文章内容
2017/11/24 9:01:28,作 者: 黄兵
网络战(Inside.Cyber.Warfare.2nd.Edition)
Since the first edition of Jeffrey Carr’s Inside Cyber Warfare: Mapping the Cyber
Underworld was published, cyber security has become an increasing strategic and
economic concern. Not only have major corporations and government agencies
continued to be victimized by massive data thefts, disruptive and destructive attacks
on both public and private entities continue and show no signs of abating. Among the
publicly disclosed targets of cyber attacks are major financial institutions, entertainment
companies, cyber security companies, and US and foreign government agencies,
including the US Department of Defense, the US Senate, and the Brazilian and the
Malaysian governments.
Many of these cyber penetrations are aimed at theft of identity or financial data for
purposes of criminal exploitation. These cannot simply be regarded as a “cost of doing
business” or tolerable losses; such episodes undermine the public trust, which is the
foundation for business transactions over the Internet. Even more significant is the
threat posed by cyber theft of intellectual property. Every year, economic competitors
of American businesses steal a quantity of intellectual property larger than all the data
in the Library of Congress. As a result, these rivals are gaining an unfair advantage in
the global economy.
Also gaining in seriousness are organized efforts to disrupt or even destroy cyber
systems. Anarchist and other extremist groups, such as Anonymous and LulzSec (and
their offspring), seek to punish those with whom they disagree by exposing confidential
data or disrupting operations. Recent breaches of cyber security firms such as HBGary
and EMC’s RSA SecurID division demonstrate a strategic effort to undermine the
security architecture on which many enterprises rely. And the multiplication of social
media and mobile devices will create many more opportunities for cyber espionage,
social engineering attacks, and open source intelligence collection by nation-states,
terrorists, and criminal groups.
Since the formation of the Comprehensive National Cybersecurity Initiative in 2008,
the US government has unveiled a series of security-related strategies, including
legislative proposals. These are useful and important steps, but they’re not enough to
keep pace with the growing and diversifying threats. The private sector in particular
must take ownership of much of the burden of defending the networks they own and
operate. Moreover, while technology and tools are key to the solution, human beings
are at the heart of any security strategy. Unless those who use the Internet observe good
security practices, defensive technologies will merely be a bump in the road to those
who seek to exploit cyberspace.
Finally, while defense against cyber attacks is important, it is not enough. When cyber
attacks damage critical infrastructure or even threaten loss of life, sound strategy calls
for preventive and deterrent measures. While some downplay the idea of cyberspace
as a warfare domain, occurrences such as the 2008 Russia-Georgia conflict underscore
that information systems are very much part of the battlefield of the future. For this
reason, the US Department of Defense has issued its first official strategy for operating
in cyberspace. To be sure, difficulties in attribution and questions of legal authority
complicate the application of warfighting concepts to cyberspace. Nevertheless, we
must tackle these issues to determine what measures can be taken offensively to eliminate
or deter critical cyber threats, when those measures should be triggered, and who
should carry them out. Without formulating a strategy that encompasses these measures,
our cyber security doctrine will be, at best, disconnected and incomplete.
For policymakers and business leaders, cyber warfare and cyber security can no longer
be regarded simply as the province of experts and technicians. The leadership of any
public or private enterprise must consider the risks of and responses to cyber threats.
This latest edition of Jeffrey Carr’s volume is indispensable reading for senior executives
as well as savants.
—The Honorable Michael Chertoff,
former Homeland Security Secretary
and co-founder of The Chertoff Group
评论列表