“So far, there is no evidence that the United States has actually turned off the power in any of the efforts to establish what American officials call a “persistent presence” inside Russian networks, just as the Russians have not turned off power in the United States.”
The NYT decision to frame these efforts as “attacks” rather than “infiltration” is certainly an interesting one. In essence, the U.S. has built a (digital) mutually-assured destruction deterrent. We wouldn’t refer to past nuclear drills or tests as “attacks” on Russia, so I find the use of that phrase here intriguing. I assume they simply borrowed the vocabulary of security researchers, knowing that it would mean something different to much of their readership.
Uhh, I think "attack" is the only term. If you installed such software in US power plants it would almost certainly be described as "hacking," "a [cyber] attack", and likely if multiple targets "terrorism."
Regardless of your opinion US/Russia, we should all hold that words need objective meanings that can't be "bent" for convenience.
Yeah this is pretty basic information security terminology. An "attack" is any attempted intrusion, successful or not, damaging or not. If the threat actor managed to breach your defenses and gain unauthorized access, that's called an attack.
I think it's an attack in the network/technical sense but not the strategic sense. There's a bit of a conflation of terms here because there are at least two layers to any operation like this; the system intrusion itself, and using the access to achieve some kind of real world objective. Militarily or strategically, this would just be something like reconnaissance and preparation, I think (I know almost nothing about militaries though). So it's a system attack but not an "attack-attack".
Maybe they’re both more concerned with attacks from terrorist groups than from each other.
The analogy would be one guy telling a colleague that his fly is down before a client meeting. They both might want the same position but an unrecognized failure would make them both look bad.
My impression is that it's easier to attack than to defend or detect. That would make the country who doesn't attack a sucker. So treating it as an act of war isn't viable.
We've banned this account for breaking the site guidelines. You may not owe the New York Times better, but you do owe the community better if you want to post here.
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future.
The NYT decision to frame these efforts as “attacks” rather than “infiltration” is certainly an interesting one. In essence, the U.S. has built a (digital) mutually-assured destruction deterrent. We wouldn’t refer to past nuclear drills or tests as “attacks” on Russia, so I find the use of that phrase here intriguing. I assume they simply borrowed the vocabulary of security researchers, knowing that it would mean something different to much of their readership.