In July 2016, Allies reaffirmed NATO’s defensive
mandate and recognised cyberspace as a domain of
operations in which NATO must defend itself as
effectively as it does in the air, on land and at sea.
This article says that "massive" cyber attacks can lead to invocation of Article 5: http://www.reuters.com/article/us-cyber-nato-idUSKCN0Z12NE
http://www.navyhistory.org/wp-content/uploads/2014/02/541-b_...
Wouldn't it be better that we on Hacker News stay above trying of define "act of war". Is it an act of war for one country to pollute air that floats over another country? Is it an act of war to launch satellites that pass over another country? These questions are governed by precise treaties today, but I can imagine politicians screaming "act of war, act of war!" at some point in the past.
It's just an arbitrary phrase used by politicians to justify whatever action or inaction they take. It will lead us to needless unproductive argument.
Why ? Because business.
Surveillance has for so long gotten all the money and mindshare A stockpile of zero days is considered a good and necessary thing. Back doors in hardware and software are considered clever and useful, and maybe even a workable compromise for domestic surveillance.
Imagine if the domestic surveillance budget had been spent instead on making Linux into an EAL6+ certifiable system and creating open, verifiable designs for chips and firmware for secure hardware platforms.
Secondly, we often joked that companies have such flawed backup and response procedures that triggering these things has a funny effect. More specifically, a lot of times in our experiences, we saw things like backups, up-scaling servers, etc. go noticeably unmaintained or poorly attended. A lot of people, especially years ago never did a great job of testing their backup systems, failovers, scaling, etc. and kept them up-to-date and secured as well as the main stuff. It's more interesting in some ways in this world of containers and VMs. One would assume things are updated, patched, and deployed exactly inline with the mainline stuff, but that's not always the case. It often takes only one slip-up and this is where a ton of people make mistakes for so many reasons. And sometimes it's easier to manipulate the protection systems to be the vector itself than the systems they are protecting.
That is to say, messing around with services sometimes can be a way of creating an open front or back door. Especially if there's malware and things that can be planted that will be less likely to be caught in the panic or otherwise deployed as a result of the panic response.
Of course all of this is more unlikely, but it's fun to think about in the same way stupid schemes that are similar in heist movies are fun.
You can't just have one without being able to hold all of those responsible accountable.
What Russia is trying to do with us (whether it's to influence our election or just make us seem weak) is very bad and should be met with a proportional response, but calling it an act of war seems a bit too far.
Did you know you're at war with North Korea?
Did you know you're not at war, and have never been, with Afghanistan?
Meaning of all that: what is or isn't "war", an "act of war" or "is" is up to people to define, and international law is easily ignored whenever states think that's a good idea.
The best definition is probably the UN's "act of aggression", see http://www.un-documents.net/a29r3314.htm. That definition does not include provisions for such situations – the only (theoretically) unarmed act of aggression is a blockade.
It reminds me of the run up to the Iraq war. Seems bad.
He's also threatening not just the Russians, but the American citizens as well... that if they try to challenge the system as it is, then the politicians would rather start a major war than to address any concerns of fraud/corruption.
