纳卡森|美国入侵外国关键基础设施以威慑中国和俄罗斯
点击标题下「网络法前哨」可快速关注
前哨按语
2018年4月10日,华盛顿自由灯塔网刊载了Bill Gertz题为“美国入侵外国网络基础设施威慑中国和俄罗斯”(Cybercom nominee: U.S. intrusions in foreign networks to deter China and Russia)的文章。“明日情报”网翻译了此文章,但译稿错误较多,以下是前哨部分校改的译稿和该文的英文全文。
美国网络司令部司令被提名人:美国入侵外国网络基础设施威慑中国和俄罗斯
Military Set for Cyber Attacks on Foreign Infrastructure
Cybercom nominee: U.S. intrusions in foreign networks to deter China and Russia
BY:Bill Gertz
美国军事网络战士准备在未来的冲突中,通过网络入侵来关闭中国和俄罗斯的关键基础设施。
中国和俄罗斯都被发现在美国网络上进行类似的网络战场侦察,用于控制美国的关键基础设施,包括电网、交通、金融和其他关键系统。
美国军方对外国基础设施进行类似网络攻击的军事计划上月在一份鲜有人注意的书面证词中披露,其中包括陆军中将保罗•纳卡森(Gen. Paul Nakasone),他被提名担任网络司令部指挥官和国家安全局局长的双重职位。
Nakasone在参议院情报委员会提出的政策问题中指出,对基础设施网络的网络攻击是“国家盔甲的关键弱点”,对美国的安全构成了重大威胁。
他说:“我们面临着一个充满挑战和不稳定的威胁环境,对我们国家安全利益和关键基础设施的网络威胁是最重要的。”
对参议员们关于网络计划和情报收集的问题的书面回答包括了一些关于军方将如何在网络空间发动战争的公开细节。
Nakasone透露,美国军方已经采取措施,准备应对针对外国关键基础设施的网络攻击。其目标是宣布关闭或破坏外国基础设施的能力,这是威慑战略的一部分。
这一消息是针对2017年2月国防科学委员会关于威慑的报告提出的。该报告警告说,美国在可预见的未来将无法通过防御手段阻止对美国关键基础设施的网络攻击。
当被委员会问及网络司令部和军方是否“正在积极发展威胁对等对手的关键基础设施”时,Nakasone说“是”。
这是美国首次在公开场合讨论针对外国基础设施的网络攻击能力。大多数网络攻击的能力和准备都是保密的,或者只是在公共论坛上含糊地讨论。
随后,这位三星上将被问及美国是否应该告知俄罗斯和中国等对手,美国军事力量将对其关键基础设施进行报复,以阻止对美国基础设施的攻击。Nakasone说:“是的。适当和有效地作出反应是任何威慑战略的基本要素。
他还说,在美国军事当局目前允许美军指挥官在战争爆发之前对外国基础设施进行测绘等秘密活动。
Nakasone说:“在网络空间上,美国军队必须有能力进行一系列的准备活动,这些活动可能包括秘密获取操作相关的网络系统或网络。”
国防科学委员会的报告包含了一个可怕的结论:美国的基础设施,如电网将至少10年仍然容易受到来自俄罗斯和中国的网络攻击。
报告称:“大规模的对民用关键基础设施的网络攻击可能会扰乱电力、资金、通讯、燃料和水的流动,从而造成混乱。”到目前为止,我们只看到了网络攻击冰山的虚拟尖端。”
“迄今为止,俄罗斯和中国都是这个问题的一部分,并可能将这一威胁提升到一个新的高度,利用网络进行持续的运动,以破坏美国的经济增长、金融服务和制度、政治制度(如选举)和社会凝聚力。”报告补充说。
美国联邦调查局和国土安全部于十月向美国公司发出公开警告,警告尚未确定的网络行为者正在对关键基础设施进行攻击。
很少有人知道美国对中国和俄罗斯国有企业的入侵,这些企业运行着关键基础设施如电网、交通、金融网络。
然而,由变节的NSA承包商Edward Snowden公开的文件显示了国家安全局令人印象深刻的对外国的网络攻击,这些针对外国目标计算机网络的攻击与美国网络司令部密切合作。
例如,国家安全局的文件显示,NSA量身定制的访问操作组闯入了中国政府与电信公司华为技术所使用的网络和路由器。
华为提供的硬件在中国电信系统和世界各地的国家安全局的网络渗透可能允许NSA发现和植入软件,可以让美国对中国的关键基础设施的网络攻击行为的未来。
Nakasone还被问及军事行动的军事概念,称为持续交战。
他还补充说,“持续的接触是为了在网络上实现和保持对对手的网络攻击,尤其是在武装冲突的程度下,不断地争夺他们的主动权。”他补充说,他计划在确认后采纳这一概念。
关于在网络操作中使用人工智能,这位将军说,对手已经在使用先进的、自我学习的网络技术,在未来的三到五年里,这将成为家常便饭。
他说,五角大楼也正在为人工智能的使用做准备,并正在开发自己的机器学习能力。
先进的网络大国如中国和俄罗斯加入了人工智能和机器学习的网络攻击能力,有可能增加网络攻击的危险,在未来的冲突中,他指出。
关于网络威胁,Nakasone说,网络攻击已经挑战了公众对世界各国政府的信任和信心,并给美国和国际经济带来巨大的成本。
“网络威胁对公共卫生、安全和繁荣构成了越来越大的风险,因为网络技术与关键部门的关键基础设施相结合,”三星级将军作证。
“此外,一些对手仍然不受侦察、间谍活动、影响甚至网络攻击。”
Nakasone将中国,俄罗斯,伊朗和朝鲜等四个国家作为主要网络威胁。
Nakasone还说,网络司令部准备利用其网络情报和攻击能力,瞄准俄罗斯领导人普京的资金和其他资产。
国防科学委员会的报告得出结论,威胁像普京这样的反对派领导人的持有是俄罗斯暗中影响2016大选的一种可能的回应。
Nakasone说,他同意委员会的说法,威胁普京的权力、财富和支持,将有助于阻止俄罗斯加紧进行影响美国选民的运动。
特朗普政府上周加大了对莫斯科在选举干预和其他活动方面的压力。
美国财政部星期五阻止了俄罗斯七寡头接入美国主导的国际金融体系,寡头就是强有力的亿万富翁,包括了普京的女婿Kirill Shamalov。
制裁阻止任何美国银行和金融机构与寡头及其公司进行交易。十七名俄罗斯政府官员也受到了制裁,但这一行动并没有直接针对普京。
据信,普京拥有至少280亿美元的私人金融资产,其中大部分隐藏在俄罗斯以外的银行里。
迫使俄罗斯领导人支持莫斯科的邪恶活动的一种选择,从接管乌克兰的克里米亚到选举干预,都是进行网络攻击,目的是窃取他的资金或使其无法进入。
Nakasone说,他希望政府和私营部门公司之间有更密切的合作,这些公司拥有美国90%的关键基础设施。
“这个问题不应该以二进制的方式看待,”他说。我们应该互相帮助。虽然保护私人网络的责任主要在于制度所有者,但美国政府有责任更广泛地维护国家利益。”
Nakasone把俄罗斯作为技术最先进的网络战能力,中国作为一个“接近竞争对手“网络空间”的网络能力,对美国政府和商业网络的一大威胁。”朝鲜和伊朗被描述为“温和”的网络威胁。
一些安全专家说,网络威慑不可能像冷战时期使用核武器那样取得成功。
Michael Sulmeyer,前五角大楼网络政策计划和运营总监,说网络威慑是不可能产生的结果,因为美国是比对手更有线站失去更多在网络冲突。
“相反,美国应该采取更加积极的网络政策,一个目标不是威慑敌人,而是破坏他们的能力,”Sulmeyer在最近的一篇外交文章中写道。“在网络战中,华盛顿应该认识到,最好的防守就是好的进攻。”
Sulmeyer敦促对针对美国政府和私营部门公司的黑客进行攻击性的网络攻击,并与科技公司合作,阻止黑客使用互联网。
他说:“今天在网络空间的战斗发生在战争与和平之间的灰色地带。”“如果美国希望获胜,就应该花更少的时间去说服竞争对手,让他们相信自己不值得被黑客攻击,而且有更多的时间抢占他们的地盘,削弱他们这样做的能力。”现在是目标能力而不是计算的时候了。
针对美国的网络攻击越来越严重,越来越复杂,频率也越来越高,而未能采取行动,这使得网络攻击者胆大妄为,继续攻击。
Nakasone说:“我们的对手可能会评估,对他们的恶意行为做出回应的后果是微乎其微的,并且越来越多地将资源投入到他们的网络项目中,从而增加了他们的网络操作的复杂性和频率。”
“美国是最重要的。为了更好地维护国家安全利益,公共部门和私营部门共同努力建立对威胁的共同理解。
这位将军说,确定网络攻击是否是一场战争行为,应该根据具体情况进行评估。在网络空间中定义战争行为的标准包括攻击是否导致死亡、伤害或重大财产损失。
Nakasone的书面回答表明,他倾向于比前任更激进的网络司令部指挥官。
他说:“目前网络攻击的水平和速度是不可容忍的。”“我们的对手看到了通过在领域的持续活动获得战略优势的机会。我们必须有目的性地去挫败他们的意图,增加他们的成本,降低他们成功的可能性。
Nakasone,现任陆军网络司令部司令,于3月12日出席参议院委员会。
预计在未来几天内,参议院全体议员将通过投票来确定Nakasone的任职。
Nakasone是一位经验丰富的网络战专家,他领导的反恐联合特遣部队正在对伊斯兰国进行网络攻击。
该工作队与特种作战突击队合作,在该行动中,为打击ISIS的在线视频和宣传而进行的“光彩照人”交响曲。
Military Set for Cyber Attacks on Foreign Infrastructure
Cybercom nominee: U.S. intrusions in foreign networks to deter China and Russia
BY: Bill Gertz
American military cyber warriors are ready to shut critical infrastructures in China and Russia during a future conflict by conducting cyber intrusions into their networks, according to the general set to lead Cyber Command.
Both China and Russia have been detected conducting similar cyber battlefield reconnaissance against the U.S. networks used to control critical infrastructure in the United States, including electric grids, transportation, financial, and other critical systems.
U.S. military plans for similar cyber attacks on foreign infrastructure was disclosed last month in a little-noticed written Senate testimony from Army Lt. Gen. Paul Nakasone, nominee for the dual positions of commander of Cyber Command and director of the National Security Agency.
Nakasone stated in advance policy questions posed by the Senate Intelligence Committee that cyber attacks against infrastructure networks are a "critical vulnerability in the nation's armor" that poses a significant danger to U.S. security.
"We face a challenging and volatile threat environment, and cyber threats to our national security interests and critical infrastructure rank at the top of the list," he said.
Written answers to senators' questions about cyber plans and intelligence gathering from Nakasone included some of the first public details on how the military will wage war in cyber space.
Nakasone revealed the U.S. military has taken steps to prepare for cyber attacks against foreign nations' critical infrastructure. The goal is to announce the ability to shut down or disrupt foreign infrastructures as part of a deterrence strategy.
The disclosure came in response to questions about a February 2017 Defense Science Board report on deterrence that warned the United States will be unable for the foreseeable future to prevent cyber attacks against critical U.S. infrastructure through defensive means.
Nakasone stated "yes" when asked by the committee if Cyber Command and the military are "actively developing capabilities to threaten the critical infrastructure of peer adversaries."
The comment was the first time U.S. cyber attack capabilities against foreign infrastructure were discussed in public. Most cyber attack capabilities and preparations are kept secret or discussed only in vague terms in public forums.
The three-star general was then asked if the United States should inform peer adversaries such as Russia and China that U.S. military forces will retaliate against their critical infrastructure to deter attacks on U.S. infrastructure. Nakasone said: "Yes. The ability to respond appropriately and effectively is an essential element of any deterrence strategy."
Secret activities such as mapping foreign infrastructures prior to the outbreak of a war are currently permitted under U.S. military authorities for commanders, he added.
"To be operationally effective in cyberspace, U.S. forces must have the ability to conduct a range of preparatory activities which may include gaining clandestine access to operationally relevant cyber systems or networks," Nakasone said.
The Defense Science Board report contained a dire conclusion that U.S. infrastructures like the electrical grid will remain vulnerable to cyber attacks from Russia and China for at least 10 years.
"A large-scale cyber attack on civilian critical infrastructure could cause chaos by disrupting the flow of electricity, money, communications, fuel, and water," the report stated. "Thus far, we have only seen the virtual tip of the cyber attack iceberg."
"Russia and China have both been part of the problem to date, and could take this threat to the next level by using cyber in sustained campaigns to undermine U.S. economic growth, financial services and systems, political institutions (e.g., elections), and social cohesion," the report added.
The FBI and Department of Homeland Security issued a public alert to American companies in October warning of ongoing attacks on critical infrastructure by cyber actors that were not identified.
Little is known about U.S. intrusions into the state-run companies in China and Russia that run critical infrastructures such as electric grids, transportation, or financial networks.
However, documents made public by renegade NSA contractor Edward Snowden have revealed impressive foreign cyber intrusions by NSA that works closely with Cybercom on foreign targeting of computer networks.
For example, NSA documents revealed that NSA's Tailored Access Operations group broke into networks and routers used by the Chinese government-linked telecommunications company Huawei Technologies.
Huawei has supplied hardware for telecommunications systems in China and around the world and NSA cyber penetrations likely allowed NSA to uncover and implant software that could allow the United States to conduct future cyber attacks against China's critical infrastructure.
Nakasone also was asked about a military concept for cyber operations called persistent engagement.
"Persistent engagement seeks to achieve and maintain the initiative in cyberspace over an adversary by continuously contesting them where they operate, particularly below the level of armed conflict," he said, adding that he plans to study adopting the concept if confirmed.
On the use of artificial intelligence in cyber operations, the general said adversaries already are using advanced, self-learning technology for cyber operations and that in the next three to five years it will become commonplace.
The Pentagon also is preparing for AI use and is developing its own capabilities for machine learning, he said.
Advanced cyber powers such as China and Russia are adding artificial intelligence and machine learning to their cyber attacks capabilities, something likely to increase the dangers of cyber attacks in a future conflict, he noted.
On cyber threats, Nakasone said cyber attacks already are challenging public trust and confidence in governments around the world and imposing significant costs on American and international economies.
"Cyber threats also pose an increasing risk to public health, safety, and prosperity as cyber technologies are integrated with critical infrastructure in key sectors," the three-star general testified.
"Adding to the problem, some adversaries remain unconstrained from conducting reconnaissance, espionage, influence, and even attacks in cyberspace."
Nakasone identified the four nations of China, Russia, Iran, and North Korea as the main cyber threats.
Nakasone also said that Cyber Command is prepared to use its cyber intelligence and attack capabilities to target funds and other assets of Russian leader Vladimir Putin.
The Defense Science Board report concluded that threatening the holdings of adversary leaders like Putin is one possible response to Russia's covert campaign to influence the 2016 elections.
Nakasone said he agreed with the board that threatening Putin's sources of power, wealth, and support would improve efforts to deter Russia from intensifying its ongoing campaign to influence the American electorate.
The Trump administration last week stepped up pressure on Moscow over election meddling and other activities.
The Treasury Department on Friday blocked access to the U.S.-led international financial system for seven Russian oligarchs—as the powerful billionaires are called—including Putin's son-in-law, Kirill Shamalov.
The sanctions prevent any U.S. banks and financial institutions from conducting transactions with the oligarchs and their companies. Seventeen Russian government officials were also sanctioned but the action did not directly target Putin.
Putin is believed to have private financial assets worth at least $28 billion, much of it hidden in banks outside Russia.
One option for pressuring the Russian leader into backing off Moscow's malign activities, ranging from the takeover of Ukraine's Crimea to election meddling, is to conduct cyber attacks aimed at stealing his money or making it inaccessible.
Nakasone said he favors closer cooperation between the government and private sector companies that own 90 percent of critical U.S. infrastructures.
"This issue should not be viewed in a binary manner," he said. "We should look to help each other…. While the responsibility for protecting privately owned networks lies primarily with the system owner, the U.S. government has the responsibility to defend national interests more broadly."
Nakasone identified Russia as the most technologically advanced cyber warfare power and China as a "near-peer competitor" in cyber space "whose cyber capabilities pose a high threat to U.S. government and commercial networks." North Korea and Iran were described as "moderate" cyber threats.
Some security experts say cyber deterrence is not as likely to succeed as it did with nuclear arms during the Cold War.
Michael Sulmeyer, former director for plans and operations for cyber policy at the Pentagon, says cyber deterrence is unlikely to produce results because the United States is more wired than its adversaries and stands to lose more in a cyber conflict.
"Instead, the United States should be pursuing a more active cyber policy, one aimed not at deterring enemies but at disrupting their capabilities," Sulmeyer wrote in a recent article in Foreign Affairs. "In cyberwarfare, Washington should recognize that the best defense is a good offense."
Sulmeyer urged conducting offensive cyber attacks on hackers targeting the U.S. government and private sector companies, and working with technology companies to block hackers from using the internet.
"Today’s fight in cyberspace occurs in the gray zone between war and peace," he said. "If the United States hopes to win, it should spend less time trying to persuade its competitors that it is not worth hacking and more time preempting them and degrading their ability to do so. It is time to target capabilities, not calculations."
Cyber attacks against the United States are increasing in severity, sophistication, and frequency and the failure to take action in response has emboldened cyber actors to continue attacking.
"Our adversaries likely assess there are minimal consequences in response to their malign actions and are increasingly devoting resources to their cyber programs resulting in increased sophistication and frequency of their cyber operations," Nakasone said.
"It is paramount that the U.S public and private sectors work together to create a shared understanding of the threat in order to better defend our national security interests."
The general said determining if a cyber attack is an act of war should be assessed on a case-by-case basis. Criteria to define an act of war in cyber space includes whether an attack causes death, injury, or significant property damage.
Nakasone's written answers suggest he favors a more aggressive posture as Cybercom commander than his predecessors.
"The current level and tempo of cyber attacks is not tolerable," he said. "Our adversaries see opportunity for strategic advantage through continuous activity in the domain. We must act purposefully to frustrate their intentions, increase their costs, and decrease their likelihood of success."
Nakasone, currently commanding general at the Army Cyber Command, appeared before the Senate committee March 12.
A vote by the full Senate to confirm Nakasone for both positions is expected in the coming days.
Nakasone, is an experienced cyber warfare expert and led the anti-terrorism Joint Task Force Ares that is conducting cyber operations against the Islamic State.
The Task Force worked with Special Operations commandos during Operation Glowing Symphony that is aimed at undermining ISIS's online videos and propaganda.
近期热点文章推荐:
网络法前哨 ∣网络法前沿的侦察兵
感兴趣可长按关注前哨君