James Clapper, the Obama administration’s director of national intelligence, is not given to slips of the tongue.奥巴马(Obama)政府的国家情报总监詹姆斯克拉珀(James Clapper)可没口误的习惯。On Tuesday, largely unnoticed amid his remarks on Iran and China, the US spy chief hinted at one of the most significant debates behind the closed doors of the US security apparatus.日前,很多人都没注意到,在公开发表有关伊朗和中国的讲话时,这位美国间谍机关首脑曾就美国安全性机关幕后的最轻大辩论之一收到过似乎。Cyber attacks, Mr Clapper noted, are going to get worse “until such times as we create both the substance and psychology of deterrents”.克拉珀认为,网络攻击愈演愈烈的状况,“将持续到我们创建了实质和心理的双重威慑之际”。Considering the vast sum the US spends on cyber capabilities — so much that many in defence circles liken it to a new Manhattan project — it is a startling admission. “The US has the most capable [cyber] offence in the world and it has zero deterrence value,” says James Lewis, senior fellow at the Center for Strategic and International Studies and project director of the Commission on Cybersecurity for the 44th Presidency.考虑到美国用作提升网络能力的支出数额极大——以至于防务领域的许多人将其转换成新的曼哈顿工程,上述表态是一种令人震惊的接纳。
美国战略与国际研究中心(Center for Strategic and International Studies)高级研究员、美国第44任总统网络安全委员会(Commission on Cybersecurity)项目主任詹姆斯刘易斯(James Lewis)回应:“美国享有全球最强劲的(网络)攻击能力,其威慑价值却为零。”“This is where the debate is moving: some people are now saying ‘maybe we need to retaliate. Maybe we need to do something back’,” says Mr Lewis. “This is a very quiet debate — it’s not very public at all, but these are the kind of discussions the [Pentagon] is having right now.”刘易斯回应:“这场辩论目前的进展是:部分人回应‘或许我们必需背叛,或许我们必需开火’。这是一场十分安静的辩论,显然就没有怎么公开化。不过,这正是(五角大楼)目前正在积极开展的那种辩论。
”“For years a lot of us have been repeating the line from Dr Strangelove that it doesn’t do anybody any good to be building a Doomsday machine if you don’t tell anyone about it.”“多年来,我们中的许多人仍然在反复《奇爱博士》(Dr. Strangelove)里那句台词:如果你修建一台末日机器(Doomsday machine)而不告诉他任何人,那对所有人都没什么益处。”The Russian device, in Stanley Kubrick’s satirical film masterpiece, is supposed to prevent nuclear war by acting as a perfect deterrent: it will automatically retaliate after a US strike. It fails because its existence is kept secret from Washington. With the exception of Stuxnet, a suspected US/Israeli cyber attack on Iran’s nuclear capability, aggressive western cyber activity has been limited.在斯坦利錠布里克(Stanley Kubrick)这部嘲讽电影名作中,那台俄罗斯设备本来是想作为一种极致的威慑,起着制止核战争的起到:该设备不会在美国攻击后自动采行背叛行动。
然而,由于它的不存在性对华盛顿保密,它未起着这种起到。相比之下,除了Stuxnet蠕虫病毒这个值得注意——这种传说中美国与以色列对伊朗核设施发动的网络攻击——西方攻击性的网络活动一直是受限的。The need for a clearer offensive posture is in part gaining popularity as many western governments come to terms with the limits of their defensive efforts to date — and the cost of boosting them further.当众多西方国家政府认识到目前为止他们在防务措施上的局限性、以及强化网络防水的成本之后,采行更加具体反攻态势的必要性在一定程度上受到了人们的青睐。In the US, for example, just 45 per cent of government departments are covered by the National Security Agency’s “Einstein 3” security net, which automatically blocks known malware based on the US’s huge trove of malware signatures.比如,美国只有45%的政府部门受到了美国国家安全局(NSA)“爱因斯坦3号”(Einstein 3)安全性网络的维护。
这种网络需要根据美国珍藏的海量恶意软件亲笔签名,自动屏蔽未知的恶意软件。To boot, national security vulnerabilities extend well beyond the traditional departments of government. And efforts to encourage greater private sector cyber defence have been mixed.此外,国家级安全漏洞的不存在范围,大大远超过了传统的政府部门。而希望私营部门强化网络安全防水措施的希望,也一直效果不一。
In the UK, for example, where intelligence and security services have blazed a trail in fostering greater co-operation with the private sector, there are still big shortcomings. One senior British cyber security official recounts having to inform a FTSE 100 business three times over the course of as many weeks about a serious breach in their systems. Eventually he gave up. “It could ruin them,” he says, “but sometimes I think that a bit of a Darwinian lesson is needed. They’re on their own now.”以英国为事例,该国的情报和安全性服务机构早已打造出了一条地下通道,以便强化与私营部门的合作。然而,整个系统仍然不存在极大短板。一位资深英国网络安全官员详尽描写了他与一家丰时100(FTSE 100)成分股企业做事的过程。
他曾被迫在多周内三次就系统中的一个相当严重漏洞通报这家企业,最后却被迫退出这么做到。他说道:“这个漏洞可能会毁坏了它们。但是,有时候我深感来点达尔文式的教训是适当的。
如今,他们要自己分担适当后果了。”Even as organisations’ cyber walls get higher, attackers’ ladders are getting longer and their tunnels deeper.就算是机构的网络安全围墙建得更高,攻击者的云梯也在缩短,他们打的地道也在加剧。“The increasing sophistication of malware tools, the deep pockets of states using them and the proliferation of organised criminal gangs in this sector make it increasingly difficult to grasp just how serious the issues are,” says Stuart Poole-Robb, a former military intelligence official and now chief executive of the business intelligence group KCS.原军事情报官员、现兼任企业情报集团KCS首席执行官的斯图亚特渠尔-罗布(Stuart Poole-Robb)回应:“恶意软件工具更加简单,用于这些工具的政府财力雄厚以及有的组织犯罪团伙在该领域的蔓延,这让人们更加无法明白这个问题有多么相当严重。
”In 2014, the average so-called “advanced persistent threat” attack lasted 205 days before being detected, according to the digital security vendor FireEye. The countries most targeted in 2015 were the US, South Korea, Japan, Canada, the UK and Germany. And few in western cyber defence circles have any hesitation in identifying the principal culprits: Russia and China, with Iran fast catching up.数字安全性供应商FireEye的数据表明,2014年,所谓的“高级持续性威胁”普通攻击在被找到前持续了205天。2015年最更容易遭到反击的国家是美国、韩国、日本、加拿大、英国和德国。西方网络防务圈的人们完全毫不犹豫就能认为罪魁祸首:俄罗斯和中国,伊朗也在很快跟上。“I would say it’s pretty brazen really. We are being hit by the Russians more or less every day,” says one Nato military cyber defence specialist.北约(Nato)一位军事网络防务专家回应:“我得说道,这知道非常痛骂。
我们每天多多少少都会遭俄罗斯人的反击。”Others are even more explicit. “We are talking about the largest loss of IP [intellectual property] in the history of the world with China,” says a senior US intelligence official.其他人甚至谈得更加隐晦。一位美国高级情报官员回应:“我们正在与中国谈论世界历史上规模前所未有的知识产权损失。
”“People say that it’s not war unless territory is lost or things like that. But what you’ve got is certain actors who are very willing to exploit our dependency on the web to achieve their political objectives,” says Ewan Lawson, senior fellow at the UK’s Royal United Services Institute and former cyber warfare officer of the UK’s Joint Forces Command.曾兼任英国牵头部队司令部网络战争军官、现任英国皇家牵头军种研究院(Royal United Services Institute)高级研究员的尤安劳森(Ewan Lawson)回应:“人们说道,如果不是领土沦亡或者诸如此类的事情,那就不是战争。但你获得的是,某些参与者十分不愿利用我们对网络的倚赖来构建他们的政治目的。”“We could turn the lights off anywhere we wanted to,” says a senior British official with close knowledge of the UK’s offensive capabilities. “But we’re not about to. Part of the problem is in working out what the effects of that would be. And how an adversary would respond. Nobody wants an actual war.”一位十分理解英国防务能力的英国高级官员回应:“我们可以随心所欲地关灯,但我们会这么做到。
问题的一部分在于弄清楚这样做到的后果将是什么。输掉将不会如何应付。没有人想确实的战争。
”The problem is perhaps the extent to which western governments have been slow to realise the extent the cyber domain has changed the notion of warfare itself. Russia’s current military doctrine, for example, envisages future conflicts in which war is never truly declared: instead aggression moves along a sliding scale.问题也许是,西方各国政府过分功能障碍地认识到,网络领域很大地转变了战争本身的概念。例如,俄罗斯当前的军事学说设想,在未来的冲突中总有一天会确实开战,忽略,反击规模不会更加小。
Russia’s aggressive actions in cyber space are all carefully designed to fall short of warranting any kind of serious military or aggressive response.俄罗斯在网络世界中的攻击行为全都是精心设计的,会引发任何类型的根本性军事或反击对此。One of Moscow’s new favoured tactics is to arm crime syndicates with sophisticated hacking tools and malware and subcontract them to undertake operations against adversaries or to mount so-called “false flag” attacks to muddy the water around attribution, says a senior US military cyber command officer.美国网络司令部的一位高级军官回应,莫斯科新近注目的战术之一是,为犯罪集团获取简单的黑客工具和恶意软件,并让他们压制输掉或者发动所谓的“伪旗”反击,蓄意误解反击的源头。“The Russians and the Chinese and the Iranians are deliberately looking to avoid the tripwires in the current international system,” says Mr Lewis. “After the cold war the west defined a game of international security where oddly enough we would tend to win. Well, these guys are playing a different game altogether now.刘易斯回应:“俄罗斯人、中国人和伊朗人故意谋求绕过当前国际体系中的防水措施。
在世界大战完结后,西方定义了国际安全性游戏——十分怪异的是,我们往往不会夺得这场游戏。哦,这些家伙现在在玩一个几乎有所不同的游戏。
”“We’re lining up on the football field. And they are outside the stadium.”“我们在球场上列队,而他们在球馆外面。
本文来源:leyu·乐鱼-www.zgzhusu.net