Category Archives: 美國軍事網絡戰:黑客入侵防禦成為無菸的戰爭

Chinese Military Analysis of Cyber Space Deterrence – Important Strategic Points // 淺析網絡空間威懾的特徵、類型和運用要點

Chinese Analysis of Cyber Space Deterrence – Important Strategic Points


Chinese People’s Liberation Army Academy of Military Sciences Yuan Yi

January 04, 2016    

Editor’s note: When both opposing parties have the ability to ensure intrusion and damage to the other party’s network, they can bring about two-way network containment, making the two parties obliged to comply with the game rules that do not attack each other’s network under certain conditions, forming an invisible safety valve. Even international conventions or conventions that do not attack each other’s networks will be formed. The cyberspace has thus become a strategic area that can produce a huge deterrent effect. After the deterrence of cyberspace followed by nuclear deterrence, it began to enter the strategic vision of big country politicians and military strategists. Studying the characteristics, types, and points of use of cyberspace deterrence must be taken into consideration and necessary action by the Internet powers and the cyber force.

With the increasing dependence of human society on cyberspace, cyberspace has become the “second type of living space” for human production and life and the “fifth-dimensional combat space” for military confrontation. Countries around the world have fiercely competed for the dominant rights, control rights, and discourse power of cyberspace. The competition in the cyberspace has reached the level of human survival, national destiny, and success or failure of military struggles. Thinking about cyberspace deterrence capacity building has great practical and theoretical value.

First, analysis of the advantages and disadvantages of cyberspace deterrence

Cyberspace deterrence refers to the actions and actions taken in the cyberspace to demonstrate and control enemy cyberspace, and to control the enemy’s physical space through cross-domain cyberspace, so as to achieve the goal of destroying enemy forces, stopping the enemy, blocking the enemy, and preventing deterrence. A form of strategic deterrence for the enemy’s purpose. Compared with the physical space, the “virtual and real duality” of network space and the uniqueness of network warfare compared with traditional combat styles have determined that the advantages and disadvantages of cyberspace deterrence are very obvious.

(A) The advantages of cyberspace deterrence

The advantages of cyberspace deterrence are mainly reflected in the following: First, the deterrence approach has become more civilized and humane. Compared with nuclear, chemical, and chemical weapons based on physical, biological, and chemical killing mechanisms, the direct killing and destructive effects of cyber warfare weapons are much smaller than the former. Normally, they will not cause permanent damage and pollution to the natural environment, nor will they cause large numbers of people. Casualties and humanitarian disasters. Second, deterrence costs are inefficient. The network warfare weapons are dominated by viruses, Trojans and other software. The costs are relatively low, and the technical threshold is low. The destructive effects are rather alarming. The network defense points are multi-faceted, and they are hard to prevent. To increase the level of network security by one level, the input cost will increase exponentially. The contrast between the low cost of cyber offense and the high cost of cyber defense makes the offensive and defensive performance of the network a feature of “spirit shield”, and the cyber warfare weapon is thus called “the atomic bomb of the poor country”. The third is that deterrence methods are diverse and practical. The variety of cyber warfare weapons and the multiple goals of cyber attacks have determined that there are diversified cyberspace deterrent methods to choose from. The effects of cyberattacks are recoverable to a certain extent. As long as the application is properly implemented, the risk of causing war and escalating the war is relatively small. In a sense, the deterrence value of nuclear weapons is far greater than the value of actual combat, and cyber warfare weapons are both practical values ​​and deterrence values. Fourth, the use of repeatability and deterrence is strong. Once the “nuclear threshold” crosses, a full-scale nuclear war will erupt, and the two sides at the nuclear balance will fall into a state of mutual destruction. The easy implementation of nuclear deterrence, especially nuclear deterrence against non-nuclear countries, will also be condemned by international public opinion. These factors are all The use of nuclear deterrence is greatly limited. The deterrence of software and hardware and the controllable characteristics of cyberspace deter- mine the flexibility and control of deterrence in light of the changes and needs of the military struggle. It can be used in advance, used throughout, and used repeatedly. It has strong flexibility.

(B) Defects in cyberspace deterrence

The deterrence of cyberspace is mainly reflected in: First, the credibility of the deterrence effect has not been fully verified. The credibility of nuclear deterrence has been verified in actual combat. However, as of now, the real network war has not really exploded. People’s astonishing destructive power over cyber warfare is more of a speculation and worry. The real power of cyber warfare can only be convincing after being tested by actual combat. Second, the reliability of deterrence measures is not very high. Network warfare is a dynamic process of continuous offensive and defensive interaction between the two sides of the enemy and me. The characteristics of network confrontation and technicality determine that the network warfare attack has greater uncertainty and may not achieve the desired operational objectives, which will greatly reduce the effectiveness of deterrence. . For example, when the enemy performs cyberspace deterrence, if the enemy takes various effective defense measures in a timely manner, it will increase the difficulty of its own cyber attack and reduce the damage, and even lead to the failure of the attack. Third, the controllability of deterrence scope needs further improvement. As one of the important weapons of cyber warfare, viral weapons have strong dissemination, poor controllability, and a wide range of influence. It is difficult to launch targeted and targeted attacks on enemy computers and networks. If it can’t control its effective scope, it will spread to third-party neutral countries and even make itself a victim. As a result, the use of virus weapons suffers from the use of “imposed rats.” The fourth is the selective limitation of deterrence objects. Nuclear deterrence is clear and effective for any country, and the effectiveness of cyberspace deterrence has a lot to do with the level of informatization of enemy countries. Cyberspace deterrence is extremely effective for countries with a high degree of informatization, and for those underdeveloped countries with weak information infrastructure and weak network dependence, it is difficult for them to exert results, or even completely ineffective. Fifth, the organization of deterrence is relatively complicated. All nuclear powers in the world implement centralized and unified management of strategic nuclear forces. Command and control powers are highly centralized. When organizations implement nuclear deterrence operations, they can accurately control each combat unit, and the organization is well-executed. The implementation of the deterrence of cyberspace involves many forces such as investigation, control, defense, and control. It has many personnel and large scales and is scattered among different departments and units in the military and the military. It is very complicated to organize and it is difficult to form a synergy.

Second, the main types of cyberspace deterrence

The cyberspace deterrence includes four types: cyberspace technology test deterrence, cyberspace equipment demonstration deterrence, cyberspace operational deterrence deterrence, and cyberspace operational deterrence. Among them, the first three are demonstrative deterrence, and the latter is actual deterrence.

(A) Cyberspace Technology Test Deterrence

The cyberspace technology test deterrence is a field in the field of cyber warfare. It constantly conducts preliminary exploratory experiments on new concepts of warfare, new experiments on the effectiveness of attack mechanisms and tactics, and practical experiments on the weaponization of new technologies. The outside world is disclosed to demonstrate its strong strength in the basic research of information technology and its enormous potential for transforming it into a cyber warfare capability to achieve deterrence. At present, network offensive and defensive technology is still developing rapidly. A breakthrough in a key technology will often have a significant impact on cyberspace security and operations, and even lead to revolutionary changes. Whoever preempts the strategic commanding heights of the network offensive and defensive technology, who will be able to achieve a clear advantage in the future of network warfare.

(B) Cyberspace Equipment Demonstration

The demonstration of cyberspace equipment deterrence is the development of network warfare equipment development planning, technology development, target testing, stereotyped production and other development stages. According to the needs of the appropriate disclosure of network warfare equipment models, performance, characteristics, parameters and development schedule, etc. Reach the purpose of deterring opponents. There are two main ways: one is through public disclosure in official media such as national defense white papers, diplomatic bulletins, and newspapers, periodicals, and large-scale websites; and the other is through online social media or other unofficial. The channel has deliberately leaked equipment-related information and implemented hidden deterrence. The cyber space equipment demonstrates deterrence. On the one hand, it can invent new cyber-warfare equipment with new mechanisms and new concepts and render its unique combat capabilities. On the other hand, it can deliberately exaggerate the operational effectiveness of existing cyber warfare equipment. There are facts in the virtual reality, there is something in the real, and the implementation of fuzzy policies, so that the other party can not understand their true situation and strength, resulting in fear and jealousy. For example, the U.S. military’s “Shuute” on-board network power system has been put into practical use several times and poses a serious threat to the air defense systems of its hostile countries. However, its basic principles, working mechanisms, and combat technical indicators have not been publicly disclosed. It has not been completely mastered by other countries and has remained in a state of secrecy. It is difficult to distinguish between reality and reality and has played a very good deterrent effect.

(3) Deterrence in cyberspace operations exercises

The deterrence of cyberspace operations exercises is to conduct drills in cyberspace through virtual or virtual methods, and use various media channels to show potential war opponents their own cyber warfighting capabilities, strengths and determinations in order to achieve deterrence. Cyberspace operations can be divided into two kinds: actual drills and virtual exercises. The former is usually carried out nationwide or in alliance with allies, and is generally based on the joint exercise of military space and space defense operations. In recent years, the United States and its allies have held “Network Storm” series of cyber warfare exercises and “Shriver” series of space-network space exercises, which have demonstrated the mobilization strength, overall defense level, and the implementation of cyber warfare. Determination. The latter is usually held at the national large-scale network integrated shooting range, and is generally based on the offensive actions of the military professional cyber warfare forces.

(D) Deterrence in cyberspace operations

The deterrence of cyberspace operations is the actual deterrence of attacking specific opponents by deterring opponents with certain attacks. There are two opportunities for its use: First, when one’s own side is aware that the enemy is about to wage a war on one’s own side, one’s own choice of the key cyber targets of the enemy’s key defenses will be targeted to combat them, and preventive and deterrent deterrence will be implemented; When the Party initiates a tentative cyber attack on its own side and implements cyberspace deterrence, it must immediately conduct effective retaliatory and disciplinary deterrence. There are many types of cyber warfare operations that have deterrent effects. For example, infiltrate the enemy’s telecommunications network, send a large number of anti-war messages to the enemy’s citizens, and attack the enemy’s power grid, resulting in a short-term blackout of major cities in the enemy’s power; attacking the enemy’s broadcast television networks and inserting their own broadcasts during prime time. Special video programs; etc.

Third, the use of cyberspace deterrence points

The general requirements for the use of cyberspace deterrence are: combination of wartime and warfare, with strength, actual display capability, and determination, strive to demonstrate deterrence with small battles, ensure deterrence with strikes, and achieve deterrence with a small price. Specifically, the following points should be achieved.

(A) Combination of peacetime and long-term preparation

“Frozen feet, not a cold day.” Successful implementation of cyberspace deterrence requires a combination of peacetime and warfare, and we must fully and carefully prepare for peacetime. The first is to conduct comprehensive and thorough network reconnaissance. Requires the combination of spying, reconnaissance and technical reconnaissance, wireless reconnaissance, and cable reconnaissance. Conduct long-term and continuous network reconnaissance of enemy network targets, gradually understand the basic conditions of the enemy’s network, draw a picture of its network topology, and in particular analyze and find all kinds of soft enemies. Hardware system vulnerabilities. The second is to conduct a large number of effective strategic presets. Using hacking methods, secretive infiltrate all types of networks through the use of system vulnerabilities or password cracking, leaving the back door, setting up a springboard machine, and laying down logic bombs and Trojans to set a breakthrough for launching cyber attacks in the future. The third is to conduct pre-prepared cyber defenses. When deterring cyberspace deterrence against the enemy, one must adjust the deployment of network defenses in advance, make the enemy’s pre-designed attack path, anticipate the use of system loopholes, and plan to implement an attack plan that is difficult to implement, or the effect of implementation is greatly reduced to minimize the enemy’s Losses caused by cyber retaliation.

(B) careful decision-making, control strength

Sun Tzu said: “The Lord must not anger and raise a teacher. Cyberspace deterrence is a strategic game behavior between countries, especially with deterrence and sensitivity. It must be rational, beneficial, and tangible. It must not be abused because of the low threshold of deterrence. Otherwise, its effect may be counter-productive. . Cyberspace deterrence has a high requirement for combat intensity control. On the one hand, if the intensity is too small, the enemy’s government and people will not have fear and will not achieve the deterrent effect they deserve. The other party may also use the same methods to implement anti-deterrence, eventually leading to confrontational escalation and deterring one’s own deterrence. On the other hand, if it is too strong, it will cause huge economic losses and casualties to the enemy countries. This will cause the condemnation of the international community and the hatred of the enemy governments and people. It may trigger the enemy’s use of conventional forces to carry out large-scale revenge. Nuclear countries may even Nuclear power may be used. This will not only stop the war but will also play a role in warfare.

(III) Unified command and careful organization

The implementation of the deterrence of cyberspace requires centralized command, unified planning, and good coordination. The first is meticulous organization of strength. Uniformly organize the four forces of military investigation, attack, defense, and control, and actively coordinate the strength of the cyber warfare forces of all parties to form a joint force. In particular, it is necessary to organize and coordinate the strength of civil non-professional cyber warfare, especially patriotic hacking, so that there can be no phenomenon of “blindness” so as to avoid triggering friction, escalating fire, causing an escalation of cyber warfare, or prematurely exposing attack intentions and giving people a handle. , leading to uncontrollable situations or failure of operations. The second is to select the target. Should choose a wide range of influence, easy to produce a clear deterrent effect of the goal. For example, broadcast television channels with the highest ratings, portals with a large number of visitors, and wireless communication networks with numerous users. It is not possible to choose attacks that are irrelevant, insignificant, and indifferent to the target. They can easily be mistaken for cybersecurity incidents created by ordinary hackers and do not achieve the desired deterrent effect. In addition, we must also consider the constraints of international law and war laws. We must not choose targets that are easy to cause humanitarian disasters. We should try our best not to select the network goals of railways, aviation, finance, and medical departments so as not to arouse condemnation and resentment from the international community and the people of the other side. The third is the precise control of the process. Prior to the deterrent strikes in cyberspace, it is necessary to publicize the momentum through extensive public opinion, issue warnings to the enemy countries, and declare the justice of their actions to the world in order to gain the understanding and support of international public opinion. In order to highlight the deterrent effect, one can highly announce the target of the enemy’s network to be attacked, break through the enemy’s layered network defenses, and implement a resolute and effective cyber attack. If necessary, the network attack effect can be resumed regularly to show its superiority. The cyber attack technology and means make the enemy’s decision makers and the public have a sense of frustration that is hard to defend and difficult to parry, thus forming a strong shock effect.

(4) Combining actual situation with actual situation, focusing on strategy

The grandson said that “it is not possible to show and not to use it,” and it is used to deter online space. Its main points are summarized as “showing without propaganda, advocating without showing.” “Indicating nothing” means that it is difficult to track and locate using cyber attacks and conduct cyber attacks on specific targets. However, it is not done for others to announce that they are doing their own thing. It not only demonstrates their own capabilities, but also makes the enemy’s suspicion of doing their own thing. However, there is no evidence and it cannot be pursued. “Proclaiming but not showing” is the publicity or inadvertent disclosure of the type, performance, and characteristics of the advanced cyber warfare equipment developed or fabricated by the company, deliberately exaggerating its combat effectiveness, falsifying facts, and integrating facts and facts, so that the enemy can’t understand its true strength. , resulting in a deterrent effect. The cyber warfare operations have the characteristics of difficulty in tracking and traceability and complexity in forensics. The initiating party can either admit or deny it, or push the responsibility to civil hacker organizations. (Source: China Information Security).

Original Communist Mandarin Chinese:






網絡空間威懾的優點,主要體現在:一是威懾方式更趨文明和人道。與基於物理、生物、化學殺傷機理的核生化武器相比,網絡戰武器的直接殺傷和破壞效應要遠小於前者,通常不會對自然環境造成永久性破壞和污染,也不會造成大量的人員傷亡,並引發人道主義災難。二是威懾成本低效費比高。網絡戰武器以病毒、木馬等軟件為主,成本相對低廉,技術門檻較低,而造成的破壞效果卻相當驚人。網絡防禦點多面廣,防不勝防,要網絡安全程度每提高一個等級,投入成本會呈指數級增加。網絡進攻的低成本與網絡防禦的高成本對比鮮明,使得網絡攻防呈現“矛尖盾薄”的特點,網絡戰武器因而被稱為“窮國的原子彈”。三是威懾手段多樣實用性強。網絡戰武器多種多樣,網絡攻擊目標多元,決定了有多樣化的網絡空間威懾手段可供選擇。網絡攻擊效果在一定程度上是可恢復的,只要運用實施得當,引發戰爭和促使戰爭升級的風險相對較小。從某種意義上講,核武器的威懾價值遠大於實戰價值,而網絡戰武器則是實戰價值與威懾價值兼具。四是威懾運用可重複靈活性強。 “核門檻”一旦跨過就會爆發全面核戰爭,處於核均勢的雙方將陷入相互摧毀狀態,輕易實施核威懾特別是對無核國家進行核威懾,還會招致國際輿論的譴責,這些因素都極大地限制了核威懾手段的使用。而網絡空間威懾軟硬結合、威力可控的特點,決定了其可根據軍事鬥爭形勢的變化和需要,適時調控威懾強度,先期使用、全程使用、反複使用,具有很強的靈活性。






















孫子所說的“能而示之不能,用而示之不用”,運用到網絡空間威懾,其要點概括起來就是“示而不宣、宣而不示”。 “示而不宣”,就是利用網絡攻擊難以追踪定位這一點,對特定目標實施網絡攻擊,但不對外宣布是己方所為,既展示了己方能力,又使得敵方雖然懷疑是己方所為,但沒有證據,無法追究。 “宣而不示”,就是公開宣傳或不經意透露己方研製或虛構的先進網絡戰裝備的型號、性能、特點,刻意誇大其作戰效能,虛虛實實,虛實結合,使敵摸不清己方真實實力,從而產生威懾效果。網絡戰行動具有追踪溯源困難、取證複雜的特點,發起方既可以承認,也可以矢口否認,或把責任推給民間黑客組織。 (來源:中國信息安全)

Original URL:

美國軍事網絡戰:黑客入侵防禦成為無菸的戰爭 // American military network warfare: hackers attack and defense creating a war without smoke


American military network warfare: hackers attack and defense creating a war without smoke

Hackers may also be soldiers. Recently, the US Internet security company and the government issued a series of reports that “the Chinese military to participate in hacking.” With the “China hacker threat theory”, the US government immediately announced the latest anti-hacking strategy, although the Chinese Ministry of Foreign Affairs and the Ministry of Defense in a timely manner to make a refutation, but for a time, hacker news from the army or aroused everyone’s interest. In fact, the United States is the world’s largest Internet hacker location, has a huge network of troops.

As the daily consumption from the physical store to the transfer of electricity, and now the war has also moved from the line to the line. Not only the United States, Europe and the United States and Asia, many countries have begun to set up their own “network forces” – hackers is to become a frequent visitor to this service. And how these countries are leading the “formal” network of the army.

In 007 “skyfall” in the lovely Mr. Q is a network war master.

In May 2010, the US Department of Defense set up a network warfare headquarters officially launched, the US military strategic headquarters in September 1, 2010 before the development of a network warfare philosophy and plans, and plans in the next few years to expand the network security forces to 4900 people. This marks the United States intends to military hegemony from the land, sea, sky and space to the so-called “fifth field” of the network space extension.

It is reported that the United States is currently recruiting 2,000 to 4,000 soldiers, set up a “network special forces.” This unit not only to assume the task of network defense, but also to other countries of the computer network and electronic systems for secret attacks. According to Xinhua reported that a former US Air Force Major John Bradley at a meeting in 2002, said the United States spent on network attacks on the study than the network defense much more, because the senior staff of the former more Interested. And, the US military network attack time may be much earlier than we imagined.

In the Iraq war that began in 2003, the US military used the cyber warfare more widely. Before the war, thousands of Iraqi military and political officials in their e-mail mailbox received the US military sent the “persuade the letter”, resulting in a great psychological impact. Less than four hours after the war, Al Jazeera English website will be the US military “ban”, can not function properly.

In addition, the United States also in 2006 and 2008 has held two code-named “network storm” large-scale network war exercises.

Japan and South Korea: already set up a “network army”

At the end of 2009, the Ministry of Defense of Japan decided to establish a special “cyber space defense team” in 2011 to guard against hacker attacks and strengthen the ability to protect confidential information. According to the Japanese “Yomiuri Shimbun” reported on May 1, 2011, “cyberspace defense team” plan is set in the SDF command communications system under the initial number of about 60 people. This “network force” is responsible for collecting and analyzing the latest virus information, and anti-hacker attack training.

Japan’s network warfare is through the master “system of network” to paralyze the enemy combat system. Japan in the construction of network combat system, emphasizing the “offensive and defensive”, allocated large sums of money into the network hardware and “network warfare” construction, respectively, the establishment of the “defense information communication platform” and “computer system common platform”, to achieve the SDF Organs, forces network system of mutual exchange and resource sharing. And set up by the 5000 people of the “cyberspace defense team”, developed the network operations “offensive weapons” and network defense system, now has a strong network attack combat strength.

The DPRK this “enemy”, South Korea in 1999 put forward the overall vision of the future information construction, announced in 2009 will be the formation of “network command”, and officially launched in 2010. At present, South Korea already has about 20 million received professional training of the huge personnel, and 5% of annual defense funds are used to develop and improve the implementation of the core technology of network warfare.

Britain and Russia: enlisted hackers

Network forces hackers preferred, as early as 1998, because of the successful invasion of the US Pentagon computer system, Israel’s 18-year-old boy hacker Tenenbaum put on uniforms to become an Israeli soldier. Subsequently, the British government also in 2009, including former hackers, including network elite to defend the network security. They are young, diverse in background, some have been hackers, and even minor cybercrime.

On June 25, 2009, the UK government introduced its first national cybersecurity strategy and announced the establishment of two new departments of cybersecurity, the Network Security Office and the Network Security Operations Center, which are responsible for coordinating government security and coordination of government and government The security of the main computer system of civil society.

India in 2007 formed a land, sea and air armed forces joint emergency team, and enlisted hackers. At the same time, by absorbing the civil master enlisted and the cadet students “hacker” technical training, etc., and gradually complete the future network war talent pool.

Military power Russia in the 1990s on the establishment of the Information Security Committee, specifically responsible for network information security, launched in 2002, “Russian Federal Information Security Theory”, the network information warfare compared to the future “sixth generation of war.” Russia already has a large number of network elite, anti-virus technology is walking in the forefront of the world, in the event of a threat or need, these talents and technology will soon be transferred to military use.

“Black door”: ridiculous blame

Although there is no factual basis, but the US Internet security companies and the government is still often create “hacker door”, directed at China, not only involving colleges and universities, enterprises, as well as technical schools such as Shandong Lan Xiang, there are network individuals, now point to the Chinese military, Even to provide “hacker headquarters building” photos. However, the relationship between the IP address alone, “the source of the attack from China,” highlighting the ignorance of the relevant US people.

How do hackers use their own computer to attack? How can I leave a registered IP address? They usually through the springboard control of third-party computer to form a botnet and then attack. Take the initiative to expose the IP address left traces, is it a professional hacker!

China’s Ministry of Defense International Bureau of Communications Deputy Director Meng Yan wrote that the United States in the transformation of the way to render the Chinese hacker attack trick, even ignore itself is the network virtual space “rule makers.” 2012, 73,000 foreign IP addresses as Trojans and botnet control server to participate in the control of more than 1,400 million hosts in China, 32,000 IP through the implantation of the back door of China’s nearly 38,000 sites in the implementation of remote control, which originated in the United States The number of network attacks ranked first.

Hacker attack and defense: no smoke of the war

Only a few minutes, the domestic password experts, Tsinghua University Distinguished Professor Wang Xiaoyun and her research team with ordinary personal computers, will be able to crack MD5 password algorithm. Before her, even with the fastest giant computer, but also to calculate more than 1 million years to crack.

If this is a war, you can not hear the sound and can not see the smoke. Hackers often through the acquisition of passwords, place Trojan horse program, e-mail attacks, node attacks, network monitoring, find system vulnerabilities, steal privileges and so on, and the use of WWW spoofing technology, the use of account attacks, etc. to launch network attacks.

Reporters learned that the current “hanging horse” (that is, in the page to load Trojan virus), “phishing” (forged WEB site or e-mail, etc.) and other ways to become the mainstream of hacker attacks.

Original Mandarin Chinese:





















中國國防部國際傳播局副局長孟彥日前撰文稱,美國各界在變換手法渲染中國黑客攻擊把戲時,竟然無視自身才是網絡虛擬空間的“規則制定者”。 2012年,7.3萬個境外IP地址作為木馬和殭屍網絡控制服務器參與控制中國境內1400餘萬台主機,3.2萬個IP通過植入後門對中國境內近3.8萬個網站實施遠程控制,其中源自美國的網絡攻擊數量名列第一。