Espionage is stealing data. Disrupting utility services is an act of war, whether it is shutting down an electricity power plant, cutting communications, or any other act of sabotage.
Equating what amounts to a temporary sabotage of a non-critical service to an act of war highlights how brittle and conflicted is US cyber-strategy.
Surveillance has for so long gotten all the money and mindshare A stockpile of zero days is considered a good and necessary thing. Back doors in hardware and software are considered clever and useful, and maybe even a workable compromise for domestic surveillance.
Imagine if the domestic surveillance budget had been spent instead on making Linux into an EAL6+ certifiable system and creating open, verifiable designs for chips and firmware for secure hardware platforms.
This is true, but in fun hypothetical talks with various tech friends over the decades, we often talked about in relation to Internet services in particular, taking down services and such can actually help with hacking (i.e. stealing data) efforts. How? Why? Firstly, probing as the article mentions does yield plenty of valuable intel which is the core for espionage.
Secondly, we often joked that companies have such flawed backup and response procedures that triggering these things has a funny effect. More specifically, a lot of times in our experiences, we saw things like backups, up-scaling servers, etc. go noticeably unmaintained or poorly attended. A lot of people, especially years ago never did a great job of testing their backup systems, failovers, scaling, etc. and kept them up-to-date and secured as well as the main stuff. It's more interesting in some ways in this world of containers and VMs. One would assume things are updated, patched, and deployed exactly inline with the mainline stuff, but that's not always the case. It often takes only one slip-up and this is where a ton of people make mistakes for so many reasons. And sometimes it's easier to manipulate the protection systems to be the vector itself than the systems they are protecting.
That is to say, messing around with services sometimes can be a way of creating an open front or back door. Especially if there's malware and things that can be planted that will be less likely to be caught in the panic or otherwise deployed as a result of the panic response.
Of course all of this is more unlikely, but it's fun to think about in the same way stupid schemes that are similar in heist movies are fun.
Don't know, hence the question. It seems murkier than data vs. infrastructure. The one article I've read so far on the subject doesn't say much [1]. The Cyber Act of War Act of 2016 is apparently working its way through Congress [2].
Does application of the stolen data play a factor? ie considering the OPM breach an act of war if compromised individuals are blackmailed. Would Russia stealing the location data & capabilities of our missile defense system constitute an act of war?
Surveillance has for so long gotten all the money and mindshare A stockpile of zero days is considered a good and necessary thing. Back doors in hardware and software are considered clever and useful, and maybe even a workable compromise for domestic surveillance.
Imagine if the domestic surveillance budget had been spent instead on making Linux into an EAL6+ certifiable system and creating open, verifiable designs for chips and firmware for secure hardware platforms.