French Defense Secretary Says Country Is Willing To Fire First In Cyber Wars

from the only-good-things-can-come-of-this dept

Over the past few years, politicians and intelligence officials have floated the idea of hacking back. When not pushing the idea of treating cyber wars like declarations of actual war, these officials have seen nothing wrong with hacking back against cyberattackers or allowing private companies to do the same.

It may seem like there's nothing wrong with a "best defense is a good offense" theory of deterrence, but it's not that simple. First of all, attribution is often more difficult than these officials imagine. Hacking back against the wrong party is only going to escalate tensions. At worst, it could result in international incidents where those hacking back have broken laws in other countries. At best, it will just become another forever war countries throw money at -- one that's sure to result in expanded government power at the expense of the taxpayers, both in terms of tax dollars and civil liberties.

France has been scratching its itchy trigger finger for awhile now. Roughly a year ago, the government shot down a proposal giving private companies the right to retaliate against cyberattacks. It felt doing so would only lead to further "instability in cyberspace." That assessment is likely correct. But the French government apparently only felt private hack backs would lead to instability. If the government did it, no such instability should occur… apparently.

As far as offensive actions are concerned, the [Strategic Review of Cyberdefense] may not want companies to unleash hack-backs after an online attack, but it does want to keep that option open for the French authorities.

Not sure how a government-run cyberattack would lead to greater stability, but there you have it. The French government is apparently so confident in its ability to carry out non-destabilizing cyberattacks that it's not even going to wait around to get hacked first. Defense Secretary Florence Parly had this to say at a recent cybersecurity forum:

“The cyber weapon is not only for our enemies,” said France’s defence secretary this afternoon, speaking through a translator. “No. It’s also, in France, a tool to defend ourselves. To respond and attack.”

Her remarks will be seen as moving the debate about offensive cyber capabilities – not just so-called “active defence” but using infosec techniques as another weapon in the arsenal of state-on-state warfare – to a new level. Coming from a prominent NATO member and EU country, it could set the tone for future discussion of nation states' offensive cyber doctrines.

If France is going to start a cyberwar, it's not going to do it alone. Parly also called for "more cooperation and partnerships" from other European governments, suggesting their asses will also be on the line if France kicks off WWIII/CyberWar I with a misdirected cybersortie. While Parly is correct in her assessment that cyber threats are border-less, it seems a little audacious to suggest everyone else is obligated to bail you out if you take the lead in hacking forward.

Filed Under: cyberattacks, first strike, france, hack back


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Mason Wheeler (profile), 25 Jan 2019 @ 10:19am

    In an interview today, French Cyberdefense Minister Han Soleau said "oui, we are very willing to shoot first!"

    reply to this | link to this | view in chronology ]

  • identicon
    Michael, 25 Jan 2019 @ 12:04pm

    French cyber war

    Didn't France surrender already?

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 25 Jan 2019 @ 1:08pm

      Re: French cyber war

      Sorry, but the Right to be Forgotten has removed that notion from the communal knowledge of the entire world. They are so serious about that that they are pre-eminently requiring that their next surrenders be forgotten in advance. Therefore, you, nor I, nor anyone else will remember the word surrender in relation to France...ever.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Jan 2019 @ 12:30pm

    1. e4 e6

    Wonder if it will be the Classical French Defense, the Winawer, Tarrasch, or Rubinstein variation.

    reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 25 Jan 2019 @ 12:36pm

    How to respond???

    I see infosec (keeping secrets) as quite distinct from the basic question of whether I can trust my computer to do what it says it is doing and nothing else.

    Keeping secrets is becoming really difficult, and I don't think it can begin to be addressed without addressing the trust issue, and even then may be impossible.

    The trust issue comes in two parts: trusting people (really can't nerd harder, or close the door on all the migration that has happened the last half century), and trusting the computer itself.

    Trusting the computer itself is possibly soluble by nerd harder. It will come at a price of simpler, less interdependent systems, and automatic or semi-automatic proofs. For example, I would like to know that my computer has only two connections to the internet: The web browser and the fileshare, that these are independent unless granted specific permissions, and the web browser is not writing to the permanent memory on my computer.

    Those problems can potentially be fixed.

    reply to this | link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 25 Jan 2019 @ 12:44pm

      Re: How to respond???

      Those problems can potentially be fixed.

      Theoretically, yes. In practice... it gets very very difficult without mandatory independent code audits. In other words, open-source enforced by law.

      (Please note that I'm not saying open-source principles necessarily should be enforced by law. Just that in my professional judgment as a software developer, without that, the technical difficulties you would have in ensuring that software does not do anything malicious, as you want to do, quickly become almost completely insurmountable.)

      reply to this | link to this | view in chronology ]

  • icon
    hij (profile), 25 Jan 2019 @ 12:46pm

    Silent room

    At least the war room will be quiet with all those mimes pounding in imaginary keyboards.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 25 Jan 2019 @ 1:19pm

    In the USA

    Its always been against the law, unless they changed in the last few years..
    But there is something to think about.
    There is security, that requires the user to LET a small program to Run a verify WHO is connecting. There are a couple of other parts to this..
    But IF the hacker knows HOW it works, or captures the Checker, they can see what is needed to FAKE what is needed to verify.

    Another think, comes with a few tricks, like a honey pot(look it up) where it seems the person has gotten into the system. But its a trap to TRY and locate them, they can wonder around and do just about anything..but it only Seems that way.

    You can also setup a verification, that only Fits on the REQUIRED system to work. A small little program is set inthe computer that allows you to connect..

    There are many tricks that can be done..but your BIGGEST defense, seems to be the human Watching the servers.
    Its the idea that transferring 1 Tarabyte of data files IS A LONG PROCESS.
    Having a REAL person there as Sysop/admin you can watch and ASK the person to ID themselves, or just Disco the person..

    But,
    There is 1 things I keep saying and that is...IMPORTANT DATA is not allowed a direct connection to the INTERNET... you would need to signin on the internet connection, then SIGNIN to another system inside...And each system has its own verification..

    So Which will it be..
    Pay a corp to do this..
    Hire a person Permanent..that does all this and keeps things up to date.
    Believing your IT dept when it tells you WE NEED BETTER..
    Do it yourself, and Fail, because you are not Old hat, or upto date on current protection.

    I have a friend with an interesting job...he has been setup to Play games and do anything he wants, but a side computer sits and watches other machines around the country...and if they ever turn off, or sound an alarm he is to call the cops..

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Jan 2019 @ 4:55pm

      Re: In the USA

      The real secret is using non standard code and operating systems that are built into every piece of hardware yet never discussed. If you can bypass normal systems, you can work for decades in the latest systems without ever being detected. Every Microsd card has a tiny computer on it that is more powerful than what sent us to the moon.

      reply to this | link to this | view in chronology ]

  • icon
    r_rolo1 (profile), 25 Jan 2019 @ 2:50pm

    About shooting first ...

    Well , if preemptive hacking is something that France both thinks it is legal and advisable and something that should be done ...

    Doesn't that mean that hackers would be justified in preemtive hacking everything French? I mean, apparently ( according to some nutjobs atleast ) preemptive hacking is legal and there is ample proof that France intends to hack them ... ;)

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 25 Jan 2019 @ 8:42pm

      'Hey, YOU were the ones saying it was okay to do...'

      Therein lies the fun of the 'turnabout is fair play rule'. By stating that preemptive hacks are legal and acceptable, France has lost any and all ground to be taken seriously if someone targets them first and they complain about it.

      reply to this | link to this | view in chronology ]

      • icon
        JoeCool (profile), 26 Jan 2019 @ 6:15am

        Re: 'Hey, YOU were the ones saying it was okay to do...'

        It's also important to remember who the retaliation will be against - the largest botnet attack last year was largely composed of wifi connected LIGHT BULBS across the US. THAT is who they'll be retaliating against, not the actual perps behind the botnets.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jan 2019 @ 3:22pm

      Re: About shooting first ...

      Really any crazy who goes around everywhere brandishing so he shoots first you are fully justified in knocking the whackadoodle off by any means. Normally putting styrene in the guacamole is frowned upon but setting some out for him is the right thing to do.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous SuperHero, 25 Jan 2019 @ 7:15pm

    self defense laws canada

    your fuck@d france

    reply to this | link to this | view in chronology ]

  • identicon
    stine, 26 Jan 2019 @ 12:26am

    Ha!

    Greenpeace is so fucked. Last time it was just a single ship.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Jan 2019 @ 2:03am

    Cyberwar First Strikes

    National defense ideas brought to you by the geniuses who created the Maginot Line.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.