俄格战争是网络战的一次实践 The Russian-Georgian war seen as network warfare practice
Source: China Network 2013-3-01 1354 中華人民共和國
俄格战争是网络战的一次实践
2013-3-01 13:54 来源:中国网
多年以来,军队就一直采用电磁攻击在战场破坏敌人的通信系统,而现在又增加了多种信息战能力。2008年8月对格鲁吉亚的网络战役也许是一个最好的例子,说明如何适当地在现代化的战场运用计算机网络攻击这个最新的信息战能力。在那次战役中,俄罗斯及其支持者通过互联网破坏了格鲁吉亚关键的媒体网站,所采用的是称为阻绝网络服务的网络防御时代新出现的电子战干扰技术。
这些网络攻击的行动速度和多方向性坚持了传统的军事密集技术,压制了格鲁吉亚目标的网络防御。攻击部队高度分散,但是其作战行动同步而且集中,使得格鲁吉亚几乎不可能做出任何防御反应。这次网络战役的主要目的是支持俄罗斯对于格鲁吉亚的入侵,网络攻击巧妙地配合了军事入侵计划。许多网络攻击都明显是计划好了的,使得格鲁吉亚难以确定发生了什么事情。格鲁吉亚没有能力维持其网站运转立刻损害了其士气。这些攻击也起到了延误国际上对于南奥塞梯地区的冲突做出反应的作用。
从针对格鲁吉亚的网络战役可能学习到的最为重要的战略经验就是网络攻击是战场上一种可行的军事选择。另一点经验就是可以从一个遥远的安全位置发动网络攻击,还有一点经验则是在某些情况下,战场指挥员从战略上考虑要限制对于目标的物理损害,则可以采用这些作战行动。
尽管针对格鲁吉亚的网络战役在战术上取得了成功,但是对敌人的信息系统进行网络攻击来代替传统的攻击,例如空中打击或者由特种作战部队直接进攻,还是有几方面的缺点。缺点之一是网络攻击并不产生像动态攻击那样的可以计量的后果。其原因就在于如果目标系统进行某些常规改进(例如应用程序层面的修补)的话,特殊的网络攻击就常常会失去作用。在作战双方势均力敌的情况下,因为实施防御比开发网络攻击技术更容易更快,因此多数网络攻击中防御者反而具有战术优势。
尽管存在这些技术和战术限制,计算机网络作战在未来的军事冲突中仍有很大的潜力。例如,在工业战争时代破坏关键目标常常要通过物理方法进行,因此需要接近目标区域。而在网络防御时代,对工业目标实施网络破坏的可能性呈指数地增加。主要的国家已经有能力破坏具有战略价值的民用行业中的信息系统。这些关键基础设施包括机场、发电厂、堤坝、油气管道、炼油厂、海港、铁道和制造设备。战争的历史表明这些工业设施都是攻击破坏的目标。
Rough Mandarin Chinese Translation:
The Russian-Georgian war is a network warfare practice
2013-3-01 13:54 Source: China Network
Over the years, the army has been using electromagnetic attack to destroy the enemy on the battlefield communication system, and now has added a variety of information warfare capabilities. Network campaign against Georgia in August 2008 may be one of the best examples to illustrate how appropriate the modern battlefield use of computer network attack on the latest information warfare capabilities. In that battle, Russia and their supporters through the Internet undermine Georgia's key media website, called denial of network services, a new era of network defense electronic warfare jamming technology.
The action of these cyber-attack speed and multi-directional adhere to the traditional military-intensive technology, and suppression of the target network defense in Georgia. The attacking forces highly fragmented, but its operations synchronization and concentrated, Georgia is almost impossible to make any defense reaction. The main purpose of the network battle is to support the Russian invasion of Georgia, cyber-attacks skillfully with a military invasion plans. Many network attacks obvious plan of Georgia is difficult to determine what happened. Georgia cannot afford to maintain its website operation immediately undermine its morale. These attacks also played a delay of the international community to react to the role of conflict in South Ossetia region.
From the network battle for Georgia may learn the most important strategic experience is that cyber-attacks is the battlefield a viable military option. The experience of another point is to launch a cyber-attack from a remote secure location, a little more experience in some cases, battlefield commanders considered strategic To limit the physical damage to the target, you can use these operations.
Network campaign against Georgia tactical success, but cyber-attacks on the enemy's information system to replace the traditional attacks, such as air strikes against direct attack or by special operations forces, there are still a few aspects of shortcomings. One of the drawbacks is that the network attack does not produce consequences that can be measured as the dynamic attack. The reason is that if the target system, some general improvements (such as application-level repair), a special network attacks often lost. Combat the sides are evenly matched, as a result of the implementation of the defense and development of network attack techniques easier and faster, so the majority of network attacks defender but has a tactical advantage.
Despite these technical and tactical restrictions, computer network operations in future military conflicts there are still a lot of potential. For example, in the era of industrial war to destroy key objectives often by physical methods, and so close to the target area. In the era of network defense, network destroyed the possibility of industrial targets increased exponentially. The major countries have the ability to destroy the the civilian industry with strategic value of information systems. These critical infrastructure, including airports, power plants, dams, oil and gas pipelines, oil refineries, seaports, railways and manufacturing equipment. The history of war shows that these industrial facilities are to attack and destroy the target.
虽然常规部队能够进行有效的破坏,但是信息战部队能够进行破坏战斗而不会引起目标的物理损坏也不会造成士兵的伤害。信息战部队能够使用的网络破坏技术包括使用武器化的计算机病毒或计算机网络蠕虫。可能最为有效的技术是将“逻辑炸弹”插入目标所依赖的信息系统。这些恶意程序可以在进行特殊作战而将其触发的几个月甚至几年之前通过多种手段引入。
一个未曾公开的事件发生在一次没有公开的演习期间。我在一个通用UNIX平台上亲自制作了一些特殊代码来模拟硬件失效。代码所生成的警告讯息包含平台卖主的有效的支持电话号码,电子邮件地址和网站地址。与卖主公司就硬件问题进行技术联系之后,卖主在两个星期的时间内派来了多班技术人员更换平台中的各种硬件。更换元件不能解决问题,技术人员就把问题交给上级支持部门处理。最后,由于支持部门和卖主都不能确定问题所在,演习结束。演习期间,一个假想的信息系统硬件失效问题花费了几百小时的人力和几千美元的资金。
我们没有了解到解密的军队部署逻辑炸弹的历史事件,但是有一些来自民用部门的例子。其中的一个例子是一名心怀不满的职员将逻辑炸弹植入UBS PaineWebber公司的计算机中,并将其引爆,消去了约2,000台公司计算机的关键文件。据报道说,一些受侵袭的计算机脱机达数星期之久,影响了公司的日常业务。2008年,美国的Fannie Mae抵押公司的职员意外地阻止一次类似的事件,否则逻辑炸弹就会消去4,000台服务器中的硬盘驱动程序。
据传美国中央情报局使用过一枚逻辑炸弹造成了西伯利亚管线的物理损坏,前空军部长和前国家勘测办公室主任Thomas Reed在其所着的书《深渊:冷战内幕》(At the Abyss: An Insider’s History of the Cold War)揭示了此次事件。据Thomas Reed说,美国中央情报局将恶意指令嵌入俄罗斯人盗取的管道控制系统软件中。当此软件配置到西伯利亚网络系统中的时候,逻辑炸弹被触发,启动用来破坏管道系统中压力控制元件稳定性的指令。压力不稳定触发安全机构失效并最终引起管道爆炸。这次攻击产生的后果很好地说明了不需要采用传统方法(如爆炸),也能破坏战略补给线。
现代战场满是军事装备,如主战坦克、卫星通信系统和无人机战场监控系统。这些装备都有复杂的电子部件,而这些电子部件都有可能成为网络破坏部队的目标。在激烈的战斗中,可以激活嵌入敌人装备中的恶意码,继而使各种装备计算机的命中系统、全球定位系统、热成像装置、通信装备或者机械化武器系统(如俄罗斯的T-95主战坦克)中的电力设备丧失能力。网络破坏攻击由于采用隐身投送方法,使用得当的话能取得令人惊奇的结果。网络破坏攻击具有令人惊奇的能力,使敌人无从知道攻击迫近或者已经发动。在理想的情况下,敌人不得不撤退或投降。
Rough Mandarin Chinese Translation:
Conventional forces can be effective damage, but information warfare units to break up the fight and does not cause the physical damage of the target also will not cause injury of soldiers. Information warfare units able to use the network destruction technology, including the use of weapons of computer viruses or computer network worm. May be the most effective technique is to insert a "logic bomb" to target information system depends. During special combat these malicious programs will trigger a few months or even a few years ago introduced through various means.
A never public events during the time no public exercises. I personally produce a generic UNIX platforms some special code to analog hardware failure. Code generated warning message contains effective platform vendor support phone numbers, e-mail address and Web site address. Hardware problems with the vendor company Technical Contact the seller within two weeks of the time sent a multi-class technical staff to replace the various hardware platforms. Replacement of components not solve the problem, technicians put the issue to support at a higher level processing. Finally, due to the support department and the vendor cannot determine where the problem lies, the end of the exercise. During the exercise, hypothetical information system hardware failures spent hundreds of hours of manpower and thousands of dollars.
We have not learned to decrypt the army deployment logic bombs, historical events, but there are some examples from the civilian sector. One example is a disgruntled staff logic bomb implanted UBS PaineWebber's computer, and detonated the elimination of approximately 2,000 computer key documents. It is reported that some of the invasion of computer was offline for several weeks, affecting the company's day-to-day business. 2008, the staff of the U.S. mortgage company Fannie Mae accident to prevent a similar incident, or logic bombs will eliminate 4,000 server hard disk driver.
Book is rumored that the U.S. Central Intelligence Agency used a logic bomb caused physical damage of the pipeline in Siberia, Thomas Reed, former Secretary of the Air Force and former director of the National Reconnaissance Office, in his book "The Abyss: Cold War insider" (At the Abyss: An Insider's History of the Cold War) revealed the incident. According to Thomas Reed, CIA malicious instructions embedded in the Russian people steal the pipeline control system software. When this software is configured to Siberia network system, the logic bomb is triggered, the boot used to destroy the instruction of the control element of the pressure in the piping system stability. Pressure instability triggered the failure of security agencies and eventually caused the pipeline explosion. The consequences of this attack produced well without the use of traditional methods (such as explosions) can undermine strategic supply lines.
The modern battlefield is full of military equipment, such as main battle tanks, satellite communications systems and UAV battlefield surveillance systems. These complex electronic equipment parts, these electronic components are likely to become the target of network sabotage troops. In the heat of battle, you can activate the malicious code embedded in the enemy equipment, and then to the computer hit the system of various types of equipment, global positioning systems, thermal imaging devices, communications equipment or mechanized weapons systems (such as the Russian T-95 main battle tanks ) in electrical equipment incapacitated. Network destruction attacks due to the use of stealth delivery method, used properly, can achieve amazing results. Network destruction attack has the amazing ability to make the enemy do not know if the attack is imminent or has already launched. In the ideal case, the enemy had to retreat or surrender.
定向网络攻击的破坏性可以与采用网络破坏技术的作战行动相当。最能说明此类攻击的证据是能源部爱达荷州国家实验室为代号“黎明女神”(Aurora)的计划制作的录像资料,这段录像资料先前是保密的。这段录像资料表明,对管理能源部爱达荷州试验场的发电机的控制系统发起遥控网络攻击,网络攻击引起的机械作用十分有效地使发电机无法正常运转。网络攻击使发电机产生震颤和失控,使转子撞击定子,撕碎绕组,并使发电机起火。发电机越大,这种攻击的作用就越大。这种攻击可以自动进行,可以升级,而且可以用来同时破坏大量的发电机。
对于美国负责电力网安全性和经济稳定性的工业部门和政府部门来说,这种攻击是令人瞠目的事情。从“黎明女神”计划所得到的一个最为令人困惑的课题就是网络攻击如何引起机械部件产生持久的物理损伤。电力系统的各种组成部分(例如大坝、发电厂和电力传输线路)一直都是作战的目标。在两次世界大战中,盟军部队都曾通过大规模轰炸破坏电力系统。1999年,北约部队的美国军队就用含碳石墨丝的非致命弹药破坏了塞尔维亚的电力基础设施。
虽然空战不失为一种使敌方的电力系统失效的有效方法,但是 也可以采用网络攻击达到类似的目的。信息战部队可以对确定的作战地区发起精确攻击,在常规部队出动以前破坏电力系统。在某些政治背景下,采用信息战部队代替常规部队可能是更适合的战略选择。信息战部队可以用来提供相称的反应,破坏敌方的关键基础设施(例如电力系统)。在这种情况下,限制物理损坏可以减少修复时间和冲突后的恢复支出。
网络攻击符合克劳塞维茨的九大军事原则之一,即节约兵力,也就是明智地利用战斗力量来达到任务目标。对电力设施发起的军事网络攻击能增加在作战地区可能的外在结果。这样的战术网络攻击也可以对常规的陆上和互联网语音通信基础设施,手机网络,电视和无线电广播造成重大破坏。二次破坏能够切断指挥和控制通道,或者削弱防空网络,从而有利于常规部队作战。
在一段60分钟的名为《破坏系统》的录像中,重点描述了另一次信息战攻击。在录像中,桑迪亚国家实验室的专家演示了如何破坏炼油厂的生产。设计的网络攻击引起关键部件过热,导致炼油厂产生灾难性故障。专家通过更改炼油厂加热装置的设置并使控制温度升高的循环泵失效来引发故障。类似的网络攻击可以由信息战部队实施来破坏为敌方部队生产燃料、润滑剂和石油化工产品的炼油厂。
对违反国际条约,进行铀浓缩来生产核武器的民族国家也可以进行类似的信息战攻击。多数未经许可的铀浓缩设施都建在地下深处,包括地堡终结者炸弹在内的常规弹药都难以穿透和破坏这类坚固的建筑。然而,网络弹药却可以用来摧毁用于铀浓缩的关键设施。信息战的主要目标之一是用于生产武器级铀的气体离心分离机。离心分离机中的转子运转速度极高(如每分钟50,000转),网络攻击可以增加转速,使之超出正常安全水平,从而使单台离心分离机产生灾难性故障。对几千台离心分离机实施信息战攻击有可能使铀浓缩行动中断一段相当长的时间。
针对敌人补给线的进攻性作战行动已经进行了数个世纪之久。现代化的部队都采用准时物资库存法,极大的限制了手头的战略物资储备,因此可以运用攻击性信息战部队破坏关键补给线。信息战的重点目标之一就是这种脆弱的补给链中的计算机化的物资控制系统。一旦信息战部队渗透进这种计算机系统,就可以确定关键的补给品,嵌入这些补给品库存水平的假信息,并且将这些关键补给品的路径变更到遥远的地方。有可能发起的另一种信息战攻击是修改用来跟踪补给品的射频识别程序。某些射频识别标签的设计采用超高频技术,容易遭到传统电子战方法进行的信息战攻击。信息战部队的目标也可以是海运过程中使用的个别设备(例如装船起重机),因为许多现代化的装船起重机都采用了计算机,容易受到网络攻击。许多系统都采用嵌入式操作系统(例如微软公司的Windows XP),具有众所周知的安全弱点,因此信息战部队可以利用这些弱点来使起重机不能工作或损坏。
有时,美国军队需要对敌人的战略目标进行先发制人的常规打击。在今天的战场上,军队可以对敌方的关键基础设施目标(例如炼油厂、发电厂和电信节点)进行先发制人的网络打击,造成破坏,以限制敌人进行战斗的能力。这样的先发制人的网络打击有可能减少军事冲突的附带损害和人员伤亡。对敌方首先实行网络打击,在常规战斗之前成功地摧毁敌方的关键基础设施,有可能削弱敌方发动战争的能力。
本文中所论述的例子只是在此网络防御时代军队有可能进行的进攻性信息战的一部分,着重指出信息战部队在未来的冲突中的重要作用。在数字时代中,对国家的敌人进行网络攻击是外交和军事能力的合乎逻辑的延伸。
在此新防御时代的战争中,不但有高技术的常规部队使用子弹和炸弹,同时也有信息作战部队使用比特和字节。当今的美国军事学说还没有对这些与新技术相结合的战斗能力作充分论述,也没有根据网络空间技术的飞速发展进行迅速调整,可能会对军事优势产生不利的影响。在此网络防御时代到来之时,迫切需要重新评估传统的战争学说,使我们的部队能够应对21世纪战场所提出的挑战。
Rough Mandarin Chinese Translation:
Directed destructive cyber-attacks can be quite a network destruction technology operation(s). The most telling evidence of such attacks is the Department of Energy's Idaho National Laboratory is code-named "goddess of the dawn" (Aurora) plans to produce video material, this video previously confidential information. The footage generator control system for the management of the Department of Energy Idaho Proving Ground initiated remote network attacks, cyber-attacks caused by the mechanical action of the generator cannot function properly. The network attacks produce tremors and loss of control of the generator rotor hit the stator, shredded winding and generator fire. Such attacks can be carried out automatically, and can be upgraded, and can be used to destroy a large number of generators.
This attack is a frightening thing for the industrial sector and government departments in the United States is responsible for the security and economic stability of the power grid. Resulting from the dawn goddess "plan is one of the most confusing issue is how cyber-attacks caused by mechanical parts to produce long-lasting physical damage. The various components of the electric power system (e.g., dams, power plant and electric power transmission lines) and has always been the objective of war. Allied troops in the two world wars have through the massive bombing of the destruction of the power system. In 1999, U.S. troops in the NATO forces with non-lethal ammunition containing carbon graphite filaments destroyed Serbia’s electricity infrastructure.
Although air combat effective way to be regarded as a failure of the enemy's power system, but also network attacks can be used to achieve a similar purpose. Information warfare units to determine the combat area, launched a precise attack to destroy the power system in the conventional forces deployed previously. Some political context, the use of strategic information warfare units instead of conventional forces may be more suitable choice. Information warfare units can be used to provide a commensurate response to the destruction of the enemy's critical infrastructure (such as the power system). In this case, the spending limit physical damage can reduce repair time and post-conflict recovery.
One of the principles of network attacks in line with Clausewitz's nine military that savings troops, is the wise use of combat forces to achieve the mission objectives. Military launched cyber-attacks on power facilities can increase possible external results in combat areas. The tactical network attacks can cause significant damage to a conventional land-based and Internet voice communications infrastructure, the mobile phone network, TV and radio. Secondary damage can cut off the command and control channel, or to weaken air defense network, which is conducive to regular combat troops.
A period of 60 minutes called "damage the system" video, focusing describe another information warfare attacks. In the video, the Sandia National Laboratory experts demonstrate how to destroy the refinery's production. The design of network attacks causes key components to overheat, causing the refinery to produce catastrophic failure. Experts by changing the settings of the refinery heating device and to control the temperature elevated circulating pump failure triggered the failure. Similar cyber-attacks can be implemented by information warfare units to destroy enemy forces to produce fuel, lubricants and petrochemical products refinery.
The nation-state in violation of international treaties, to enrich uranium to produce nuclear weapons can also be similar to information warfare attacks. Majority unauthorized uranium enrichment facilities are built in the depths of the earth, including including bunker Terminator bomb conventional ammunition are difficult to penetrate and destroy such a sturdy building. However, the network the ammunition they can be used to destroy critical facilities for uranium enrichment. One of the main goal of information warfare is used for the production of weapons-grade uranium gas centrifuges. High (such as the operating speed of the rotor in the centrifuge 50.000 rpm), network attacks can increase the speed beyond the normal level of safety, so that a single centrifuge machines to produce a catastrophic failure. Implementation of information warfare attacks on thousands of centrifuges uranium enrichment action may interrupt for a fairly long period of time.
Offensive combat operations against enemy supply lines have been carried out for several centuries. The forces of modern time material inventory method, greatly limiting strategic material reserves on hand, so you can use offensive information warfare units to destroy key supply lines. One of the key objectives of information warfare is the computerized material control system in such a fragile supply chain. Once information warfare units infiltrated computer system, you can determine the critical supplies, embedded in the inventory levels of these supplies false information, and these key supplements path of change to a distant place. Another information warfare attacks initiated may modify the radio frequency identification procedures used to keep track of supplies. The design of certain radio frequency identification tags using UHF technology vulnerable to traditional electronic warfare, information warfare attack. The goal of information warfare units can also be used in the shipping process individual equipment (such as loading cranes), because many of the modern shipping cranes are using the computer vulnerable to cyber-attacks. Many systems use embedded operating system (such as Microsoft Windows XP), a well-known security weaknesses, information warfare units could exploit these vulnerabilities so that the crane cannot work or damage.
Sometimes the needs of the armed forces of the enemy's strategic objectives are necessary for a pre-emptive conventional strike. In today's battlefield, the military can be pre-emptive network to combat the enemy's critical infrastructure targets (such as oil refineries, power plants and telecommunications node), causing damage to restrict enemy fighting ability. Such preemptive network attack may reduce the collateral damage of military conflict and casualties. The first implementation of network attack enemy succeeded in destroying the enemy's critical infrastructure in a conventional battle before, it is likely to weaken the ability of the enemy to launch a war.
Part of the examples discussed in this article is only in this network defense era army offensive information warfare, information warfare units highlighted an important role in future conflicts. In the digital age, the cyber attack on the enemies of the state is a logical extension of diplomacy and military capabilities.
In this new defense era war, not only high-tech conventional forces to use bullets and bombs, as well as information operations forces use bits and bytes. Today's U.S. military doctrine has not adequately dealt with the fighting ability of these combined with the new technology is not based on the rapid development of the network of space technology to quickly adjust, might adversely affect the military superiority. This network defense era, there is an urgent need to re-evaluate traditional war doctrine, so that our troops are able to respond to the challenges of the 21st century battlefield.