Category Archives: 中华人民共和国网络安全法

Chinese Military Information Warfare: The First Game of Modern Warfare // 中國軍事信息戰:現代戰爭的第一場戰爭

Chinese Military Information Warfare: The First Game of Modern Warfare //

中國軍事信息戰:現代戰爭的第一場戰爭

  The transformation of the characteristics of war is always motivated by the advancement of science and technology. If “information-led” is the characteristic of the era of today’s war, then the essence of this feature is “the dominance of information technology.” Information warfare is a new combat force that is fostered and fueled by information technology innovation.

Information warfare is the new quality of combat power

三、衛星在現代戰爭中扮演的角色為何? 四、資訊戰有哪兩種主要模式?

“knowing one’s own confidant, no wars, no war” has always been the only rule of war victory, it actually embodies the important role of “information” in the war. Since ancient times, the military has always been pursuing the dispelling of “the fog of war”, reducing the probabilistic nature of the war, and taking the lead. At the same time, it hopes to quickly gather the fighting energy with accurate and timely information to make the enemy win the enemy. Nowadays, the heroic pace of human innovation in information technology has driven the rapid development of society. The myth of “thousands of eyes and ears” has long been a reality. While the results of information technology innovation and development are fully utilized for war, they are also constantly promoting the transformation of the combat capability generation model.
The germination of information warfare can be traced back to the beginning of the last century. Shortly after the advent of the radio telegraph, Russian scientist Popov proposed the idea of ​​radio communication struggle in 1903. In the Japanese-Russian War that broke out in 1904, the two sides used radio communication for the first time. One day in April of that year, the Russian military operator subconsciously used the radio station to interfere with the shooting and guiding communication of the Japanese fleet, forcing the Japanese to return without success. The original sprout of this technical idea gave birth to a new way of warfare, and the information war began to enter the stage of war. The highly developed information technology has made “systems based on information systems” a feature of today’s war. It should be said that systemic confrontation is not a form of engagement that exists today. Both sides of the war have sought to form a strong operational system. In different historical periods, the system has different manifestations. Today’s combat system is an unprecedentedly powerful combat system that relies on networked information systems. An important manifestation of information technology playing a leading role in modern warfare is to promote the rapid development of information warfare. At the same time that “information-led” became the identifier of modern warfare, information warfare began to leap into a new kind of combat power.
Having a strong information power makes an army savvy and responsive, and the integration of information power into the strike force increases the military’s operational effectiveness into a geometric progression. Information warfare is the first sword to break the efficient integration of information firepower.
Information power is the ability to acquire, transmit, process, and use information. The enhancement of information means that information is acquired more and more comprehensively, information transmission is faster and more accurate, information processing is automated, and information usage tends to be intelligent. This makes the military’s command efficient, precise control, quick action, and powerful. From the perspective of operational mechanism, the effectiveness of information power in the combat system is manifested in the synergy of the strike force and the transformation of combat effectiveness. Although the information itself cannot directly kill the enemy, the information is used to realize the intelligent control of the combat weapon. Produced a powerful and powerful strike and non-contact strike.
Information deterrence is an important information warfare action, which can reduce the intensity of confrontation, and even force the opponent to give up resistance. It may produce a satisfactory combat effect and achieve the highest pursuit of “no war and defeated soldiers”. The principle is that the opponent It is a huge blow to the coming, and it is limited to the ability to stop the information. The achievement of the deterrent effect is the fusion effect of the multiple elements of strength, ability and determination. As a result of the high degree of integration of information and firepower, information multiplies the effectiveness of firepower, and firepower transforms information energy. The goal of information warfare is the opponent’s information system, which plays the role of “covering ears, obstructing, chaos”, so that the information power of the opponent is weakened and even lost, and the fusion of information firepower cannot be discussed. During the Gulf War, when the multinational forces scraped the “Desert Storm”, they first used a variety of electronic interference methods in the air and on the ground. At the same time, they used firepower to prioritize the communication and radar systems of the Iraqi army, making the Iraqi defense system still not in use. The powerful information power is completely lost, so it is stable. In the Kosovo war, the US military used a mistake in information warfare to provide a good opportunity for the Yugoslav army to make its air defense units cleverly use the less advanced information system to achieve effective integration of information firepower and shoot down the US military stealth fighters. Practice has proved that under the conditions of informationization, information warfare has become the first sword to break the efficient integration of opponents’ information firepower.
Information warfare is the primary action of transforming the enemy and the enemy
. The competition between the spear and the shield will never stop and escalate. When “information-led” shows great advantages, it will inevitably lead to “information counter-measure”. The containment of information will immediately reverse the original advantage. Information warfare is the primary action to transform the enemy and the enemy.
The basic types of combat are offense and defense, and the material means used for combat can also be divided into two types of weapons and equipment: spear and shield. Today, when combat weapons have unprecedented lethality, no one will use concentrated forces to concentrate their advantages. Synchronous strikes in different places can be an effective way to “eliminate the enemy and save oneself”, that is, the strike forces scattered in different locations simultaneously target the same target. Attacks are initiated, but only if there is precise time coordination.
Keeping time synchronized, it is obviously impossible to rely on the past manual pairing. Advanced techniques such as navigation satellite timing must be used, and once the timing synchronization information is destroyed by the opponent, the action will be completely disrupted. A force with high engine power and strike force, if attacked by the opponent’s information, causes information to be ineffective and information blocked, will not be able to figure out the direction of the action, can not find the target of the attack, become sluggish and weak. . Although the precision strike power is large, once the accurate guidance information is lost, the advantage is immediately lost. Command and control If the information is subject to control, it will lead to chaos, which will inevitably lead to chaos in the overall situation of the war.
Attacking the enemy’s information system is the focus and effort to break the battle system. The acquisition and use of information, counter-acquisition, and counter-utilization have become the focus of the battle between the two armies on the informationized battlefield. Information warfare is the preferred style for competing for battlefield control and even for war initiative.
While greatly improving the effectiveness of the combat system, the information system naturally becomes the target of the opponent’s attack, and it is the key target. Information warfare is to blinden the enemy battlefield perception system, weaken its information acquisition ability, interfere with its analysis and judgment; to block the enemy information transmission system, disrupt its coordination and destroy its actions; to deter the enemy accusation system by deception, reduce its command efficiency, Lead to mistakes in their decision-making. The more the information technology is developed and the more highly dependent on the information system, the more serious the consequences of its information system attack. Quaker, former chairman of the American “Old Ravens” Association, once wrote: “Advanced technology makes us highly dependent on the electromagnetic spectrum, but at the same time, we are not well invested in building electronic protection capabilities.” “The enemy uses cheap commercial technology. It can reduce or even destroy the performance of our expensive ISR equipment and weapon platforms, thereby limiting or even seriously weakening our technological advantages.” Because military electronic information systems are being widely used worldwide, in fact, the degree of dependence of national military on information systems It is constantly deepening. Therefore, all military powers are competing to develop information warfare. Some small countries are not willing to lag behind and follow suit. In modern warfare, it is of vital importance to seize the comprehensive control of the battlefield. The right to make information has become an indispensable commanding height, and it is the primary means of controlling the battlefield and mastering the initiative of war.
The information war has stood at the forefront of the contemporary military game. The
war is usually based on crossfire. The information war is invisible, the threshold is low, and the controllability is good. In peacetime, it is possible to start a dark battle and quietly extend the border of war. Information warfare has stood at the forefront of contemporary military games.
In today’s world, the use of military means is becoming more complex. War is not only a continuation of politics, but also a close integration of politics and military, subject to the overall strategy of political strategy. The use of force will also interact with politics, economy, diplomacy, and public opinion in a multi-dimensional, organically connected and closely coordinated. Information warfare is active on an invisible front, spanning peacetime and wartime. For example, the confrontation between information warfare reconnaissance and counter-reconnaissance between major powers is now almost every day. Although it is widely believed that the engagement of fire is a watershed between war and peace, the boundaries of war are changing due to the particularity of the use of new military struggle styles such as information warfare. According to reports, the US government recently publicly stated that the law of war applies to cyberattacks. It believes that certain cyber attacks are equivalent to the “use of force” legal concept as defined in the UN Charter. The attacked countries can use conventional military forces or cyber weapons. Counterattack. At the same time, we also see that the arrival of the information age has made the shadow of information warfare often appear in the struggle in the ideological field. The construction and development of information warfare capabilities have received increasing attention from all countries. In December 2011, Iran comprehensively used information warfare methods such as interference suppression, data deception, and link control to successfully deceive and capture a US military RQ-170 “sentinel” unmanned reconnaissance aircraft, which shocked the US military.

Original Mandarin Chinese:

戰爭特徵的嬗變總是由科學技術進步來激發,如果說“信息主導”是當今戰爭的時代特徵,那麼這一特徵的實質則是“信息技術的主導”。信息戰是信息技術創新孕育和助長的新質戰鬥力。

信息戰是新質戰鬥力

三、衛星在現代戰爭中扮演的角色為何? 四、資訊戰有哪兩種主要模式?

“知彼知己,百戰不殆”一直是戰爭制勝的不二法則,它實際上體現了“信息”在戰爭中的重要作用。自古以來,兵家總是在不斷追求驅散“戰爭迷霧”,降低戰爭的蓋然性,搶占先機;同時希望能夠以準確及時的信息迅速聚集戰鬥能量,制敵勝敵。如今,人類創新信息技術的豪邁步伐,驅動了社會的迅猛發展,“千里眼、順風耳”的神話早已成為現實。信息技術創新發展成果在立即為戰爭所充分利用的同時,也在不斷推動戰鬥力生成模式的轉變。
信息戰的萌芽可以上溯到上個世紀初。當時無線電報問世不久,俄國科學家波波夫就於1903年提出了無線電通信鬥爭的思想。 1904年爆發的日俄戰爭中,作戰雙方首次運用了無線電通信,當年4月的一天,俄軍報務員下意識地利用無線電台干擾了日軍艦隊的射擊引導通信,迫使日軍無功而返。這種技術思想的原始萌動孕育了一種新的作戰方式,信息戰開始登上戰爭的舞台。信息技術的高度發達,使得“基於信息系統的體係作戰”成為當今戰爭的時代特徵。應該說,體係對抗並不是今天才有的交戰形式,戰爭中交戰雙方都力求形成一個強大的作戰體系,在不同歷史時期,體係有著不同的表現形態。今天的作戰體係是依靠網絡化的信息系統聯成的一個威力空前強大的作戰體系,信息技術在現代戰爭中發揮主導作用的一個重要表現,就是助長了信息戰的快速發展。在“信息主導”成為現代戰爭的標識符的同時,信息戰開始躍變為一種新質戰鬥力。
擁有強大的信息力使一支軍隊耳聰目明、反應敏捷,信息力融入打擊力則使軍隊的作戰效能成幾何級數增加。信息戰是打破信息火力高效融合的第一把利劍。
信息力是獲取、傳輸、處理、使用信息的能力。信息力的增強意味著信息的獲取更多、更全,信息的傳輸更快、更準,信息的處理具備自動化,信息的使用趨於智能化。這就使得軍隊的指揮高效,控制精準,行動迅捷,打擊有力。從作戰機理上看,信息力在作戰系統中的效能發揮,體現的是對打擊力的增效和向戰鬥力的轉化,信息本身雖不能直接殺傷敵人,但使用信息實現打擊兵器的智能化控制就產生了威力巨大的精確打擊和非接觸打擊。
信息威懾是一種重要的信息戰行動,可以降低對抗強度,甚至迫使對手放棄抵抗,可能產生令人滿意的戰鬥力效應,實現“不戰而屈人之兵”的最高追求,而其原理是對手懾於隨之會來的巨大打擊力,懾於能力而止於信息,威懾效果的達成是實力、能力、決心多元要素的融合效應。信息與火力的高度融合的結果就是,信息使火力效能倍增,火力讓信息能量轉化。信息戰的目標是對手的信息系統,起到的作用是“掩耳、障目、亂心”,使對手的信息力受到削弱以至喪失,信息火力的融合也就無從談起。海灣戰爭中,多國部隊刮起“沙漠風暴”之時,首先動用的就是空中和地面的多種電子乾擾手段,同時運用火力優先打擊伊軍的通信和雷達系統,使得伊軍防禦體系中尚不強大的信息力完全喪失,因而穩操勝券。而科索沃戰爭中,美軍使用信息戰的一次失誤,為南聯盟軍隊提供了良機,使其防空部隊巧妙運用不夠先進的信息系統,實現信息火力的有效融合,擊落了美軍隱形戰機。實踐證明,信息化條件下,信息戰已成為打破對手信息火力高效融合的第一把利劍。
信息戰是轉變敵我優劣對比的首要行動
矛與盾的較量永不停息、不斷升級。當“信息主導”顯現出巨大優勢時,就必然引發“信息反制”。信息的受制,會使原有的優勢立即逆轉。信息戰是轉變敵我優劣對比的首要行動。
作戰的基本類型就是進攻和防禦,用以作戰的物質手段也可以區分為矛和盾兩大類型的武器裝備。在打擊兵器具有空前殺傷力的今天,誰都不會再用集中兵力來集中優勢,而異地同步打擊不失為“消滅敵人、保存自己”的有效方式,即分散於不同地點的打擊力量同時對同一目標發起攻擊,但條件是必須有精確的時間協同。
保持時間同步,靠過去的人工對錶顯然已不可能,必須利用如導航衛星授時等先進技術,而授時同步信息一旦被對手破壞,行動就會被徹底打亂。一支具有高機動力和打擊力的部隊,如果受到對手的信息攻擊,導致信息不靈、信息受阻,將會搞不清行動的方向,找不到攻擊的目標,​​變得行動呆滯、打擊無力。精確打擊威力雖大,但一旦丟失精確制導信息而打不准,優勢即刻盡失。指揮控制如果信息受制,就會陣腳大亂,勢必造成作戰全局陷於混亂。
攻擊敵方的信息系統是打破其作戰體系的著力點和發力點。信息的獲取與反獲取、利用與反利用,已成為信息化戰場上兩軍爭鬥的焦點。信息戰是爭奪戰場控制權乃至戰爭主動權的首選樣式。
信息系統在極大地提升作戰體系效能的同時,也自然成為對手的攻擊目標,而且是要害目標。信息戰就是通過迷盲敵戰場感知系統,削弱其信息獲取能力、干擾其分析判斷;通過阻斷敵信息傳輸系統,擾亂其協同、破壞其行動;通過欺騙擾亂敵指控系統,降低其指揮效率、導致其決策失誤。愈是信息技術發達、愈是高度依賴信息系統的軍隊,其信息系統受到攻擊的後果愈嚴重。美國“老烏鴉”協會前主席奎克曾經撰文指出:“先進的技術使我們高度依賴電磁頻譜,但與此同時,我們沒有很好地投資建設電子防護能力。”“敵人利用廉價的商用技術就可以降低甚至破壞我們昂貴的ISR設備以及武器平台的效能,從而限制甚至嚴重削弱我們的技術優勢。”由於軍事電子信息系統正在世界範圍內得到廣泛運用,事實上各國軍隊對信息系統的依賴程度都在不斷加深,因此,各軍事大國競相發展信息戰,一些小國也不甘落後,紛紛效仿。現代戰爭中,奪取戰場綜合控制權至關重要,制信息權成為其中不可或缺的製高點,是控制戰場和掌握戰爭主動的首要。
信息戰已站在當代軍事博弈的前沿
戰爭通常是以交火為基本標誌。信息戰隱於無形,使用門檻低,可控性好,在平時就可能展開暗戰,悄然延伸了戰爭的邊界。信息戰已站在當代軍事博弈的前沿。
當今世界,軍事手段的使用愈加複雜。戰爭不僅是政治的繼續,而且政治軍事緊密結合,服從於政略戰略大局。武力使用也將與政治、經濟、外交、輿論鬥爭多維互動,有機銜接,密切配合。信息戰跨越平時與戰時,活躍在一條看不見的戰線上。比如,各大國相互之間的信息戰偵察與反偵察的對抗,現在幾乎每天都在進行暗中角力。雖然人們普遍認為開火交戰是戰爭與和平的分水嶺,但是,由於信息戰等新的軍事鬥爭樣式運用的特殊性,戰爭的邊界正在發生改變。據報導,美國政府最近公開表明戰爭法適用於網絡攻擊,認為某些網絡攻擊等同於《聯合國憲章》所定義的“使用武力”法律概念,受到攻擊的國家,可以使用常規軍事力量或網絡武器實施反擊。同時,我們還看到,信息時代的到來,使得意識形態領域的鬥爭中也常常閃現出信息戰的影子。信息戰能力的建設發展,已經愈來愈得到各國的重視。 2011年12月,伊朗綜合運用乾擾壓制、數據欺騙、鏈路控制等信息戰手段,成功誘騙並俘獲了美軍一架RQ-170“哨兵”無人偵察機,令美軍大為震驚。

Original Referring url: http://theory.people.com.cn/n/2012/1218/

How Chinese Cyber Warfare Rejects Foreign Intruders Focuses on National Security // 中國網絡戰如何拒絕外國入侵者關注國家安全

How Chinese Cyber Warfare Rejects Foreign Intruders Focuses on National Security //

中國網絡戰如何拒絕外國入侵者關注國家安全

In the information age, cybersecurity has taken the lead in national security. The Outline of the National Informatization Development Strategy emphasizes that it should actively adapt to the new changes in the national security situation, new trends in information technology development, and new requirements for strong military objectives, build an information security defense system, and comprehensively improve the ability to win localized information warfare. Cyberspace has become a new field that affects national security, social stability, economic development and cultural communication. Cyberspace security has become an important topic of increasing concern to the international community.

The United States has clearly declared that cyberspace is a new field of operations, and has significantly expanded its network command and combat forces to continue to focus on cyberspace weapons development. Since entering the summer, the US military network exercises have been one after another, and the invisible wars are filled with smoke. At the beginning of March, “Network Storm 5” took the lead in kicking off the drill; in April, “Network Aegis 2016” completed the fifth-generation upgrade; in June, “Network Defense” and “Network Capture” as the core re-installation of the annual joint exercise Debut.

The essence of network security lies in the ability to attack and defend both ends. Currently, static, isolated, passive defenses such as firewalls, intrusion detection technologies, and anti-virus software are difficult to effectively deal with organized high-intensity network attacks. To build a cyberspace security defense line, we need to get rid of the idea of ​​falling behind and win the counterattack on the defensive concept.

New “Thirty-six” mobile target defense

Increase the difficulty of attack by building a dynamic network

Network attacks require a certain amount of time to scan and research the target network, detect and utilize system “vulnerabilities” to achieve intrusion control purposes. In theory, the attacker has unlimited time to start the scanning and detecting work, and always find the weak point of defense, and finally achieve the purpose of the invasion. To this end, the network pioneer USA is committed to planning and deploying security defense transformation work, striving to break through the traditional defense concept and develop revolutionary technology that can “change the rules of the game”. Mobile target defense is one of them.

Mobile target defense is called the new paradigm of cyberspace security defense. The technical strategy is to construct a dynamic network through the processing and control of the protection target itself, increasing randomness and reducing predictability to improve the difficulty of attack. If the static cyberspace is likened to a constant “city defense deployment”, it is difficult to stick to it; and the dynamic network configuration can be called the ever-changing “eight squad”, which is difficult to crack. At present, mobile target defense technology has priority in various US government and military research, covering dynamic platform technology, dynamic operating environment technology, dynamic software and data technology. In August 2012, the US Army awarded Raytheon’s “Deformation Network Facility” project to study the dynamic adjustment and configuration of networks, hosts and applications in case the enemy could not detect and predict, thus preventing, delaying or blocking the network. attack.

As a new idea in the field of cyberspace security, mobile target defense reflects the technological development trend of future network defenses to turn “dead” networks into “live” networks.

The new “Thirty-six” honey cans deceive defense

Reduce cyberattack threats by consuming attacker resources

Conventional network security protection is mainly to defend against cyber attacks from the front. Although the defensive measures have made great progress, they have not changed the basic situation of cyberspace “easy to attack and defend”. In recent years, the development of “Honeypot Deception Defense” has proposed a new concept of “bypass guidance”, which is to reduce the threat of cyber attacks to the real protection target by absorbing network intrusion and consuming the resources of attackers, thereby winning time. Strengthen protection measures to make up for the shortcomings of the traditional cyberspace defense system.

Similar to the intentional setting of false positions on the battlefield, honeypot deception defense is to actively use the computer network with lower security defense level to lure all kinds of network attacks, monitor its attack means and attributes, and set corresponding defenses on the target system that needs to be protected. System to stop similar attacks. Honeypots can be divided into two types, product-type honeypots and research-type honeypots. The main purpose of the former is to “attract firepower” and reduce the pressure of defense. The latter is designed for research and acquisition of attack information. It is an intelligence gathering system that not only needs network attack resistance but also strives to monitor powerfully to capture the attack behavior data to the maximum extent.

In addition to the establishment of a virtual network environment attack and defense laboratory consisting of four sub-networks of gray, yellow, black and green, the US military has also carefully deployed a honeypot decoy system on the Internet. What is certain is that the network defense idea based on deception will be further emphasized, and the technical means to achieve deception will be more and more.

New “Thirty-six Meters” linkage synergy defense

Integrate multiple defense technologies to “reject enemy from outside the country”

At present, most of the security protection devices and defense technologies are “individually fighting”. The data between network protection nodes is difficult to share, and the protection technologies are not related. As a result, the current defense system is isolated and static, which cannot meet the increasingly complex network security situation. need. The original motivation of the US “Einstein Plan” was that all federal agencies had exclusive access to the Internet, making overall security difficult to guarantee. Through the collaborative linkage mechanism, the relatively independent security protection devices and technologies in the network are organically combined to complement each other and cooperate with each other to defend against various attacks. It has become an inevitable choice for the future development of cyberspace security defense.

Collaborative collaborative defense refers to the use of existing security technologies, measures and equipment to organically organize multiple security systems that are separated in time, spatially distributed, and work and interdependent, so that the entire security system can maximize its effectiveness. Vertically, it is the coordinated defense of multiple security technologies, that is, one security technology directly includes or links to another security technology through some communication method. For example, the “deep defense” mechanism adopted by the US Navy network defense system targets the core deployment layer protection measures, including flag-based attack detection, WAN security audit, vulnerability alert, etc., and the attacker must break through multiple defense layers to enter the system. Thereby reducing its attack success rate. When a node in the system is threatened, it can forward the threat information to other nodes in time and take corresponding protective measures to adjust and deploy the protection strategy.

In the past, individual combat operations have been unable to meet the needs of today’s network security defenses, and coordinated collaborative defense will leap into the mainstream of network security. Integrate a variety of defense technologies, establish an organized defense system, and “reject the enemy outside the country” to effectively prevent problems before they occur.

The optimal strategy defense of the new “Thirty-six”

Seeking a balance between cybersecurity risks and investments

The attacks in cyberspace are more and more complicated. The ideal network security protection is to protect all the weak or attack behaviors. However, from the perspective of defense resources limitation, it is obviously unrealistic to pursue absolute security defense. Based on the concept of “moderate security”, the optimal strategy defense is on the horizon.

Optimal policy defense can be understood as seeking a balance between cyber security risks and inputs, and using limited resources to make the most reasonable decision defense. As far as investment is concerned, even the strong United States is trying to build a collective defense system for cyberspace. The United States and Australia cyberspace defense alliance agreement, as well as the Japan-US network defense cooperation joint statement, its “share of results” behind the “cost sharing” shadow. From the perspective of risk, the pursuit of absolute security will adhere to the principle of safety supremacy. When formulating relevant strategic objectives and responding to threats, it is easy to ignore the limited and legitimacy of the resources and means available, and it is difficult to grasp the advance and retreat.

The optimal strategy defense is mainly focused on the “optimal” strategy of game theory, focusing on the research direction of cyberspace security assessment, cost analysis, security defense model construction and evolution. Applying the idea of ​​game theory to cyber attacks and defenses provides a new way to solve the problem of optimal defense decision-making.

The new “Thirty-six” intrusion tolerance defense

Create a “last line of defense” for cyberspace security

The threats to cyberspace are unpredictable, irresistible, and unpredictable. Protection can’t completely avoid system failure or even collapse. Traditional reliability theory and fault-tolerant computing technology are difficult to meet the actual needs, which has to consider more comprehensive and deeper problems than pure protection. In this context, a new generation of intrusion-tolerance defenses has received increasing attention.

Intrusion tolerance is the third-generation network security technology, which belongs to the category of information survival technology and is called the “last line of defense” for cyberspace security defense. Unlike traditional cybersecurity defenses, intrusion-tolerant defenses recognize the existence of vulnerabilities and assume that some of them may be exploited by attackers to attack the system. When the target of protection is attacked or even some parts have been destroyed or manipulated, the target system can “kill the tail” like a gecko to complete the healing and regeneration of the target system.

Intrusion-tolerance technology is no longer based on “defense”, but on how to reduce losses and recover as soon as the system has been damaged. However, intrusion tolerance is an emerging research field. Its cost, cost and benefit will be the next research direction.

Original Mandarin Chinese:

新聞緣由

信息時代,網絡安全對國家安全牽一發而動全身。 《國家信息化發展戰略綱要》強調,積極適應國家安全形勢新變化、信息技術發展新趨勢和強軍目標新要求,構建信息安全防禦體系,全面提高打贏信息化局部戰爭能力。網絡空間已經成為影響國家安全、社會穩定、經濟發展和文化傳播的全新領域,網絡空間安全隨之成為國際社會日益關注的重要議題。

美國明確宣稱網絡空間為新的作戰領域,大幅擴編網絡司令部和作戰部隊,持續聚力網絡空間武器研發。進入夏季以來,美軍網絡演習接二連三,隱形戰火硝煙瀰漫。 3月初,“網絡風暴5”率先拉開演練戰幕;4月,“網絡神盾2016”完成第五代升級;6月,“網絡防衛”“網絡奪旗”作為年度聯合演習的核心重裝登場。

網絡安全的本質在於攻防兩端能力較量,目前依賴防火牆、入侵檢測技術和反病毒軟件等靜態的、孤立的、被動式防禦難以有效應對有組織的高強度網絡攻擊。構築網絡空間安全防線,需要革除落伍思想,打贏防禦理念上的反擊戰。

新“三十六計”之移動目標防禦

通過構建動態網絡增加攻擊難度

網絡攻擊行動均需要一定的時間用於掃描和研究目標網絡,探測並利用系統“漏洞”,達到入侵控制目的。從理論上說,攻擊者有無限的時間展開掃描探測工作,總能找到防禦薄弱點,最終達成入侵目的。為此,網絡先行者美國致力於籌劃和部署安全防禦轉型工作,力求突破傳統防禦理念,發展能“改變遊戲規則”的革命性技術,移動目標防禦即是其中之一。

移動目標防禦被稱為網絡空間安全防禦新範式,技術策略上通過對防護目標本身的處理和控制,致力於構建一種動態的網絡,增加隨機性、減少可預見性,以提高攻擊難度。若將靜態的網絡空間比喻為一成不變的“城防部署”,勢難固守;而動態的網絡配置堪稱變幻無窮的“八卦陣”,難以破解。目前,移動目標防禦技術在美國政府和軍方各類研究中均享有優先權,涵蓋動態平台技術、動態運行環境技術、動態軟件和數據技術等方面。 2012年8月,美陸軍授予雷神公司“變形網絡設施”項目,主要研究在敵方無法探測和預知的情況下,對網絡、主機和應用程序進行動態調整和配置,從而預防、遲滯或阻止網絡攻擊。

作為網絡空間安全領域的新思路,移動目標防禦反映了未來網絡防禦將“死”網絡變成“活”網絡的技術發展趨勢。

新“三十六計”之蜜罐誘騙防禦

通過消耗攻擊者的資源減少網絡攻擊威脅

常規的網絡安全防護主要是從正面抵禦網絡攻擊,雖然防禦措施取得了長足進步,但仍未能改變網絡空間“易攻難守”的基本局面。近年來發展的“蜜罐誘騙防禦”則提出了一個“旁路引導”的新理念,即通過吸納網絡入侵和消耗攻擊者的資源來減少網絡攻擊對真正要防護目標的威脅,進而贏得時間以增強防護措施,彌補傳統網絡空間防禦體系的不足。

與戰場上有意設置假陣地相仿,蜜罐誘騙防禦是主動利用安全防禦層級較低的計算機網絡,引誘各類網絡攻擊,監測其攻擊手段和屬性,在真正需要做防護的目標系統上設置相應防禦體系,以阻止類似攻擊。蜜罐可分為兩種類型,即產品型蜜罐和研究型蜜罐。前者主要目的是“吸引火力”,減輕防禦壓力,後者則為研究和獲取攻擊信息而設計,堪稱情報蒐集系統,不僅需要網絡耐攻擊而且力求監視能力強大,以最大限度捕獲攻擊行為數據。

美軍除了建立由灰網、黃網、黑網、綠網4個子網絡組成的虛擬網絡環境攻防實驗室外,還在國際互聯網上精心部署有蜜罐誘騙系統。可以肯定的是,基於誘騙的網絡防禦思想將被進一步重視,實現誘騙的技術途徑也將會越來越多。

新“三十六計”之聯動協同防禦

整合多種防禦技術“拒敵於國門之外”

目前的安全防護設備和防禦技術大都是“各自為戰”,網絡防護節點間的數據難共享,防護技術不關聯,導致目前的防禦體係是孤立和靜態的,已不能滿足日趨複雜的網絡安全形勢需要。美國“愛因斯坦計劃”最初的動因就在於各聯邦機構獨享互聯網出口,使得整體安全性難以保障。通過協同聯動機制把網絡中相對獨立的安全防護設備和技術有機組合起來,取長補短,互相配合,共同抵禦各種攻擊,已成為未來網絡空間安全防禦發展的必然選擇。

聯動協同防禦是指利用現有安全技術、措施和設備,將時間上分離、空間上分佈而工作上又相互依賴的多個安全系統有機組織起來,從而使整個安全系統能夠最大程度地發揮效能。縱向上,是多個安全技術的聯動協同防禦,即一種安全技術直接包含或是通過某種通信方式鏈接另一種安全技術。如美國海軍網絡防禦體係採用的“縱深防禦”機制,針對核心部署層層防護措施,包括基於標誌的攻擊檢測、廣域網安全審計、脆弱性警報等,攻擊方須突破多個防禦層才能進入系統,從而降低其攻擊成功率。當系統中某節點受到威脅時,能夠及時將威脅信息轉發給其他節點並採取相應防護措施,進行一體化調整和部署防護策略。

昔日的單兵作戰已不能適應當今網絡安全防禦的需要,聯動協同防禦將躍升為網絡安全領域的主流。整合多種防禦技術,建立有組織性的防禦體系,“拒敵於國門之外”才能有效防患於未然。

新“三十六計”之最優策略防禦

在網絡安全風險和投入之間尋求一種均衡

網絡空間的攻擊越來越複雜,理想的網絡安全防護當然是對所有的弱項或攻擊行為都做出對應的防護,但是從防禦資源限制等情況考慮,追求絕對安全的防禦顯然是不現實的。基於“適度安全”的理念,最優策略防禦呼之欲出。

最優策略防禦可以理解為在網絡安全風險和投入之間尋求一種均衡,利用有限的資源做出最合理決策的防禦。就投入而言,即便是實力雄厚的美國,也是盡量打造網絡空間集體防禦體系。美國與澳大利亞網絡空間防禦同盟協定,以及日美網絡防禦合作聯合聲明,其“成果共享”背後亦有“成本分攤”的影子。從風險角度看,對絕對安全的追求將會秉持安全至上原則,在製定相關戰略目標和對威脅作出反應時,易忽視所擁有資源和手段的有限性、合法性,難以掌握進退。

最優策略防禦主要圍繞博弈論的策略“最優”而展開,集中在網絡空間安全測評、代價分析、安全防禦模型構建與演化等研究方向上。將博弈論的思想應用到網絡攻擊和防禦中,為解決最優防禦決策等難題研究提供了一種新思路。

新“三十六計”之入侵容忍防禦

打造網絡空間安全 “最後一道防線”

網絡空間面臨的威脅很多是不可預見、無法抗拒和防不勝防的,防護再好也不能完全避免系統失效甚至崩潰的發生。傳統的可靠性理論和容錯計算技術難以滿足實際需要,這就不得不思考比單純防護更全面、更深層次的問題。在此背景下,新一代入侵容忍防禦愈發受到重視。

入侵容忍是第三代網絡安全技術,隸屬於信息生存技術的範疇,被稱作是網絡空間安全防禦“最後一道防線”。與傳統網絡安全防禦思路不同,入侵容忍防禦承認脆弱點的存在,並假定其中某些脆弱點可能會被攻擊者利用而使系統遭到攻擊。防護目標在受到攻擊甚至某些部分已被破壞或被操控時,防護目標系統可以像壁虎一樣“斷尾求生”,完成目標系統的癒合和再生。

入侵容忍技術不再以“防”為主,而是重在系統已遭破壞的情況下如何減少損失,盡快恢復。但入侵容忍畢竟是一個新興研究領域,其成本、代價、效益等將是下一步的研究方向。

Original Referring URL:  http://www.81.cn/jskj/2016-08/11/

Maintaining Chinese Cyber & Network Security Launching the People’s Fifth Space War //维护中國网络安全,打响第五空间人民战争

Maintaining Chinese Cyber & Network Security Launching the People’s Fifth Space War

//维护中國网络安全,打响第五空间人民战争

President Xi clearly pointed out at the symposium on cybersecurity and informatization: “Network security is for the people, network security depends on the people, and maintaining network security is the common responsibility of the whole society. It requires the government, enterprises, social organizations, and the majority of netizens to participate together. Network security defense. ” 
Maintening China’s network security is an important measure to coordinate and promote the comprehensive construction of a well-off society, comprehensively deepen reforms, comprehensively govern the country according to law, and comprehensively and strictly manage the party’s strategic layout. It is to achieve the goal of “two hundred years” and achieve The important guarantee for the great rejuvenation of the Chinese dream of the Chinese nation.Please pay attention to the report of the “Liberation Army Daily” today –

 

Breaking through the online and offline boundaries, the security situation is severe and complicated

An inconspicuous “worm” has caused an uproar in the world – in May this year, cyberattacks initiated by criminals through tampering with the “eternal blue” program in the National Security Agency arsenal made most of Europe Countries and regions have successively recruited and affected important infrastructures including government, banks, power systems, communication systems, energy companies, airports, and other computer systems in many hospitals in the United Kingdom, resulting in some patients not being able to undergo surgery in time.

Behind this ransomware incident is the escalating confrontational conflict in cyberspace. Zhao Zhiguo, director of the Network Security Administration of the Ministry of Industry and Information Technology, said that only this year, the Ministry of Industry and Information Technology organized the industry forces and coordinated the handling of many attacks against the network and important systems, covering viruses, Trojans, vulnerabilities, traffic attacks and other types, involving network infrastructure public. Systems, important information systems and terminals. “It can be said that cyberattacks are still in a high-risk situation, showing that the threshold is constantly decreasing, the objects are more extensive, and the means are more diverse.”

The data shows that as of the first half of this year, the number of Internet users in China reached 751 million, and the Internet penetration rate reached 54.3%. “When the scale of the Internet is getting bigger and bigger, the challenges facing network security are becoming more and more serious.” In the view of Wu Jianping, an academician of the Chinese Academy of Engineering and a professor at Tsinghua University, the field of network security is constantly expanding. From a global perspective, the threat of cyberattacks is infiltrating into the industrial Internet sector, and industrial Internet security incidents are frequent. In December 2015, a large-scale organized and premeditated directed cyber attack in Ukraine caused a continuous power outage in nearly one-third of the territory. At present, the key infrastructure of various countries has become the target of cyber attacks. Once attacked, it will cause immeasurable damage to national security and social stability.

“The tentacles of cyber attacks extend to all aspects of society, and they are highly integrated online and offline. Network security is becoming the core issue of global security.” Zhou Hongyi, chairman of Qihoo 360, believes that after more than 20 years of development, the Internet is no longer An industry that is increasingly integrated with society as a whole. Coupled with the development of the Internet of Things, the Internet of Vehicles, and the Industrial Internet, the boundaries between the real physical world and the virtual world of the Internet are broken, and the online and offline are integrated. In this context, the attacks in the online world begin to spread to our real world. .

To be sure, the forms of cyber attacks are diverse and complex, and the cyber security situation is still grim. Global cybersecurity has gradually entered a era of security involving national security, national defense security, social security, industrial security, infrastructure security and even personal security.

There is no battlefield for smoke, and cyber war has never died.

There is a term in the software development industry called “Thousand Line Code Defect Rate”, which means the vulnerability rate in a thousand lines of code. There is probably a vulnerability in every thousand lines of code in most software companies. According to calculations, the code size of the most commonly used Windows operating system is about 50 million lines, and the Android system is about 12 million lines. The loopholes can be imagined.

“There are only two systems in the world, one is a system that has been known to be broken, and the other is a system that has been broken but not yet known.” The first US Army commander Alexander at the 2015 China Internet Security Conference The speech was impressive, and his point was that there was no safe system in front of the attackers.

“Any network system in the real world, even if the design is more sophisticated, the structure is more complicated, there will be loopholes without exception.” Zhou Hongyi pointed out that the 360 ​​community patching vulnerability response platform discovered more than 80,000 holes a year. These vulnerabilities may become the soft underbelly of the system suffering from cyber attacks.

The 360 ​​Threat Intelligence Center found that among the many advanced sustainable threats they monitored, the attackers had mostly infiltrated or lurked for a long time and concealed themselves through various means.

There are examples to prove. The Bushehr nuclear power plant, located 100 kilometers south of the Iranian capital Tehran, was a secret target guarded by the National Defence Force. In July 2010, it was attacked by a new type of network virus called “Seismic Network”. The 8000 centrifuges working in the nuclear power plant suddenly In the event of a failure, computer data was lost in a large area, and thousands of units were physically damaged. In 2014, internal documents of two nuclear power plants in South Korea were leaked, including personal information of nearly 10,000 employees of nuclear power plants, operating instructions for nuclear power plants, air conditioning and cooling systems. Design drawings, valve design drawings, etc. A US government report said that since May this year, hackers have been infiltrating the computer networks of US nuclear power plants and other energy equipment companies.

Unlike traditional warfare, which has a clear beginning and end, cyber warfare is constantly being declared. In this sense, the world has entered the era of cyber warfare. On the battlefield where there is no smoke, the planes and artillery that people paid attention to in the past have disappeared, and the new network virus has already appeared on the scene.

“The cyberattacks on critical infrastructure can even surpass the war in the traditional sense. It is almost impossible for nuclear states to use nuclear weapons, but cyber attacks are currently close to being unconstrained.” Cyberspace Security and Security Liu Weijun, a professor at the Center for Rule of Law, said that even worse than the destruction of the Ukrainian power system, nuclear power plants were attacked, directly threatening national security.

Relying on the people is the key path to building a network power

In September this year, with the theme of “Network Security for the People, Network Security Relying on the People”, a feature film “Fifth Space” became popular.

“People are always the most important factor. Network security is not a matter of purchasing and deploying a batch of network security equipment and stacking some products. It also requires a large number of professionals to analyze, judge, respond and dispose of.” Zhou Hongyi said It is necessary to play every network user so that everyone can actively play their role.

It is understood that since 2014, China has continuously held national network security publicity activities, popularized network security knowledge, strengthened network security education, and promoted a good atmosphere in which the whole society attaches importance to network security. “National cybersecurity propaganda should enhance the awareness of cyber security among all people, pay attention to the improvement of cyber security prevention capabilities, and let the broad masses of people have the awareness and ability to maintain their own network security. They can use the network like water, electricity, and fire. Qin An, director of the China Cyberspace Strategy Institute and director of the Internet Policy and Law Research Center of Tianjin University, said that cybersecurity depends on the people. Only relying on the people is the key path to building a network power.

“To maintain network sovereignty, it is necessary to strengthen the construction of defense forces in cyberspace and enhance the self-defense capabilities of cyberspace.” Qin An pointed out that the “Network Security Law” was officially implemented on June 1 this year, and one of its core objectives is to maintain cyber sovereignty. At the same time, the “International Cooperation Strategy for Cyberspace” promulgated on March 1 this year, in the third chapter of the strategic objectives to maintain sovereignty and security, for the first time to define the national definition of defensive forces in cyberspace, the construction of cyberspace defense forces as China’s national defense and military modernization Important content of construction.

The national defense white paper “China’s Military Strategy” clearly states that it is necessary to speed up the construction of cyberspace forces, improve the cyberspace situational awareness, cyber defense, support national cyberspace struggles and participate in international cooperation, curb major cyberspace crisis, and safeguard national networks and Information security, safeguarding national security and social stability.

Safety is the premise of development, and development is the guarantee of security. Building a network power, the nation’s awareness of improving network security is the foundation. At present, China is accelerating its march from a big network country to a network power. More than 1.3 billion Chinese people really enjoy the new achievements brought about by the development of the Internet. For the realization of the goal of “two hundred years”, the strategy of network power will play a role. More and more important support.

Construct an unbreakable security line

■ Li Yang

In the report of the 19th National Congress of the Communist Party of China, President Xi proposed to strengthen the application of basic research, expand the implementation of major national science and technology projects, highlight key common technologies, leading-edge technologies, modern engineering techniques, and subversiveness. Technological innovation provides strong support for building a strong country in science and technology, a country with strong quality, a strong country in space, a network power, a powerhouse, a digital China, and a smart society. Among them, the strategy of network power is once again mentioned, exciting and inspiring. In line with the development trend of the times, comprehensive maintenance of cyberspace security is the only way to build a network power.

The Cong listened to the silence, and the Ming was seen in the shape. With the rapid development of the information revolution, the network space consisting of the Internet, communication networks, computer systems, automation control systems, digital devices and their applications, services and data has profoundly affected the historical development of human society and comprehensively changed people’s production. lifestyle. Especially in the current global economic integration and internationalization of professional division of labor, cyberspace security is characterized by soft activity, border flexibility, diversification of means, domain widening and diversification of power, and is increasingly expanding to The mixed complex confrontation between the state, the military, and various purpose-oriented organizations and individuals implies a mixed risk of defamation of productivity, culture, and combat effectiveness.

The person in charge of the relevant department of the Central Network Office said that the five years since the 18th National Congress of the Communist Party of China was the fastest five years of cyberspace security development and five years of brilliant achievements in the field of cyberspace security. The “China Internet Station Development Status and Safety Report (2017)” shows that the tampering websites and government websites in China fell by 31.7% and 47.9% respectively last year. The overall level of government website security protection has been greatly improved; DDoS attacks of more than 1G have dropped by 60%.

The results are gratifying, but they should also be soberly aware that there are still many problems in the actual work that cannot keep up with the ideological concepts, and that there are consensuses that are difficult to implement. The implementation of cyberspace security measures is not in place or even “hanging the gap”. Cyberspace security is a holistic security. If a link is broken, it may lead to the collapse of the entire network. We can’t be lucky and slack, we must start from the various aspects of technology, equipment, personnel, management, etc., and build and deploy according to the road map of “laying up positions, deploying capabilities, and forming systems”. Practice, actively discover vulnerabilities, eliminate potential threats, continuously improve the security of cyberspace, and achieve new developments at a new starting point.

The construction of cyberspace security is a long-term, complex system engineering, which is not easy to beat and drum. To achieve this goal, there is not only a slap in the face, but also the tenacity of “do not relax”. It must be step by step, gradually promoted and implemented. Only in this way can we build an unbreakable security line.

Original Mandarin Chinese:

习主席在网络安全和信息化工作座谈会上明确指出:“网络安全为人民,网络安全靠人民,维护网络安全是全社会共同责任,需要政府、企业、社会组织、广大网民共同参与,共筑网络安全防线。”
维护我国网络安全,是协调推进全面建成小康社会、全面深化改革、全面依法治国、全面从严治党战略布局的重要举措,是实现“两个一百年”奋斗目标、实现中华民族伟大复兴中国梦的重要保障。请关注今日《解放军报》的报道——

维护网络安全,打响第五空间人民战争

■何楚洋

突破线上线下界限,安全形势严峻复杂

一只不起眼的“蠕虫”,竟然在全球引起了轩然大波——今年5月,由不法分子通过篡改美国国家安全局武器库中的“永恒之蓝”程序而发起的网络攻击,使大多数欧洲国家和地区相继中招,波及到包括政府、银行、电力系统、通信系统、能源企业、机场等重要基础设施,如英国多家医院的电脑系统瘫痪,导致部分病人无法及时接受手术。

这起勒索病毒事件的背后,是网络空间日益升级的对抗冲突。工信部网络安全管理局局长赵志国表示,仅今年工信部就组织行业力量,相继协调处置多起针对网络和重要系统的攻击事件,涵盖病毒、木马、漏洞、流量攻击等多种类型,涉及网络基础设施公共系统、重要信息系统和终端。“可以说网络攻击仍处于高发态势,呈现出门槛不断降低,对象更加广泛,手段更加多样。”

数据显示,截至今年上半年,我国网民规模达7.51亿,互联网普及率达54.3%。“当互联网的规模越来越大,网络安全面临的挑战也是日趋严峻的。”在中国工程院院士、清华大学教授吴建平看来,网络安全的领域正在不断延伸。从全球角度来看,网络攻击威胁正向工业互联网领域渗透,工业互联网安全事件频发。2015年12月,乌克兰发生了一次影响巨大的有组织、有预谋的定向网络攻击,致使乌境内近三分之一的地区持续断电。目前各国的关键基础设施已成为网络攻击的对象,一旦被攻击导致瘫痪,将给国家安全、社会稳定造成不可估量的伤害。

“网络攻击的触手延伸到社会各个方面,线上与线下高度融合,网络安全正在成为全球安全的核心问题。”奇虎360公司董事长周鸿祎认为,经过20多年的发展,互联网已经不再是一个行业,它与整个社会的结合越来越紧密。加上现在物联网、车联网、工业互联网的发展,真实物理世界和网络虚拟世界的界限被打破,线上线下连成一体,在这样的背景下,网络世界的攻击开始蔓延到我们的真实世界。

可以肯定的是,网络攻击形式多样复杂,网络安全形势依然严峻,全球网络安全逐渐进入到涉及国家安全、国防安全、社会安全、产业安全、基础设施安全甚至人身安全的大安全时代。

没有硝烟的战场,网络战从未偃旗息鼓

软件开发行业里有个名词,叫“千行代码缺陷率”,意思是一千行代码中的漏洞率。绝大部分软件公司的每一千行代码就有可能存在一个漏洞。据计算,最常使用的Windows操作系统的代码量是5000万行左右,安卓系统大概是1200万行,其中的漏洞可想而知。

“世界上只有两种系统,一种是已知被攻破的系统,一种是已经被攻破但自己还不知道的系统。”美国首任网军司令亚历山大在2015年的中国互联网安全大会上的发言让人印象深刻,他的观点是,在攻击者面前,没有任何安全的系统。

“现实世界中的任何网络系统,即使设计再精巧,结构再复杂,无一例外都会有漏洞。”周鸿祎指出,360社区补天漏洞响应平台一年发现的漏洞数就超过了8万个。这些漏洞,都有可能成为系统遭受网络攻击的软肋。

360威胁情报中心发现,他们监测到的多个高级可持续威胁事件中,攻击者大都已经渗透或者潜伏了很长时间,并且通过各种手段隐匿自己。

有例为证。位于伊朗首都德黑兰以南100公里的布什尔核电站是由国防军守卫的机密目标,在2010年7月被一种名为“震网”的新型网络病毒侵害,核电站里正在工作的8000台离心机突然出现故障,电脑数据大面积丢失,上千台被物理性损毁;2014年,韩国2座核电站的内部文件遭到泄露,包括核电站近万名员工的个人信息、核电站程序运行说明、空调和冷却系统设计图、阀门设计图等。美国政府的一份报告称,自今年5月以来,黑客一直在渗透美国核电站和其他能源设备公司的计算机网络。

不同于传统战争有明显的开始和结束,网络战时时刻刻都在不宣而战。从这层意义上说,全世界已经进入网络战时代。而在这片不见硝烟的战场上,过去人们关注的飞机、大炮不见踪影,新型的网络病毒就已经粉墨登场了。

“对关键基础设施的网络攻击,其破坏效果甚至能超越传统意义上的战争。有核国家几乎不可能动用核武器,但是网络攻击在目前却接近于不受任何约束。”公安大学网络空间安全与法治协创中心教授刘为军表示,与乌克兰的电力系统遭到破坏相比,更可怕的是核电站遭到攻击,直接威胁着国家安全。

依靠人民,才是建设网络强国关键路径

今年9月,以“网络安全为人民,网络安全靠人民”为主题的第四届网络安全周上,一部专题片《第五空间》迅速走红成为人们热议的焦点。

“人永远是最重要的因素,网络安全不是购买并部署一批网络安全设备、堆砌一些产品就能防得住的,还需要大量的专业人员来做分析、研判、响应和处置。”周鸿祎说,要把每一个网络用户发挥起来,让每一个人都能积极发挥自己的作用。

据了解,我国自2014年起,开始连续举办国家网络安全宣传活动,普及网络安全知识,加强网络安全教育,推动形成全社会重视网络安全的良好氛围。“国家网络安全宣传要在提升全民网络安全意识的同时,重视网络安全防范能力的提升,让广大人民群众既有意识又有能力维护自身网络安全,能够像用水、用电、用火一样用好网络。”中国网络空间战略研究所所长、天津大学互联网政策与法律研究中心主任秦安表示,网络安全依靠人民,只有依靠人民,才是建设网络强国关键路径。

“维护网络主权,就要加强网络空间国防力量建设,提升网络空间的自卫能力。”秦安指出,《网络安全法》于今年6月1日起正式实施,其核心目标之一就是维护网络主权。同时,今年3月1日颁布的《网络空间国际合作战略》在第三章战略目标维护主权与安全部分,首次明确网络空间国防力量的国家定义,将网络空间国防力量建设作为我国国防和军队现代化建设的重要内容。

国防白皮书《中国的军事战略》明确提出,要加快网络空间力量建设,提高网络空间态势感知、网络防御、支援国家网络空间斗争和参与国际合作的能力,遏控网络空间重大危机,保障国家网络与信息安全,维护国家安全和社会稳定。

安全是发展的前提,发展是安全的保障。建设网络强国,全民提升网络安全意识是基础。当前,我国正在加速从网络大国向网络强国迈进,13多亿中国人民实实在在享受到互联网发展带来的新成果,为着“两个一百年”奋斗目标的实现,网络强国战略将发挥着越来越重要的支撑作用。

构筑牢不可破的安全防线

“善其谋而后动,成道也。”习主席在党的十九大报告中提出,加强应用基础研究,拓展实施国家重大科技项目,突出关键共性技术、前沿引领技术、现代工程技术、颠覆性技术创新,为建设科技强国、质量强国、航天强国、网络强国、交通强国、数字中国、智慧社会提供有力支撑。其中,网络强国战略再次被提及,令人振奋,鼓舞人心。顺应时代发展趋势,全面维护网络空间安全,就是建设网络强国的必由之路。

聪者听于无声,明者见于未形。伴随信息革命的飞速发展,由互联网、通信网、计算机系统、自动化控制系统、数字设备及其承载的应用、服务和数据等组成的网络空间,深刻影响人类社会历史发展进程,全面改变人们的生产生活方式。尤其是在当前全球经济一体化、专业分工国际化的大环境下,网络空间安全呈现出活动软性化、边境弹性化、手段多样化、范畴全域化和力量多元化的特征,并且日益扩展为国家、军队及各种目的性组织和个人之间的混合复杂对抗,蕴含着毁瘫生产力、文化力、战斗力的混合风险。

中央网信办相关处室负责人表示,党的十八大以来的五年,是网络空间安全发展最快的五年,也是网络空间安全领域取得辉煌成绩的五年。《中国互联网站发展状况及其安全报告(2017)》显示,去年我国境内被篡改网站与政府网站分别下降31.7%和47.9%。政府网站安全防护水平整体得到了很大提高;1G以上DDoS攻击事件下降60%。

成绩固然喜人,但也应当清醒地看到,实际工作中还存在着思想观念跟不上、有共识难落实等诸多问题,网络空间安全措施执行不到位甚至“挂空挡”情况依然存在。网络空间安全,是整体性安全,一个环节被攻破,就可能导致全网的崩溃。我们不能心存侥幸和懈怠,必须扎扎实实地从技术、装备、人员、管理等各个环节入手,按“布设阵地、配置能力、形成体系”的路线图进行建设和部署,真刀真枪地开展演练,主动发现漏洞,消除潜在威胁,不断提升网络空间安全保障能力,在新的起点上实现新发展。

网络空间安全的构建是一项长期、复杂的系统工程,绝非敲锣打鼓、轻轻松松实现的。实现这一目标,既少不了一鸣惊人的霹雳手段,更需要有“咬定青山不放松”的韧劲,必须一步一个脚印,逐步推进,落地落实。惟有如此,才能构筑牢不可破的安全防线。

Original referring URL:  http://www.81.cn/jskj/2017-11/29/

Chinese Military Analysis of Cyber Space Deterrence – Important Strategic Points // 淺析網絡空間威懾的特徵、類型和運用要點

Chinese Analysis of Cyber Space Deterrence – Important Strategic Points

淺析網絡空間威懾的特徵、類型和運用要點

Chinese People’s Liberation Army Academy of Military Sciences Yuan Yi

January 04, 2016    

Editor’s note: When both opposing parties have the ability to ensure intrusion and damage to the other party’s network, they can bring about two-way network containment, making the two parties obliged to comply with the game rules that do not attack each other’s network under certain conditions, forming an invisible safety valve. Even international conventions or conventions that do not attack each other’s networks will be formed. The cyberspace has thus become a strategic area that can produce a huge deterrent effect. After the deterrence of cyberspace followed by nuclear deterrence, it began to enter the strategic vision of big country politicians and military strategists. Studying the characteristics, types, and points of use of cyberspace deterrence must be taken into consideration and necessary action by the Internet powers and the cyber force.

With the increasing dependence of human society on cyberspace, cyberspace has become the “second type of living space” for human production and life and the “fifth-dimensional combat space” for military confrontation. Countries around the world have fiercely competed for the dominant rights, control rights, and discourse power of cyberspace. The competition in the cyberspace has reached the level of human survival, national destiny, and success or failure of military struggles. Thinking about cyberspace deterrence capacity building has great practical and theoretical value.

First, analysis of the advantages and disadvantages of cyberspace deterrence

Cyberspace deterrence refers to the actions and actions taken in the cyberspace to demonstrate and control enemy cyberspace, and to control the enemy’s physical space through cross-domain cyberspace, so as to achieve the goal of destroying enemy forces, stopping the enemy, blocking the enemy, and preventing deterrence. A form of strategic deterrence for the enemy’s purpose. Compared with the physical space, the “virtual and real duality” of network space and the uniqueness of network warfare compared with traditional combat styles have determined that the advantages and disadvantages of cyberspace deterrence are very obvious.

(A) The advantages of cyberspace deterrence

The advantages of cyberspace deterrence are mainly reflected in the following: First, the deterrence approach has become more civilized and humane. Compared with nuclear, chemical, and chemical weapons based on physical, biological, and chemical killing mechanisms, the direct killing and destructive effects of cyber warfare weapons are much smaller than the former. Normally, they will not cause permanent damage and pollution to the natural environment, nor will they cause large numbers of people. Casualties and humanitarian disasters. Second, deterrence costs are inefficient. The network warfare weapons are dominated by viruses, Trojans and other software. The costs are relatively low, and the technical threshold is low. The destructive effects are rather alarming. The network defense points are multi-faceted, and they are hard to prevent. To increase the level of network security by one level, the input cost will increase exponentially. The contrast between the low cost of cyber offense and the high cost of cyber defense makes the offensive and defensive performance of the network a feature of “spirit shield”, and the cyber warfare weapon is thus called “the atomic bomb of the poor country”. The third is that deterrence methods are diverse and practical. The variety of cyber warfare weapons and the multiple goals of cyber attacks have determined that there are diversified cyberspace deterrent methods to choose from. The effects of cyberattacks are recoverable to a certain extent. As long as the application is properly implemented, the risk of causing war and escalating the war is relatively small. In a sense, the deterrence value of nuclear weapons is far greater than the value of actual combat, and cyber warfare weapons are both practical values ​​and deterrence values. Fourth, the use of repeatability and deterrence is strong. Once the “nuclear threshold” crosses, a full-scale nuclear war will erupt, and the two sides at the nuclear balance will fall into a state of mutual destruction. The easy implementation of nuclear deterrence, especially nuclear deterrence against non-nuclear countries, will also be condemned by international public opinion. These factors are all The use of nuclear deterrence is greatly limited. The deterrence of software and hardware and the controllable characteristics of cyberspace deter- mine the flexibility and control of deterrence in light of the changes and needs of the military struggle. It can be used in advance, used throughout, and used repeatedly. It has strong flexibility.

(B) Defects in cyberspace deterrence

The deterrence of cyberspace is mainly reflected in: First, the credibility of the deterrence effect has not been fully verified. The credibility of nuclear deterrence has been verified in actual combat. However, as of now, the real network war has not really exploded. People’s astonishing destructive power over cyber warfare is more of a speculation and worry. The real power of cyber warfare can only be convincing after being tested by actual combat. Second, the reliability of deterrence measures is not very high. Network warfare is a dynamic process of continuous offensive and defensive interaction between the two sides of the enemy and me. The characteristics of network confrontation and technicality determine that the network warfare attack has greater uncertainty and may not achieve the desired operational objectives, which will greatly reduce the effectiveness of deterrence. . For example, when the enemy performs cyberspace deterrence, if the enemy takes various effective defense measures in a timely manner, it will increase the difficulty of its own cyber attack and reduce the damage, and even lead to the failure of the attack. Third, the controllability of deterrence scope needs further improvement. As one of the important weapons of cyber warfare, viral weapons have strong dissemination, poor controllability, and a wide range of influence. It is difficult to launch targeted and targeted attacks on enemy computers and networks. If it can’t control its effective scope, it will spread to third-party neutral countries and even make itself a victim. As a result, the use of virus weapons suffers from the use of “imposed rats.” The fourth is the selective limitation of deterrence objects. Nuclear deterrence is clear and effective for any country, and the effectiveness of cyberspace deterrence has a lot to do with the level of informatization of enemy countries. Cyberspace deterrence is extremely effective for countries with a high degree of informatization, and for those underdeveloped countries with weak information infrastructure and weak network dependence, it is difficult for them to exert results, or even completely ineffective. Fifth, the organization of deterrence is relatively complicated. All nuclear powers in the world implement centralized and unified management of strategic nuclear forces. Command and control powers are highly centralized. When organizations implement nuclear deterrence operations, they can accurately control each combat unit, and the organization is well-executed. The implementation of the deterrence of cyberspace involves many forces such as investigation, control, defense, and control. It has many personnel and large scales and is scattered among different departments and units in the military and the military. It is very complicated to organize and it is difficult to form a synergy.

Second, the main types of cyberspace deterrence

The cyberspace deterrence includes four types: cyberspace technology test deterrence, cyberspace equipment demonstration deterrence, cyberspace operational deterrence deterrence, and cyberspace operational deterrence. Among them, the first three are demonstrative deterrence, and the latter is actual deterrence.

(A) Cyberspace Technology Test Deterrence

The cyberspace technology test deterrence is a field in the field of cyber warfare. It constantly conducts preliminary exploratory experiments on new concepts of warfare, new experiments on the effectiveness of attack mechanisms and tactics, and practical experiments on the weaponization of new technologies. The outside world is disclosed to demonstrate its strong strength in the basic research of information technology and its enormous potential for transforming it into a cyber warfare capability to achieve deterrence. At present, network offensive and defensive technology is still developing rapidly. A breakthrough in a key technology will often have a significant impact on cyberspace security and operations, and even lead to revolutionary changes. Whoever preempts the strategic commanding heights of the network offensive and defensive technology, who will be able to achieve a clear advantage in the future of network warfare.

(B) Cyberspace Equipment Demonstration

The demonstration of cyberspace equipment deterrence is the development of network warfare equipment development planning, technology development, target testing, stereotyped production and other development stages. According to the needs of the appropriate disclosure of network warfare equipment models, performance, characteristics, parameters and development schedule, etc. Reach the purpose of deterring opponents. There are two main ways: one is through public disclosure in official media such as national defense white papers, diplomatic bulletins, and newspapers, periodicals, and large-scale websites; and the other is through online social media or other unofficial. The channel has deliberately leaked equipment-related information and implemented hidden deterrence. The cyber space equipment demonstrates deterrence. On the one hand, it can invent new cyber-warfare equipment with new mechanisms and new concepts and render its unique combat capabilities. On the other hand, it can deliberately exaggerate the operational effectiveness of existing cyber warfare equipment. There are facts in the virtual reality, there is something in the real, and the implementation of fuzzy policies, so that the other party can not understand their true situation and strength, resulting in fear and jealousy. For example, the U.S. military’s “Shuute” on-board network power system has been put into practical use several times and poses a serious threat to the air defense systems of its hostile countries. However, its basic principles, working mechanisms, and combat technical indicators have not been publicly disclosed. It has not been completely mastered by other countries and has remained in a state of secrecy. It is difficult to distinguish between reality and reality and has played a very good deterrent effect.

(3) Deterrence in cyberspace operations exercises

The deterrence of cyberspace operations exercises is to conduct drills in cyberspace through virtual or virtual methods, and use various media channels to show potential war opponents their own cyber warfighting capabilities, strengths and determinations in order to achieve deterrence. Cyberspace operations can be divided into two kinds: actual drills and virtual exercises. The former is usually carried out nationwide or in alliance with allies, and is generally based on the joint exercise of military space and space defense operations. In recent years, the United States and its allies have held “Network Storm” series of cyber warfare exercises and “Shriver” series of space-network space exercises, which have demonstrated the mobilization strength, overall defense level, and the implementation of cyber warfare. Determination. The latter is usually held at the national large-scale network integrated shooting range, and is generally based on the offensive actions of the military professional cyber warfare forces.

(D) Deterrence in cyberspace operations

The deterrence of cyberspace operations is the actual deterrence of attacking specific opponents by deterring opponents with certain attacks. There are two opportunities for its use: First, when one’s own side is aware that the enemy is about to wage a war on one’s own side, one’s own choice of the key cyber targets of the enemy’s key defenses will be targeted to combat them, and preventive and deterrent deterrence will be implemented; When the Party initiates a tentative cyber attack on its own side and implements cyberspace deterrence, it must immediately conduct effective retaliatory and disciplinary deterrence. There are many types of cyber warfare operations that have deterrent effects. For example, infiltrate the enemy’s telecommunications network, send a large number of anti-war messages to the enemy’s citizens, and attack the enemy’s power grid, resulting in a short-term blackout of major cities in the enemy’s power; attacking the enemy’s broadcast television networks and inserting their own broadcasts during prime time. Special video programs; etc.

Third, the use of cyberspace deterrence points

The general requirements for the use of cyberspace deterrence are: combination of wartime and warfare, with strength, actual display capability, and determination, strive to demonstrate deterrence with small battles, ensure deterrence with strikes, and achieve deterrence with a small price. Specifically, the following points should be achieved.

(A) Combination of peacetime and long-term preparation

“Frozen feet, not a cold day.” Successful implementation of cyberspace deterrence requires a combination of peacetime and warfare, and we must fully and carefully prepare for peacetime. The first is to conduct comprehensive and thorough network reconnaissance. Requires the combination of spying, reconnaissance and technical reconnaissance, wireless reconnaissance, and cable reconnaissance. Conduct long-term and continuous network reconnaissance of enemy network targets, gradually understand the basic conditions of the enemy’s network, draw a picture of its network topology, and in particular analyze and find all kinds of soft enemies. Hardware system vulnerabilities. The second is to conduct a large number of effective strategic presets. Using hacking methods, secretive infiltrate all types of networks through the use of system vulnerabilities or password cracking, leaving the back door, setting up a springboard machine, and laying down logic bombs and Trojans to set a breakthrough for launching cyber attacks in the future. The third is to conduct pre-prepared cyber defenses. When deterring cyberspace deterrence against the enemy, one must adjust the deployment of network defenses in advance, make the enemy’s pre-designed attack path, anticipate the use of system loopholes, and plan to implement an attack plan that is difficult to implement, or the effect of implementation is greatly reduced to minimize the enemy’s Losses caused by cyber retaliation.

(B) careful decision-making, control strength

Sun Tzu said: “The Lord must not anger and raise a teacher. Cyberspace deterrence is a strategic game behavior between countries, especially with deterrence and sensitivity. It must be rational, beneficial, and tangible. It must not be abused because of the low threshold of deterrence. Otherwise, its effect may be counter-productive. . Cyberspace deterrence has a high requirement for combat intensity control. On the one hand, if the intensity is too small, the enemy’s government and people will not have fear and will not achieve the deterrent effect they deserve. The other party may also use the same methods to implement anti-deterrence, eventually leading to confrontational escalation and deterring one’s own deterrence. On the other hand, if it is too strong, it will cause huge economic losses and casualties to the enemy countries. This will cause the condemnation of the international community and the hatred of the enemy governments and people. It may trigger the enemy’s use of conventional forces to carry out large-scale revenge. Nuclear countries may even Nuclear power may be used. This will not only stop the war but will also play a role in warfare.

(III) Unified command and careful organization

The implementation of the deterrence of cyberspace requires centralized command, unified planning, and good coordination. The first is meticulous organization of strength. Uniformly organize the four forces of military investigation, attack, defense, and control, and actively coordinate the strength of the cyber warfare forces of all parties to form a joint force. In particular, it is necessary to organize and coordinate the strength of civil non-professional cyber warfare, especially patriotic hacking, so that there can be no phenomenon of “blindness” so as to avoid triggering friction, escalating fire, causing an escalation of cyber warfare, or prematurely exposing attack intentions and giving people a handle. , leading to uncontrollable situations or failure of operations. The second is to select the target. Should choose a wide range of influence, easy to produce a clear deterrent effect of the goal. For example, broadcast television channels with the highest ratings, portals with a large number of visitors, and wireless communication networks with numerous users. It is not possible to choose attacks that are irrelevant, insignificant, and indifferent to the target. They can easily be mistaken for cybersecurity incidents created by ordinary hackers and do not achieve the desired deterrent effect. In addition, we must also consider the constraints of international law and war laws. We must not choose targets that are easy to cause humanitarian disasters. We should try our best not to select the network goals of railways, aviation, finance, and medical departments so as not to arouse condemnation and resentment from the international community and the people of the other side. The third is the precise control of the process. Prior to the deterrent strikes in cyberspace, it is necessary to publicize the momentum through extensive public opinion, issue warnings to the enemy countries, and declare the justice of their actions to the world in order to gain the understanding and support of international public opinion. In order to highlight the deterrent effect, one can highly announce the target of the enemy’s network to be attacked, break through the enemy’s layered network defenses, and implement a resolute and effective cyber attack. If necessary, the network attack effect can be resumed regularly to show its superiority. The cyber attack technology and means make the enemy’s decision makers and the public have a sense of frustration that is hard to defend and difficult to parry, thus forming a strong shock effect.

(4) Combining actual situation with actual situation, focusing on strategy

The grandson said that “it is not possible to show and not to use it,” and it is used to deter online space. Its main points are summarized as “showing without propaganda, advocating without showing.” “Indicating nothing” means that it is difficult to track and locate using cyber attacks and conduct cyber attacks on specific targets. However, it is not done for others to announce that they are doing their own thing. It not only demonstrates their own capabilities, but also makes the enemy’s suspicion of doing their own thing. However, there is no evidence and it cannot be pursued. “Proclaiming but not showing” is the publicity or inadvertent disclosure of the type, performance, and characteristics of the advanced cyber warfare equipment developed or fabricated by the company, deliberately exaggerating its combat effectiveness, falsifying facts, and integrating facts and facts, so that the enemy can’t understand its true strength. , resulting in a deterrent effect. The cyber warfare operations have the characteristics of difficulty in tracking and traceability and complexity in forensics. The initiating party can either admit or deny it, or push the responsibility to civil hacker organizations. (Source: China Information Security).

Original Communist Mandarin Chinese:

編者按:當敵對雙方都具有確保侵入破壞對方網絡的能力時,就可以帶來雙向網絡遏制,使得雙方不得不在一定條件下,遵守互不攻擊對方網絡的遊戲規則,形成一個無形的安全閥,甚至國際上也會形成互不攻擊對方網絡的慣例協議或公約,網絡空間由此成為可以產生巨大威懾效應的戰略領域。網絡空間威懾繼核威懾之後,開始進入大國政治家和軍事家的戰略視野。研究網絡空間威懾的特徵、類型和運用要點,成為網絡強國、網絡強軍的必須考量和必要行動。

隨著人類社會對網絡空間依賴程度的不斷加深,網絡空間成為人類生產生活的“第二類生存空間”和軍事對抗的“第五維作戰空間”。世界各國圍繞網絡空間的主導權、控制權、話語權展開了激烈的爭奪,網絡空間的競爭已達到與人類生存、國家命運和軍事鬥爭成敗休戚相關的程度。思考網絡空間威懾能力建設,具有重大現實和理論價值。

一、網絡空間威懾的優劣分析

網絡空間威懾,是指在網絡空間採取各種行動,展示癱瘓控制敵方網絡空間,並通過網絡空間跨域控制敵方實體空間的決心和實力,從而達到懾敵、止敵、阻敵、遏敵目的的一種戰略威懾形式。網絡空間與實體空間相比所具有的“虛實二相性”,網絡戰與傳統作戰樣式相比所具有的獨特性,決定了網絡空間威懾的優缺點都非常明顯。

(一)網絡空間威懾的優點

網絡空間威懾的優點,主要體現在:一是威懾方式更趨文明和人道。與基於物理、生物、化學殺傷機理的核生化武器相比,網絡戰武器的直接殺傷和破壞效應要遠小於前者,通常不會對自然環境造成永久性破壞和污染,也不會造成大量的人員傷亡,並引發人道主義災難。二是威懾成本低效費比高。網絡戰武器以病毒、木馬等軟件為主,成本相對低廉,技術門檻較低,而造成的破壞效果卻相當驚人。網絡防禦點多面廣,防不勝防,要網絡安全程度每提高一個等級,投入成本會呈指數級增加。網絡進攻的低成本與網絡防禦的高成本對比鮮明,使得網絡攻防呈現“矛尖盾薄”的特點,網絡戰武器因而被稱為“窮國的原子彈”。三是威懾手段多樣實用性強。網絡戰武器多種多樣,網絡攻擊目標多元,決定了有多樣化的網絡空間威懾手段可供選擇。網絡攻擊效果在一定程度上是可恢復的,只要運用實施得當,引發戰爭和促使戰爭升級的風險相對較小。從某種意義上講,核武器的威懾價值遠大於實戰價值,而網絡戰武器則是實戰價值與威懾價值兼具。四是威懾運用可重複靈活性強。 “核門檻”一旦跨過就會爆發全面核戰爭,處於核均勢的雙方將陷入相互摧毀狀態,輕易實施核威懾特別是對無核國家進行核威懾,還會招致國際輿論的譴責,這些因素都極大地限制了核威懾手段的使用。而網絡空間威懾軟硬結合、威力可控的特點,決定了其可根據軍事鬥爭形勢的變化和需要,適時調控威懾強度,先期使用、全程使用、反複使用,具有很強的靈活性。

(二)網絡空間威懾的不足

網絡空間威懾的不足,主要體現在:一是威懾效果的可信性未得到充分驗證。核威懾的可信度已在實戰中得到了驗證。然而,截止目前,真正意義上的網絡大戰還沒有真正爆發過。人們對網絡戰驚人的破壞力,更多的只是一種猜測和擔憂,網絡戰的真實威力只有經過實戰檢驗後,才能真正令人信服。二是威懾手段的可靠性不太高。網絡戰是敵我雙方網絡攻防持續互動的動態過程,網絡對抗複雜、技術性強的特點,決定了網絡戰攻擊效果具有較大的不確定性,有可能達不到預期作戰目的,使威懾效果大打折扣。例如,對敵實施網絡空間實戰威懾時,敵方若及時採取各種有效防御手段,就會增加己方網絡攻擊的難度和降低破壞效果,甚至導致攻擊行動的失敗。三是威懾範圍的可控性需進一步改善。病毒武器作為網絡戰的重要武器之一,其傳播性強、可控性較差、影響範圍比較廣,很難針對敵國計算機和網絡發動專門性、針對性極強的攻擊。如果不能控制其有效作用範圍,就會波及第三方中立國家,甚至使自身也成為受害者,因而病毒武器的使用有“投鼠忌器”之患。四是威懾對象的可選擇性受限。核威懾對任何國家都是明確而有效的,而網絡空間威懾的效果與敵國的信息化程度有很大關係。網絡空間威懾對信息化程度高的國家極為有效,而對那些信息基礎設施薄弱,網絡依賴性不強的不發達國家,則很難發揮效果,甚至完全不起作用。五是威懾實施的組織相對複雜。世界各個核國家無不對戰略核力量實施集中統管,指揮控制權高度集中,組織實施核威懾行動時可以準確控製到每一個作戰單元,組織實施十分周密。而網絡空間威懾的組織實施,要涉及偵、控、防、控等多支力量,人員多、規模大,且分散在軍地不同部門和單位,組織起來非常複雜,形成合力不易。

二、網絡空間威懾的主要類型

網絡空間威懾主要有網絡空間技術試驗威懾、網絡空間裝備展示威懾、網絡空間作戰演習威懾和網絡空間作戰行動威懾四種類型。其中,前三種是示形威懾,後一種是實戰威懾。

(一)網絡空間技術試驗威懾

網絡空間技術試驗威懾,是在網絡戰領域,經常性地進行新作戰概念的先期探索性試驗、新攻擊機理和戰術的效果印證性試驗、新技術的實用化武器化試驗等,並通過媒體向外界披露,以展現本國雄厚的信息技術基礎研究實力,以及轉化為網絡戰能力的巨大潛力,以達到威懾對手的目的。當前,網絡攻防技術仍在快速發展,一項關鍵性技術的突破,往往會對網絡空間安全和作戰產生重大影響,甚至引發革命性變化。誰搶先佔領了網絡攻防技術的戰略制高點,誰就能在未來網絡戰中取得明顯優勢。

(二)網絡空間裝備展示威懾

網絡空間裝備展示威懾,是在網絡戰裝備發展規劃制定、技術開發、打靶試驗、定型生產等各個發展階段,根據需要適當披露網絡戰裝備的型號、性能、特點、參數以及研製進度等情況,以達到威懾對手的目的。其方式主要有兩種:一種是通過在國防白皮書、外交公報以及報紙、期刊、大型網站等權威媒體從官方渠道公開披露,實施顯性威懾;另一種是通過網絡社交媒體或其他非官方渠道,刻意洩露裝備相關情況,實施隱性威懾。網絡空間裝備展示威懾,一方面可以虛構新機理、新概念的新型網絡戰裝備,並渲染其獨特的作戰能力;另一方面可以刻意誇大已有網絡戰裝備的作戰效能。虛中有實、實中有虛,實施模糊政策,使對方摸不清己方真實情況和實力,產生恐懼和忌憚心理。例如,美軍的“舒特”機載網電一體攻擊系統已多次投入實戰使用,對其敵對國家的防空體系構成了嚴重威脅,但其基本原理、工作機制、戰技指標既沒有公開披露,也沒有被他國完全掌握破解,一直處於保密狀態,令人虛實難辨,起到了很好的威懾作用。

(三)網絡空間作戰演習威懾

網絡空間作戰演習威懾,是以實兵或虛擬的方式在網絡空間展開演習活動,並藉助各種媒體渠道,向潛在作戰對手展現本國網絡戰能力、實力與決心,以達到威懾對手的目的。網絡空間作戰演習可分為實兵演習和虛擬演習兩種。前者通常在全國范圍內或與盟國聯合進行,一般以演練軍地聯合網絡空間防禦行動為主。近幾年來,美國及盟國多次舉行“網絡風暴”系列網絡戰演習,以及“施里弗”系列太空-網絡空間演習,很好展現了網絡戰的動員實力、整體防禦水平,以及實施網絡戰的決心。後者通常在國家大型網絡綜合靶場舉行,一般以演練軍隊專業網絡戰力量的進攻行動為主。

(四)網絡空間作戰行動威懾

網絡空間作戰行動威懾,是指對特定的網絡目標實施攻擊,以確信的攻擊效果來威懾作戰對手的一種實戰性威懾。其運用的時機有兩個:一是當己方覺察敵方即將對己方發動戰爭時,己方選擇敵方重點防禦的關鍵性網絡目標進行針對性打擊,進行預防性、遏制性威懾;二是當敵方通過對己方發起試探性網絡攻擊,實施網絡空間威懾時,己方應立即進行有效的報復性、懲戒性威懾。具有威懾效果的網絡戰行動有多種。例如,對敵電信網滲透破壞,向敵國民眾手機大量發送宣傳反戰短信;對敵電力網進行攻擊,造成敵重要城市短時間的大面積停電;對敵廣播電視網進行攻擊,在黃金時段插播己方特製的視頻節目;等等。

三、網絡空間威懾的運用要點

網絡空間威懾總的運用要求是:懾戰結合,以實力、實戰展示能力和決心,力求以小戰體現威懾、以精打確保威懾,以較小的代價實現威懾目的。具體說來,應做到以下幾點。

(一)平戰結合,長期準備

“冰凍三尺,非一日之寒”。成功實施網絡空間威懾,需要平戰結合,在平時就要進行充分細緻的準備。一是要進行全面周密的網絡偵察。要求諜報偵察與技術偵察、無線偵察與有線偵察相結合,對敵網絡目標進行長期持續的網絡偵察,逐步摸清敵網絡基本情況,繪製其網絡拓撲結構圖,尤其是分析查找出敵各種軟硬件系統的漏洞。二是要進行大量有效的戰略預置。採用黑客手段,通過利用系統漏洞或口令破譯等辦法,秘密滲透進入敵各類網絡,留下後門,設置跳板機,埋設邏輯炸彈和木馬,為未來發動網絡攻擊預留突破口。三是進行預有準備的網絡防禦。在對敵實施網絡空間威懾時,己方應提前調整網絡防禦部署,使敵預先設計的攻擊路徑,預期利用的系統漏洞,預定執行的攻擊方案難以實施,或實施效果大打折扣,最大限度地降低敵網絡報復造成的損失。

(二)慎重決策,控制強度

孫子曰:“主不可以怒而興師,將不可以慍而致戰”。網絡空間威懾是國家之間的戰略博弈行為,尤其是實戰威懾,敏感性強,必須做到有理、有利、有節,決不能因為威懾“門檻”較低而濫用亂用,否則其效果可能會適得其反。網絡空間實戰威懾對作戰強度控制的要求很高。一方面,若強度太小,敵國政府和民眾不會產生畏懼心理,起不到應有的威懾效果,對方還可能採取同樣的手段實施反威懾,最終導致對抗升級,使己方威懾失效。另一方面,若強度過大,給敵國造成巨大的經濟損失和人員傷亡,引起國際社會的譴責和敵國政府、民眾的仇恨心理,就可能引發敵國運用常規力量進行大規模報復,有核國家甚至可能會動用核力量,這樣不但不能懾止戰爭,反而會起到戰爭導火索的作用。

(三)統一指揮,周密組織

網絡空間威懾的組織實施,要集中指揮,統一籌劃,搞好協同。一是精心組織力量。統一組織軍隊偵、攻、防、控四支力量,積極協調軍地各方網絡戰力量形成合力。尤其是要組織和協調好民間非專業網絡戰力量特別是愛國黑客,不能出現“盲動”現象,以免引發磨擦,擦槍走火,引起網絡戰的升級,或過早暴露攻擊意圖,授人以柄,導致局勢不可控或行動失敗。二是精當選擇目標。應選擇影響面廣,易產生明顯威懾效果的目標。例如,收視率排名靠前的廣播電視頻道、訪問量巨大的門戶網站、用戶眾多的無線通信網絡等。不能選擇無關痛癢、影響面小、民眾漠不關心的目標進行攻擊,易被誤認為是普通黑客製造的網絡安全事件,起不到應有的威懾效果。此外,還要考慮國際法和戰爭法約束,不能選擇易造成人道主義災難的目標,盡量不選取鐵路、航空、金融、醫療等部門的網絡目標,以免激起國際社會和對方民眾的譴責和反感。三是精確控制進程。實施網絡空間威懾性打擊之前,要通過廣泛的輿論宣傳造勢,向敵國發出打擊警告,並向全世界宣告己方行動的正義性,以爭取國際輿論的理解和支持。為突出威懾效果,己方可以高調宣布要攻擊的敵國網絡目標,再突破敵方層層網絡防禦,實施堅決有效的網絡攻擊,必要時最後還可對網絡攻擊效果進行定時恢復,以展現己方高超的網絡攻擊技術和手段,讓敵方決策者和民眾產生防不勝防、難以招架的心理挫折感,從而形成強烈的震懾效果。

(四)虛實結合,注重謀略

孫子所說的“能而示之不能,用而示之不用”,運用到網絡空間威懾,其要點概括起來就是“示而不宣、宣而不示”。 “示而不宣”,就是利用網絡攻擊難以追踪定位這一點,對特定目標實施網絡攻擊,但不對外宣布是己方所為,既展示了己方能力,又使得敵方雖然懷疑是己方所為,但沒有證據,無法追究。 “宣而不示”,就是公開宣傳或不經意透露己方研製或虛構的先進網絡戰裝備的型號、性能、特點,刻意誇大其作戰效能,虛虛實實,虛實結合,使敵摸不清己方真實實力,從而產生威懾效果。網絡戰行動具有追踪溯源困難、取證複雜的特點,發起方既可以承認,也可以矢口否認,或把責任推給民間黑客組織。 (來源:中國信息安全)

Original URL:

China’s Military Taking Action to Defend Nation’s Network // 中國軍事行動維護國家網絡

China’s Military Taking Action to Defend Nation’s Network //

中國軍事行動維護國家網絡

網絡營門”走向守衛“網絡國門

Original title: from the guard “network camp” to guard the “network country”

Original: “National Defense Reference” 2017 No. 3

Cyber ​​space was born in the military field, such as the first computer, Apache and GPS navigation systems are all derived from the military, today, cyberspace security has been closely related with national security, the military has once again become the maintenance of national cyberspace security , Whether it is the face of normalized network penetration, or large-scale network attacks, are an urgent need for the military from the guard “network camp” to guard the “network country”, breaking the traditional mission of the military mission, breaking the traditional battle preparation mode, To a new network of national defense thinking, casting the network era of the firm.

From the “network camp” to “network country”, a new era of military mission to bring new trends

Internet space is not only related to the maintenance of national strategic interests, a direct impact on political, economic, cultural security and social development, has become a modern battlefield joint war blood and ties. The Chinese army can not be limited to maintaining the internal security of the barracks, but also take the initiative to adapt to the trend of the times, the courage to take the “network of countries,” the country to play. Network strength is an important part of the network power construction, from the “network gate” to “network country” is the information age situation at home and abroad the inevitable trend of development.

Guarding the “network country” is the cyberspace security situation forced. China as the first network power, the security situation is not optimistic, the strategic opponent has never stopped preparing for my network operations. The United States, Britain, France and other countries actively preparing for cyberspace, through the cyberspace security legislation to give the military functions, the development of network warfare forces, research and development of network warfare weapons equipment, the war will advance to the human “fifth space”, especially in China increasingly strong In the process of rising history, the western countries under the auspices of the Cold War mentality and containment subversion strategy, the use of network technology and means of communication to implement uninterrupted harassment, subversion and cyber attacks, seriously affecting my country’s security and social development, China has become Network security threats to the hardest hit, the virus attack the test field, the penetration of awareness of the destination, the national security is facing a huge risk.

In the coming period, China, as a big emerging country, will intensify its conflicts of interest, strengthen the network defense strategy and strengthen the cyberspace war preparation. It is an inevitable way to actively strive for the dominance and discourse of cyberspace. The only way to go. As the main force of national security and stability, the army must meet the requirements of cyberspace characteristics and become the backbone and main force against cyber invasion, network subversion and safeguard national security and social stability.

Winning the network war is the new military change in the information age. As one of the most advanced productive forces in the information age, network technology has made cyber space combat become the dominant factor to guide the evolution of modern warfare, which affects the whole situation of war. In recent years, from the Iranian “earthquake network” attack, Russia and Georgia conflict network warfare, the Ukrainian power grid was a large number of paralysis and the US military on the IS network attacks, cyberspace in combat show a huge role in the emergence of a sign that the network Has become an important model for future joint operations.

The US military attaches great importance to the construction of cyberspace armaments, the establishment of cyberspace headquarters, the introduction of cyberspace joint operations, a substantial expansion of network warfare forces, and strive to maintain its cyberspace hegemony, the control of cyberspace as a “third offset strategy “Absolute advantage of the most important content of competition.

The world has followed up the country, the military space militarization trend is obvious. Severe cyberspace The situation of military struggle requires the Chinese army to focus on the network battlefield space changes, to meet the requirements of the era of information warfare, to achieve in the cyberspace can fight, win the battle of the strong military goals.

Effective network of deterrence is to speed up the construction of the network power inherent. In China by the network power to the network power development process, can not do without a strong network space military power as a guarantee. The international competition of cyberspace is a comprehensive game of national comprehensive strength. Among them, the network military capability construction is directly related to the national security and stability, and the whole body is the core factor of the whole national security field.

At present, the interests of the world in the cyberspace mutual penetration, there “you have me, I have you, mutual cooperation and common development” situation. But this common development is not equal, the United States and Western powers to use cyberspace dominance, has made a certain degree of network deterrence, so that my network development and interests subject to others. How the army in the construction of the network to complete the mission of reorganization of the mission, the premise is to be able to contain the crisis, deter opponents of the network offensive and defensive ability to ensure the peaceful development of the network environment.

Therefore, the army needs to establish a deterrent strategic goal of effective deterrence, form a strategic balance with the enemy “destroy each other”, so as to enhance the strategic competitiveness, deter cyber space aggression and ensure the smooth development of the network power strategy.

From the “defensive responsibility” to “protect the network defenders”, the new situation requires the army to undertake new tasks

The army is to defend the national security of the main and pillars, cyberspace is no exception. The National Security Act of July 1, 2015 stipulates that “citizens of the People’s Republic of China, all state organs and armed forces, political parties and people’s organizations, enterprises and other organizations and other social organizations have the responsibility to safeguard national security And obligations. “The Network Security Act promulgated in November 2016 emphasized the need to maintain cyberspace sovereignty and national security.

On the basis of the laws of the two countries, the National Cyberspace Security Strategy (hereinafter referred to as the “Strategy”) was formally introduced on December 27, 2016, providing overall guidance for creating a new model of network power at a new starting point. Basically follow, clearly put forward nine strategic tasks, and further reflects the army in the process of building a network of power in the mission task.

Full of network of national mission, the army to defend the sovereignty of cyberspace strong pillars. “Strategy” listed in the nine strategic task is the first “firmly defend cyberspace sovereignty,” made it clear that “including economic, administrative, scientific and technological, legal, diplomatic, military and all other measures, unswervingly maintain our network Space sovereignty “. It can be seen that the military must assume the national mission of using the physical means of the physical space to defend the sovereign security and interests of the virtual cyberspace.

Internet space sovereignty is the core interests of the country, is an important component of national sovereignty, that the state in the cyberspace owned by the independent, equal rights, self-defense and management rights. Once the hostile forces have violated my cyberspace sovereignty, it is equivalent to violating the sovereignty of the landspace and other physical space, China will have the right to take all measures, including military means to give a strong fight back.

At the international level, the United States has long proposed a cyberspace deterrence strategy, declared the attack on the US network information facilities is equivalent to the war, the United States will take military strike measures to retaliate. Military means is the fundamental means of safeguarding national sovereignty, and plays a vital role in safeguarding national cyberspace security. Therefore, the historical forces of land, sea and air, should be given the historical mission of protecting the sovereignty of cyberspace, must rely on the powerful physical space to defend the national interests of cyberspace, a powerful deterrent to the hostile forces of the network destruction attempt.

According to the era of network security to play, the army to do to defend the national security of the ballast. The second focus of the “strategy” task emphasizes the need to resolutely safeguard national security, prevent, stop and punish any act of using the Internet for treason, secession, incitement to rebellion, subversion or incitement to subvert the people’s democratic dictatorship.

In the era of information network, the world’s military has become an important participant in cyberspace. The level of cyberspace capability has become one of the main indexes to evaluate the modernization degree of a country’s army. It is one of the main responsibilities of the information security army to carry out the task of network space mission.

From the historical process of China’s development, it is necessary to be highly vigilant about the national security strategy needs of the successful completion of the well-off society. It is necessary to be highly vigilant about the risk of being invaded, subversive and divided by cyberspace. The development of the overall situation of the danger of being destroyed, a high degree of vigilance of the development process of socialism with Chinese characteristics is disturbed, the risk of destruction.

Take preventive measures, requiring the state must have the means to deal with and deal with these dangerous measures, with the prevention, suppression and punishment of cyberspace according to the law of the powerful forces of destruction. The defense of the country has always been an unshirkable historical responsibility of the army. The inherent mission task determines that the Chinese army must take on the various measures taken in cyberspace to maintain national politics, economy, cultural security and social stability.

Offensive and defensive both strategic tasks, the army to enhance the ability to enhance the network space strong backing. The third and eighth of the nine major tasks in the Strategy make it clear that all necessary measures should be taken to protect critical information infrastructures and their important data from attack and destruction, and that both technology and management should be adhered to both protection and deterrence. Construction and international status commensurate with the network power to adapt to the network space protection, and vigorously develop the network security and defense means to detect and resist the network invasion, casting and maintenance of national network security strong backing. In all the state’s political, diplomatic, military, scientific and technological capacity to maintain security, military power has always been the foundation and support of all abilities. It is the fundamental guarantee of all ability and the ultimate guarantee of national security.

Therefore, the army must assume the strategic task of strengthening the national network space protection ability strong backing. In the real world, the army is the reassurance of safeguarding national security. In cyberspace, it should also become the safe dependency and guarantee of the people. As an important part of the national network space protection ability, the army must be both offensive and defensive, and have the ability to firmly safeguard the interests and security of the country and the people in the cyberspace, and can effectively eliminate the various crises and ideological turbulence caused by the network security threat So that people can truly feel the production and life to be effectively protected, as the people of the country’s network protection capacity of confidence in the emboldened.

The global responsibility of the joint defense, the military to do to maintain the important support of global network security. The final mandate of the Strategy explicitly proposes to strengthen international cooperation in cyberspace and to support the United Nations in its leading role in promoting the development of international rules for cyberspace, international cyberspace international counter-terrorism conventions that are universally accepted, and a sound mechanism for combating cybercrime Policy and law, technological innovation, standards, emergency response, key information infrastructure protection and other areas of international cooperation.

Cybercrime and cybercrime are the new forms of global threat catalyzed by information network fermentation, posing a great threat to the political, economic, military and cultural security of all countries in the world. It is not enough to rely solely on the power of government and civil society. And other Western countries have given the military the responsibility to protect the network security and the right to combat cyber terrorism. Maintaining global cyberspace security and stability is in line with the fundamental interests of China and the rest of the world. The army should be an important defender of cyberspace security and become an important force in combating global cybercrime and cybercrime.

The globalization and unboundedness of the network determines the international demand for combating cyber-terrorism and transnational cybercrime. The army should promote inter-State network governance and military cooperation within the framework of the UN Security Council, and use the strategy and technology of the Internet age to establish a joint defense Mechanism, and effectively safeguard the national and world cyberspace security.

From the “battlefield training” to “network preparation”, the new areas need to prepare for the military new initiatives

In the new historical situation, the cyberspace put forward new requirements to the military training mode, should adapt to the new features of the cyberspace and the new mission of the army to innovate and reform the traditional model, aim at the goal of strengthening the country and strengthening the macro- Focus on cyberspace military action legal needs, closely linked to cyberspace “military and civilian one” of the natural properties, the construction of “peace and war” network security attack and defense system, to create “military dual-use” network defense force.

Legislative empowerment, for the military to carry out functional mission to provide legal basis. Countries in the world, especially the Western developed countries in the network security legislation attaches great importance to network defense issues. The United States has promulgated the “National Security No. 16 Presidential Decree” “cyberspace action strategy” and a series of policies and regulations on how to protect the national network security in the field of national network security has been deepening norms.

At present, it is necessary to clarify the duties of the cyberspace army from the legal level. It should be based on the “National Security Law” and “Network Security Law”, and introduce the network defense law and relevant cyberspace military warfare regulations for network defense construction and military Action to provide regulatory support and action programs, so that the military in cyberspace responsibilities and mission more specific and specific.

First, through the network of national defense legislation to further define the network sovereignty and network frontier, clear the scope of the military duties.

Second, through the construction of network operations laws and regulations, clear the military to defend the national network space security action authority, to distinguish between network intrusion, network damage and other military means of behavior. Third, through the international cooperation policy of cyberspace, clear military cooperation with other countries, civil forces and other international networks to combat terrorism, cybercrime function tasks.

Military and civilian integration, for the construction of network power to provide innovative power. The integration of military and civilian integration is the main practice of enhancing the competitiveness of cyberspace in the world. For the construction of China’s network power, it is necessary to construct military and civilian defense and defense system, and to develop military and national defense information infrastructure. Source.

First, the co-ordination of national, military and all levels of government and other military and civilian integration functional departments, set up a special command and coordination agencies, mobilize all national network power, building “military and civilian” “peace and war” network security attack and defense system.

Second, as soon as possible the introduction of network security integration of civil and military development of the guiding ideology, and gradually expand the integration of basic legal research and demonstration, to guide the long-term integration of military and civilian development.

Third, relying on the country’s existing public mobile communication network, optical fiber communication network and satellite system, the military and the people to build a nationwide information infrastructure, to achieve military and civilian unity, in charge of sharing.

The fourth is to establish a joint emergency response mechanism for military and civilian personnel, to increase the capacity of the training departments to control the situation, to strengthen the expertise of experts and emergency professionals to enhance the ability to quickly restore damaged networks or information systems.

Military and civilian training, for the cyberspace military capabilities to provide a realistic environment. The common characteristics of military and civilian space in the network space make the military and civilian training become an important way of military military training in cyberspace all over the world. The United States and NATO and other countries of the network space military and civilian joint exercises have been a series of “network storm” “network guards” and other training activities to attract the government, enterprises, research institutions and even private hackers extensive participation. Our military cyberspace military strength training also requires extensive participation in civil forces.

First, do a good job of military and political cooperation, the establishment of military and civilian joint attack and defense exercise mechanism, learn from the United States and other developed countries in the network warfare exercises in the red and blue confrontation training methods, and actively build the “national network shooting range”, planning the government, civil society series of joint exercises to enhance military and civilian , Officials and one network of offensive and defensive level.

Second, do a good job in military and military cooperation, relying on the Internet to set up a network of enterprises to improve the training area, to promote military and civilian ability to run between the offensive and defensive, and jointly improve the ability to prevent unknown risks.

Third, the organization of civil network security companies and hackers talent, to carry out network security competition and other activities, mutual confirmation, and jointly improve the level of network security technology and tactics.

Network reserve, to build a strong network of troops to provide the source of strength. Reserve as a reserve force of national defense, both military and civilian dual characteristics, is to achieve cyberspace economic development and national defense construction of organic unity of the powerful initiatives.

First, the national security sector as the leading, according to the national interests of the overall planning, the introduction of the network defense reserve is conducive to the construction of a series of laws and regulations, from the top to solve the network defense reserve construction in the construction of the main division of labor, promotion strategy, problem.

Second, innovative reserve organization and leadership system and comprehensive coordination mechanism, there are plans to reserve construction into the national network of information development at all levels and various fields.

Third, focus on the military and local management reform of the two models to the provincial and municipal governments, military and local enterprises and institutions under the management mechanism to establish a network of national defense reserve personnel to jointly use the mechanism, improve the national emergency mobilization mechanism, the establishment of national network defense professionals Database, the network militia and reserve forces into the scope of the people’s armed mobilization, usually in accordance with the provisions of the militia emergency unit into the training, the urgent selection of elite personnel with the team to participate in the task of non-war military operations, wartime, So that the national defense potential into national defense strength. (An Weiping, deputy chief of staff of the northern theater)

Original Mandarin Chinese:

原題:從守衛“網絡營門”走向守衛“網絡國門”

原載:《國防參考》2017年第3期

網絡空間誕生於軍事領域,如首台計算機、阿帕網和GPS導航系統等都源於軍方,時至今日,網絡空間安全已與國家安全息息相關,軍隊又再次成為維護國家網絡空間安全的主角,無論是面對常態化的網絡滲透,還是大規模的網絡攻擊,都迫切需要軍隊從守衛“網絡營門”走向守衛“網絡國門”,突破傳統的軍隊使命任務,突破傳統的應戰備戰模式,以全新的網絡國防思維,鑄造網絡時代國之堅盾。

從“網絡營門”到“網絡國門”,新時代帶來軍隊使命新趨勢

網絡空間不僅事關國家戰略利益維護,直接影響政治、經濟、文化安全和社會發展,也成為現代戰場聯合作戰的血脈和紐帶。中國軍隊不能局限於維護軍營內部網絡安全,更要主動適應時代趨勢,勇於承擔把守“網絡國門”的國家擔當。網絡強軍是網絡強國建設的重要一環,從“網絡營門”走向“網絡國門”是信息時代國內外形勢發展的必然趨勢。

守衛“網絡國門”是網絡空間安全形勢所迫。中國作為第一網絡大國,安全狀況不容樂觀,戰略對手從未停止對我網絡作戰准備。美、英、法等國積極備戰網絡空間,通過網絡空間安全立法賦予軍隊職能,發展網絡戰部隊,研發網絡戰武器裝備,將戰爭推進到了人類的“第五空間”,特別是在中國日益強大崛起的歷史進程中,西方國家在冷戰思維和遏制顛覆戰略的主導下,利用網絡技術手段和傳播方式實施不間斷的騷擾、顛覆和網絡攻擊行動,嚴重影響我國家安全與社會發展,中國逐漸成為網絡安全威脅的重災區、病毒攻擊的試驗場、意識滲透的目的地,國家安全面臨著巨大風險。

未來一段時期內,中國作為新興大國,與各方利益沖突還將加劇,堅定推進網絡國防戰略,加強網絡空間的作戰准備,是積極爭取網絡空間的主導權和話語權的必然途徑,也是中國崛起的必由之路。軍隊作為國家安全穩定的主要力量,必須適應網絡空間特點要求,成為抗擊網絡入侵、網絡顛覆的中堅和主力,維護國家安全和社會穩定。

打贏網絡戰爭是信息時代新軍事變革所趨。網絡技術作為信息時代最先進生產力之一,使得網絡空間作戰成為引導現代戰爭形態演變的主導因素,影響著戰爭全局。近年來,從伊朗“震網”攻擊、俄格沖突網絡戰、烏克蘭電網遭大規模阻癱以及美軍對IS的網絡攻擊,網絡空間在實戰中所展現出的巨大作用逐漸顯現,預示著網絡作戰已成為未來聯合作戰重要樣式。

美軍高度重視網絡空間軍備建設,成立網絡空間司令部,推出網絡空間聯合作戰條令,大幅度擴編網絡戰部隊,極力維護其在網絡空間霸權,把對網絡空間控制能力作為形成“第三次抵消戰略”絕對優勢最重要的競爭內容。

世界多國紛紛跟進,網絡空間軍事化趨勢明顯。嚴峻的網絡空間軍事斗爭形勢要求中國軍隊著眼網絡戰場空間變化,適應信息化戰爭時代要求,實現在網絡空間能打仗、打勝仗的強軍目標。

有效網絡懾戰是加速網絡強國建設內在所需。在中國由網絡大國向網絡強國發展過程中,離不開強大的網絡空間軍事力量作為保障。網絡空間國際競爭表現為國家綜合實力的全面博弈,其中,網絡軍事能力建設的好壞,直接關系到國家安全與穩定,牽一發而動全身,是整個國家安全領域的核心要素。

當前,世界各國在網絡空間的利益互相滲透,出現“你中有我、我中有你,互相合作,共同發展”的局面。但是這種共同發展是不對等的,美國及西方強國利用網絡空間主導權,已經取得了一定的網絡懾戰優勢,使我網絡發展及利益受制於人。軍隊如何在網絡強國建設中完成守土有責的使命重托,前提就是要形成能夠遏制危機、懾控對手的網絡攻防能力,確保和平發展的網絡環境。

因此,軍隊需要確立有效懾戰的威懾戰略目標,形成能與敵“相互摧毀”的戰略制衡能力,從而增強戰略競爭力,懾止網絡空間侵略,保障網絡強國戰略順利推進。

從“守土有責”到“護網衛國”,新形勢要求軍隊承擔新任務

軍隊是保衛國家安全的主力和柱石,網絡空間也不例外。2015年7月1日施行的《國家安全法》規定:“中華人民共和國公民、一切國家機關和武裝力量、各政黨和各人民團體、企業事業組織和其他社會組織,都有維護國家安全的責任和義務。”2016年11月頒布的《網絡安全法》強調了要維護網絡空間主權和國家安全。

在這兩個國家法律的基礎上,2016年12月27日,《國家網絡空間安全戰略》(下文簡稱《戰略》)正式出台,為在新的起點上開創網絡強國新格局提供了總體指導和基本遵循,明確提出了九大戰略任務,進一步體現了軍隊在建設網絡強國進程中的使命任務。

全力護網的國家使命,軍隊要做捍衛網絡空間主權的堅強柱石。《戰略》中列出的九大戰略任務首項就是“堅定捍衛網絡空間主權”,明確提出要“採取包括經濟、行政、科技、法律、外交、軍事等一切措施,堅定不移地維護我國網絡空間主權”。可見,軍隊須承擔起運用實體空間的軍事手段,保衛虛擬網絡空間主權安全和利益的國家使命。

網絡空間主權是國家的核心利益,是國家主權的重要組成,表明國家在網絡空間所擁有的獨立權、平等權、自衛權和管理權。一旦敵對勢力侵犯了我網絡空間主權,就等同於侵犯了我陸海空等實體空間的國家主權,中國將有權利採取包括軍事手段在內的一切措施給予堅決回擊。

在國際上,美國早就提出網絡空間威懾戰略,宣告對美國網絡信息設施的攻擊等同於戰爭行為,美國會採取軍事打擊措施進行報復。軍事手段是維護國家主權的保底手段,在維護國家網絡空間安全中發揮著至關重要的作用。因此,陸海空天軍事力量理所應當地被賦予了保護網絡空間主權的歷史使命,必須憑借強大的實體空間武力保衛網絡空間的國家利益,有力震懾敵對勢力的網絡破壞企圖。

依網衛國的時代擔當,軍隊要做保衛國家安全的壓艙石。《戰略》任務的第二項著力強調要堅決維護國家安全,防范、制止和依法懲治任何利用網絡進行叛國、分裂國家、煽動叛亂、顛覆或者煽動顛覆人民民主專政政權的行為。

信息網絡時代,世界各國軍隊都已經成為網絡空間重要參與者,網絡空間能力水平成為評估一個國家軍隊現代化程度的主要指標,遂行網絡空間使命任務、維護國家安全成為信息化軍隊的主要職責之一。

從中國發展所處的歷史進程來看,要適應全面建成小康社會決勝階段的國家安全戰略需求,必須高度警惕國家在網絡空間被侵略、被顛覆、被分裂的危險,高度警惕由網絡空間引發改革發展大局被破壞的危險,高度警惕中國特色社會主義發展進程被干擾、破壞的危險。

防患於未然,要求國家必須具有應對和處置這些危險的手段措施,具有防范、制止和依法懲治網絡空間違法破壞行為的強大力量。保衛國家歷來是軍隊不可推卸的歷史責任,固有的使命任務決定了中國軍隊必須承擔起在網絡空間採取各種措施,維護國家政治、經濟、文化安全和社會穩定的時代擔當。

攻防兼備的戰略任務,軍隊要做提升網絡空間防護能力的堅強后盾。《戰略》中九大任務的第三項和第八項明確提出,要採取一切必要措施保護關鍵信息基礎設施及其重要數據不受攻擊破壞,要堅持技術和管理並重、保護和震懾並舉;要建設與我國國際地位相稱、與網絡強國相適應的網絡空間防護力量,大力發展網絡安全防御手段,及時發現和抵御網絡入侵,鑄造維護國家網絡安全的堅強后盾。在國家所有維護安全的政治、外交、軍事、科技能力中,軍事力量歷來是所有能力的基礎和支撐,是所有能力的根本保障,是國家安全的最終依托。

因此,軍隊必須承擔起提升國家網絡空間防護能力堅強后盾的戰略任務。現實社會中,軍隊是維護國家安全的定心丸,在網絡空間也同樣應成為人民群眾的安全依賴和保障。軍隊作為國家網絡空間防護能力生成的重要一環,必須做到攻防兼備、懾戰一體,有能力堅決維護國家和人民在網絡空間的利益和安全,能夠有效消除網絡安全威脅造成的各種危機和思想動蕩,使人民能夠切實感受到生產生活得到有效保護,成為全國人民對國家網絡防護能力充滿信心的底氣所在。

聯防聯治的全球責任,軍隊要做維護全球網絡安全的重要支撐。《戰略》任務最后一項明確提出要強化網絡空間國際合作,支持聯合國發揮主導作用,推動制定各方普遍接受的網絡空間國際規則、網絡空間國際反恐公約,健全打擊網絡犯罪司法協助機制,深化在政策法律、技術創新、標准規范、應急響應、關鍵信息基礎設施保護等領域的國際合作。

網絡恐怖主義和網絡犯罪是經過信息網絡發酵催化出的全球威脅新形態,對世界上所有國家的政治、經濟、軍事、文化安全都構成巨大威脅,僅僅依靠政府和民間的力量是不夠的,美國等西方國家紛紛賦予軍隊保護網絡安全的職責和打擊網絡恐怖主義的權限。維護全球網絡空間安全與穩定符合中國以及世界各國的根本利益,軍隊應成為全球網絡空間安全的重要維護者,成為打擊全球網絡恐怖主義和網絡犯罪的重要力量。

網絡的全球化、無界性決定了打擊網絡恐怖主義和跨國網絡犯罪的國際需求,軍隊應在聯合國安理會的框架下,推進國家間網絡治理軍事合作,利用網絡時代的戰略和技術,建立聯防聯治機制,切實維護國家和世界網絡空間安全。

從“沙場練兵”到“網絡備戰”,新領域需要軍隊備戰新舉措

在新的歷史形勢下,網絡空間對軍隊練兵備戰模式提出了全新的要求,應適應網絡空間新特點和軍隊新使命對傳統模式進行創新改革,以強國強軍目標為統攬,加強宏觀統籌,著眼網絡空間軍事行動的法理需求,緊扣網絡空間“軍民一體”的天然屬性,建設“平戰結合”的網絡安全攻防體系,打造“軍地兩用”的網絡國防力量。

立法賦權,為軍隊遂行職能使命提供法理依據。世界各國尤其是西方發達國家在網絡安全立法上高度重視網絡國防問題。美國先后出台了《國家安全第16號總統令》《網絡空間行動戰略》等一系列政策法規,對如何在網絡國防領域保護國家網絡安全進行了不斷的深化規范。

當前,從法律層面厘清網絡空間軍隊的職責任務非常必要,應以《國家安全法》《網絡安全法》為依據,出台網絡國防法和有關網絡空間軍事作戰條令法規,為網絡國防領域建設和軍事行動提供法規支撐和行動綱領,使軍隊在網絡空間的職責和使命更加明確具體。

一是通過網絡國防立法進一步界定網絡主權和網絡邊疆,清晰軍隊的職責范圍。

二是通過網絡作戰法規建設,明確軍隊遂行保衛國家網絡空間安全的行動權限,區分應對網絡入侵、網絡破壞等行為的軍事手段。三是通過網絡空間國際合作政策,明確軍隊協同他國、民間力量等打擊國際網絡恐怖主義、網絡犯罪的職能任務。

軍民融合,為網絡強國建設提供創新動力。軍民融合是世界強國提升網絡空間競爭力的主要做法,對於中國網絡強國建設來說,構建軍民融合網絡安全攻防體系,開發軍地兩用的國防信息基礎設施,是激發軍隊網絡空間作戰能力創新的源泉。

一是統籌國家、軍隊和各級政府等軍民融合職能部門,設置專門的指揮協調機構,調動一切國家網絡力量,建設“軍民一體”“平戰結合”的網絡安全攻防體系。

二是盡快出台網絡安全軍民融合深度發展指導性意見,逐步展開軍民融合基本法律研究論証,指導中長期軍民融合發展。

三是依托國家現有公共移動通信網、光纖通信網及衛星系統,軍民共建覆蓋全國全軍的信息基礎設施,實現軍民統建、分管共享。

四是建立軍民聯合的應急響應機制,加大培訓軍地主管部門控制事態的能力,加強專家和應急專業力量,提升快速恢復受損網絡或信息系統的能力。

軍民聯訓,為網絡空間軍事能力生成提供實戰化環境。網絡空間的軍民共用特性使得軍民聯訓成為世界各國網絡空間軍事演訓的重要方式。美國及北約等國家的網絡空間軍民聯合演習已經形成系列化,“網絡風暴”“網絡衛士”等演練活動吸引了政府、企業、研究機構甚至民間黑客的廣泛參與。我軍網絡空間軍事力量訓練也需要廣泛吸引民間力量參與。

一是搞好軍政合作,建立軍民聯合攻防演練機制,借鑒美國等發達國家網絡戰演練中的紅藍對抗訓練方法,積極建設“國家網絡靶場”,策劃政府、民間機構系列聯合演習,提升軍民一體、官民一體的網絡攻防水平。

二是搞好軍企協作,在互聯網上依靠網信企業設置演練場區,促進軍民之間攻防能力磨合,共同提高防范未知風險能力。

三是組織民間網絡安全公司和黑客人才,開展網絡安全競賽等活動,互相印証,共同提高網絡安全防護技戰術水平。

網絡預備役,為建設強大網軍提供力量源泉。預備役作為國防力量的后備補充,兼有軍事和民用雙重特點,是實現網絡空間經濟發展與國防建設有機統一的有力舉措。

一是以國家安全部門為主導,依據國家利益進行統籌規劃,出台有利於網絡國防預備役建設的系列法規政策,從頂層上解決網絡國防預備役建設中軍民共建的主體分工、推進策略、利益協調等問題。

二是創新預備役組織領導體制和綜合協調機制,有計劃地把預備役建設融入國家網絡信息化發展的各個層面和各個領域。

三是著眼軍隊和地方兩頭管理模式改革,以各省市政府、軍隊和地方企事業單位的管理機制為依托,建立網絡國防預備役人才聯合培養使用機制,完善國家應急動員機制,建立國家網絡防御專用人才數據庫,將網絡民兵和預備役部隊建設納入人民武裝動員的范圍,平時按規定編入民兵應急分隊進行訓練,急時挑選精干人員隨隊參加遂行非戰爭軍事行動任務,戰時按需要成建制征召使用,使國防潛力轉變為國防實力。

 

Referring URL:

http://military.people.com.cn/BIG5/n1/2017/0417/c1011-29215670.html

美軍方憂慮中國信息戰 稱之為毛式網絡人民戰 // US Military Anxious & Worried About China’s Information Warfare – Mao-Style Network War is the People’s Warfare

美軍方憂慮中國信息戰 稱之為毛式網絡人民戰 //

US Military Anxious & Worried About China’s Information Warfare – Mao-Style Network War is the People’s Warfare

This article was originally published in the US Army “Military Intelligence” magazine July 7-9 months. The author Timothy Thomas is the US Army Lieutenant Colonel, now an analyst at the US Foreign Military Research Office (FMSO). The author graduated from the famous West Point military academy, served as the US military 82th Airborne Division unit commander, the information warfare, psychological warfare, low-intensity conflict in-depth study. This paper reflects the American military’s worries and alertness in the theory and construction of China’s information warfare. This article is specially translated for reference only.

In the past few years, the Chinese military and civil experts set off a wave of information warfare. After reading their works, it is not difficult to find that China’s theory of information warfare has several obvious characteristics: First, China is eager to develop its own theory of information warfare, which is related to its own security threats; secondly, China’s information War theory is influenced by its traditional military command art. Whether it is the ancient “Art of War” and “thirty-six”, or Mao Zedong’s people’s war thinking in the theory of information war laid a deep imprint; Third, China’s information warfare awareness and classification, obviously different In the beginning of the information warfare originator – the United States, although similar to the Russian information war theory, but only the shape and God is not.

Wai Wei save Zhao

The advent of the information age prompted people to rethink the way in which war was conducted. China is aware of its conventional armed forces and the superpower compared to the strength of disparity, in the near future, whether conventional or nuclear weapons, China can not constitute a strong deterrent to the United States. However, the ambitious Oriental dragon that: with the advent of the information age, the war form, the military structure, combat methods and command means will have a new change, the information will replace people full of future battlefield. As long as the focus of strategic research into the information warfare war form, grasp the trend of development of the times, it is not difficult to shorten the distance, and further lead.

Ancient China has a military order called “thirty-six dollars”, one of which “Wai Wei save Zhao” pointed out that if the enemy is too strong front power, should avoid the virtual, hit its weakness. For example, if you can not launch a direct attack (nuclear strike), then the information warfare, the weak financial, power, etc., to the West, and so on.

Network system to start. Although the conventional armed forces can not compete with the United States, however, China’s information warfare forces in theory is a real threat to the US political and economic security, the Americans can not afford the New York Stock Exchange and the Nasdaq Stock Exchange in an instant collapse. The global accessibility of information warfare, the speed of light transmission is not a feature of nuclear war, the Chinese people want is the speed of information warfare, accuracy and continuity to beat the opponent.

Information warfare can make up for the lack of conventional armed forces. The establishment of various battlefield information networks can not only improve the management level of traditional warfare, enhance the overall combat effectiveness of the troops, but also to a certain extent make up for the lack of conventional forces. In the eyes of the Chinese people, information warfare is even more powerful, is the power of conventional armed forces multiplier.

Information warfare

In 1996, China’s earliest information warfare expert Shen Weiguang to the information war under the definition is: “warring parties through the control of information and intelligence resources to compete for battlefield initiative of the war.” With the United States “to protect friendly information system, attack enemy information System “compared to the definition of Shen Weiguang more emphasis on” control “the enemy.

In 1998, the Chinese military information warfare Wei Wang Wang save major general classification of information warfare: according to time is divided into normal, crisis, wartime; by nature is divided into attack, defense; by level into the country, strategy, theater, tactics ; Divided by the scale of the battlefield, theater, local war. The characteristics of information warfare include directive and control warfare, intelligence warfare, electronic warfare, psychological warfare, space control war, hacker warfare, virtual warfare, economic warfare and so on. Information warfare in principle to take cut, blinded, transparent, fast and improve the viability and other measures. General Wang’s understanding of the information war is closer to the West, with emphasis on the confrontation of advanced technology.

In 1999, Chinese experts discussed the information warfare. Shen Weiguang at this time to expand the scope of information warfare, he believes that “information war, broadly refers to the confrontation of the military (including political, economic, science and technology and all areas of society) to seize the information space and information resources for the war, narrowly refers to the war Which is one of the essential characteristics of modern warfare.The essence of information war lies in the fact that by acquiring the right to information to achieve ‘no war and subdue the soldiers’. ”

The military another information warfare expert general general Wang Pufeng information warfare have a very deep understanding, in 2000, he information warfare and information warfare distinction. According to his explanation, the information war refers to a form of war, which contains information warfare, and information warfare refers to a combat activity. He believes that “information warfare includes all combat activities, including a series of intrusion and computer virus attacks on the theft, tampering, deception, deception, disruption, obstruction, interference, paralysis of information and information systems, and finally the enemy computer Network does not work. “He advocated China’s information warfare theory in drawing on foreign advanced combat ideas at the same time, should have China’s own characteristics.

“Mao-style network people’s war”

China’s knowledge of information warfare is very traditional. Many military theorists believe that the information age has given Mao Zedong a new connotation of the people’s war thinking, therefore, advocates rely on and mobilize the broad masses of people to carry out online war. It is conceivable that no matter which same family, with 1.3 billion people playing network warfare is daunting.

Mao Zedong’s network The most important feature of the people’s war theory is that it breaks the boundaries between the army and the people. Blurred the traditional boundaries of military installations and civilian facilities, military technology and civilian technology. The sharing of information technology in military and civilian use has created the conditions for the widespread use of civil technology for military purposes. For example, the use of civil electronic information equipment for information interception and transmission can use the civilian communication network for war mobilization; can use the private computer network attack and defense. Second, the difference between military personnel and non-military personnel is gradually disappearing. With the development of network technology and the expansion of application areas, a large number of network technology talent come to the fore. These have the special ability of the network elite will become the future network of people in the war of Gladiator. At the same time, communication, transportation, financial systems and other information networks and international networking, for China to carry out the people’s war provides the necessary conditions.

Nowadays, the idea of ​​people’s war has been established as the fundamental guiding principle of China’s network information warfare. A Chinese military writer wrote: “The flexible tactical and tactical principle is still the soul of the network information warfare.The broad masses of people actively participate in the war, especially technical support and online warfare, is to win the network information war victory of the masses and strength Source. ”

The power of the people’s war is so terrible, perhaps, we can understand why the Chinese are willing to cut the size of their armed forces – imagine that once the war broke out, China could launch a large number of people involved in war, information engineers and civilians will be organized through the home Computer attack on the US network information system, then why should we maintain a large combat force?

Information warfare

Over the past few years, China has held several major information warfare military exercises to test the theory of information warfare. The first “special war” (information warfare) exercise took place in October 1997. A military army of a military army was designed to paralyze its system of virus attacks, the group of military anti-virus software for defense. The exercise is called “invasion and anti-intrusion exercise”. The exercise also used ground logistics, medical and air forces.

In October 1998, China held a high-tech comprehensive exercise jointly conducted by the three military regions. The first use of the “military information superhighway” was used in the joint defense operations. The information network system in the command automation system is composed of digital, dialing, command network and secret channel. The other parts of the command automation system are subsystems such as command warfare, audio and graphics processing, control and data encryption.

In October 1999, the People’s Liberation Army for the first time between the two groups of war-level computer online confrontation exercises. Conducted reconnaissance and anti-reconnaissance, interference and anti-interference, blockade and anti-blockade, air strikes and anti-air raid and other subjects. In the software environment, resource sharing, combat command, situation display, auxiliary evaluation, signal transmission and intelligence warfare and other six types of operations. The computer evaluation system conducts data and quality analysis of the performance of both parties.

In July 2000, a military area also conducted an online confrontation exercise. The three training tasks related to the exercise are: organizing and planning the campaign, seizing air power and making information, implementing breakthroughs and breaking down. There are more than 100 terminal networking involved in the exercise.

Militia unit

China’s people’s war has a complete system, its overall development direction is “elite standing army and powerful reserve forces combined”, this defense system is conducive to play the overall effectiveness of the people’s war and “network tactics” advantage.

China 1.5 million reserve forces are very keen to play the network of people’s war. In some areas, the PLA has prepared the reserve forces into small information warfare forces. For example, in Yichang City, Hubei Province, the military division organized 20 municipal departments (electricity, finance, television, medical, etc.) technical staff set up a reserve information warfare. The Department has a network of war camps, electronic war camps, intelligence war camps and 35 technical units. The department has also established the first training base in China to accommodate 500 people.

Yichang is not the only area where the organization’s reserve and militia are engaged in information warfare training. December 1999 in Xiamen, Fujian held a reserve and militia meeting. During the subsequent exercise, the militia units with high-tech equipment carried out electronic countermeasures, cyber attacks and protection, radar reconnaissance performances. The goal of the fake attack is an encircled island, so it is easy for outsiders to think about being against Taiwan. Xiamen is a special economic zone, bringing together a large number of high-tech talent, so there are advantages of the implementation of information warfare.

In an exercise conducted by the Jinan Military Region, the Xi’an People’s Armed Forces Information Warfare team played the blue side of the attack, and they developed 10 kinds of information warfare measures, including information mine, information reconnaissance, change of network information, release of information bombs, dumping Network spam, distribute web leaflets, information spoofing, spread false information, organize information defense, and establish web spy stations. From these network information warfare can be seen that their research on the network information war has been quite specific and in-depth.

China’s military experts also suggested that all levels of militia organizations should set up network technology professional units, in order to facilitate the coordination of command, militia network technology professional units should be provincial or regional units for the implementation of the group, vertical management. Reserve forces to participate in the future war in the “network attack and defense” and “network technology security”, its actions should be organized by the military organization and unified coordination.

Training base

The Chinese People’s Liberation Army has developed its own set of information warfare education methods, the steps are: first to teach the basic knowledge of network information warfare; secondly through the military’s advanced military thinking to improve the level of information warfare knowledge; and then improve the use of information technology skills, Electronic technology, psychological warfare technology and information attack and defense technology; Finally, through the exercise of knowledge into practical ability. In China, mainly by the People’s Liberation Army institutions to foster information warfare high-tech talent responsibility:

People ‘s Liberation Army Communications Command College, located in Wuhan. In 1998, the hospital published two books, namely, “information combat command and control” and “information combat technology”, these two books is China’s information warfare education the most important teaching materials. The college has a high reputation for its excellent information warfare tutorials, which analyze the information, operational requirements of strategic, operational, and tactical levels.

People’s Liberation Army Information Engineering University, located in Zhengzhou, by the original PLA Information Engineering Institute, Institute of Electronic Technology and Surveying Institute merged. The main research areas of the school are information security, modern communication technology and space technology, and in some cutting-edge disciplines to explore, such as remote sensing information technology, satellite navigation and positioning technology, geographic information database technology.

People’s Liberation Army Polytechnic University, located in Nanjing, by the former People’s Liberation Army Communications Engineering College, Engineering Engineering College, Air Force Meteorological Institute and the General Association of 63 Institute merged. The school is responsible for training information warfare, commanding automation and other new disciplines of military talent. There are nearly 400 experts and professors in the university engaged in information war theory and technology research.

People’s Liberation Army National Defense Science and Technology University, located in Changsha, the school directly under the Central Military Commission. Has developed the famous “Galaxy” series of supercomputers. During the Kosovo war in April-June 1999, nearly 60 senior officers gathered in this study of high-tech wars.

People’s Liberation Army Naval Engineering University, located in Wuhan, is the only naval study of information warfare institutions. The purpose of the school’s information warfare is to apply information technology to naval equipment so that the Chinese navy can adapt to the information war.

in conclusion

What conclusions can we get from the study of information warfare in China? What can the American army get from it?

First of all, China’s military theorists have found a cheap and effective information warfare method, which makes China in the strategic military and international status to obtain the same position with the West, so that China in Asia to play a more important strategic role.

Secondly, China’s attention to the new information warfare forces is extraordinary. It may be possible to develop various forms of information warfare forces, such as: network forces (independent arms), “cyber warriors” raid units, information protection forces, information corps, electronic police and joint networks of people’s war institutions. It is interesting to note that Western countries, not China, have the ability to put these ideas into practice at this stage.

Thirdly, China’s information warfare theory reflects the combination of Western and Chinese ideas, and the influence of the former is getting weaker. Due to some common origins of military command art (Marxist dialectical thinking), China’s information warfare thought is more similar to that of Russia. However, in terms of its essence, China’s information war theory and Russia and the West are different. China’s information war theory emphasizes control, computerized warfare, cyber warfare, intellectual warfare and system of information rights.

Fourth, in the field of information warfare, China has spanned a number of technological developments and has used the Quartet’s technology to save time and save money. However, China does not fully follow the foreign, but the use of creative information war strategy. But no matter what, China is worthy of attention is different from other countries, the power of information.

For the US military, the study of China’s information war theory is not just to give the military a few opinions. “Art of War” called “know that know, victorious”. From the perspective of foreign information warfare theory to analyze the ability of the US information warfare in order to find the fatal flaws of the US information warfare system.

As the Chinese say, the losers of the information warfare are not necessarily behind the technology, and those who lack the art of command and strategic ability are the most likely to be losers. The United States to the reflection of their own information war thinking, and to study the information war strategy and tactical time. (Fan Shengqiu compilation) (“International Outlook”)

China and the latitude and longitude network February 11, 2004

 

Original Mandarin Chinese:

本文原載於美國陸軍《軍事情報》雜誌2003年7-9月號。作者蒂莫西·托馬斯是美國陸軍中校,現為美國外國軍事研究辦公室(FMSO)分析員。作者畢業於著名的西點軍校,曾任美軍第82空降師分隊指揮官,對信息戰、心理戰、低強度衝突有深入的研究。本文反映了美國軍方對中國信息戰理論和建設的憂慮與戒備心理。本刊特編譯此文,僅供讀者參考。
在過去幾年裡,中國軍方與民間專家們掀起了研究信息戰的熱潮。閱讀他們的作品後不難發現,中國的信息戰理論研究具有幾個明顯的特徵:首先,中國正迫不及待地發展自己的信息戰理論,這與其對自身安全威脅的判斷有關;其次,中國的信息戰理論受其傳統軍事指揮藝術影響頗深。無論是古代的《孫子兵法》和《三十六計》,還是毛澤東的人民戰爭思想都在信息戰理論中打下了深深的烙印;第三,中國對信息戰的認知與分類,顯然不同於信息戰的開山鼻祖——美國,雖近似於俄國的信息戰理論,卻也只是形似而神不是。

圍魏救趙
信息時代的到來促使人們對戰爭的進行方式重新進行思索。中國意識到其常規武裝力量與超級大國相比實力懸殊,近期內無論是常規力量還是核武器,中國都無法對美國構成強大威懾。但是,雄心勃勃的東方巨龍認為:隨著信息時代的來臨,戰爭形態、軍隊結構、作戰方式和指揮手段都會有嶄新的變化,信息將取代人充斥於未來戰場。只要把戰略研究的著眼點放到信息戰這一戰爭形態上,把握時代發展潮流,就不難縮短距離,並進一步取得領先地位。
中國古代有部兵書叫《三十六計》,其中的一計“圍魏救趙”就指出,如果敵人正面力量過於強大,應當避實就虛,擊其薄弱之處。中國人古為今用,把這個計謀應用到當前國家間鬥爭——如果你不能發動直接攻擊(核打擊),那就打信息戰,向西方薄弱的金融、電力等

網絡系統下手。常規武裝力量雖然無法與美國抗衡,然而,中國的信息戰部隊在理論上卻實實在在威脅到美國的政治及經濟安全,美國人無法承受紐約股票交易所和納斯達克股票交易所在瞬間崩潰。信息戰的全球可及性、光速傳播性是核戰爭所不具有的特性,中國人要的就是以信息戰的速度、準確性和持續性擊敗對手。
信息戰力量可彌補常規武裝力量的不足。各種戰場信息網絡的建立,不僅可以提高對傳統戰爭的管理水平,增強部隊的整體戰鬥力,還可以在一定程度上彌補常規力量的不足。在中國人眼中,信息戰好似如虎添翼,是常規武裝部隊的力量倍增器。
信息戰智囊
1996年,中國最早提出信息戰的專家沈偉光給信息戰下的定義是:“交戰雙方通過控制信息與情報資源來爭奪戰場主動權的戰爭。”與美國“保護友方信息系統,攻擊敵方信息系統”的定義相比,沈偉光更強調“控制”敵人。
1998年,中國軍方信息戰權威王保存少將對信息戰進行了分類:按時間分為平時、危機時、戰時;按性質分為進攻、防禦;按層次分為國家、戰略、戰區、戰術;按規模分為戰場、戰區、局部戰爭。信息戰表現的特徵包括指揮與控制戰、情報戰、電子戰、心理戰、空間控制戰、黑客戰、虛擬戰、經濟戰等方面的較量。信息戰原則上採取切斷、蒙蔽、透明、快速和提高生存力等措施。王將軍對信息戰的認識與西方較為接近,都把重點放在先進技術的對抗上。
1999年,中國專家對信息戰展開了大討論。沈偉光此時把信息戰的範圍擴大,他認為“信息戰,廣義地指對壘的軍事(也包括政治、經濟、科技及社會一切領域)集團搶占信息空間和爭奪信息資源的戰爭,狹義地指戰爭中交戰雙方在信息領域的對抗。它是現代戰爭的本質特徵之一。信息戰的本質在於通過奪取制信息權達到’不戰而屈人之兵’。”
軍方另一位信息戰專家王普豐少將對信息戰有很深入的理解,2000年,他把信息戰和信息戰爭區別開。根據他的解釋,信息戰爭指的是一種戰爭形態,它包含了信息戰,而信息戰指的是一種作戰活動。他認為“信息戰包括所有作戰活動,其中有對敵信息及信息系統實施信息竊取、篡改、刪除、欺騙、擾亂、阻塞、干擾、癱瘓等一系列的入侵活動和計算機病毒攻擊,最終使敵計算機網絡無法正常工作。”他主張中國的信息戰理論在藉鑒國外先進作戰思想的同時,應具有中國自己的特色。
“毛式網絡人民戰爭”
中國對信息戰的認知非常具有傳統特色。許多軍事理論家認為信息時代賦予了毛澤東人民戰爭思想新的內涵,因此,主張依靠和發動廣大人民群眾進行網上戰爭。可以想像,無論是哪個同家,與13億人打網絡戰都是令人生畏的。
毛澤東式網絡人民戰爭理論的最重要特徵是它打破了軍與民的界限。模糊了軍用設施與民用設施、軍用技術與民用技術的傳統分界線。信息技術在軍用和民用上的共享,為廣泛利用民間技術達成軍事目的創造了條件。例如,可以利用民間的電子信息設備進行情報截獲和傳輸可以利用民間的通信網絡進行戰爭動員;可以利用民間的計算機進行網絡進攻和防禦等。其次,軍事人員與非軍事人員的區別也在逐漸消失。隨著網絡技術的發展和應用領域的擴大,大批的網絡技術人才脫穎而出。這些具備特殊能力的網絡精英將成為未來網絡人民戰爭中的角斗士。與此同時,通信、交通、金融系統等信息網絡與國際聯網,為中國開展人民戰爭提供了必要條件。
如今,人民戰爭思想已經被確立為中國網絡信息戰的根本指導原則。一個中國軍方作者寫道:“靈活機動的戰略戰術原則,仍然是網絡信息戰的靈魂。廣大人民群眾積極參戰,特別是技術支援和網上參戰,則是奪取網絡信息戰勝利的群眾基礎和力量源泉。”
網絡人民戰爭的威力是如此可怕,或許,我們可以明白為何中國人願意削減其武裝部隊規模了——設想一旦戰爭爆發,中國可以發動大量民眾參戰,信息工程師和平民將被組織起來,通過家中的電腦攻擊美國的網絡信息系統,那又何必要維持規模龐大的作戰部隊呢?
信息戰演練
過去幾年裡,中國舉行過數次重大信息戰軍事演習對信息戰理論進行檢驗。首次“特種戰”(信息戰)演練於1997年10月進行。某軍區的一個集團軍遭到旨在癱瘓其係統的病毒攻擊,該集團軍用殺毒軟件進行了防衛。該演練被稱為“入侵與反入侵演練”。演習時還動用了地面後勤、醫療和空軍部隊。
1998年10月,中國舉行了一場由三大軍區聯合進行的高科技綜合演練。聯合防禦作戰演練中首次使用了“軍事信息高速公路”。指揮自動化系統中的信息網絡系統由數字、撥號、指揮網和保密信道組成。指揮自動化系統的其他部分是指揮作戰、音頻和圖形處理、控制和數據加密等子系統。
1999年10月,解放軍首次進行了兩個集團軍之間的戰役級計算機網上對抗演習。演練了偵察與反偵察、干擾與反干擾、封鎖與反封鎖、空襲與反空襲等科目。在軟件環境下進行了資源共享、作戰指揮、態勢顯示、輔助評估、信號傳輸和情報戰等6類作業。計算機評估系統對演習雙方的表現進行數據與質量分析。
2000年7月,某軍區也進行了網上對抗演練。與此次演練有關的3項訓練任務是:組織和計劃戰役、奪取制空權和製信息權、實施突破和反突破。有100多台終端聯網參與了演練。
民兵分隊
中國的人民戰爭有一套完備的體制,其總體發展方向是“精幹的常備軍與強大的後備力量相結合”,這種國防體制有利於發揮人民戰爭的整體效能和“網海戰術”優勢。
中國150萬預備役部隊十分熱衷於打網絡人民戰爭。在一些地區,解放軍已經把預備役部隊編成小型信息戰部隊。例如,在湖北省宜昌市,軍分區組織了20個市政部門(電力、財政、電視、醫療等)的技術人員成立了預備役信息戰團。該部擁有網絡戰營、電子戰營、情報心理戰營及35個技術分隊。該部還建立了中國第一個能容納500人的預備役信息戰訓練基地。
宜昌並不是組織預備役和民兵進行信息戰訓練的唯一地區。 1999年12月在福建廈門召開了預備役和民兵會議。在隨後進行的演習中,擁有高技術裝備的民兵分隊進行了電子對抗、網絡攻擊和防護、雷達偵察表演。山於假想攻擊的目標是一座被包圍的島嶼,因此很容易讓外人聯想到是針對台灣。廈門是經濟特區,匯集了大量高科技人才,因此有實施信息戰的優越條件。
在一次由濟南軍區舉行的演習中,西安人武部信息戰分隊扮演負責攻擊的藍方,他們制定了10種信息戰措施,其中有安放信息地雷、信息偵察、改動網絡資料、釋放信息炸彈、傾倒網絡垃圾、分發網絡傳單、信息欺騙、散佈虛假信息、組織信息防禦、建立網絡間諜站。從這些網絡信息戰法可以看出,他們對網絡信息戰的研究已相當具體、深入。
中國的軍事專家還建議,各級民兵組織都應成立網絡技術專業分隊,為便於指揮協調,民兵網絡技術專業分隊應以省或者地區為單位實行條條編組,垂直管理。後備力量參與未來戰爭中的“網絡攻防”和“網絡技術保障”,其行動要由軍隊組織實施和統一協調。
培養基地
中國人民解放軍發展出自己的一套信息戰教育方法,其步驟是:首先傳授網絡信息戰基礎知識;其次通過講述外軍的先進軍事思想提高信息戰知識水平;然後提高信息戰使用技能,特別是電子技術、心理戰技術和信息攻防技術;最後,通過演習把知識轉化為實際操作能力。在中國,主要由解放軍院校擔負培養信息戰高技術人才的責任:
解放軍通信指揮學院,位於武漢。 1998年,該院出版了兩部書籍,分別是《信息作戰指揮控制學》和《信息作戰技術學》,這兩部書籍是中國信息戰教育最重要的教材。該學院以其優良的信息戰教程設置而享有很高的聲譽,這些教程分析了戰略、戰役、戰術層次的信息作戰要求。
解放軍信息工程大學,位於鄭州,由原解放軍信息工程學院、電子技術學院和測繪學院合併而成。該校目前主要研究領域是信息安全,現代通信技術和空間技術,並且在一些尖端學科領域進行探索,如遙感信息技術、衛星導航與定位技術、地理信息數據庫技術。
解放軍理工大學,位於南京,由原解放軍通信工程學院、工程兵工程學院、空軍氣象學院和總參第63研究所合併而成。該校專門負責訓練信息戰、指揮自動化和其它新學科的軍事人才。有近400名專家教授在該大學從事信息戰理論與技術研究。
解放軍國防科技大學,位於長沙,該校直接隸屬於中央軍委。曾開發了著名的“銀河”系列超級計算機。 1999年4月到6月科索沃戰爭期間,近60名高級軍官匯集在此研究高科技戰爭。
解放軍海軍工程大學,位於武漢,是海軍唯一研究信息戰的院校。該校研究信息戰的目的是把信息技術應用到海軍裝備,使中國海軍能適應信息化戰爭。
結論
我們從中國的信息戰研究中能得到什麼結論呢?美國軍隊又能從中得到什麼啟示呢?
首先,中國的軍事理論家找到了一廉價而有效的信息戰方法,它使中國在戰略軍事和國際地位上取得與西方相等的位置,從而使中國在亞人地區發揮更重要的戰略角色。
其次,中國對新型信息戰部隊的重視非同尋常。因此可能會發展形式各樣的信息戰部隊,例如:網絡部隊(獨立兵種)、“網絡勇士”突襲分隊、信息保護部隊、信息兵團,電子警察和聯合網絡人民戰爭機構。有意思的是,就現階段的能力而言,西方國家,而不是中國,更具有把這些設想付諸實施的能力。
第三,中國的信息戰理論反映了西方和中國思想的結合,而且前者的影響力越來越弱。由於軍事指揮藝術的一些共同淵源(馬克思主義辯證思想),中國的信息戰思想更類似於俄國。但是,就其本質而言,中國的信息戰理論與俄國和西方都不同。中國的信息戰理論強調控制、電腦化戰爭、網絡戰、知識戰和製信息權。
第四,在信息戰領域,中國跨越了若干技術發展階段,利用四方的技術,不僅節省了時間而且還節省了金錢。不過,中國沒有完全仿效外國,而是採用創造性的信息戰策略。但不管怎麼樣,中國都是值得關注的一支不同於其他國家的信息戰力量。
對美軍而言,研究中國的信息戰理論絕非僅僅為了給軍方提供幾條意見。 《孫子兵法》稱“知彼知已,百戰百勝”。從外國信息戰理論的角度來分析美國的信息戰能力,才能發現美國信息戰系統的致命缺陷。
正如中國人所言,信息戰的失敗者不一定是技術落後方,那些缺乏指揮藝術和戰略能力的人才最可能是失敗者。美國到了該反省自己的信息戰思想,並研究信息戰戰略和戰術的時候了。 (範胜球編譯)(《國際展望》)
華夏經緯網 2004年02月11日

 

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

Table of Contents

    Chapter 1 General Provisions

Chapter 2 Network Security Support and Promotion

Chapter 3 Network Operation Safety

Section 1 General Provisions

SECTION 2: Operational safety of key information infrastructures

Chapter 4 Network Information Security

Chapter 5 Monitoring Early Warning and Emergency Handling

Chapter VI Legal Liability

Chapter VII Supplementary Provisions

Chapter 1 General Provisions

The first order to protect network security , safeguard cyberspace sovereignty and national security , public interests , protection of citizens , legal persons and other organizations , to promote the healthy development of economic and social information , this law is enacted .

Article in the territory of People’s Republic of China construction , operation , maintenance and use of the network , as well as supervision and management of network security , this Law shall apply .

Third countries adhere to both network security and information technology development , follow the active use , scientific development , according to management , to ensure the safety policy , promote the network infrastructure construction and interoperability , to encourage innovation and application of network technology , to support the development of network security personnel , Establish and improve the network security system , improve network security protection .

Article 4 The State shall formulate and continuously improve the network security strategy , clearly define the basic requirements and main objectives of the network security , and put forward the network security policies , tasks and measures in the key areas .

Article 5 The State shall take measures to monitor , defend and dispose of network security risks and threats arising from the territory of the People’s Republic of China , protect the critical information infrastructure from attack , intrusion , interference and destruction , punish the network for criminal activities and maintain the network Space security and order .

Article 6 The State shall promote the network behavior of honesty and trustworthiness , health and civilization , promote the dissemination of socialist core values , and take measures to raise the awareness and level of cybersecurity in the whole society and form a favorable environment for the whole society to participate in promoting network security .

Article VII countries active in cyberspace governance , network technology research and standards development , the fight against international exchange and cooperation network and other crimes , to promote the building of peace , security , open , cooperative cyberspace , multilateral , democratic , transparent network Governance system .

Article VIII of the National Network Information Department is responsible for co-ordination network security and related supervision and administration . State Council department in charge of telecommunications , public security departments and other relevant authorities in accordance with this Law and other relevant laws , administrative regulations , responsible for network security and supervision and administration within their respective areas of responsibility .

Local people’s governments above the county level of network security and regulatory functions , determined in accordance with relevant state regulations .

Article IX network and service operators to carry out business activities , must abide by laws , administrative regulations , respect social ethics , abide by business ethics , honesty and credit , fulfill the obligation to protect network security , and accept the supervision of government and society , social responsibility .

Article X build , operate or provide network services through a network , it should be in accordance with laws , regulations and national standards and administrative regulations of mandatory requirements , technical measures and other necessary measures , to ensure network security , stable operation , to effectively deal with network security incidents , Prevent cyber criminal activities , maintain the integrity of network data , confidentiality and usability .

Article XI  network-related industry organizations accordance with the constitution , strengthen self-discipline , to develop guidelines for network security behavior , guide members to strengthen network security , increase network security levels , and promote the healthy development of the industry .

Article XII of  the State protection of citizens , legal persons and other organizations the right to use the network in accordance with law , the promotion of universal access network , improve network service levels , and provide safe , convenient network services , to protect the free flow of network information according to law and orderly .

Any person and organization using the network should abide by the constitutional law , abide by the public order , respect social morality , not endanger the network security , shall not use the network to endanger national security , honor and interests , incite subversion of state power , overthrow the socialist system , incitement to split the country , The destruction of national unity , the promotion of terrorism , extremism , the promotion of national hatred , ethnic discrimination , the dissemination of violence , obscene pornography , fabricating and disseminating false information to disrupt economic order and social order , and infringe upon the reputation , privacy , intellectual property and other legitimate rights and interests of others And other activities .

Article XIII  countries to support research and development is conducive to healthy growth of minors networking products and services , punishing minors using the Internet to endanger physical and mental health activities according to law , to provide security for minors , healthy network environment .

Article 14  Any individual or organization shall have the right to report to the network , telecommunications , public security and other departments that are harmful to the safety of the Internet . The department that receives the report shall handle it in a timely manner and if it does not belong to the duties of the department , it shall promptly transfer the department to be handled .

The relevant departments shall keep the relevant information of the whistleblower and protect the legitimate rights and interests of the whistleblower .

Chapter 2 Network Security Support and Promotion

Article 15 The  State shall establish and improve the network security standard system . The department in charge of standardization of the State Council and other relevant departments under the State Council shall, in accordance with their respective duties , organize and formulate and revise the national standards and industry standards for network security management and network products , services and operation safety .

National support enterprises , research institutions , colleges and universities , network-related industry organizations to participate in network security national standards , industry standards .

Article 16 The   State Council and the people’s governments of provinces , autonomous regions and municipalities directly under the Central Government shall make overall plans , increase investment , support key network security technology industries and projects , support the research and development and application of network security technology , promote safe and reliable network products and services , Protection of network technology intellectual property rights , support enterprises , research institutions and colleges and universities to participate in national network security technology innovation projects .

Article 17 The   State shall promote the construction of a social security service system for network security and encourage the relevant enterprises and institutions to carry out safety services such as network security certification , testing and risk assessment .

Article 18 The   State encourages the development of network data security protection and utilization technology to promote the opening of public data resources and promote technological innovation and economic and social development .

State support innovative network security management , the use of new network technologies , enhance network security level .

Article XIX   governments at all levels and relevant departments should organize regular network security education , and guidance , and urge the relevant units to do network safety publicity and education work .

The mass media should be targeted to the community for network security publicity and education .

Article 20 The  State shall support enterprises and institutions of higher education , vocational schools and other educational and training institutions to carry out network safety-related education and training , and adopt a variety of ways to train network security personnel and promote the exchange of network security personnel .

Chapter 3 Network Operation Safety

Section 1 General Provisions

Article 21 The  State shall implement a system of network security protection . Network operators should be in accordance with the requirements of the network security level protection system , perform the following security obligations , to protect networks from interference , damage or unauthorized access , preventing data leakage or stolen , tampered with :

( 1 ) to formulate internal safety management systems and operating procedures , to determine the network security responsible person , the implementation of network security protection responsibility ;

( 2 ) to take precautions against computer viruses and network attacks , network intrusion and other hazards of network security behavior of technical measures ;

( 3 ) to take technical measures to monitor and record the operation status of the network and the network security incident , and to keep the relevant network log in accordance with the regulations for not less than six months ;

( D ) to take data classification , important data backup and encryption and other measures ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 22 The  network products and services shall conform to the mandatory requirements of the relevant national standards . Network products , service providers may not set up malicious programs ; found their network products , services, security defects , loopholes and other risks , should immediately take remedial measures , in accordance with the provisions of the timely notification of the user and report to the relevant authorities .

The providers of network products and services shall provide continuous maintenance of their products and services ; they shall not terminate the provision of safety maintenance within the time limit prescribed by the parties or the parties .

Network products , services with the collection of user information function , the provider should be clear to the user and obtain consent ; involving the user’s personal information , but also should comply with this law and the relevant laws and administrative regulations on personal information protection requirements .

Article 23 The  network of key equipment and network security specific products should be in accordance with national standards of mandatory requirements , qualified by the agency safety certification or qualified safety testing to meet the requirements after , before they sell or provide . The State Network letter department in conjunction with the relevant departments of the State Council to develop and publish network key equipment and network security products directory , and promote safety certification and safety testing results mutual recognition , to avoid duplication of certification , testing .

Article 24 The  network operator shall handle the services such as network access , domain name registration service , fixed telephone and mobile telephone , or provide services such as information release and instant messaging , and enter into an agreement with the user or confirm the service when , should be required to provide true user identity information . If the user does not provide the true identity information , the network operator shall not provide the relevant service .

National implementation trusted identity network strategy , to support research and development of safe , convenient electronic authentication technology , to promote mutual recognition between different electronic authentication .

Article 25  network operators shall develop network security emergency response plan , timely disposal system vulnerabilities , computer viruses , network attacks , security risks and other network intrusions ; in the event of the occurrence of the harm network security , immediately launched the emergency plan , take the appropriate remedial measures , and report to the relevant authorities in accordance with the provisions .

Article 26   to carry out certification of network security , detection , risk assessment and other activities , released to the public system vulnerabilities , computer viruses , network attacks , network intrusions and other network information security , should comply with the relevant provisions of the State .

Article 27   No individual or organization may not engage in illegal intrusion into networks of others , interfere with the normal function of the network of others , active network data theft and other hazards network security ; not provide specifically for the network in the invasion , interfere with the normal function of the network and protective measures , theft Network data and other activities that endanger the network security activities , tools ; knowing that others engaged in activities that endanger network security , not to provide technical support , advertising , payment and settlement help .

Article 28 The   network operators shall provide technical support and assistance to the public security organs and the state security organs to safeguard the national security and the investigation of crimes according to law .

Article 29 The   State supports between network operators to collect information on network security , analysis , reporting and emergency response and other aspects of cooperation , to improve the security capabilities of network operators .

Relevant industry organizations to establish and improve network security norms and mechanisms for cooperation in this sector , to strengthen the analysis and evaluation of network security risks , regularly risk warning to the members , to support , to assist members to deal with network security risks .

Article 30   Network and Information Department and relevant information acquired in the performance of network security protection responsibilities , only for the need to maintain network security , shall not be used for other purposes .

SECTION 2: Operational safety of key information infrastructures

Article 31 The   state public communication and information services , energy , transportation , water conservancy , finance , public services , e-government and other important industries and fields , as well as other once destroyed , the loss of functionality or data leakage , could seriously endanger national security , people’s livelihood , the critical information infrastructure of public interest , on the basis of network security protection system on , special protection . The specific scope and safety protection of key information infrastructure shall be formulated by the State Council .

The country encourages network operators outside key information infrastructures to participate voluntarily in critical information infrastructure protection systems .

Article 32  in accordance with the division of duties prescribed by the State Council , responsible for the protection of critical information infrastructure security departments are working to formulate and implement the industry , the art of critical information infrastructure security planning , guidance and supervision of the safe operation of critical information infrastructure protection Work .

Article 33 The   construction of the critical information infrastructure to support business should ensure it has a stable , continuous operation performance , and technical measures to ensure the safety synchronized planning , simultaneous construction , simultaneous use .

Article 34   In addition to the provisions of Article 21 of this Law , critical information infrastructure operators shall perform the following security obligations :

( A ) set up a special safety management and safety management agency in charge of people , and the negative security background screening of responsibility and the key staff positions ;

( 2 ) regularly carry out network security education , technical training and skills assessment for employees ;

( Iii ) disaster recovery of critical systems and databases ;

( D ) the development of network security incident contingency plans , and regular exercise ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 35 Where  a operator of a key information infrastructure purchases a network of products and services that may affect the safety of the State , it shall pass the national security review organized by the State Network Department in conjunction with the relevant departments of the State Council .

Article 36 of   the critical information infrastructure of network operators purchasing products and services , shall sign a confidentiality agreement with the security provider in accordance with the provisions , clear security and confidentiality obligations and responsibilities .

Article 37  Personal information and important data collected and produced by operators of key information infrastructure operators in the territory of the People’s Republic of China shall be stored in the territory . Due to business needs , do need to provide to the outside , should be in accordance with the State Network letter department in conjunction with the relevant departments of the State Council to develop a safety assessment ; laws and administrative regulations otherwise provided , in accordance with its provisions .

Article 38   critical information infrastructure operator shall himself or entrust their network security services and the possible risk of network security test and evaluation carried out at least once a year , and will assess the situation and improve the detection measures submitted to the responsible Key information Infrastructure Security protection work .

Article 39 The   State Network Letters shall coordinate the relevant departments to take the following measures for the protection of key information infrastructures :

( A ) the security risk of critical information infrastructure will be random testing , suggest improvements , can be entrusted network security services when necessary for the existence of network security risk assessment to detect ;

( 2 ) to organize the operators of key information infrastructures on a regular basis to conduct network security emergency drills to improve the level and coordination capability of responding to network security incidents ;

( 3 ) to promote the sharing of network security information between the relevant departments and operators of key information infrastructures and relevant research institutions and network security services ;

( Four ) emergency response network security incidents and recovery network functions, etc. , to provide technical support and assistance .

Chapter 4 Network Information Security

Article 40  network operators should collect information on its users strictly confidential , and establish and improve the user information protection system .

Article 41 Where a  network operator collects or uses personal information , it shall follow the principles of lawfulness , reason and necessity , publicly collect and use the rules , expressly collect and use the purpose , manner and scope of the information and agree with the collectors .

Services unrelated to the personal information of the network operator shall not collect its offer , shall not violate laws , administrative regulations and bilateral agreements to collect , use of personal information , and shall be in accordance with laws , administrative regulations and the agreement with the user , process save Of personal information .

Article 42   network operators shall not be disclosed , tampering , destruction of personal information it collects ; without the consent of the collectors , may not provide personal information to others . However , except that processing does not recognize a particular person and can not be recovered .

The network operator shall take technical measures and other necessary measures to ensure that the personal information collected by it is safe to prevent leakage , damage and loss of information . Or may occur in the event of leakage of personal information , damage , time lost the case , it should take immediate remedial measures , in accordance with the provisions promptly inform the user to the relevant competent authorities report .

Article 43   personal discovery network operators violate laws , administrative regulations or bilateral agreements to collect , use their personal information , the right to require network operators to delete their personal information ; find network operators to collect , store their personal The information is wrong , the right to require the network operator to be corrected . The network operator should take action to remove or correct it .

Article 44   No individual or organization may steal or acquire personal information in any other illegal manner and may not illegally sell or illegally provide personal information to others .

Article 45 The   departments and their staff members with network security supervision and administration according to law , must be aware of personal information in carrying out their duties , privacy and trade secrets strictly confidential , shall not disclose , sell or illegally available to others .

Article 46   No individual or organization shall be responsible for the use of network behavior , not set up to commit fraud , to teach criminal methods , production or sale of prohibited items , sites illegal and criminal activities of controlled items, etc. , communication groups , should not be used Internet publishing involves the implementation of fraud , the production or sale of prohibited items , control of goods and other criminal activities of the information .

Article 47   network operators should strengthen the management of information published by its users , we found that laws , administrative regulations prohibit the release or transfer of information , should immediately stop the transmission of the information , to take measures to eliminate the disposal, etc. , to prevent the diffusion of information , save The relevant records and report to the relevant authorities .

Article 48  electronic information sent by any individual and organization , application software provided , shall set up a malicious program , shall not contain laws , administrative regulations prohibit the release or transfer of information .

Send electronic information service providers and application software download service provider , shall perform the safety management obligations , know that the user is under the aforesaid acts , it should stop providing services , to take measures to eliminate the disposal, etc. , keep the relevant records , and the relevant authorities Report .

Article 49 The  network operators shall establish information such as complaints and reporting systems for network information security , announce complaints and report methods, and promptly accept and handle complaints and reports on the security of network information .

Supervision and inspection network operators to network and Information Department and relevant departments according to law , shall cooperate .

Article 50   National Grid and other departments concerned to fulfill the letter of network information security supervision and administration according to law , found legal , information and administrative regulations prohibit the release or transfer , should be required to stop the transmission network operator , to take measures to eliminate the disposal, etc. , keep the relevant records ; the above information comes from outside the People’s Republic of China , it shall notify the relevant agencies to take technical measures and other necessary measures to interrupt transmission .

Chapter 5 Monitoring Early Warning and Emergency Handling

Article 51 The   State shall establish a network security monitoring and early warning and information communication system . The national network letter department should coordinate the relevant departments to strengthen the network security information collection , analysis and notification work , in accordance with the provisions of unified release of network security monitoring and early warning information .

Article 52   is responsible for critical information infrastructure security affairs , shall establish and improve the industry , network security monitoring and early warning and communications systems in the art , and network security monitoring and early warning information submitted in accordance with the provisions .

Article 53   National Grid and Information Department to coordinate relevant departments to establish and improve network security risk assessment and emergency response mechanisms , the development of network security emergency response plan , and regular exercise .

Responsible for key information infrastructure security work departments should develop the industry , the field of network security incident contingency plans , and regularly organize exercises .

Network security emergency response plan should be in accordance with the degree of harm after the incident , the network security incidents were graded sphere of influence and other factors , and provides the appropriate emergency measures .

Article 54   of network security event that occurs when the risk increases , the provincial people’s governments shall, in accordance with statutory authorities and procedures , and the characteristics of the network security risks and possible harm , take the following measures :

( A ) asked the relevant authorities , institutions and personnel timely collection , reporting information , strengthening the monitoring of network security risks ;

( Two ) organizational departments , agencies and professionals , network security risk assessment information for analysis , predicting the likelihood of events , the scope and extent of harm ;

( C ) to the community release network security risk early warning , release to avoid , reduce the harm measures .

Article 55   of network security incidents , should immediately start emergency response plan network security , network security incident investigation and assessment , require network operators to take technical measures and other necessary measures , to eliminate safety hazards , prevent harm to expand , and in a timely manner Publish public-related warning messages to the community .

Article 56  above the provincial level people’s governments in the implementation of network safety supervision and management responsibilities , found that there is a big security risk or network security incidents , be in accordance with the authority and procedures of the legal representative of the network operator’s Person or main person in charge . The network operator shall take measures as required and carry out rectification and rectification to eliminate the hidden danger .

Article 57  because of network security incidents , the occurrence of unexpected events or production safety accidents , should be in accordance with the ” Emergency Response Law of People’s Republic of China “, ” Production Safety Law of People’s Republic of China ,” the relevant laws and so on , disposal and administrative regulations The

Article 58 for the maintenance of national security and public order , require major emergency incidents disposal of social security , the State Council decision or approval , can take temporary measures such as limiting network traffic in a particular area .

Chapter VI Legal Liability

Article 59 Where the   network operator fails to perform the obligations of the network security protection stipulated in Article 21 and Article 25 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refusing to correct or cause harm to the network security and other consequences of , at 100,000 yuan fine of $ 10,000 or more , the person directly responsible for the 50,000 yuan fine of $ 5,000 or more .

If the operator of the key information infrastructure fails to perform the obligations of the network security protection as prescribed in Article 33 , Article 34 , Article 36 and Article 38 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refuse to correct or cause harm network security consequences , at 1,000,000 yuan fine of $ 100,000 or more , the person directly responsible for at 100,000 yuan fine of $ 10,000 or more .

Article 60   in violation of the first paragraph of Article 22 of this Law , (2) and the first paragraph Article 48 , any of the following acts , ordered by the competent department of corrections , give a warning ; refuse to correct Or cause harm to the network security and other consequences , at 50,000 yuan to more than 500,000 yuan fine , the person in charge directly responsible for more than 10,000 yuan more than 100,000 yuan fine :

( A ) set up malicious programs ;

( Two ) of their products , security flaws services , risk exposure and other remedial measures are not taken immediately , or failing to promptly inform the user of the report to the relevant authorities ;

( 3 ) to terminate the security of its products and services .

Article 61   network operators who violate the provisions of Article 24 first paragraph , did not require users to provide real identity information , or provide related services for the user does not provide real identity information , by the competent authorities ordered to make corrections ; or refuse to correct the circumstances are serious , at five hundred thousand fine of $ 50,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , directly responsible for The person in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 62  in violation of Article 26 of this Law , to carry out certification of network security , detection , risk assessment and other activities , or to the public distribution system vulnerability , computer viruses , network attacks , network intrusions and other network security information , by the relevant the competent department shall order correction , given a warning ; refuse to correct or circumstances are serious , at 100,000 yuan fine of $ 10,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoked or related business license revoke the business license , the persons in charge and other directly responsible personnel directly responsible for 50,000 yuan fine of $ 5,000 or more .

Article 63   violation of Article 27 of this Law , engaged in activities that endanger network security , or to provide dedicated program to endanger network security activities , tools , technical support, or to endanger the security of network activity for others , advertising , payment settlement and other help , not constitute a crime , the public security authorities confiscate the illegal income , 5 days detention , can fine of over 50,000 yuan to 500,000 yuan fine ; the circumstances are serious , at least five days 15 days of detention , and may impose a fine of not less than 100,000 yuan but not more than one million yuan .

Units with the conduct of , the public security authorities confiscate the illegal income , at a fine of one million yuan more than 100,000 yuan , and directly in charge and other directly responsible personnel shall be punished in accordance with the preceding paragraph .

Violation of Article 27 of this Law , subject to administrative penalties for public security personnel , shall not engage in network security management and network operators work in key positions within five years ; people subject to criminal punishment , he may not engage in key positions in operations and network security management network Work .

Article 64 A  provider of a network operator , a network product or service shall , in violation of the provisions of Article 22 , paragraph 3 , and Article 41 to Article 43 of this Law , violate the right of the personal information to be protected according to law , ordered to make corrections by the competent authorities , can be a warning or a fine according to the seriousness single office , confiscate the illegal income , illegal income more than doubled a fine of ten times , there is no illegal income , at a fine of one million yuan , directly responsible Supervisors and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan ; if the circumstances are serious , they may order to suspend the relevant business , suspend business for rectification , close the website , revoke the relevant business license or revoke the business license .

Violation of the provisions of Article 44 of this Law , theft or other illegal means to obtain , illegally sell or illegally provide personal information to others , does not constitute a crime , the public security organs confiscated the illegal income , and more than double the illegal income ten times If there is no illegal income , a fine of not more than one million yuan shall be imposed .

Article 65 of the   critical information infrastructure of operators in violation of the provisions of Article 35 of this Law , used without safety review or not to review the security of the network through a product or service , by the competent authorities ordered to stop using , at the purchase amount More than ten times the fine ; the person directly in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 66   critical information infrastructure operators in violation of the provisions of Article 37 of this Law , outside the network data storage , or network data provided to the outside , ordered to make corrections by the competent authorities , be given a warning , confiscate the illegal income , of fifty yuan fine of $ 50,000 or more , and may be ordered to suspend the business , ordered to stop , to close the site , revoke the relevant business license or revoke the business license ; in charge and other directly responsible personnel directly responsible yuan and not Fine of not more than 100,000 yuan .

Article 67   in violation of the provisions of Article 46 of this Law , the website set up for the implementation of criminal activities , distribution group , or use the Internet release of information related to the implementation of criminal activities , does not constitute a crime , the public security organs 5 days detention , can impose a fine of 100,000 yuan ; the circumstances are serious , at least five days custody for 15 days or less , you can fine of over 50,000 yuan to 500,000 yuan fine . Close the website for the implementation of criminal activities , communication groups .

If the unit has the preceding paragraph , the public security organ shall be fined not less than 100,000 yuan but not more than 500,000 yuan , and shall be punished in accordance with the provisions of the preceding paragraph for the person directly in charge and other directly responsible persons .

Article 68  network operators in violation of the provisions of Article 47 of this Law , legal , administrative regulations prohibit the release or transfer of information transmission is not stopped , to take measures to eliminate the disposal, etc. , keep the relevant records , ordered by the competent department of corrections , given a warning , confiscation of illegal gains ; refuse to correct or circumstances are serious , at 500,000 yuan more than 100,000 yuan , and can be ordered to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , A fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed on the person directly in charge and other directly responsible persons .

Electronic messaging services provider , application software download service providers , non-compliance and safety management obligations specified in the second paragraph of Article 48 of this Law , in accordance with the preceding paragraph shall be punished .

Article 69   network operators in violation of the provisions of this Act , any of the following acts , by the competent authorities shall order rectification ; refuse to correct or circumstances are serious , at 500,000 Yuan more than 50,000 yuan , directly responsible for the charge and other directly responsible personnel , at one million yuan to 100,000 yuan fine :

( A ) not in accordance with the requirements of the relevant departments of the law , administrative regulations prohibit the release or the information’s transmission , taken to stop transmission , disposal measures to eliminate such ;

( 2 ) refusing or hindering the supervision and inspection carried out by the relevant departments according to law ;

( 3 ) refusing to provide technical support and assistance to the public security organs and the state security organs .

Article 70  issued or transmitted in Article 12 (2) and other laws , administrative regulations prohibit the release or transfer of information , in accordance with relevant laws , penalties and administrative regulations .

Article 71   of this Law prescribed offenses , in accordance with relevant laws , administrative regulations credited to the credit files , and to be publicized .

Article 72 Where  an operator of a government organ of a state organ fails to perform its obligations under the provisions of this Law , it shall be ordered by its superior organ or the relevant organ to make corrections , and the directly responsible person in charge and other directly responsible persons shall be punished according to law .

Article 73  Network and Information Department and relevant departments in violation of the provisions of Article 30 of this Law , the information acquired in the performance of network security protection responsibilities for other purposes , given to the persons in charge and other directly responsible personnel directly responsible according to law Punish .

The network department and the relevant departments of the staff neglected duty , abuse of power , favoritism , does not constitute a crime , according to the law to give punishment .

Article 74 Whoever , in violation of the   provisions of this Law , causes damage to others , shall bear civil liability according to law .

Violation of the provisions of this Law , constitute a violation of public security management behavior , according to the law to give security management punishment ; constitute a crime , shall be held criminally responsible .

Article 75   The organs , organizations and individuals engaged in activities , such as attack , intrusion , interference or destruction , which violate the key information infrastructure of the People’s Republic of China , cause serious consequences, and shall hold legal liabilities according to law ; the public security departments and relevant departments of the State Council the institution may decide , organize , to freeze property or other necessary personal sanctions .

Chapter VII Supplementary Provisions

Article 76   The meaning of the following terms in this Law :

( A ) network , refers to a computer or other information terminals and associated equipment consisting of the information collected in accordance with certain rules and procedures , storage , transmission , switching , the system processing .

( Two ) network security , refers to taking the necessary measures , to prevent attacks on the network , intrusion , interference , destruction and illegal use and accidents , the network is in a state of stable and reliable operation , integrity, and protect network data , privacy , The ability to be available .

( C ) network operators , refers to the network of owners , managers and network service providers .

( D ) network data , refers to the network through the collection , storage , transmission , processing and production of various electronic data .

( Five ) personal information , refer to various identification information can be used alone or in combination with other natural personal identity information electronically recorded or otherwise , including but not limited to a natural person’s name , date of birth , ID number , personal biometric information , Address , telephone number and so on .

Article 77 The   storage , processing network information involving state secrets operational security , in addition shall comply with this Act , shall also comply with privacy laws , administrative regulations .

Article 78   security protection of military networks , otherwise provided by the Central Military Commission .

Article 79   of this Law since 2017  6 June 1 from the date of implementation .

Original mandarin Chinese:

目    录

    第一章  总    则

第二章  网络安全支持与促进

第三章  网络运行安全

第一节  一般规定

第二节  关键信息基础设施的运行安全

第四章  网络信息安全

第五章  监测预警与应急处置

第六章  法律责任

第七章  附    则

第一章  总    则

第一条  为了保障网络安全,维护网络空间主权和国家安全、社会公共利益,保护公民、法人和其他组织的合法权益,促进经济社会信息化健康发展,制定本法。

第二条  在中华人民共和国境内建设、运营、维护和使用网络,以及网络安全的监督管理,适用本法。

第三条  国家坚持网络安全与信息化发展并重,遵循积极利用、科学发展、依法管理、确保安全的方针,推进网络基础设施建设和互联互通,鼓励网络技术创新和应用,支持培养网络安全人才,建立健全网络安全保障体系,提高网络安全保护能力。

第四条  国家制定并不断完善网络安全战略,明确保障网络安全的基本要求和主要目标,提出重点领域的网络安全政策、工作任务和措施。

第五条  国家采取措施,监测、防御、处置来源于中华人民共和国境内外的网络安全风险和威胁,保护关键信息基础设施免受攻击、侵入、干扰和破坏,依法惩治网络违法犯罪活动,维护网络空间安全和秩序。

第六条  国家倡导诚实守信、健康文明的网络行为,推动传播社会主义核心价值观,采取措施提高全社会的网络安全意识和水平,形成全社会共同参与促进网络安全的良好环境。

第七条  国家积极开展网络空间治理、网络技术研发和标准制定、打击网络违法犯罪等方面的国际交流与合作,推动构建和平、安全、开放、合作的网络空间,建立多边、民主、透明的网络治理体系。

第八条  国家网信部门负责统筹协调网络安全工作和相关监督管理工作。国务院电信主管部门、公安部门和其他有关机关依照本法和有关法律、行政法规的规定,在各自职责范围内负责网络安全保护和监督管理工作。

县级以上地方人民政府有关部门的网络安全保护和监督管理职责,按照国家有关规定确定。

第九条  网络运营者开展经营和服务活动,必须遵守法律、行政法规,尊重社会公德,遵守商业道德,诚实信用,履行网络安全保护义务,接受政府和社会的监督,承担社会责任。

第十条  建设、运营网络或者通过网络提供服务,应当依照法律、行政法规的规定和国家标准的强制性要求,采取技术措施和其他必要措施,保障网络安全、稳定运行,有效应对网络安全事件,防范网络违法犯罪活动,维护网络数据的完整性、保密性和可用性。

第十一条  网络相关行业组织按照章程,加强行业自律,制定网络安全行为规范,指导会员加强网络安全保护,提高网络安全保护水平,促进行业健康发展。

第十二条  国家保护公民、法人和其他组织依法使用网络的权利,促进网络接入普及,提升网络服务水平,为社会提供安全、便利的网络服务,保障网络信息依法有序自由流动。

任何个人和组织使用网络应当遵守宪法法律,遵守公共秩序,尊重社会公德,不得危害网络安全,不得利用网络从事危害国家安全、荣誉和利益,煽动颠覆国家政权、推翻社会主义制度,煽动分裂国家、破坏国家统一,宣扬恐怖主义、极端主义,宣扬民族仇恨、民族歧视,传播暴力、淫秽色情信息,编造、传播虚假信息扰乱经济秩序和社会秩序,以及侵害他人名誉、隐私、知识产权和其他合法权益等活动。

第十三条  国家支持研究开发有利于未成年人健康成长的网络产品和服务,依法惩治利用网络从事危害未成年人身心健康的活动,为未成年人提供安全、健康的网络环境。

第十四条  任何个人和组织有权对危害网络安全的行为向网信、电信、公安等部门举报。收到举报的部门应当及时依法作出处理;不属于本部门职责的,应当及时移送有权处理的部门。

有关部门应当对举报人的相关信息予以保密,保护举报人的合法权益。

第二章  网络安全支持与促进

第十五条  国家建立和完善网络安全标准体系。国务院标准化行政主管部门和国务院其他有关部门根据各自的职责,组织制定并适时修订有关网络安全管理以及网络产品、服务和运行安全的国家标准、行业标准。

国家支持企业、研究机构、高等学校、网络相关行业组织参与网络安全国家标准、行业标准的制定。

第十六条  国务院和省、自治区、直辖市人民政府应当统筹规划,加大投入,扶持重点网络安全技术产业和项目,支持网络安全技术的研究开发和应用,推广安全可信的网络产品和服务,保护网络技术知识产权,支持企业、研究机构和高等学校等参与国家网络安全技术创新项目。

第十七条  国家推进网络安全社会化服务体系建设,鼓励有关企业、机构开展网络安全认证、检测和风险评估等安全服务。

第十八条  国家鼓励开发网络数据安全保护和利用技术,促进公共数据资源开放,推动技术创新和经济社会发展。

国家支持创新网络安全管理方式,运用网络新技术,提升网络安全保护水平。

第十九条  各级人民政府及其有关部门应当组织开展经常性的网络安全宣传教育,并指导、督促有关单位做好网络安全宣传教育工作。

大众传播媒介应当有针对性地面向社会进行网络安全宣传教育。

第二十条  国家支持企业和高等学校、职业学校等教育培训机构开展网络安全相关教育与培训,采取多种方式培养网络安全人才,促进网络安全人才交流。

第三章  网络运行安全

第一节 一般规定

第二十一条  国家实行网络安全等级保护制度。网络运营者应当按照网络安全等级保护制度的要求,履行下列安全保护义务,保障网络免受干扰、破坏或者未经授权的访问,防止网络数据泄露或者被窃取、篡改:

(一)制定内部安全管理制度和操作规程,确定网络安全负责人,落实网络安全保护责任;

(二)采取防范计算机病毒和网络攻击、网络侵入等危害网络安全行为的技术措施;

(三)采取监测、记录网络运行状态、网络安全事件的技术措施,并按照规定留存相关的网络日志不少于六个月;

(四)采取数据分类、重要数据备份和加密等措施;

(五)法律、行政法规规定的其他义务。

第二十二条  网络产品、服务应当符合相关国家标准的强制性要求。网络产品、服务的提供者不得设置恶意程序;发现其网络产品、服务存在安全缺陷、漏洞等风险时,应当立即采取补救措施,按照规定及时告知用户并向有关主管部门报告。

网络产品、服务的提供者应当为其产品、服务持续提供安全维护;在规定或者当事人约定的期限内,不得终止提供安全维护。

网络产品、服务具有收集用户信息功能的,其提供者应当向用户明示并取得同意;涉及用户个人信息的,还应当遵守本法和有关法律、行政法规关于个人信息保护的规定。

第二十三条  网络关键设备和网络安全专用产品应当按照相关国家标准的强制性要求,由具备资格的机构安全认证合格或者安全检测符合要求后,方可销售或者提供。国家网信部门会同国务院有关部门制定、公布网络关键设备和网络安全专用产品目录,并推动安全认证和安全检测结果互认,避免重复认证、检测。

第二十四条  网络运营者为用户办理网络接入、域名注册服务,办理固定电话、移动电话等入网手续,或者为用户提供信息发布、即时通讯等服务,在与用户签订协议或者确认提供服务时,应当要求用户提供真实身份信息。用户不提供真实身份信息的,网络运营者不得为其提供相关服务。

国家实施网络可信身份战略,支持研究开发安全、方便的电子身份认证技术,推动不同电子身份认证之间的互认。

第二十五条  网络运营者应当制定网络安全事件应急预案,及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风险;在发生危害网络安全的事件时,立即启动应急预案,采取相应的补救措施,并按照规定向有关主管部门报告。

第二十六条  开展网络安全认证、检测、风险评估等活动,向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息,应当遵守国家有关规定。

第二十七条  任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动;不得提供专门用于从事侵入网络、干扰网络正常功能及防护措施、窃取网络数据等危害网络安全活动的程序、工具;明知他人从事危害网络安全的活动的,不得为其提供技术支持、广告推广、支付结算等帮助。

第二十八条  网络运营者应当为公安机关、国家安全机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助。

第二十九条  国家支持网络运营者之间在网络安全信息收集、分析、通报和应急处置等方面进行合作,提高网络运营者的安全保障能力。

有关行业组织建立健全本行业的网络安全保护规范和协作机制,加强对网络安全风险的分析评估,定期向会员进行风险警示,支持、协助会员应对网络安全风险。

第三十条  网信部门和有关部门在履行网络安全保护职责中获取的信息,只能用于维护网络安全的需要,不得用于其他用途。

第二节 关键信息基础设施的运行安全

第三十一条  国家对公共通信和信息服务、能源、交通、水利、金融、公共服务、电子政务等重要行业和领域,以及其他一旦遭到破坏、丧失功能或者数据泄露,可能严重危害国家安全、国计民生、公共利益的关键信息基础设施,在网络安全等级保护制度的基础上,实行重点保护。关键信息基础设施的具体范围和安全保护办法由国务院制定。

国家鼓励关键信息基础设施以外的网络运营者自愿参与关键信息基础设施保护体系。

第三十二条  按照国务院规定的职责分工,负责关键信息基础设施安全保护工作的部门分别编制并组织实施本行业、本领域的关键信息基础设施安全规划,指导和监督关键信息基础设施运行安全保护工作。

第三十三条  建设关键信息基础设施应当确保其具有支持业务稳定、持续运行的性能,并保证安全技术措施同步规划、同步建设、同步使用。

第三十四条  除本法第二十一条的规定外,关键信息基础设施的运营者还应当履行下列安全保护义务:

(一)设置专门安全管理机构和安全管理负责人,并对该负责人和关键岗位的人员进行安全背景审查;

(二)定期对从业人员进行网络安全教育、技术培训和技能考核;

(三)对重要系统和数据库进行容灾备份;

(四)制定网络安全事件应急预案,并定期进行演练;

(五)法律、行政法规规定的其他义务。

第三十五条  关键信息基础设施的运营者采购网络产品和服务,可能影响国家安全的,应当通过国家网信部门会同国务院有关部门组织的国家安全审查。

第三十六条  关键信息基础设施的运营者采购网络产品和服务,应当按照规定与提供者签订安全保密协议,明确安全和保密义务与责任。

第三十七条  关键信息基础设施的运营者在中华人民共和国境内运营中收集和产生的个人信息和重要数据应当在境内存储。因业务需要,确需向境外提供的,应当按照国家网信部门会同国务院有关部门制定的办法进行安全评估;法律、行政法规另有规定的,依照其规定。

第三十八条  关键信息基础设施的运营者应当自行或者委托网络安全服务机构对其网络的安全性和可能存在的风险每年至少进行一次检测评估,并将检测评估情况和改进措施报送相关负责关键信息基础设施安全保护工作的部门。

第三十九条  国家网信部门应当统筹协调有关部门对关键信息基础设施的安全保护采取下列措施:

(一)对关键信息基础设施的安全风险进行抽查检测,提出改进措施,必要时可以委托网络安全服务机构对网络存在的安全风险进行检测评估;

(二)定期组织关键信息基础设施的运营者进行网络安全应急演练,提高应对网络安全事件的水平和协同配合能力;

(三)促进有关部门、关键信息基础设施的运营者以及有关研究机构、网络安全服务机构等之间的网络安全信息共享;

(四)对网络安全事件的应急处置与网络功能的恢复等,提供技术支持和协助。

第四章  网络信息安全

第四十条  网络运营者应当对其收集的用户信息严格保密,并建立健全用户信息保护制度。

第四十一条  网络运营者收集、使用个人信息,应当遵循合法、正当、必要的原则,公开收集、使用规则,明示收集、使用信息的目的、方式和范围,并经被收集者同意。

网络运营者不得收集与其提供的服务无关的个人信息,不得违反法律、行政法规的规定和双方的约定收集、使用个人信息,并应当依照法律、行政法规的规定和与用户的约定,处理其保存的个人信息。

第四十二条  网络运营者不得泄露、篡改、毁损其收集的个人信息;未经被收集者同意,不得向他人提供个人信息。但是,经过处理无法识别特定个人且不能复原的除外。

网络运营者应当采取技术措施和其他必要措施,确保其收集的个人信息安全,防止信息泄露、毁损、丢失。在发生或者可能发生个人信息泄露、毁损、丢失的情况时,应当立即采取补救措施,按照规定及时告知用户并向有关主管部门报告。

第四十三条  个人发现网络运营者违反法律、行政法规的规定或者双方的约定收集、使用其个人信息的,有权要求网络运营者删除其个人信息;发现网络运营者收集、存储的其个人信息有错误的,有权要求网络运营者予以更正。网络运营者应当采取措施予以删除或者更正。

第四十四条  任何个人和组织不得窃取或者以其他非法方式获取个人信息,不得非法出售或者非法向他人提供个人信息。

第四十五条  依法负有网络安全监督管理职责的部门及其工作人员,必须对在履行职责中知悉的个人信息、隐私和商业秘密严格保密,不得泄露、出售或者非法向他人提供。

第四十六条  任何个人和组织应当对其使用网络的行为负责,不得设立用于实施诈骗,传授犯罪方法,制作或者销售违禁物品、管制物品等违法犯罪活动的网站、通讯群组,不得利用网络发布涉及实施诈骗,制作或者销售违禁物品、管制物品以及其他违法犯罪活动的信息。

第四十七条  网络运营者应当加强对其用户发布的信息的管理,发现法律、行政法规禁止发布或者传输的信息的,应当立即停止传输该信息,采取消除等处置措施,防止信息扩散,保存有关记录,并向有关主管部门报告。

第四十八条  任何个人和组织发送的电子信息、提供的应用软件,不得设置恶意程序,不得含有法律、行政法规禁止发布或者传输的信息。

电子信息发送服务提供者和应用软件下载服务提供者,应当履行安全管理义务,知道其用户有前款规定行为的,应当停止提供服务,采取消除等处置措施,保存有关记录,并向有关主管部门报告。

第四十九条  网络运营者应当建立网络信息安全投诉、举报制度,公布投诉、举报方式等信息,及时受理并处理有关网络信息安全的投诉和举报。

网络运营者对网信部门和有关部门依法实施的监督检查,应当予以配合。

第五十条  国家网信部门和有关部门依法履行网络信息安全监督管理职责,发现法律、行政法规禁止发布或者传输的信息的,应当要求网络运营者停止传输,采取消除等处置措施,保存有关记录;对来源于中华人民共和国境外的上述信息,应当通知有关机构采取技术措施和其他必要措施阻断传播。

第五章  监测预警与应急处置

第五十一条  国家建立网络安全监测预警和信息通报制度。国家网信部门应当统筹协调有关部门加强网络安全信息收集、分析和通报工作,按照规定统一发布网络安全监测预警信息。

第五十二条  负责关键信息基础设施安全保护工作的部门,应当建立健全本行业、本领域的网络安全监测预警和信息通报制度,并按照规定报送网络安全监测预警信息。

第五十三条  国家网信部门协调有关部门建立健全网络安全风险评估和应急工作机制,制定网络安全事件应急预案,并定期组织演练。

负责关键信息基础设施安全保护工作的部门应当制定本行业、本领域的网络安全事件应急预案,并定期组织演练。

网络安全事件应急预案应当按照事件发生后的危害程度、影响范围等因素对网络安全事件进行分级,并规定相应的应急处置措施。

第五十四条  网络安全事件发生的风险增大时,省级以上人民政府有关部门应当按照规定的权限和程序,并根据网络安全风险的特点和可能造成的危害,采取下列措施:

(一)要求有关部门、机构和人员及时收集、报告有关信息,加强对网络安全风险的监测;

(二)组织有关部门、机构和专业人员,对网络安全风险信息进行分析评估,预测事件发生的可能性、影响范围和危害程度;

(三)向社会发布网络安全风险预警,发布避免、减轻危害的措施。

第五十五条  发生网络安全事件,应当立即启动网络安全事件应急预案,对网络安全事件进行调查和评估,要求网络运营者采取技术措施和其他必要措施,消除安全隐患,防止危害扩大,并及时向社会发布与公众有关的警示信息。

第五十六条  省级以上人民政府有关部门在履行网络安全监督管理职责中,发现网络存在较大安全风险或者发生安全事件的,可以按照规定的权限和程序对该网络的运营者的法定代表人或者主要负责人进行约谈。网络运营者应当按照要求采取措施,进行整改,消除隐患。

第五十七条  因网络安全事件,发生突发事件或者生产安全事故的,应当依照《中华人民共和国突发事件应对法》、《中华人民共和国安全生产法》等有关法律、行政法规的规定处置。

第五十八条 因维护国家安全和社会公共秩序,处置重大突发社会安全事件的需要,经国务院决定或者批准,可以在特定区域对网络通信采取限制等临时措施。

第六章  法律责任

第五十九条  网络运营者不履行本法第二十一条、第二十五条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处一万元以上十万元以下罚款,对直接负责的主管人员处五千元以上五万元以下罚款。

关键信息基础设施的运营者不履行本法第三十三条、第三十四条、第三十六条、第三十八条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处十万元以上一百万元以下罚款,对直接负责的主管人员处一万元以上十万元以下罚款。

第六十条  违反本法第二十二条第一款、第二款和第四十八条第一款规定,有下列行为之一的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处五万元以上五十万元以下罚款,对直接负责的主管人员处一万元以上十万元以下罚款:

(一)设置恶意程序的;

(二)对其产品、服务存在的安全缺陷、漏洞等风险未立即采取补救措施,或者未按照规定及时告知用户并向有关主管部门报告的;

(三)擅自终止为其产品、服务提供安全维护的。

第六十一条  网络运营者违反本法第二十四条第一款规定,未要求用户提供真实身份信息,或者对不提供真实身份信息的用户提供相关服务的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十二条  违反本法第二十六条规定,开展网络安全认证、检测、风险评估等活动,或者向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息的,由有关主管部门责令改正,给予警告;拒不改正或者情节严重的,处一万元以上十万元以下罚款,并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处五千元以上五万元以下罚款。

第六十三条  违反本法第二十七条规定,从事危害网络安全的活动,或者提供专门用于从事危害网络安全活动的程序、工具,或者为他人从事危害网络安全的活动提供技术支持、广告推广、支付结算等帮助,尚不构成犯罪的,由公安机关没收违法所得,处五日以下拘留,可以并处五万元以上五十万元以下罚款;情节较重的,处五日以上十五日以下拘留,可以并处十万元以上一百万元以下罚款。

单位有前款行为的,由公安机关没收违法所得,处十万元以上一百万元以下罚款,并对直接负责的主管人员和其他直接责任人员依照前款规定处罚。

违反本法第二十七条规定,受到治安管理处罚的人员,五年内不得从事网络安全管理和网络运营关键岗位的工作;受到刑事处罚的人员,终身不得从事网络安全管理和网络运营关键岗位的工作。

第六十四条  网络运营者、网络产品或者服务的提供者违反本法第二十二条第三款、第四十一条至第四十三条规定,侵害个人信息依法得到保护的权利的,由有关主管部门责令改正,可以根据情节单处或者并处警告、没收违法所得、处违法所得一倍以上十倍以下罚款,没有违法所得的,处一百万元以下罚款,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款;情节严重的,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照。

违反本法第四十四条规定,窃取或者以其他非法方式获取、非法出售或者非法向他人提供个人信息,尚不构成犯罪的,由公安机关没收违法所得,并处违法所得一倍以上十倍以下罚款,没有违法所得的,处一百万元以下罚款。

第六十五条  关键信息基础设施的运营者违反本法第三十五条规定,使用未经安全审查或者安全审查未通过的网络产品或者服务的,由有关主管部门责令停止使用,处采购金额一倍以上十倍以下罚款;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十六条  关键信息基础设施的运营者违反本法第三十七条规定,在境外存储网络数据,或者向境外提供网络数据的,由有关主管部门责令改正,给予警告,没收违法所得,处五万元以上五十万元以下罚款,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十七条  违反本法第四十六条规定,设立用于实施违法犯罪活动的网站、通讯群组,或者利用网络发布涉及实施违法犯罪活动的信息,尚不构成犯罪的,由公安机关处五日以下拘留,可以并处一万元以上十万元以下罚款;情节较重的,处五日以上十五日以下拘留,可以并处五万元以上五十万元以下罚款。关闭用于实施违法犯罪活动的网站、通讯群组。

单位有前款行为的,由公安机关处十万元以上五十万元以下罚款,并对直接负责的主管人员和其他直接责任人员依照前款规定处罚。

第六十八条  网络运营者违反本法第四十七条规定,对法律、行政法规禁止发布或者传输的信息未停止传输、采取消除等处置措施、保存有关记录的,由有关主管部门责令改正,给予警告,没收违法所得;拒不改正或者情节严重的,处十万元以上五十万元以下罚款,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

电子信息发送服务提供者、应用软件下载服务提供者,不履行本法第四十八条第二款规定的安全管理义务的,依照前款规定处罚。

第六十九条  网络运营者违反本法规定,有下列行为之一的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,对直接负责的主管人员和其他直接责任人员,处一万元以上十万元以下罚款:

(一)不按照有关部门的要求对法律、行政法规禁止发布或者传输的信息,采取停止传输、消除等处置措施的;

(二)拒绝、阻碍有关部门依法实施的监督检查的;

(三)拒不向公安机关、国家安全机关提供技术支持和协助的。

第七十条  发布或者传输本法第十二条第二款和其他法律、行政法规禁止发布或者传输的信息的,依照有关法律、行政法规的规定处罚。

第七十一条  有本法规定的违法行为的,依照有关法律、行政法规的规定记入信用档案,并予以公示。

第七十二条  国家机关政务网络的运营者不履行本法规定的网络安全保护义务的,由其上级机关或者有关机关责令改正;对直接负责的主管人员和其他直接责任人员依法给予处分。

第七十三条  网信部门和有关部门违反本法第三十条规定,将在履行网络安全保护职责中获取的信息用于其他用途的,对直接负责的主管人员和其他直接责任人员依法给予处分。

网信部门和有关部门的工作人员玩忽职守、滥用职权、徇私舞弊,尚不构成犯罪的,依法给予处分。

第七十四条  违反本法规定,给他人造成损害的,依法承担民事责任。

违反本法规定,构成违反治安管理行为的,依法给予治安管理处罚;构成犯罪的,依法追究刑事责任。

第七十五条  境外的机构、组织、个人从事攻击、侵入、干扰、破坏等危害中华人民共和国的关键信息基础设施的活动,造成严重后果的,依法追究法律责任;国务院公安部门和有关部门并可以决定对该机构、组织、个人采取冻结财产或者其他必要的制裁措施。

第七章  附    则

第七十六条  本法下列用语的含义:

(一)网络,是指由计算机或者其他信息终端及相关设备组成的按照一定的规则和程序对信息进行收集、存储、传输、交换、处理的系统。

(二)网络安全,是指通过采取必要措施,防范对网络的攻击、侵入、干扰、破坏和非法使用以及意外事故,使网络处于稳定可靠运行的状态,以及保障网络数据的完整性、保密性、可用性的能力。

(三)网络运营者,是指网络的所有者、管理者和网络服务提供者。

(四)网络数据,是指通过网络收集、存储、传输、处理和产生的各种电子数据。

(五)个人信息,是指以电子或者其他方式记录的能够单独或者与其他信息结合识别自然人个人身份的各种信息,包括但不限于自然人的姓名、出生日期、身份证件号码、个人生物识别信息、住址、电话号码等。

第七十七条  存储、处理涉及国家秘密信息的网络的运行安全保护,除应当遵守本法外,还应当遵守保密法律、行政法规的规定。

第七十八条  军事网络的安全保护,由中央军事委员会另行规定。

第七十九条  本法自2017年6月1日起施行。

Communist Party of China referring URL:

http://www.npc.gov.cn/npc/xinwen/2016-11/07/content_2001605.htm