail.com" target="_blank">gmail.com</a><br>Skype:
diegocanabarro<br>Cell # <a href="tel:%2B55-51-9244-3425" value="+555192443425" target="_blank">+55-51-9244-3425</a> (Brasil) / <a href="tel:%2B1-413-362-0133" value="+14133620133" target="_blank">+1-413-362-0133</a>
(USA)<br>--<br></div></div>
<p>
</p><hr>
____________________________________________________________<br>You received
this message as a subscriber on the list:<br>
<a href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a><br>To be removed from the list,
visit:<br>
<a href="http://www.igcaucus.org/unsubscribing" target="_blank">http://www.igcaucus.org/unsubscribing</a><br><br>For all other list information and
functions, see:<br>
<a href="http://lists.igcaucus.org/info/governance" target="_blank">http://lists.igcaucus.org/info/governance</a><br>To edit your profile and to find
the IGC's charter, see:<br>
<a href="http://www.igcaucus.org/" target="_blank">http://www.igcaucus.org/</a><br><br>Translate this email:
<a href="http://translate.google.com/translate_t" target="_blank">http://translate.google.com/translate_t</a><br><p></p></div></div></div>
<p>
</p><hr>
____________________________________________________________<br>You received
this message as a subscriber on the list:<br>
<a href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a><br>To be removed from the list,
visit:<br>
<a href="http://www.igcaucus.org/unsubscribing" target="_blank">http://www.igcaucus.org/unsubscribing</a><br><br>For all other list information and
functions, see:<br>
<a href="http://lists.igcaucus.org/info/governance" target="_blank">http://lists.igcaucus.org/info/governance</a><br>To edit your profile and to find
the IGC's charter, see:<br>
<a href="http://www.igcaucus.org/" target="_blank">http://www.igcaucus.org/</a><br><br>Translate this email:
<a href="http://translate.google.com/translate_t" target="_blank">http://translate.google.com/translate_t</a><br><p></p></div></div></div></div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Diego R. Canabarro<div><font face="arial, helvetica, sans-serif"><span style="vertical-align:top;text-align:left"><a href="http://lattes.cnpq.br/4980585945314597" target="_blank">http://lattes.cnpq.br/4980585945314597</a></span> </font><br>
<br>--<br>diego.canabarro [at] <a href="http://ufrgs.br" target="_blank">ufrgs.br</a></div><div>diego [at] <a href="http://pubpol.umass.edu" target="_blank">pubpol.umass.edu</a><br>MSN: diegocanabarro [at] <a href="http://gmail.com" target="_blank">gmail.com</a><br>
Skype: diegocanabarro<br>Cell # <a href="tel:%2B55-51-9244-3425" value="+555192443425" target="_blank">+55-51-9244-3425</a> (Brasil) / <a href="tel:%2B1-413-362-0133" value="+14133620133" target="_blank">+1-413-362-0133</a> (USA)<br>
--<br></div>
</div></div>
</div></blockquote></div></div><blockquote type="cite"><div><LIBICKI - 2012 - Cyberspace is not a warfighting domain.pdf></div></blockquote><div class="im"><blockquote type="cite"><div><span>____________________________________________________________</span><br>
<span>You received this message as a subscriber on the list:</span><br><span> <a href="mailto:governance@lists.igcaucus.org" target="_blank">governance@lists.igcaucus.org</a></span><br><span>To be removed from the list, visit:</span><br>
<span> <a href="http://www.igcaucus.org/unsubscribing" target="_blank">http://www.igcaucus.org/unsubscribing</a></span><br><span></span><br><span>For all other list information and functions, see:</span><br><span> <a href="http://lists.igcaucus.org/info/governance" target="_blank">http://lists.igcaucus.org/info/governance</a></span><br>
<span>To edit your profile and to find the IGC's charter, see:</span><br><span> <a href="http://www.igcaucus.org/" target="_blank">http://www.igcaucus.org/</a></span><br><span></span><br><span>Translate this email: <a href="http://translate.google.com/translate_t" target="_blank">http://translate.google.com/translate_t</a></span><br>
</div></blockquote></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Diego R. Canabarro<div><font face="arial, helvetica, sans-serif"><span style="vertical-align:top;text-align:left"><a href="http://lattes.cnpq.br/4980585945314597" target="_blank">http://lattes.cnpq.br/4980585945314597</a></span> </font><br>
<br>--<br>diego.canabarro [at] <a href="http://ufrgs.br" target="_blank">ufrgs.br</a></div><div>diego [at] <a href="http://pubpol.umass.edu" target="_blank">pubpol.umass.edu</a><br>MSN: diegocanabarro [at] <a href="http://gmail.com" target="_blank">gmail.com</a><br>
Skype: diegocanabarro<br>Cell # +55-51-9244-3425 (Brasil) / +1-413-362-0133 (USA)<br>--<br></div>
</div></div></div></div>
</div></blockquote></body></html>