朝鲜的网络攻击及其在网络冲突中的影响 ~ North Korea's network attacks and network conflicts
Source Sohu 2012-3-06 1641 中華人民共和國
朝鲜的网络攻击及其在网络冲突中的影响
2012-3-06 16:41 来源:搜狐网
网络冲突是一种新型的、复杂的战略性问题,分析了网络冲突与常规军事冲突、网络威慑与核威慑之间的区别,最后指出美国必须通过构建网络冲突标准和限制、加强国际合作、出台国际标准等行动规范网络冲突行为,进而建立网络空间防御体系。美国和韩国网络遭受“拒绝服务”攻击至今。没有人声称对此事件负责,也没有人能够确定攻击者的身份。同许多其它网络事件类似,没有找到有力证据证明谁是元凶。
网络空间使匿名攻击成为可能。在网络空间,真实身份很容易被隐藏或伪造,狡猾的对手通常寻找一个替罪羊来对攻击事件负责。僵尸网络的使用会使溯源问题更加复杂——通过这样一次迭代,攻击方就能利用第三方隐藏其身份。老道的敌人隐藏身份的手段极其高明,“Confickr”蠕虫病毒就是体现这一点的最好示例。“Confickr”是一款感染了全球数百万计算机的恶意软件。许多公司和政府共同协作来阻止其蔓延,但我们仍无法确定是谁制造了“Confickr”,其目的是什么,甚至仍无法明确是否已经从全部被感染的系统中清除。
根据溯源困难的特点,可以得到关于网络冲突的以下几个结论。网络冲突是一种新型的、复杂的战略性问题。既没有适当的政策框架来管理网络空间中的冲突,也没有令人满意的词句来描述它。不确定性是网络冲突中最显着的特点——这是由网络攻击者身份的不确定性、间接破坏的范围和对目标的潜在危害所决定的。许多概念,例如威慑、抢夺优先权、对比性回应,都必须要根据网络环境的不确定性进行修改或调整。
这种不确定性对攻击者和防御者双方都有着重要的政治影响,并且对网络“武器”的使用造成了约束和限制。网络攻击利用软件作为其武器,在内部互联的网络中发动,压制或破坏敌方为政府、经济或军事部门提供服务的能力。高级的网络武器能够造成数据和关键设施的中断或破坏。一系列的网络攻击能够成为一个突发事件,在一段时期内中断关键服务,它可能破坏军事指挥或信息系统,关闭电力供应或石油管道,或中断金融服务。网络冲突将成为未来战争中的一部分,目前,军事强国不仅具备攻击数据和网络的能力,还能够针对依靠这些网络的基础设施发动攻击。
事件并不是一系列的攻击。它更像是一种擂鼓式的示威。攻击者利用基本的技术,并且没有造成破坏。至今,我们还未发现一系列的网络攻击。这仅仅是因为政治上目前没有任何军方承认这种攻击是合法的,并且大多数非国家攻击者还未具备所必需的攻击能力。另外,最后一点弱化了网络恐怖主义的概念。那么,结论可以改为恐怖组织目前缺少发动网络攻击的能力,是因为他们已经拥有这种能力但目前并没有选择使用。显然,这样的修改是毫无意义的。
网络冲突环境是技术原因造成的,而这些技术发展的初衷是为商业交易、多点快捷联结等服务的。冲突的主导者是官方,而实施者是非官方人员,包括商业实体、网络罪犯和恐怖组织,这些都使得网络冲突环境的复杂性加剧。网络空间冲突中,罪犯、间谍和军事人员混杂在一起,导致无法分辨其组成。某些国家已经将网络罪犯发展成为其网络力量的一部分——部分国家用网络罪犯作为其代理或雇佣兵,来针对他国进行攻击。
网络战将不会是一个“清晰的”冲突,这与传统作战领域仅交战方牵扯其中有很大的区别。事实上,网络冲突发生在纷繁复杂的环境中,涉及大量的非作战方,包括盟方、友方和中立的第三方。在网络空间,交战方和非交战方甚至会联结在一起并且互相依赖,所以对一个合理目标的网络攻击将不可避免的会伤害第三方的利益。由国家和非国家的冲突人员所造成的这种互相依赖性、匿名性和多元性混合在一起,使得控制网络冲突成为一项复杂的任务。
针对网络冲突构建战略概念,与核武器的使用有一定的相似性,美国曾花费数年的时间来制定核武器国家安全战略。我们正处于考虑网络冲突与安全之间关系的时期,这与19世纪50年代早期我们集中于核武器安全战略的论证非常相似,并且,早期许多学者比如Brodie, Kahn等关于核武和军控的着作,在如今针对网络冲突方面仍具有指导意义。这样的对比是有价值的,但它夸大了网络武器的破坏力,忽视了网络空间作战所带来的不确定性和复杂性。
网络攻击在什么时候转化成战争行为?
七月初的“朝鲜”网络事件并没有升级为战争行为。这些行为令人厌烦,对某些机构产生了一定困难,但并没有暴力冲突或造成破坏。在目前来看,它与大多数的网络冲突事件类似。网络犯罪行为并没有升级为战争行为,甚至当官方间谍参与时也没有发生——当前犯罪和间谍行为是主导网络冲突的主要活动形态。参与这些活动的个人和国家并不认为是在进行作战,至少目前我们的规则如此,同时缺少网络空间的国际标准也导致这种行为不受约束。如果某国抓到一个间谍,会导致双边紧张,该国会将其驱逐出境,但并不会引发军事行动。
爱沙尼亚和格鲁吉亚的网络事件也没有发展成为战争行为。这两个国家在与俄罗斯的全面冲突中都遭到了有限的网络攻击,但都没有造成伤亡、领土丧失、破坏或者对关键设施的严重中断。针对两个国家的“拒绝服务”攻击目标是制造政治压力和压制政府,但如何响应这种压制性攻击仍然没有解决,特别是根据这种不确定性和隐蔽性来回应的问题。
首先,我们要确定网络空间行动升级为战争行动的上限,即网络空间行动的破坏力何时等同于战争中物理破坏的程度。如果一个国家派出特遣人员或战士在我们的边境引爆管道或者能源站点,同时在网络空间也会存在类似的行为,这种活动不同于犯罪或间谍,那么就可以采取军事行动予以反击。
判断一个网络事件是否是战争行为或者是否可以采取军事行动予以反击,在现行的法律和规范之下,损害国家主权并不是一个可操作的标准。一个更加有力的对网络空间主权的声明能够增强安全性。网络空间最适合被看作“伪公共利益”,使用者能够运用正确的方式在网络空间选择任何路径、到达任何地方。目前有一系列的“互联”协议来阐明公共利益。在目前的互联规则之下,允许跨越国家之间的联通,而不需要提前的检查或核对。这种被动的方式源于商业活动中网络互联的需求协议(其中既有意识形态的原因,也有商业利益的原因)。从根本上讲,这些协议允许自由联通,而忽略了负载。如果将这些协议放到空域之中,就意味着在国家之间,允许任何飞机,不管是军用还是民用,都可以飞跃其它国家的领空而到达目的地。
网络空间并不是远海领域。管理控制存在于所有的网络之中,网络武器也可能会利用这一点来实现其目标——虽然这种控制可能只持续几毫秒。国家性管控也全部应用于网络空间,虽然一些国家并不选择这种方式。任何情况下都不会出现这种情况,即能够收集非网络中计算机之间传递的信息。海底电缆或卫星通信好像是一种例外,但是这些系统之间的通信仍然受限于其所属的国家和法律。
网络空间的法律和管理框架是为商业活动服务的,但同时也为攻击者提供了掩护和隐蔽的可能。西方国家,作为遭受网络攻击最频繁也最受法律限制的世界,如果大家能够共同推进管理的进步和惩罚行动的实施,那么,当一个独裁者在开展网络空间行动时就会受到惩罚。
最后,做出判断某事件是否为战争行为的决定还取决于一个国家的政治领袖。例如,如果不是网络攻击,而是北朝鲜袭击了一艘美国船只,杀害了船员,将船拖到港口,掠夺船只并囚禁所有人员,这是不是一种战争行为呢?答案是应当视情况而定——在这一案例(1968年袭击美国普韦布洛)中,美国选择不采取军事行动进行报复,就像我们对贝鲁特爆炸事件或霍巴塔攻击事件也没有进行报复行动。在授权实施网络反袭击时,领导者需要关于事件原因和间接破坏的准确信息,并且即使这些信息能够得到,他们还要在更大的战略背景之下做出决策,需要对军事行动的风险和效益做出评估,还要考虑有没有替代军事行动的更好方式。
这表明不会存在网络冲突中的自反规则。某些军队规定,当遭遇突然袭击时,指挥员可以出于自身防卫的目标来给以还击,而不需要上级的批准。这一类的规定很难在网络空间实施,这是因为很难找到网络攻击的源头,也很难确定这类反击是否会伤及第三方的利益。
威慑溯源困难和间接破坏预测困难使得威慑战略很难在网络空间发挥作用。威慑是一种报复性的威胁,但是,威胁未知的对手是非常困难的,而威胁或者破坏到错误的一方也是无益的。美国要拥有先进的攻击性网络能力已得到广泛认可,但其产生的威慑效果确是微乎其微的。
由于无法溯源,美国对7.4事件所能采取的反击选择也就非常有限。我们无法对一个未知的攻击者实施报复。威慑是一种暴力报复的威胁。这种威胁能够改变敌方对效果的估算和攻击的价值。但很难对一个未知的攻击者实施威胁,并且溯源困难也使得传统的威慑概念——那些基于对攻击者实施报复的威胁(包括反军事威胁或反经济威胁)——与网络空间威慑有很大区别。
网络空间的内部互联性使得预测间接损失困难。间接损失范围的不确定性包括对目标的无意影响和对第三方互联网络的可能破坏。抑制或中断某网络都可能会影响第三方;例如,一次针对敌方网络的攻击可能会影响一个中立国家的卫星或通信服务。有报告指出,以色列对叙利亚防空网络的网络攻击也破坏了以色列本国的网络。
理论上,传统的威慑是基于间接破坏测量的基础上的。对德国的苏联军队进行袭击会造成盟国和敌国平民的伤亡。但这些行动将保留在国家遭遇明确的军事暴力行为这种极端状况下使用。在某些方面,核武器的间接破坏程度要比网络冲突更容易预测——核武器的爆炸和放射影响不会超出某一区域;在网络空间,间接破坏的影响者可能远离目标。间接破坏的不确定性可能会使网络空间威慑失效,领导者可能不想招致报复性的回击,这回使得冲突扩大或产生更加不利的政治后果。
反攻击的威胁是冷战中威慑战略的基础。但是,这种威慑理论的原理并不适用于网络空间。在冷战中,脆弱性具有双方对等性——双方都有能够要挟对方的城市和人口。网络空间这种双方对等性已不复存在。相比其对手,美国更加依赖于数字网络,这种不对称的脆弱性意味着在网络事件中美国受影响更大。冷战中双方可怕的威胁都有清晰的源头,并且双方对“红灯”和限制都有默认的理解。但网络冲突中却没有这种明确性。非对等的脆弱性、溯源困难和间接破坏预测困难是限制我们在网络空间发展威慑对手能力的三个重要因素。
威慑战略更依赖于响应攻击时使用武装力量的潜在威胁。这需要对意图的声明和对潜在对手关于冲突环境的定义与限制的理解。网络空间的威慑是有限的,因为我们还没有能力确定怎样对网络能力、防御措施和国际协议进行构建,来确保美国及其盟国的安全。最好是通过战略性国际对话的方式,来对网络空间的攻击、防御和多边合作进行权衡,进而最大限度的减小网络攻击的风险。
规范和限制由于缺少明确的、国际认同的网络冲突标准,降低了网络攻击的政治风险。标准能够起到限制冲突范围和规范行为的作用。在攻击者在下定决心之前,需要对敌国的反应进行多方面的评估。而目前在网络空间的冲突并没有明确的标准,也没有对国家级攻击者所进行的限制。攻击者并不希望看到目前的网络冲突升级为更大范围的暴力行动,或者双方关系的中断。他们将继续在这些不明确的限制之下进行活动。
这种限制就是侦察或利用(间谍和犯罪行为)、中断、破坏三者之间的界限。跨越这一界限就会使任何网络冲突进一步升级。另一限制是中断或破坏军事目标与破坏关键设施或其它民用目标之间的界限。这些标准或限制能够接受一定程度的网络冲突,但这也会加剧攻击国超越间谍和犯罪活动的风险。
Rough Mandarin Chinese Translation:
North Korea's network attacks and network conflicts
Source: Sohu 2012-3-06 16:41
Network conflict is a new type of complex strategic issues, conflict with conventional military conflict, the difference between the network of deterrence and nuclear deterrence, and finally pointed out that the United States must strengthen international cooperation by building a network conflict standards and restrictions, introduced The action specification network conflict behavior of international standards, thereby establishing the network space defense system. Networks from the United States and South Korea "denial of service" attacks so far. No one has claimed responsibility for the attack, and no one is able to determine the identity of the attacker. Like many other network events, did not find strong evidence to prove who the culprit is.
Cyberspace anonymous attacks become possible. In cyberspace, the true identity can easily be hidden or forged cunning opponents are usually looking for a scapegoat to be responsible for the attacks. Use botnet makes traceability issues are more complex - through this iteration, the attacker will be able to make use of a third party to hide its identity. Seasoned enemy means to hide their identity is extremely clever; the Confickr worm is the best example of this is reflected. The "Confickr" is a malware infected millions of computers around the world. Many companies and government work together to stop its spread, but we are still unable to determine who made the "Confickr", what its purpose is, and still cannot even clear whether it has been cleared from all the infected system.
Based on traceable difficult, you can get the following conclusions about network conflicts. Network conflict is a new, complex strategic issues. Neither appropriate policy framework to manage conflict in cyberspace, there is no satisfactory words to describe it. The uncertainty is the network conflict most notable feature - this is identity uncertainty by cyber-attacks, determined by the range of collateral damage and potential harm to the target. Many of the concepts such as deterrence, snatch priority, comparative response must be modified or adjusted according to the network environment of uncertainty.
This uncertainty of attacker and defender both have important political implications, and the constraints and limitations caused by the use of the network "weapons". Network attacks using software as its weapon, launched in the interconnected network, suppress or destroy the enemy's ability to provide services for the government, economic or military department. The advanced networks weapons capable of causing disruption or destruction of data, and critical facilities. A series of cyber-attacks to become an unexpected incident, interrupt critical services over a period of time, it may undermine the military command or information system, turn off the supply of electricity or oil pipelines, or interruption of financial services. Network conflict will become part of future wars, military powers not only have the ability to attack data and network, and also be able to rely on these network infrastructure attacks.
The event is not a series of attacks. It is more like a Leigu-demonstrators. Attacker using basic technology, and there is no damage. So far, we have not yet discovered a series of cyber attacks. This is only because no military in the political recognition of such attacks are legitimate, and most of the non-state attacker not yet have the necessary ability to attack. Lastly weakening the concept of cyber-terrorism. In conclusion, then, can be changed to a terrorist organization currently lacks the ability to launch cyber-attacks, because they already have this ability, but did not choose to use. Obviously, such changes are meaningless.
Network conflict environment is due to technical reasons, the original intention of the development of these technologies for commercial transactions, multi-point quick links services. The conflict is the official leader, while the perpetrators of unofficial members, including commercial entities, cyber-criminals and terrorist organizations, these are the complexity of the network environment of conflict intensifies. Cyberspace conflict, criminals, spies, and military personnel are mixed together, cannot distinguish the composition. Some countries has been the development of cyber-criminals become part of its network power - some countries the cybercriminals as its agent or mercenary, an attack against another state.
Network war will not be a "clear" conflict, only with the traditional combat areas belligerents involved where there is a big difference. In fact, the network conflicts occur in a complex environment, involving a large number of non-combat side, including UNITA party, friendly and neutral third party. In cyberspace, the belligerents and non-belligerents even linked together and depend on each other, so a reasonable target of cyber-attacks will inevitably harm the interests of third parties. This mutual dependence caused by state and non-state conflict, anonymity and diversity mixed together, making control network the conflict become a complex task.
To build strategic concept for network conflicts, certain similarities with the use of nuclear weapons, and had spent several years in the United States to develop nuclear weapons national security strategy. We are in a period of time to consider the relationship between the network conflict and security, which the early 1850s, we focus on the argument of nuclear weapons security strategy is very similar, and many early scholars such as Brodie, Kahn forward to make nuclear weapons and arms control In today still have guiding significance for the network conflict. This comparison is valuable, but it exaggerated the weapons and the destructive power of the network, ignoring the uncertainty and complexity of cyberspace operations.
Network attacks when transformed into an act of war?
”North Korea "networking event in early July and did not upgrade to an act of war. This act irksome produces some difficulties for some institutions, but there is no violent conflict or damage. In the present situation, it is similar clashes with most of the network. Network crime and did not upgrade to an act of war, even when the official spy participation did not happen - the current crime and espionage is the main activities of the dominant network conflict morphology. The individuals and countries involved in these activities are not considered during combat, at least for the time being, our rules so, while the lack of international standards of cyberspace also lead to such behavior unfettered. If a country is to catch a spy, would lead to bilateral tensions, the Congress expelled, but does not lead to military action.
The network events in Estonia and Georgia did not develop into an act of war. The full-scale conflict with Russia, the two countries have been a limited number of network attacks, but there were no casualties, territorial loss, destruction or serious disruption of critical facilities. Create political pressure for the two countries, "denial of service" attacks target government and repression, but how to respond to such a repressive attack is still not resolved, in particular, to respond to this uncertainty and hidden.
First of all, we want to determine the upper limit of cyberspace escalation of hostilities, when the destructive power of cyberspace action is equivalent to the physical extent of the damage in the war. If a country sent the task personnel or soldiers detonated in the border pipelines or energy site, at the same time there is a similar behavior in cyberspace will, such activity is different from a criminal or a spy, and then you can take military action to fight back.
Determine whether a network event is an act of war, or whether to take military action to counter the harm national sovereignty is not an operational standard, under the existing laws and norms. A more powerful declaration of the sovereignty of cyberspace to enhance security. Cyberspace is best to be seen as a "pseudo-public interest", the user be able to use the right to choose any path in cyberspace, to arrive anywhere. There are a series of "interconnection" agreement to clarify the public interest. Under the interconnection rules allow across the country between Unicom, without the need for checks or check in advance. This passive demand from the commercial activities in network interconnection agreement (including both ideological reasons, commercial interests). Fundamentally, these agreements allow freedom Unicom, while ignoring the load. If these agreements are put into the airspace between countries means allow any aircraft, whether military or civilian, can leap the airspace of other countries and to reach the destination.
Cyberspace is not far from the sea area. Management controls exist in all network, cyber weapon may use it to achieve its goals - although this control may only last a few milliseconds. All national control applied to cyberspace, some countries do not choose this way. Any case this does not happen, that is able to collect the information passed between the computers in the non-network. Submarine cable or satellite communication seems to be an exception, but the communication between these systems is still limited to the state and the law to which they belong.
The the cyberspace legal and regulatory framework for business services, but also for the attacker to provide cover and concealment may. Western countries, as the most frequently suffered cyber attacks are also the world's most popular legal restrictions, if we can work together to promote the advancement of management and the implementation of punitive action, then, when a dictator conduct cyberspace operations will be punished.
Finally, the judge whether an event is the decision as an act of war depends on a country's political leaders. If, for example, is not a network attack, but North Korea attacked an American vessel, killing the crew, the boat onto the port, plundering ships and imprisoned all personnel, this is not an act of war? The answer should be, as the case may be - in this case (the 1968 attacks on the U.S. Pueblo), the United States chose not to take military action in retaliation, as we the Beirut bombings, or Huo Bata attacks also no retaliatory action. Authorize the implementation of network anti attacks, leaders need accurate information about the cause of the incident and collateral damage, and even if they are able to get them but also in the larger strategic context of decision-making, the risk of military action is required and benefit assessment, should also be considered that there is no alternative to military action, a better way.
That does not exist the network conflicts reflexive rules. Some army regulations, suffered a sudden attack, the commander for the goal of self-defense to give fight back, without the need for approval of superiors. The provisions of this kind is difficult to be implemented in the network space, this is because it is difficult to find the source of network attacks, and also difficult to determine whether such counter will hurt the benefit of a third party.
Deterrence the traceable difficult and collateral damage prediction difficult deterrence strategy is difficult to play a role in cyberspace. Deterrence is a retaliatory threat, but the threat of an unknown opponent is very difficult, and the threat of destruction to the wrong party is unhelpful. The United States has advanced offensive network capacity has been widely recognized, but its deterrent effect is really minimal.
Not traceable, 7.4 event that can be taken to counter the choice will be very limited. We cannot be an unknown attacker in retaliation. Deterrence is the threat of a violent retaliation. This threat can change the value of the enemy estimate of effect and attack. But it is difficult for an unknown attacker implementation of the threat, and also makes the traditional concept of deterrence and traceability difficult - those based on the attacker implementation of the threat of retaliation (including anti-military threats or counter threats) - cyberspace deterrence There are big difference.
The network interconnect space makes the prediction indirect losses difficulty. Indirect loss of range of uncertainty is not intended to affect, and third-party Internet could undermine. Inhibition or interruption of a network may affect third parties; For example, once an attack against enemy networks may affect satellite communications services of a neutral country. There are reports that Israel attack on Syria's air defense network also undermines Israel's national network.
In theory, conventional deterrence is based on the basis of collateral damage measurement. Soviet troops in Germany attacks cause allies and enemy civilian casualties. These actions will remain in countries suffering from a clear military violence such extreme conditions. In some respects, the indirect extent of the damage than nuclear weapons network conflicts easier to predict - the explosion of nuclear weapons and radiological impact does not exceed a certain region; indirectly undermine the impact may be far away from the target in cyberspace. The indirect damage uncertainties may cause cyberspace deterrence fail, leaders may not want to incur the vengeful comeback, this time making a wider conflict or more adverse political consequences.
The threat of counter-attack is the basis of Cold War deterrence strategy. However, this principle of deterrence theory does not apply to cyberspace. In the Cold War, the vulnerability of reciprocity - both sides are able to blackmail the other side of the city and the population. Cyberspace this reciprocity has ceased to exist. Compared to its rival, the United States is more dependent on digital networks, vulnerability means that this asymmetry in the network events affected. Dire threat in the Cold War, the two sides have a clear source, and the two sides have "red light" and limit the default understanding. Network conflict, but there is no such certainty. Non-peer vulnerability traceable difficulties and indirect damage prediction difficult is the limit three important factors in the development of cyberspace deterrence opponents ability.
Deterrence strategy depends on the response to the potential threat of the use of armed attack. This requires understanding of the statement of intent and potential adversary’s definitions and restrictions on post-conflict environment. Cyberspace deterrence is limited, because we have not the ability to determine how to build network capacity, defensive measures and international agreements, to ensure the security of the United States and its allies. Best through strategic international dialogue, cyberspace attack, and defense, and multilateral cooperation, trade-offs, and thus reduce the maximum risk of cyber-attacks.
Norms and restrictions due to the lack of a clear international recognition standard network conflicts and reduce the political risk of network attacks. Standards can play a role to limit the conflict range and normative behavior. Attacker before determination, much enemy reaction assessment. Conflict in cyberspace and there is no clear standard also no restriction National attacker. The attacker does not want to see the current network escalation of the conflict as a wider range of violent actions, or interrupt bilateral relations. Activities they will continue in these clear limitations.
This limitation is reconnaissance or use (spy and crime), interrupt, and destroy the boundaries between the three. Across the boundaries will make any network conflict from escalating further. Another limitation is the disruption or destruction of military targets and destroys key facilities or other civilian targets between the boundaries. These standards or limit network able to accept a certain degree of conflict, but also aggravate the attacker country beyond the risk of espionage and criminal activities.
在讨论标准和限制之前,首先有一点必须要得到认同,即如果对某一目标的物理攻击是合法的,那么使用网络武器对其攻击也是合法的。在最小程度上,攻击敌方的军事网络和信息,或支撑关键设施的网络,对这种攻击实施防御可以看作合法的军事行动,但是第三方互联的程度使得有意和无意、合法与非法之间的界限变得模糊。建立一个将目标按照从损坏到非战斗递减的顺序排列的标准,如从军事网络到关键设施、再到其它民用网络,能够为报复行动提供一个科学的限制标准。
但是,目前网络空间还没有对什么目标是合法目标这一问题形成统一认识与理解。一种方法是,声明如果对某一目标的物理攻击是合法的,那么使用网络武器对其攻击也是合法的。对建立网络“避难所”的讨论忽略了第三方关于合法与非法攻击之间的界限。对能源供应的中断攻击即会影响军事目标也会影响民用目标。针对关键设施的网络攻击使得避难所没有存在的可能性。
疏忽且未知的破坏使得第三方网络承担着真实的政治风险。网络空间的高度互联性意味着针对敌方的攻击即会对第三方造成破坏,也有可能对攻击者自身产生影响。从某种程度上讲,对支撑全球互联的协议或基础设施的攻击是“自毁”性的,它会对目标、攻击者和中立方的全球网络都造成破坏。可能会有某些国家会选择这种进攻方式,但它们属于极端国家。非国家攻击者面临的限制更少,但它们会由于自身对全球互联网的需要而对进攻做出妥协。
还有一个问题需要考虑,我们是否需要这么快就把网络冲突从它的政治背景中剥离出来。给出威慑的限制,对于像美国这样的脆弱性较高的国家,将会从建立国际标准中获得更大的利益。这种行为将会改变威慑评估(通过减少敌方对发动网络攻击的成功可能性)。
对网络攻击的政治限制这些模糊的标准,正是由于风险和不确定性的考量,从政治上限制了攻击国领导人可能会选择的行为。网络冲突会制造政治风险。发现当然就需要承担风险,但更重要的是,将攻击范围扩大到其它网络,或将纯军事目标扩大到民用目标,比如关键基础设施,就会带来更大的风险。对第三方网络的无意破坏,包括中立方和盟国,也需要承担一定的政治风险。增大攻击的强度、扩大攻击的范围都会使风险进一步加大。网络攻击的政治后果问题,以及能否将其中的间谍活动、利用活动、中断活动、破坏活动分开的问题,都值得进一步商榷。只有少数几个国家——俄罗斯、中国、以色列、法国、美国、英国,可能有一小部分技术高超的网络罪犯——拥有发起网络攻击的能力,并能够造成严重而长期的破坏,进而将其升级为战争行为。一次针对基础设施的复杂攻击需要计划、侦察、资源和技能,而这些目前只有这几个国家拥有这种能力。作为他们军事战略的一部分,这些国家为应对可能发生的危机,很可能已经做出了相应的网络攻击计划。而大多数的非国家级黑客并没有具备这样的能力。
严重的网络攻击事件不可能孤立于一些较大冲突之外。在现实世界而不是网络空间中,很少会出现这样的例子,某国针对另一国家(特别是大国)采取隐蔽的阴谋破坏活动,除非在战争或者冲突一触即发的时刻。对一个国家而言,严重网络攻击(对比间谍活动而言)的政治限制是非常高的,其高度几乎相当于对常规军事行动的限制。在最小的程度上看,这表明一次严重的网络攻击是一种先兆、一个警告,预示着更加严重的冲突即将发生。
但是,如果没有更加严重的冲突,一个国家宁愿向对手发射导弹,也不愿发动一次严重的网络攻击。因为其风险太大,并且对于政治家而言好处又太小,尤其是当其决定采取军事行动时。网络武器并不是决定性的;网络攻击自身并不能导致冲突的胜利,特别是针对一个强大的对手时。目前,还没有任何超越间谍或犯罪活动的网络攻击存在于军事冲突之外。
甚至在冲突中,一次针对敌方国家内民用目标的网络攻击都会带来较大的风险。与海外美军交战和攻击美国的关键设施是不同的。许多国家会保留这些针对敌方国内目标实施网络攻击的能力,以待敌方实施类似攻击时进行报复,或敌方采取极端手段时实施报复行动。
核战略发展到最后也会陷入这种模式,即只有当极端情况发生时才会使用核攻击,一般情况下核武器攻击是保留的。对针对敌方领土内民用目标的网络攻击而言,必须要慎重考虑这种模式是否适用。我们和我们的对手都不愿意放弃在网络空间中使用间谍活动或低层次的中断行动,但更加严重的攻击手段似乎都已经进行了保留,来应对更加恶化的情况。那么,网络响应的威慑价值就能够得以增强,因为我们应经将最严重的攻击报复手段(那些能够对关键基础设施进行重大破坏的手段)进行了保留。
网络空间的非国家性攻击者对于非国家性攻击者而言,他们并没有面对上述由网络攻击产生的政治限制。相比国家性攻击者,他们所受的来自军事力量的威胁更小。从理论上讲,一个非国家性攻击者可以雇佣网络罪犯发动一次攻击,而这种攻击能力恰恰是他们所欠缺的,并且,有媒体报道以色列怀疑哈马斯或黎巴嫩真主党可能已经雇佣了俄罗斯网络罪犯对其网络进行攻击。
但是网络罪犯的活动是有政治背景的。最高明的非国家级攻击者生活在“避难所”之中,政府对他们的活动是基本容忍的。一种非官方的在政府与网络罪犯之间的处理方式是,当网络罪犯的犯罪活动能够限制在主国范围之外,并且达成了政府所要求的攻击要求,就能够得到认可。这样,网络罪犯可以生活的很好,本地经济也获益,并且政府也能够从中得到一种强有力的武器来实现其政治目的,爱沙尼亚或格鲁吉亚案例充分说明了这一点。
我们不能忘记,许多国家已经成为了网络犯罪的天堂,他们将资金大量投入到通信监测等大量的警用工具软件之中,以此来谋求其政治上的控制。那种认为这些国家认可网络犯罪行为是出于无知的理由显然是根本无法让人接受的。要知道黑客在他的设施被切断、大门被打碎、计算机被收缴之前,他要将视线从塔林转向克里姆林宫只剩下短短几个小时的时间。
但是,对于这种高级且持续的网络犯罪活动的容忍,对国家来说还有一些好处。在一定程度上它能够限制网络恐怖活动行为。许多高级的网络罪犯在其进行活动时,都在遵循一系列不成文的规则。金融犯罪活动,数字资源盗取活动,政治激进活动和网络敲诈活动都能够容忍。而针对国家并接近战争边缘的活动,使网络冲突进一步升级的活动却是不能容忍的。高级网络罪犯所处的政治环境会使他们成为许多恐怖组织的雇佣军。
一个拥有强大网络攻击能力或拥有大量高级网络罪犯的国家,能够决定是否为恐怖组织提供网络攻击能力,这即可以通过直接支援也可对网络犯罪活动默许的方式来实现,但一旦被发现这种行为将充满极大的政治风险。更重要的是,这种攻击可能会反过来伤及其自身利益。拥有强大网络攻击能力的国家——以色列、法国、俄罗斯、美国、英国、中国——都不可能支持极端网络活动。
由于网络罪犯为恐怖组织开展网络攻击充当雇佣军,他们都要得到其所在国家政府的默许才行。容忍网络犯罪活动的国家有自己对极端行为的认识,除非发生导致政治失衡的事件,一般情况下这些国家都不希望看到自己高级的网络罪犯变成恐怖组织的雇佣军。至少目前能够看出,对于恐怖组织而言,特别是伊斯兰恐怖分子,他们很难获取到这样的能力。
即使我们接受对这种网络恐怖雇佣行为的政治限制,其它的发展趋势表明高级塞卜武器运用于恐怖行为(如果当前发展趋势没有变化)是无法避免的。一个高度繁荣的黑市,其充斥着大量的软件攻击工具、个人信息、僵尸网络和其他犯罪服务,将会支撑着网络犯罪活动。这些服务都能买或租到,或者雇用一名黑客来实施攻击。此时,黑市上能够买到的东西显然无法满足高级网络攻击的需要。在未来几年后这种情况就会出现。
粗略估计,高级情报机构的网络能力与黑市上能买或租到的网络能力之间可能会有3到8年的技术差距。这个结论的证据可能比较模糊片面,但这种趋势在近20年以来却一直存在。这也表明,10年之后,也可能更短时间之后,恐怖组织会涉足网络犯罪黑市来获取其所需要的网络攻击能力。
信心并不能取代防御目前,仅有少数拥有强大能力的国家能够实施一次严重的网络攻击。但是除非遇到非常大的危机(虽然我们仍要继续发展隐蔽侦察能力和网络攻击能力),这些国家都不愿意采取这种行为。目前,非国家性攻击者所实施的严重网络攻击仅在一种情况下发生,即某个拥有强大能力的国家决定支持这些攻击者(包括对高级网络罪犯的包庇,帮助其隐藏行踪等)。
目前,没有任何一个拥有强大网络能力的国家愿意提供这种支持。上述6个国家或类似国家都未与极端分子有联系,都处在恐怖主义的风险之下,他们既不愿帮助非国家性攻击者,也不愿提供其它的武器或支援。但是,随着网络技术的持续发展,黑市上所提供的能够用以发动严重网络攻击的工具越来越充足,并且随着非国家性攻击者技术的提高,我们必须要认识到,由于政治原因而使国家对非国家性攻击者限制的可能性越来越小。
这些对美国的影响也比较大。我们最多还有几年的时间,通过将健壮性和灵活性注入到网络和关键基础设施来巩固我们的防御,通过构建现代化的法律体系来保证足够的安全。我们现行的防御体系显然无法抵御强大敌人的攻击。美国需要制订相关策略和计划,使网络攻击成为国家能力的一个工具。通过减少风险的方式来改造网络冲突国际环境,通过构建网络冲突标准和限制、与他国建立网络关系来赢得国际支持(就像我们处理核扩散问题一样),就能够妥善处理并从中获益。坦白的说,许多学者并不相信美国能够妥善处理此事,一次成功的大型攻击事件才能鞭策美国做出改变。
Rough Mandarin Chinese Translation:
However, cyberspace is not what goal is a legitimate objective of a unified knowledge and understanding. One method is the declaration of a target's physical attack is legitimate, then use the network weapons of their attack is legitimate. Ignored a third-party networking "refuge" discussion about the boundaries between legal and illegal attacks. Energy supply interruption attack that will affect military targets to will affect civilian targets. Cyber-attacks against critical facilities makes the possibility of refuge does not exist.
Negligence and destruction unknown to bear the real political risk so that the third-party network. Highly interconnected means of cyberspace attacks against the enemy that is interested third party damage, may also impact attacker. To some extent, to support global Internet protocol or infrastructure attack is "self-destruct" sex, it would have the goal of the attacker and neutral global network damage. There may be some countries will choose the way of attack, but they belong to an extreme nationalist. Fewer restrictions faced by non-state attacker, but due to their own needs of the global Internet, they will on the offensive to make compromises.
There is another problem to consider whether we need to put the network conflict so fast spun off from its political background. Given the limitations of deterrence, the high vulnerability of countries like the United States this will gain more benefits from the establishment of an international standard. This behavior will change deterrence assessment (by reducing the likelihood of success of the enemy to launch cyber-attacks).
These vague standards of political constraints of network attacks, it is due to the consideration of risks and uncertainties, limited political attack leaders may choose behavior. Network conflict will manufacture the political risk. Found that of course you need to take risks, but more importantly, to expand the scope of the attack to other networks, or purely military targets expanded to civilian targets, such as critical infrastructure, it will lead to greater risk. Inadvertent destruction of the third-party network, including cubic and allies, also need to assume a certain degree of political risk. Increase the intensity of attacks, expanding the attack range will further increase the risk. The political consequences of cyber-attacks, and whether the espionage, the use of activities, interrupt activity, sabotage activities separate issues are worthy of further discussion. Only a few countries - Russia , China , Israel , France , the United States , the United Kingdom , there may be a small part of a highly skilled cyber criminals - have the ability to launch cyber-attacks and can cause serious long-term damage, further upgrade as an act of war. Need to plan time for complex infrastructure attack, reconnaissance, resources and skills, which are currently only a few countries have this capability. These countries as part of their military strategy in response to the crisis that may occur, is likely to have made the network attack plan. While most of the non-national hacker does not have this ability.
Serious network attacks can not be isolated in some of the larger conflict. In the real world, rather than cyberspace, few appear this example, one country against another country (especially the big powers) to take covert sabotage, unless explosive moment in the war or conflict. Political constraints of a country, in terms of the serious network attacks (compared espionage) are very high, and its height is almost equivalent to the limit of conventional military operations. Point of view in the smallest degree, this indicates a serious cyber-attack is a harbinger, a warning, indicate a more serious conflict is about to occur.
However, if there is no more serious conflict, a country prefers to opponents fired missiles do not want to launch a serious network attacks. Benefits for politicians because it is too risky, and too small, especially when it decided to take military action. Cyber weapon is not decisive; cyber-attack does not lead to victory in the conflict, especially against a formidable opponent. Currently, there are not any network attacks beyond espionage or criminal activities exist outside the military conflict.
Even in conflict, once cyber-attacks against civilian targets in enemy countries will bring greater risk. With the critical facilities overseas U.S. military at war and attack the United States is different. Retaliation, many countries will retain the ability to network attacks against the enemy domestic goals, the implementation of a similar attack to be enemy or enemy to take extreme measures to retaliate.
Nuclear strategy development to that they would eventually fall into this pattern, and that use of nuclear attack only when extreme happens, nuclear weapons attack in the general case is reserved. Cyber attacks against civilian targets in enemy territory, must carefully consider whether this model applies. Us and our opponents are not willing to give up to use the the espionage or low-level interrupt action in cyberspace, more serious attacks seems to have retained to deal with the situation worse. Well, the deterrent value of the network response can be enhanced, because we should be retained after the most serious attack retaliation (significant damage to critical infrastructure means).
Non-state attacker in cyberspace for non-state attacker, they did not face political constraints generated by network attacks. , They have suffered from the threat of military force is smaller compared to the national sexual assault. In theory, a non-state attacker can hire cyber criminals to launch an attack, which attack capability is precisely their lack, and media reports that Israel suspected Hamas or Lebanese Hezbollah may have hired Russian attack the cybercriminals its network.
But the activities of cybercriminals political background. National attacker wisest life refuge "among the activities of the government of their basic tolerated. An unofficial approach between the Government and the cybercriminals, when the network of criminals and criminal activities can be limited outside the scope of the host country, and reached attacks requirements required by the government, will be able to be recognized. Thus, cybercriminals can live well, also benefit the local economy, and the government can get a powerful weapon to achieve its political objectives, Estonia or Georgia case fully illustrates this point.
We cannot forget that, in many countries has become a haven for cybercrime, they will be a large amount of capital into the communication monitoring a large number of police use of software tools in order to pursue their political control. The idea that these nationally recognized network crime for ignorant reasons obviously cannot people accept. To know the hacker was cut off in his facility, the door was broken before the computer was confiscated, he want attention from Tallinn to the Kremlin only a few hours’ time.
However, for such advanced and ongoing network tolerate criminal activities of the country there are some benefits. To some extent, it can restrict the behavior of network terrorist activities. Many advanced cyber criminals in their activities, are to follow a set of unwritten rules. Financial criminal activities, digital resources steal activities, political activism and cyber-extortion activities are able to tolerate. Activities for the country and close to the brink of war, so the activities of the network further escalation of conflicts but it will not be tolerated. The senior political environment in which cybercriminals causes them to become mercenaries of many terrorist organizations.
A strong network attack capabilities or countries with a large number of senior cybercriminals can decide whether to provide network attack capabilities as a terrorist organization, this that can directly support can also be of cybercrime activities acquiescence to achieve, but once discovered behavior will be filled with a great deal of political risk. More importantly, this attack may in turn hurt their own interests. The country has a strong network attack capabilities - Israel , France , Russia , the United States , the United Kingdom , China - are impossible to support the extreme network activity.
As cybercriminals become mercenaries and terrorist organizations to carry out cyber-attacks, they should get the job of their national government's acquiescence. Tolerate cybercrime activities in the country have their own understanding of the extreme behavior, unless the occurrence of events that lead to political imbalance, under normal circumstances, these countries do not want to see the advanced cybercriminals become the mercenaries of the terrorist organization. At least for the time being can be seen, for terrorist organizations, particularly the Islamic terrorists, they are difficult to get to this ability.
Even if we accept the political restrictions on the employment practices of this network of terror, and other trends that senior Sebo weapons used in terrorist acts (if current trends do not change) can not be avoided. A highly prosperous black market flooded with a large number of software attack tools, personal information, botnets and other criminal services will be supported by the cybercrime activities. These services can buy or rent, or hire a hacker attack. At this point, be able to buy things on the black market is clearly unable to meet the needs of the advanced network attacks. This will occur in the next few years.
There may be 3-8 years, the technology gap between rough estimate, the network capabilities of the intelligence agencies on the black market to buy or to rent network capacity. Evidence of this conclusion may be more vague and one-sided, but this trend has been nearly 20 years since. This also shows that, after 10 years, may also be more after a short time, terrorist organizations will be involved in cybercrime black market network attack capabilities they need to get.
Confidence and not a substitute for defense, only a small number of countries has a strong ability to be able to implement a serious network attacks. But unless a very big crisis (although we still need to continue to develop the the covert reconnaissance capabilities and network attack capability), these countries are not willing to take this behavior. Currently, the serious network attacks by non-state attacker only occurred in one case, a country that has a strong ability decided to support these attacks (including harboring senior cybercriminals help hide the whereabouts).
Currently, there is a powerful network capacity countries are willing to provide this support. None of the six countries mentioned above or similar countries with extremists are at risk of terrorism, they are unwilling to help the non-state attacker, but also do not want to provide other weapons or support. However, with the continued development of network technology, the tools to launch a serious network attacks on the black market, more and more abundant, and with non-state attacker improve, we must recognize that, for political reasons leaving the country to limit the possibility of non-state attacker is getting smaller and smaller.
Those of the United States is relatively large. Up there a few years’ time, the robustness and flexibility injected into the network and critical infrastructure to consolidate our defense, build a modern legal system to ensure adequate security. Our current defense system is apparently unable to resist the attacks of powerful enemies. The United States needs to develop strategies and plans, cyber-attacks become a tool of national capacity. The transformation of the way by reducing the risk of the network conflict international environment, networking relations with other countries by building a network conflict standards and restrictions, to win international support (as we deal with the problem of nuclear proliferation), will be able to properly handle and benefit from. Frankly, many scholars do not believe that the United States can properly deal with the matter, the first successful large-scale attacks in order to spur the United States to make a change.