story appeared on Network World Fusion at
Part way down a slippery slope
By Scott Bradner
Network World, 04/16/2001
It's long been rumored that some governments have sponsored research programs in cyberterrorism with the aim to disrupt networks and network-based services of enemies.
Now it seems some governments don't want to wait and may be ready to use cyberterrorism weapons against some tiny targets today. According to Spiegel Online, Germany's Minister of the Interior Otto Schily has floated the idea of using state-sponsored cyberterrorism against non-German Web sites that Germany considers illegal. Minster Schily seems to have in mind using denial-of-service (DoS) attacks against U.S.-based Nazi Web sites.
(An aside: I used Google's language translation service at www.google.com to try to read the Spiegel Online article. I couldn't find a simple 'translate this URL' command, so I had to fake a URL that invoked the translation service with the URL that I wanted translated. I used the string http://translate.google.com/translate?hl=en&sl=de&u= followed by the URL. The output would not have gotten me a good grade in the last German language class I had, but I could mostly understand what was written. The translation had a few funnies, such as translating "American Constitution" as "American condition," but did a better job than I could have these many years after failing German at Boston University.)
Schily seems to ignore or dismiss some issues that are relevant. There is a minor question of violating the sovereignty of another nation as well as Germany's own anticyberterrorism laws. There is the precedent that would be established - Germany could quickly find its own network under attack based on any number of imagined violations of local laws.
Would this stance justify an attack on the German banking system just because charging interest is against the law in some countries? How selective would the German tools be? If an official German DoS attack disrupted a legal site under German law, would that be seen as unavoidable collateral damage? Would a U.S. ISP that protects its infrastructure against a German DoS attack face charges of aiding an enemy in Germany?
As DoS protection technologies improve, Germany would have to develop better attacks to keep even. How could the country be sure its new attack technology wouldn't be analyzed and used against German targets? The attitude seems sort of like wanting to use chemical or biological weapons while assuming your own population can refrain from breathing for a few weeks.
This is a really bad idea. I trust people in Germany who are somewhat more in tune with international law and can see more than 3 minutes into the future will put a stop to it.
Disclaimer: Luckily, for every person at Harvard that has a really bad idea, there are more than a few to recognize it for what it is, but I've not consulted either for this column.
All contents copyright 1995-2002 Network World, Inc. http://www.nwfusion.com