[governance] Tallin Manual - a Cyber Warfare convention?

Suresh Ramasubramanian suresh at hserus.net
Sat Mar 23 21:55:14 EDT 2013 

You are comparing one private sector report to another.  :)

In stuxnet and flame they appeared to be highly targeted initially, with the added nuisance that whoever created them grossly overestimated their ability to contain its spread and not allow it to escape into the wild.

As for china, there is plenty of added evidence of targeted attacks from there, including against civil society groups and religious organizations that it peoscribes, chinese people prosecuted internationally for espionage etc. The mandiant report was nothing particularly new from the standpoint of knowing that china does this.  The interesting part there was tracing and exposing specific individuals.

--srs (iPad)

On 24-Mar-2013, at 7:12, Diego Rafael Canabarro <diegocanabarro at gmail.com> wrote:

> Is the Mandiant Report your authoritative source? A firm interested in selling solutions for "cyber defense"? All the reports related to the Stuxnet from Symantec, Kaspersky Labs, etc. they all point out to the fact that Stuxnet, Flame and others spread through computers not "aimed" as targets. Specially in the case of Flame, loads of banks were affected. 
> 
> Who to trust?
> 
> 
> On Sat, Mar 23, 2013 at 9:35 PM, Suresh Ramasubramanian <suresh at hserus.net> wrote:
>> Do you have evidence to the contrary, that the USA has actually targeted civilian facilities for cyberwarfare, diego?  Or else this becomes the classic "prove that you don't beat your wife" conundrum.
>> 
>> As for china a substantial part of their local crackers engage in everything from industrial espionage to creating fake accounts on Facebook to artificially pump up the 'likes' for a product's Facebook page.  This, from teams at least nominally employed by the Chinese army for their own espionage and warfare.
>> 
>> http://www.thedailybeast.com/articles/2013/02/19/this-is-how-china-hacks-america-inside-the-mandiant-report.html
>> 
>> --srs (iPad)
>> 
>> On 24-Mar-2013, at 3:42, Diego Rafael Canabarro <diegocanabarro at gmail.com> wrote:
>> 
>>> Just to add to that, I attach you one of the best articles in my humble opinion. Mostly, because it is one of the few that enters the technicalities of cyberspace to show how disguised are responses to cyber things.
>>> 
>>> There's also one thing that pisses me off.
>>> When China allegedly hacks the US, that's evil. When the US performs actions against countries in the Middle East, it is part of the good old salvation! 
>>> 
>>> It is interesting to observe some commentators: the difference between the two countries would be that "the US only targets military facilities, and the bloody Chinese target civilian and military systems without distinction." Evidence for that? Private sector reports and public officials speeches. 
>>> 
>>> 
>>> On Sat, Mar 23, 2013 at 6:01 PM, Ian Peter <ian.peter at ianpeter.com> wrote:
>>>> A few more links on this
>>>>  
>>>> http://www.ccdcoe.org/249.html – the full 215 page document can be read on line here (the main download site appears to be jammed)
>>>>  
>>>> http://blogs.computerworld.com/cyberwarfare/21945/rules-cyberwarfare-manual-hacktivists-can-be-killed-hacking-pacemakers-may-be-ok – a blog that includes the suggestion that hacking pacemakers is probably OK
>>>>  
>>>> http://www.smh.com.au/it-pro/security-it/first-cyber-war-manual-released-20130320-2gegk.html – a three day old pre publication review.
>>>>  
>>>>  
>>>>  
>>>> From: Ian Peter
>>>> Sent: Sunday, March 24, 2013 8:30 AM
>>>> To: Diego Rafael Canabarro ; governance at lists.igcaucus.org
>>>> Subject: Re: [governance] Tallin Manual - a Cyber Warfare convention?
>>>>  
>>>> Thanks for sharing that paper Diego – you raise some interesting and important points.
>>>>  
>>>> My own personal approach to this is cyber-quaker - all cyberwarfare is immoral. However I appreciate and support interventions like those of the Red Cross that suggest we try to at least stem the worst of behaviours in this sea of immorality, and create some rules.
>>>>  
>>>> Tallinn falls a long way short because it doesnt understand cyber-infrastructure and its inter-connectedness. Lots of other reasons too, and as Parminder points out this is the powerful voices and many more are not being heard or considered. Not sure of the way forward here, but the Tallinn approach involves significant human rights issues as you say..
>>>>  
>>>> Ian Peter
>>>>  
>>>> From: Diego Rafael Canabarro
>>>> Sent: Sunday, March 24, 2013 5:32 AM
>>>> To: governance at lists.igcaucus.org ; Suresh Ramasubramanian
>>>> Cc: parminder
>>>> Subject: Re: [governance] Tallin Manual - a Cyber Warfare convention?
>>>>  
>>>> I would like to share a paper which is be presented at the MPSA Annual Convention. We aim at evaluating three widespread claims surrounding cyberwarfare. And we briefly evaluate the case of Brazil. As it is a draft paper, please, feel free to add to that as much as you deem necessary. (paper attached) Intellectual production on the field is either overwhelmingly carried by (or performed in replication of) reports of governmental and intergovernmental agencies.
>>>>  
>>>> Maybe the greatest task for civil society is to push a qualitative discussion of the issue of agency on cyberspace, as well as of the real scope of different sorts of activities. Technically and politically speaking.
>>>>  
>>>> Despite of my strong disagreement with great part of the Tallin Report (and with NATO approach as a whole), it is really important to have such discussions conducted in an open manner. Specially because some of the tenets of cybersecurity orthodoxy endanger loads of fundamental rights.
>>>>  
>>>>  
>>>> On Sat, Mar 23, 2013 at 12:53 PM, Suresh Ramasubramanian <suresh at hserus.net> wrote:
>>>>> If civil society can speak knowledgeably in this area, its inputs would be welcomed in a multitude of fora engaged on this issue.  I have not, unfortunately, seen much of that on this list at any rate.
>>>>>  
>>>>> To answer Ian's comment, there is a distressing trend in more than one nation to use non state actors (including criminal botmasters) to carry out ddos attacks and break into foreign networks for espionage,  this is more or less similar to other nations using jehadis and mujahideen to carry out attacks that would be politically and strategically infeasible for their armed forces to carry out.
>>>>>  
>>>>> So while some of the models could do with an update, it is absolutely essential that this practice be internationally recognized as unacceptable.
>>>>> 
>>>>> --srs (iPad)
>>>>> 
>>>>> On 23-Mar-2013, at 14:44, parminder <parminder at itforchange.net> wrote:
>>>>> 
>>>>>>  
>>>>>> On Saturday 23 March 2013 11:43 AM, Ian Peter wrote:
>>>>>>> I just read through the principles outlined in this document and am extremely concerned at some of the implications of extending normal warfare “principles” to cyber infrastructure, attempts to define territoriality in this space, and some of the concepts that applied in guns and warships style conflicts being extended into cyberspace – like combatants wearing uniforms to distinguish themselves from civilians. And many other arguments based on 1940s international law that really should not apply.
>>>>>>>  
>>>>>>> This, unfortunately, is a document from “credible” sources and is likely to have impact on NATO thinking. Therefore it is extremely concerning. I am interested in the reactions of people on this list who are more knowledgeable in this area.
>>>>>> 
>>>>>> I dont claim to be more knowledgeable, but from the little I know how political affairs get conducted: it is best to have larger, more open discussions on such issues, where the less powerful countries are also involved. While some were always more equal then others, the trend has worsened in the IG space, where it is also almost normatively accepted that it is ok that the game be played among the biggies. Civil society normally plays the normative and democracy-seeking role, and expanding global governance spaces to include smaller countries equally, but regrettably, not in the IG space.
>>>>>> 
>>>>>> Secondly, and there have been some strange comments in this regard as late as in the last few day - lets understand and accept that Internet governance is not about some rather insignificant issue of CIRs management, it is about so many much bigger issues, very central to the future of our societies. Again, civil society has a big role in defining this larger issue-scape rather than digging our collective head in the CIR sands, becuase it gives us a very good and saleable slogan of 'mutistakeholderism is sought to be replaced by UN inter-gov-ism'. And the most powerful countires want us to keep using this slogan exclusively and do nothing else. In all other IG areas, the strong control of Northern governments on how our future is evolving is so very clear that is does not admit to 'MSism being replaced by UNism" slogan, and thus civil society should be kept away from grasping and taking up these more important other IG issues. 
>>>>>> 
>>>>>> 
>>>>>> parminder 
>>>>>>>  
>>>>>>> Ian Peter
>>>>>>>  
>>>>>>> From: Ian Peter
>>>>>>> Sent: Saturday, March 23, 2013 1:40 PM
>>>>>>> To: governance at lists.igcaucus.org
>>>>>>> Subject: [governance] Tallin Manual - a Cyber Warfare convention?
>>>>>>>  
>>>>>>> As Samuel Morse might have remarked, “What God hath wrought”.
>>>>>>>  
>>>>>>> A landmark document created at the request of NATO has proposed a set of rules for how international cyberwarfare should be conducted. Written by 20 experts in conjunction with the International Committee of the Red Cross and the US Cyber Command, theTallinn Manual on the International Law Applicable to Cyber Warfare analyzes the rules of conventional war and applies them to state-sponsored cyberattacks.
>>>>>>>  
>>>>>>> http://www.theverge.com/2013/3/21/4130740/tallin-manual-on-the-international-law-applicable-to-cyber-warfare
>>>>>>>  
>>>>>>>  
>>>>>>> ____________________________________________________________
>>>>>>> You received this message as a subscriber on the list:
>>>>>>>      governance at lists.igcaucus.org
>>>>>>> To be removed from the list, visit:
>>>>>>>      http://www.igcaucus.org/unsubscribing
>>>>>>> 
>>>>>>> For all other list information and functions, see:
>>>>>>>      http://lists.igcaucus.org/info/governance
>>>>>>> To edit your profile and to find the IGC's charter, see:
>>>>>>>      http://www.igcaucus.org/
>>>>>>> 
>>>>>>> Translate this email: http://translate.google.com/translate_t
>>>>>> ____________________________________________________________
>>>>>> You received this message as a subscriber on the list:
>>>>>>     governance at lists.igcaucus.org
>>>>>> To be removed from the list, visit:
>>>>>>     http://www.igcaucus.org/unsubscribing
>>>>>> 
>>>>>> For all other list information and functions, see:
>>>>>>     http://lists.igcaucus.org/info/governance
>>>>>> To edit your profile and to find the IGC's charter, see:
>>>>>>     http://www.igcaucus.org/
>>>>>> 
>>>>>> Translate this email: http://translate.google.com/translate_t
>>>>> 
>>>>> ____________________________________________________________
>>>>> You received this message as a subscriber on the list:
>>>>>      governance at lists.igcaucus.org
>>>>> To be removed from the list, visit:
>>>>>      http://www.igcaucus.org/unsubscribing
>>>>> 
>>>>> For all other list information and functions, see:
>>>>>      http://lists.igcaucus.org/info/governance
>>>>> To edit your profile and to find the IGC's charter, see:
>>>>>      http://www.igcaucus.org/
>>>>> 
>>>>> Translate this email: http://translate.google.com/translate_t
>>>> 
>>>> 
>>>>  
>>>> -- 
>>>> Diego R. Canabarro
>>>> http://lattes.cnpq.br/4980585945314597 
>>>> 
>>>> --
>>>> diego.canabarro [at] ufrgs.br
>>>> diego [at] pubpol.umass.edu
>>>> MSN: diegocanabarro [at] gmail.com
>>>> Skype: diegocanabarro
>>>> Cell # +55-51-9244-3425 (Brasil) / +1-413-362-0133 (USA)
>>>> --
>>>> ____________________________________________________________
>>>> You received this message as a subscriber on the list:
>>>>      governance at lists.igcaucus.org
>>>> To be removed from the list, visit:
>>>>      http://www.igcaucus.org/unsubscribing
>>>> 
>>>> For all other list information and functions, see:
>>>>      http://lists.igcaucus.org/info/governance
>>>> To edit your profile and to find the IGC's charter, see:
>>>>      http://www.igcaucus.org/
>>>> 
>>>> Translate this email: http://translate.google.com/translate_t
>>>> ____________________________________________________________
>>>> You received this message as a subscriber on the list:
>>>>      governance at lists.igcaucus.org
>>>> To be removed from the list, visit:
>>>>      http://www.igcaucus.org/unsubscribing
>>>> 
>>>> For all other list information and functions, see:
>>>>      http://lists.igcaucus.org/info/governance
>>>> To edit your profile and to find the IGC's charter, see:
>>>>      http://www.igcaucus.org/
>>>> 
>>>> Translate this email: http://translate.google.com/translate_t
>>> 
>>> 
>>> 
>>> -- 
>>> Diego R. Canabarro
>>> http://lattes.cnpq.br/4980585945314597 
>>> 
>>> --
>>> diego.canabarro [at] ufrgs.br
>>> diego [at] pubpol.umass.edu
>>> MSN: diegocanabarro [at] gmail.com
>>> Skype: diegocanabarro
>>> Cell # +55-51-9244-3425 (Brasil) / +1-413-362-0133 (USA)
>>> --
>>> <LIBICKI - 2012 - Cyberspace is not a warfighting domain.pdf>
>>> ____________________________________________________________
>>> You received this message as a subscriber on the list:
>>>     governance at lists.igcaucus.org
>>> To be removed from the list, visit:
>>>     http://www.igcaucus.org/unsubscribing
>>> 
>>> For all other list information and functions, see:
>>>     http://lists.igcaucus.org/info/governance
>>> To edit your profile and to find the IGC's charter, see:
>>>     http://www.igcaucus.org/
>>> 
>>> Translate this email: http://translate.google.com/translate_t
> 
> 
> 
> -- 
> Diego R. Canabarro
> http://lattes.cnpq.br/4980585945314597 
> 
> --
> diego.canabarro [at] ufrgs.br
> diego [at] pubpol.umass.edu
> MSN: diegocanabarro [at] gmail.com
> Skype: diegocanabarro
> Cell # +55-51-9244-3425 (Brasil) / +1-413-362-0133 (USA)
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20130324/dde5f48f/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list