Category Archives: China Internet Soverignty

網絡空間治理的力量博弈、理念演變與中國戰略 // Power Game of Network Space Governance, Evolution of Ideas & China’s Strategy

網絡空間治理的力量博弈、理念演變與中國戰略

Power Game of Network Space Governance, Evolution of Ideas & China’s Strategy

Introduction
The global cyberspace governance process involves not only the complex game of information developed countries and information developing countries in the fields of Internet key resources, network power and network security, but also the mutual game between government, private sector and civil society. “Prism door incident” in the intensification of cyberspace governance game at the same time, but also to promote the policy position of the parties continue to adjust to increase the possibility of governance cooperation. At the same time, the cyberspace game also reflects the Internet governance and cyberspace governance and other related governance concepts of mutual conflict and integration trend. At present, China’s participation in global cyberspace governance still faces many challenges. China needs to be based on the development trend of network space game and the evolution of governance concept. Combining with the strategy of network power in the “13th Five-Year Plan”, this paper constructs long-term, complete and comprehensive aspects of international mechanism shaping, talent cultivation and technology development as the core Participation strategy.
In June 2013, former US National Security Agency (NSA) former employee Edward Snowden disclosed the council’s “prism” monitoring program. The event [1] made cyberspace governance in the international agenda in the priority of the re-ascension, but also exacerbated the differences in the position of the parties, leading to cyberspace governance in trouble, for the network space management system to create a great challenge The In addition, the international community on the complexity of cyberspace and its governance lack of clear, unified awareness, resulting in one-sided position and a single policy to further exacerbate the governance dilemma. In the face of the complex situation, Joseph Nye tries to explain the practice of cyberspace governance by referring to the theory of mechanism complex in the field of environmental governance, and analyzes the cyberspace management through the loosely coupled complex composed of many different governance mechanisms The [2] This provides a useful perspective for the analysis of cyberspace governance, that is, cyberspace governance is composed of multiple rather than a single governance mechanism, the interaction between the various mechanisms have an impact on governance. This paper intends to examine the development of cyberspace governance from a more macro perspective, and try to explore the evolution of the concept behind cyberspace game, and analyze the complex relationship between government, private sector and civil society in international and domestic levels The On this basis, to explore China’s response measures and participate in cyberspace governance strategy.

First, the power of cyberspace governance Game

network space management process with the government between the game process. According to the situation of network technology, network capacity and network utilization, governments can be divided into three categories: information developed countries, information developing countries and information undeveloped countries. [③] There are also international organizations to use the network readiness (Readiness) as an indicator to measure the degree of information technology. This ranking basically overlaps with the traditional developed, developing and underdeveloped countries, and of course there is also the level of informationization in individual developing countries rising to the ranks of developed countries, or the level of information in some developing countries The level of the developed countries. Therefore, in accordance with the information developed countries, developing countries and underdeveloped countries to divide the three points in the academic more accurate. There are three aspects of the power game of cyberspace governance: one is the game between the developed countries and the information developing countries in the network ownership, the network resource allocation; the second is the non-governmental actors and the government on the Internet key resource control, network security And freedom and other issues of the game; Third, as the dominant space in cyberspace, the US government in its own private sector, civil society and other countries in the Internet between the key resources and other issues on the game (Figure 1).

First of all, information between developed countries and information-developing countries around the network space between the key infrastructure and network technology between the game. According to the behavior, the topic and the characteristic of the power game in cyberspace management, it can be divided into three stages.
The first stage is the early period of Internet governance, which is roughly from the beginning of the formation of the Internet to the United Nations World Summit on Information Society (World Summit on Information Society, WSIS), which is divided into two phases: the Geneva Conference in 2003 and the Tunis Agenda in 2005. The World Summit on the Information Society appears to be a struggle between governments and the private sector and civil society, in essence, the game between the United States and other countries on Internet control.
This period is the stage of rapid development of the Internet, a large number of new technical and technical standards have been created, the US government took the opportunity to vigorously promote the development of information technology, and developed a series of international technical standards, industry and industry norms. And information developing countries are still in the study, learn from the stage, which makes the United States and other developed countries in the field in an absolute strong position. [4] This stage of Internet governance mainly around the Internet domain name registration and analysis and its corresponding 13 root server control, Internet Protocol (IP) address allocation and other key resources to compete. The United States has almost controlled all international organizations and core businesses that have developed and managed Internet standards and refused to internationalize the relevant management functions or to the United Nations specialized agencies. [⑤] Therefore, at the World Summit on the Information Society, despite the pressure from the United Nations, the developing countries and even the European countries, the United States still refused to hand over the Internet management rights. Into the 21st century, the information represented by China’s developing countries to enhance the network technology, they have the domain name, users and other Internet resources have exceeded the information developed countries, but the representation in the Internet governance is far from enough, So the existing Internet governance reflects the legitimacy of the questioned.
The second stage is the stage of political competition and sovereignty competition of cyberspace governance, which is called the “return” stage of the government in cyberspace. This stage from the Information Society World Summit to 2011. In 2011, China, Russia and other countries to the 66th session of the General Assembly to submit the “International Code of Conduct for Information Security”, advocated the United Nations in cyberspace governance play a leading role. In the same year, the United States and Britain and other governments dominated the global network space management conference (Global Cyberspace Conference), also known as the London process (London Process) was held. <A The network space has become the “fifth strategic space” of human society. With the continuous breakthrough of network technology and its disruptive transformation of real society, cyberspace has become the fifth strategic space of human society. The distribution of order, power and wealth in cyberspace, the developed countries and information developing countries have serious differences on the following issues: whether the cyberspace attribute is “global public domain” or “sovereignty”; governance is government-led “Multilateral governance”, or a multi-stakeholder model dominated by non-governmental actors; governance culture is a “multicultural” or “multicultural” that is dominated by the West. [⑥] The focus of this period is also reflected in the free flow of information content in the field, when Hillary Clinton took the US Secretary of State, the Internet for the freedom of many speeches, advocating the US Internet freedom strategy. The role of the US government and social media sites in the wake of the turbulence in North Africa, which began at the end of 2010, has aroused widespread concern in the developing countries and strengthened the management of the Internet. [⑦] The third stage from the “Prism Gate incident” until now, this stage of the competition more focused on cyberspace security governance. “Prism door incident” to the United States in the field of cyberspace governance moral high ground questioned, leadership decline, forcing it to promote cyberspace governance in the low posture. At the same time, cyberspace security situation is further deteriorating, and the security threats facing countries are further increased. After experiencing the fierce confrontation of the “prism gate incident”, the developed countries and the information developing countries are aware that the maintenance of cyberspace requires the participation of all countries, and no country can lead the cyberspace governance process alone. Information developed countries and information development countries in the cognitive level of the gap gradually narrowed, the reduction of confrontational initiatives, cooperation began to grow space. Second, the “prism gate incident” caused the government and the private sector, civil society between the network security, privacy and other issues on the fierce game. Former US National Security Agency former employee Edward Snow led to expose a including “prism”, “X key points” (X-Keyscore), “Fair” (Fairview), “core” (Main Core) and other monitoring systems, including 10 monitoring systems, the monitoring system by the National Security Agency, the Central Intelligence Agency, the Federal Bureau of Investigation and other intelligence agencies to participate in almost cover the cyberspace of social networks, e-mail, instant messaging, Web pages, videos, photos, and so on. [8] National Security Agency requires Microsoft, Google, Facebook and other nine major global Internet companies to open the database to monitor the project to carry out data monitoring. In the “Prism Gate incident” exposure, Microsoft, Google, Facebook and other companies to the court to prosecute the federal government. [⑨] civil society have also acted against large-scale data monitoring. The American Civil Society Alliance launched a “Stop Watch Us” action on the Internet, putting pressure on the US government to get tens of thousands of Internet users’ signatures, messages and responses from hundreds of civic groups by organizing parades Demonstrations, petition to Congress, launch network initiatives, etc. to cooperate with the action. [⑩] In the “prism door incident” triggered the other countries with the US government to carry out monitoring projects ICT enterprises dissatisfaction, countries have taken new measures to protect cyberspace security. For example, the Chinese government has accelerated the process of legalization of cyberspace and began to discuss the guiding ideology of cybersecurity equipment, and formulated the network security review method. After the introduction of the “national security law”, “anti-terrorism law” “Network Security Law (Draft)” and “Criminal Law Amendment (9)” have significantly increased the terms involved in network security. These initiatives have aroused serious concern about US ICT companies and lobbyed the US government to put pressure on China to require the Chinese government to cancel the relevant provisions, such as Article 18 of the Anti-Terrorism Act provides that “telecom operators, Internet services Providers should be for the public security organs, the state security organs in accordance with the law to prevent and investigate terrorist activities to provide technical interface and decryption technical support and assistance. [11] Although from the government point of view, these initiatives help to maintain network security and national security, but in the private sector, the above-mentioned initiatives will not only increase the technical input, but also a substantial increase in costs. As long as cyberspace governance does not achieve a breakthrough, the government and the private sector, civil society between the game will continue to exist, and to a certain extent, will evolve into a national game. <A Finally, the US government and its private sector, civil society alliance with other countries in the Internet key resources on the issue of the game. Internet key resources include: IP address allocation, protocol parameter registration, gTLD system management, ccTLD system management and root server system management and time zone database management. Some scholars use the “cyberspace” in cyberspace to describe the status of Internet Corporation for Assigned Names and Numbers (ICANN) in cyberspace governance. [12] For historical reasons, these resources have been by the National

Telecommunications and Information Administration (National Telecommunication and Information Administration, NTIA) under the Internet Digital Distribution Agency (Internet Assigned Numbers Authority, IANA) is responsible for managing, and NTIA authorizes its management of IANA functions through regular engagement with ICANN. Therefore, it can be argued that the US government controls the key resources of the Internet. The United Nations-appointed Working Group on Internet Governance (WGIG) noted in its report that the US government unilaterally controls the Internet’s key resources, such as root zone documents. [13] The international community has been dissatisfied with this situation, and the WGIG report has proposed four options to replace the existing structure, hoping to take over the Internet’s critical resources through intergovernmental organizations or global institutions. [14] For ICANN, although it has been seeking independence from the US government and has repeatedly contested it, it is more concerned with how to avoid other intergovernmental organizations or institutions to take over or replace their status. Milton Muller described the phenomenon as “some network liberals even eventually turned into secret supporters of nationalism, because as long as the challenged countries were their motherland, they turned to defend the United States, allowing Its control, leading the Internet. “[15] Thus, in some cases, ICANN chooses to” align “with the US government to prevent other countries or intergovernmental organizations from influencing their governance structures. In ICANN’s organizational structure and decision-making system, the Government Advisory Committee (Government Advisory Committee, GAC) is eligible to nominate a liaison who does not have the right to vote. Information developing countries believe that as an international mechanism for Internet governance, the lack of representation in ICANN from information developing countries should reflect government responsibilities and powers in their future management structures and increase the authority of the Governmental Advisory Committee The But ICANN has repeatedly said it will not accept this change. In this case, the US government representatives are highly consistent with ICANN’s official position, both in the government advisory committee and at ICANN’s plenary meetings. Until the “Prism Gate Event” broke out, the US government was forced to restart the process of internationalization of ICANN’s efforts to guide the cyberspace governance game to a new stage. Second, the future development of cyberspace management trend With the advancement of the network space management process, the parties to the understanding of the spatial properties of the network gradually reached a consensus, and thus in the governance approach, the path of the differences narrow. Especially at the cognitive level, the cognition of cyberspace from various countries is based on different political, economic and cultural backgrounds, emphasizing their uniqueness to objective properties and laws based on cyberspace, emphasizing the integration between different views. [16] Internet space interconnection, sharing attributes determine the zero-sum game does not apply to cyberspace, cyberspace security, development, freedom is the government, the private sector and civil society to pursue the common goal. At the same time, the mutual restraint of the three issues of security, development and freedom makes it impossible for either party to ignore the interests of other actors and pursue their own absolute interests. As President Xi Jinping on December 16, 2015 at the Second World Internet Conference (World Internet Conference, WIC) said: “There is no double standard in the field of information, countries have the right to maintain their own information security, not a national security while other countries are not safe, part of the national security and another part of the country is not safe, but not Sacrifice the security of other countries to seek their own so-called absolute security. ” [17] This position reflects the above special properties of cyberspace governance. As a result, the international community has gradually realized that no one can dominate the process of cyberspace governance. First, the US cyberspace strategy adjustment and ICANN internationalization will drive a major transformation of the cyberspace governance architecture. Facing the pressure, the United States by part of the Internet to give up the key resources of direct control, for its network space to adjust the international strategy to prepare. [18] On March 14, 2014, NTIA, a subsidiary of the US Department of Commerce, announced that it would give up control of ICANN and pointed out in its transfer statement that ICANN’s management would organize global multi-stakeholder discussions on receiving issues, but explicitly United Nations or other intergovernmental organizations. [19] ICANN has been seeking its own independent position since its inception, and ICANN’s internationalization goal is not only to get rid of the constraints of the US government, but also to ensure that the US government will not be taken over by other countries and intergovernmental organizations. Therefore, ICANN needs to reach an agreement with the US government to ensure their independence, but also with other governments to start a game, to avoid its internationalization was strongly opposed. Second, the role of the United Nations in cyberspace governance continues to improve, will effectively promote the network space management structure and norms of the pace of construction. Through the efforts of the United Nations Group of Governmental Experts on Information Security (GGE), the international community has also made important breakthroughs in cyberspace codes of conduct and confidence-building measures. In June 2013, the United Nations published a report of the Group of Experts, composed of representatives of 15 countries. The report clarifies for the first time that “national sovereignty and sovereign international norms and principles apply to national communications technology activities and the jurisdiction of the State in its territory for communications technology infrastructure.” At the same time, the report further recognizes the Charter of the United Nations In the applicability of cyberspace “. [20] “While efforts to address the security of communications technology, States must respect the human rights and fundamental freedoms contained in the Universal Declaration of Human Rights and other international instruments.” [21] Compared with the 2010 expert group report, the above contents were presented as sections 20 and 21 of the 2013 report, which is a significant improvement in the compatibility of information developed countries and information developing countries in cyberspace governance Sex continues to improve.
In July 2015, the United Nations Group of Governmental Experts on the Development of Information and Telecommunications from the Perspective of International Security published a third report on the Code of Conduct for Cyberspace. This report has reached a consensus on the protection of cyberspace-critical infrastructure, confidence-building measures, and international cooperation. The network sovereignty of the developing countries is further clarified, and the application of international law, especially the law of armed conflict, which is advocated by the developed countries, is also included in the application of cyberspace. [22] Finally, the competition and cooperation model between government and non-state actors in cyberspace governance will undergo a major change, and multi-level game will become the “new normal” of cyberspace governance. In terms of governance and path, countries’ policy positions in cyberspace governance also place greater emphasis on reality, especially in dealing with the relationship between government and other actors. All parties are aware that the responsibilities of the government and other actors should be divided according to the problems in cyberspace governance. For the multi-stakeholder governance model, the information developed countries and information development countries gradually unified awareness, the government and the private sector, civil society according to their respective functions to participate in cyberspace governance. The narrowing of cognition means that one party is more aware of the concerns of the other party. The game between the developed countries and the developing countries in cyberspace governance will be more targeted, and competition and cooperation will be carried out synchronously to promote cooperation through competition. Of course, this has increased the investment in cyberspace, and the increase in the right to speak on cyberspace governance. Brazil, China has established a network space multi-stakeholder meeting (NetMundial) and the World Internet Conference mechanism to explore the network and national security, network sovereignty and other core issues, the voice of developing countries will be more and more, more and more Big. Third, the evolution of the concept of cyberspace governance <a In the information developed countries and information development countries, governments, the private sector and civil society around the network space governance game from conflict to integration behind, reflecting the continuous evolution of the concept of cyberspace governance. Although the game around cyberspace governance is mainly to compete for the power and wealth of cyberspace, the different cognition of actors, objects and methods of governance has had an important influence on the conflict and fusion of governance. Craig Mundie, Microsoft’s chief research and strategy officer, pointed out at the 7th China-US Internet forum that “the misunderstanding of cyberspace in both China and the United States is largely due to ‘Internet governance’ and ‘ ‘Cyberspace governance’ caused by the confusion of the two concepts. [23] Similarly, cyberspace governance game and conflict also reflect the conflict between the two governance concepts. Internet governance is considered to be a multi-stakeholder governance model that is dominated by non-governmental actors, but cyberspace governance also requires the participation and coordination of government and intergovernmental organizations. Internet Governance Project (Internet Governance Project, IGP) defines Internet governance as a network-related decision that is linked by an Internet protocol, including the establishment of a dispute resolution mechanism for policies, rules, and technical standards that are common to the owner, operator, developer, and user. Distribution and global Internet standards of human behavior. “[24] The above definition includes three aspects, namely the acceptance and recognition of technical standards and agreements, the allocation of Internet resources such as domain names and IP addresses, spam generated by human Internet behavior, Cybercrime, copyright and trademark disputes, consumer protection issues, public sector and private security issues, rules and policies. Laura DeNardis (Laura DeNardis) proposed to be in accordance with the Internet transmission TCP / IP protocol level, and according to different levels of different functions to build Internet mode, based on the function, tasks and actors were discussed Internet resource control, standard settings , Network access, network security management, information flow, intellectual property protection and other six levels of Internet governance content. [25] Cyberspace governance has shifted from the professional and technical fields that have been emphasized by the original Internet governance to a wider range of political, security and economic sectors, and the importance of government and intergovernmental organizations in cyberspace governance has become increasingly prominent. Cyberspace is a broader field that includes not only the Internet, but also the data that is transmitted in the network, the users of the network, and the interaction between real society and virtual society. The corresponding cyberspace governance is a broader concept, which is “a category of cyberspace infrastructure, standards, law, social culture, economy, development and so on.” [26] It contains more diverse governance issues and challenges that are increasing. Such as the “Prism Gate Incident”, the government’s high-level threat (APT) due to network action in cyberspace, the Digital Divide and Data Poverty ), Cyber ​​terrorism, online business theft and more and more governance issues have gone beyond the scope of the traditional concept of Internet governance. <A The conflict between “global public domain” and “network sovereignty”, “network autonomy” and “state dominance” in cyberspace governance game reflects that people can not understand “Internet governance” and “network Space governance “between the different governance subjects, objects and methods, trying to use a single governance approach to solve the multiple issues. The bottom-up, open and transparent governance model, which is advocated by the Internet governance subject represented by ICANN, is concerned with the high risk of cyber warfare, large-scale data monitoring and theft, and cyber terrorism. Lack of effectiveness and relevance. At the same time, the state-centered, top-down cyberspace governance philosophy can not effectively deal with the real problems of the current Internet governance and can not replace the dominance of Internet international organizations in the field. With the advance of the network space management process, the two governance ideas and methods in the collision also began to integrate. Joseph Chennai believes that cyberspace is composed of multiple governance mechanisms, in which Internet governance focuses on the technical level and is a subset of cyberspace governance. Should be based on different governance issues, to build a different governance mechanism, so that different actors to play a leading role. [27] The integration of governance concepts is also reflected in the increasing consensus among the parties on the multi-stakeholder governance model. ICANN uses a bottom-up, consensus-based decision-making process that advocates a governance model that limits the role of government. [28] Many developing countries initially opposed the multi-stakeholder governance model, stressing that government-led multilateral governance models should be adopted. With the deepening of the governance process, the information-developing countries have gradually accepted the multi-stakeholder governance model, which is gaining more and more consensus in the private sector and civil society as long as the role of the government is well reflected. The government, the private sector and the civil society participate in the decision-making process according to their respective functions and responsibilities, do not deliberately exclude other actors, nor deliberately pursue the leadership of individual actors, reflecting a more objective and balanced approach to cyberspace governance. Fourth, China’s strategic response <a The Chinese government has put forward the two goals of global governance of cyberspace, namely, to build a peaceful, safe, open and cooperative cyberspace and to establish a multilateral, democratic and transparent international Internet governance system. Important strategic objectives into the “thirteen five” plan recommendations. The former advocates foreign participation in the international network space management process, in order to establish a favorable international governance system; the latter advocates the development of network technology, nurture the network industry, enhance the national network strength. The mutual support and mutual promotion between the two requires an international strategy that can co-ordinate internal and external situations in response to complex cyberspace. Although the Chinese government has not published a specific international cyberspace strategy document, but by analyzing the existing relevant policies, can still be found in China’s international strategy of cyberspace is still in the exploratory stage. Therefore, it is necessary to analyze and discuss the international strategy of cyberspace in China according to the characteristics of cyberspace power game and the strategy of network power. (A) China’s cyberspace international policy practice Since 1994 access to the Internet, China has developed a variety of forms of international network policy into the international network space system. This aspect is to expand the needs of opening up, hope that through international cooperation in learning, the introduction of foreign advanced technical standards; the other is the driving force of information technology, integration into the globalization must be all-round participation in the international system. [29] In addition, with China’s growing influence in international affairs and increased dependence on the network, active participation in cyberspace governance is also an important way to maintain national interests and ways. China’s network policy is largely influenced by the situation of international cyberspace governance and developed and promoted in the interaction with the international cyberspace management system, showing the characteristics of multi-domain, multi-level and multi-subject. <A First, the international policy of the Chinese government network covers international cooperation in international technical standards, information and communication technology industry cooperation, global Internet governance, combating cybercrime, network economy, digital divide and other fields, and the development trend of global network governance Generally consistent. First of all, from the early technology, industry and Internet standards to gradually expand the cooperation to a wider range of network-related policy cooperation, many policy areas in fact beyond the scope of the Internet itself, and international economic, political and security. Secondly, after the “prism door incident”, with the cyberspace security governance become the main issue in governance, the focus of China’s network policy is also focused on the network security governance, and based on the establishment of national security, political security, Safety and social security. China not only vigorously oppose large-scale network monitoring in the international arena, advocate the maintenance of national network sovereignty, but also pay more attention to the legislative work related to cybersecurity in domestic policy and maintain national security and sovereignty in practice. Second, China’s cyberspace international policy covers bilateral, regional, multilateral and international levels. From the bilateral level, China has established intergovernmental dialogue and cooperation mechanisms with countries such as South Korea, Britain and Australia. These cooperation not only covers the contents of network security, digital economy and development, but also become an important content and support for bilateral diplomatic relations. In addition, China and the United States, between China and Russia in the field of network security to carry out a different degree of confidence-building measures (Confidence Building Measures, CBMs). [30] At the regional level, China and ASEAN, the SCO, the European Union, the Arab League and other regional organizations and countries to establish a variety of forms of network dialogue and cooperation mechanism. In 2009, the Chinese government signed the Cooperation Framework of the China-ASEAN Telecommunications Regulatory Commission on Network Security and the Intergovernmental Agreement on Safeguarding International Information Security of Member States of the Association of Southeast Asian Nations (ASEAN) and ASEAN Member States. [31] China also actively participated in the work of the ASEAN Regional Network Security Working Group, and in September 2013 held in Beijing, the ASEAN Regional Forum “to strengthen the network security measures seminar – legal and cultural perspective.” Conference development The development of the Internet requires the guidance of legal rules and the need to promote and respect cultural diversity. All parties should strengthen exchanges in the field of cybersecurity, promote mutual trust, promote cooperation and jointly build peace, security, openness and cooperation. [32] Finally, China is also actively involved in the multilateral and international level of cyberspace governance mechanisms, both within the United Nations Framework for Information Security, the International Telecommunication Union, the World Summit on the Information Society, the Internet Governance Forum, or the United Nations Framework London process, cyberspace multi-stakeholder meetings and other mechanisms, China is the main participant; in addition, China also through the World Internet Conference to carry out cyber space home diplomacy. China has also submitted two versions of the International Code of Conduct for Information Security to the United Nations General Assembly, together with representatives of OECD countries such as Russia and Uzbekistan. [33] China is also a major participant in the Global Internet Governance Consortium, where the head of the National Internet Information Office (NYSE), Lu Wei and Alibaba Group Chairman Ma, was elected as a member of the Alliance. <A Third, with the cyberspace governance covered by more and more widely, China’s cyberspace international policy to participate in the main body from the traditional Ministry of Foreign Affairs, Ministry of Industry and further expanded to the Ministry of Public Security, Ministry of Commerce, Ministry of Finance and the new The establishment of the network letter Office, the Ministry of Foreign Affairs set up a “network affairs office” to deal with cyberspace of foreign affairs. Among them, the Ministry of Foreign Affairs is mainly responsible for bilateral, regional, multilateral and international level of network diplomacy, it is China’s docking under the framework of the United Nations network governance mechanism of the main forces, especially from the Ministry of Foreign Affairs arms control officials throughout the four United Nations information security Working Group of Experts. Net letter office as the central network security and information leading group of permanent institutions, China is to co-ordinate the network security and information management of the newly established important institutions. Since the role of network management as a co-ordination and coordination of China’s network affairs is becoming more and more important in the international policy of the network, it has not only carried out multi-level international network security and digital economic cooperation, but also established the governance mechanism of the World Internet Conference.
In addition, the Ministry of Public Security in the fight against cyber security crime, network anti-terrorism, the Ministry of Commerce in the information and communication technology market access, the Ministry of Finance in the network infrastructure external assistance and other areas of work will be China’s future implementation of cyberspace international strategy a solid foundation. It can be seen that China has formed a more comprehensive and in-depth international strategic framework of cyberspace, including pluralistic participant, wide-ranging problem coverage and multi-level participation path, which laid a good foundation for the international strategic construction of cyberspace governance basis. With the development of China from the network power to the network power, China will establish a comprehensive and perfect international strategy of cyberspace. (2) Challenges in the international strategy of cyberspace The evolution of cyberspace governance has brought many challenges to China’s cyberspace international strategy: First, the information developed countries will continue to dominate the network space governance game, which is the network of China The international strategy of space poses a challenge; the second is due to the lack of advanced Internet governance talent, leading to China’s Internet international organization in the serious shortage of the third is the network space governance game to emphasize capacity building (Capacity Building), best practice (Best Practice) And so on, will bring competitive pressure to China. These issues and challenges will have a greater impact on China’s cyberspace international strategy, if handled properly, will have a negative impact on the implementation of the network strategy. <A I = 35> First, the information developed countries continue to dominate the network space governance game direction on China’s international strategic challenges. The global governance of cyberspace is played through various forms of governance, and the construction of the mechanism depends on the negotiation between the actors. The bargaining of the negotiations depends not only on the size of the powers of the actors, but also on the global governance of cyberspace In the agenda set the ability to be closely related. [34] According to Joseph Nye’s definition, the former can be called “hard power”, the latter is “soft power”. [35] The advantages of the developed countries in these two areas are obvious, especially in the mechanism of selective or prioritizing the discussion of cyberspace governance. For example, in cybersecurity governance, the United States relies on its agenda setting capacity to prevent the international community from making large-scale data monitoring a governance agenda, while setting its network economy to focus on priority agendas. In addition, the information developed countries in the establishment of the network of human rights agenda, will focus on the field of freedom, and democracy (one country one vote), equality (the size of the country has the same discourse) and other equally important issues are excluded from the agenda. Not only that, for countries in the “prism door incident” after the request to strengthen the exercise of network sovereignty trend, the United States put forward the “data localization” (Data Localization) this agenda to circumvent the global governance mechanism to discuss network sovereignty. Compared with the information developed countries, information development countries in the agenda setting capacity there is still a big gap, the lack of initiative to set the agenda. In recent years, with China, Brazil, India and other countries have established a variety of cyberspace governance mechanism, emerging powers in the global management of cyberspace in the agenda set the ability to continue to increase. But in general, the gap between China and the information developed countries in governance capacity still exists, and will affect China through international mechanisms to safeguard their own national interests, as well as express their concerns. <
Secondly, due to the lack of advanced cyberspace governance talent, leading to China in the Internet international organizations in the representation of a serious shortage. The trend of cyberspace governance game shows that the control of Internet key resources by international organizations such as ICANN, IETF and other international organizations will not be challenged by government and intergovernmental organizations. As the US government abandons its control over ICANN, the latter will have greater independence. Network space is built on the basis of the Internet, the basis of cyberspace governance is also Internet governance. Therefore, China’s cyberspace international strategy must be in the field of Internet governance to achieve a breakthrough, while enhancing the international organizations in the Internet in the influence and representation. For the majority of developing countries, including China, it is necessary to increase the representation in international organizations such as ICANN, so that more voices from China and other developing countries appear in ICANN. Third, the network space governance game to emphasize the ability to build, best practice and other direction, which will bring China’s severe competitive pressure. The convergence of the cyberspace governance game concept has led to the international community’s focus on cyberspace governance to operational and enforceable areas such as capacity building, best practices, including the provision of network infrastructure to information developing countries and underdeveloped countries; Training in technology, law, and policy related to cyberspace governance; and providing best practices for solving specific problems in cyberspace governance. This is China’s participation in cyberspace governance of the international strategy put forward higher requirements, information developed countries in the field of resources, talent advantage is difficult to shake in the short term, which not only requires the Chinese government to invest more resources, but also China’s Internet companies , Industry associations, legal experts of the common and active participation. (C) China’s strategic thinking of cyberspace governance The basic path of China’s cyberspace international strategy is consistent with the overall macro strategy of China’s integration into the international system and the reform of the international system. [36] In response to the complex cyberspace governance game, China on the one hand to strengthen capacity-building, and focus on the ability to participate in the global control of cyberspace influence; the other hand, between the network security and openness to seek a balance, International cyberspace to establish their own legitimate rights and interests, to avoid the negative impact of excessive security; and strengthen the network strategy and cyberspace international strategy between the strategic interaction, the formation of mutually supportive cyberspace strategy system. <A I = 40> First, combined with the new and future development of cyberspace governance, to strengthen the shaping of international mechanisms. In the cyber space global governance level, the struggle around the governance platform is becoming increasingly fierce. Including the Internet forum, the International Telecommunication Union, the London process, the Brazilian cyberspace multi-stakeholder meeting and China’s World Internet Congress, all platforms have their dominant forces, actors involved in the subject matter and the impact of the play Are not the same. China should explore ways to enhance its own capacity-building programs to the international community in the areas of cybersecurity, cybercrime, capacity building, network economy, cyber culture and the digital divide, in conjunction with the World Internet Forum and other cyberspace governance mechanisms involved. Good practice and solutions such as the ability of public goods. Second, focus on training to participate in cyberspace governance of international talent.
Internet governance organizations are mostly non-governmental organizations, and their multi-stakeholder governance model usually requires the selection of senior management personnel from the Internet community, and the corresponding high-level management, based on the contribution of the selection object to Internet technology and governance Management positions, rather than a traditional intergovernmental organization of a country or vote in accordance with the population, economic ratio to allocate places. In the case of ICANN, its existing management structure is comprised of the Board of Directors and three support organizations, three advisory committees and two technical advisory bodies. The Board consists of 16 voting members and 5 non-voting liaison officers, with the exception of the ICANN President, the remaining 15 places from the Supporting Organizations, the General Members Advisory Committee, the Regional General Membership Organization and the Nominating Committee. To be elected as a member of the voting, must pass the bottom-up nomination and election. Therefore, China should rationalize the system and mechanism, and actively to ICANN and other international non-governmental organizations to transport talent to encourage Internet companies, industry organizations and academic institutions to actively participate in ICANN, IETF, Internet Architecture Board (Internet Architecture Board, IAB) and other institutions to select the talent in order to enhance the international organizations in the Internet in the representation and voice, and to improve China’s influence on Internet governance. Third, to strengthen the network strategy and cyberspace international strategy between the strategic interaction. China has put forward the strategy of strengthening the network power in the “13th Five-Year Plan”, and proceeded from five aspects: technological innovation, network culture, network infrastructure, network security and information construction and international cooperation. [37] Network power strategy has repeatedly referred to the opening up, and actively participate in the Internet governance, and even international cooperation as a separate chapter. This shows that the international strategy of cyberspace and network power strategy between the integration of mutual support. The effective interaction between the two is related to China’s openness to cyberspace, the relationship between security and development. From the perspective of the two-tier game, any country’s strategy is faced with the external situation and the internal interests of the double constraints, excessive emphasis on openness or security are not conducive to the overall national security and interests. Strengthening the interaction between the network strategy and the international strategy of cyberspace helps to improve the awareness of the decision-makers on the security and opening of cyberspace, the security of cyberspace, the development and the relationship between opening and breaking, Consistent with the objective laws of the policy. From a technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy. At the technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy. At the technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy. At the technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy. At the technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy.
At the technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy. At the technical level, the network strategy can better support China’s participation in global cyberspace governance. The main competition in the current cyberspace governance has shifted from the cognitive, conceptual level of the game to the provision of solutions, best practices, capacity building and other specific areas of cooperation. Lack of effective support, cyberspace international strategy is difficult to sustain, and won the recognition of the international community. At the same time, cyberspace international strategy will also help to create a favorable external environment for the network power strategy, providing external advanced experience and lessons to the domestic ICT enterprises to provide a broad international market. Finally, we can learn from the field of foreign aid experience, through foreign aid in the field of ICT to ease or even eliminate the digital divide in cyberspace governance issues, on the one hand can contribute to the network space management of Chinese power, on the other hand also contribute to China’s ICT enterprises Internationalization strategy.

 

Original Mandarin Chinese:

簡介
全球網絡空間治理進程不僅涉及信息發達國家與信息發展中國家在互聯網關鍵資源、網絡權力和網絡安全等領域的複雜博弈,還包括政府、私營部門和市民社會等行為體之間的相互博弈。 “棱鏡門事件”在加劇網絡空間治理博弈的同時,也推動各方政策立場持續調整,增加了治理合作的可能性。與此同時,網絡空間領域的博弈也反映出互聯網治理與網絡空間治理等相關治理理念的相互衝突與相互融合趨勢。目前,中國在全球網絡空間治理上的參與仍面臨諸多挑戰。中國需要以網絡空間博弈的發展趨勢和治理理念的演進為基礎,結合“十三五”規劃提出的網絡強國戰略,以國際機制塑造、人才培養及技術發展等為核心建構長遠、完備和全面的參與戰略。
正文
2013年6月,美國國家安全局(NSA)前僱員愛德華·斯諾登披露了該局的“棱鏡”監聽項目。該事件[①] 使網絡空間治理在國際議程中的優先次序再度提升,但也加劇了各方立場的分化,導致網絡空間治理陷入困境,為網絡空間治理的建章立制帶來極大挑戰。另外,國際社會對網絡空間及其治理的複雜性缺乏清晰、統一的認知,由此而造成的片面立場和單一政策進一步加劇了治理困境。面對上述複雜情勢,約瑟夫·奈(Joseph Nye)試圖通過借鑒環境治理領域的機制複合體理論來解釋網絡空間治理的實踐,通過多個不同的治理機制組成的鬆散耦合複合體來分析網絡空間治理。 [②] 這為分析網絡空間治理形勢提供了一個有益的視角,即網絡空間治理是由多個而非單一的治理機制組成,各種機制之間的相互作用對治理產生影響。本文擬從更加宏觀的視角來審視網絡空間治理髮展的進程,並試圖探索網絡空間博弈背後的理念演變,同時分析政府、私營部門、公民社會等治理行為體在國際、國內兩個層面的複雜關係。在此基礎之上,探討中國的應對措施和參與網絡空間治理的戰略。

一、網絡空間治理的力量博弈

網絡空間治理的進程伴隨著各國政府之間的博弈過程。根據各國政府在網絡技術、網絡能力和網絡使用度等方面的情況,可以將其劃分為信息發達國家、信息發展中國家和信息不發達國家三類。 [③] 也有國際組織以網絡就緒度(Readiness)為指標衡量各國的信息化程度。這種排名基本上與傳統的發達、發展中以及不發達國家的三分法相重疊,當然也存在個別發展中國家的信息化水平上升到發達國家行列,或部分發展中國家的信息化水平跌落到不發達國家的水平。因此,按照信息發達國家、發展中國家和不發達國家的三分法來劃分在學術上更加精確。網絡空間治理的力量博弈主要有三個方面:一是信息發達國家與信息發展中國家在網絡權歸屬、網絡資源分配方面的博弈;二是非政府行為體與政府之間就互聯網關鍵資源控制、網絡安全與自由等問題的博弈;三是作為網絡空間中的主導國家,美國政府聯合其境內的私營部門、市民社會與其他國家之間在互聯網關鍵資源歸屬等問題上的博弈(圖1)。

首先,信息發達國家與信息發展中國家圍繞著網絡空間的關鍵基礎設施和網絡技術之間的博弈。根據網絡空間治理領域力量博弈的行為體、議題和特點,可以將其劃分為三個階段。
第一階段是早期的互聯網治理時期,這大致從國際互聯網的形成初期到聯合國召開信息社會世界峰會(World Summit on Information Society, WSIS)為止;該峰會分為2003年日內瓦會議和2005年突尼斯議程兩個階段。信息社會世界峰會表面上表現為各國政府與私營部門和市民社會之間的鬥爭,實質上則是美國與其他國家就互聯網控制權而展開的博弈。
這一時期是互聯網快速發展的階段,大量新的技術及技術標準被創造出來,美國政府藉機大力推動信息技術發展,並製定了一系列國際技術標準、行業和產業規範。而信息發展中國家還處於學習、借鑒階段,這使美國等發達國家在該領域處於絕對強勢地位。 [④] 這一階段的互聯網治理主要圍繞互聯網域名註冊與解析及其相應的13台根服務器控制權、互聯網協議(IP)地址分配等關鍵資源展開爭奪。美國幾乎控制了互聯網標準制定和管理的所有國際組織和核心企業,並拒絕將相關管理職能國際化或交由聯合國專門機構管理。 [⑤] 因此,在信息社會世界峰會上,儘管面臨來自聯合國、信息發展中國家甚至歐洲國家的壓力,美國依然拒絕交出國際互聯網管理權。進入21世紀後,以中國為代表的信息發展中國家的網絡科技力量不斷提升,它們所擁有的域名、用戶等互聯網資源已經超過了信息發達國家,但在互聯網治理中的代表性遠遠不足,因此對現有互聯網治理體現的合法性提出了質疑。
第二階段是網絡空間治理的政治競爭和主權競爭階段,有人稱之為政府在網絡空間的“回歸”階段。這一階段從信息社會世界峰會到2011年。 2011年,中國、俄羅斯等國向第66屆聯大提交了“信息安全國際行為準則”,主張聯合國在網絡空間治理中發揮主導作用。同年,美英等國政府主導的全球網絡空間治理大會(Global Cyber​​space Conference),又稱倫敦進程(London Process)正式召開。
這一階段網絡空間治理博弈的特點是,隨著網絡技術的不斷突破及其對現實社會的顛覆性變革,網絡空間已經成為人類社會的“第五戰略空間”。圍繞網絡空間中秩序、權力與財富的分配,信息發達國家與信息發展中國家在下列問題上產生了嚴重分歧:網絡空間屬性是“全球公域”還是“主權領域”;治理手段是政府主導的“多邊治理”,還是非政府行為體主導的多利益攸關方(Multi-stakeholder)模式;治理文化是西方主導的“一元文化”,還是平等協商的“多元文化”。 [⑥] 這一時期的矛盾焦點還集中體現在信息內容的自由流通領域,希拉里·克林頓就任美國國務卿時,針對互聯網自由發表了多次講話,鼓吹美國的互聯網自由戰略。在始於2010年年底的西亞北非動蕩之中,美國政府與社交媒體網站在背後所扮演的角色引起了信息發展中國家的廣泛關注,並加強了對互聯網的管理。 [⑦]
第三階段從“棱鏡門事件”之後一直到現在,這一階段的競爭更加聚焦網絡空間的安全治理。 “棱鏡門事件”使美國在網絡空間治理領域的道德製高點遭受質疑、領導力下降,迫使其在推動網絡空間治理中放低姿態。與此同時,網絡空間安全形勢進一步惡化,各國面臨的安全威脅進一步加大。在經歷了“棱鏡門事件”初期的激烈對抗之後,信息發達國家與信息發展中國家均意識到維護網絡空間的安全需要各國的共同參與,沒有任何國家可以單獨主導網絡空間治理進程。信息發達國家與信息發展中國家在認知層面的差距逐漸縮小,對抗性舉措減少,合作的空間開始增長。
其次,“棱鏡門事件”引起了政府與私營部門、市民社會之間在網絡安全、公民隱私等問題上的激烈博弈。美國國家安全局前僱員愛德華·斯諾登揭露了一個包括“棱鏡”、“X關鍵分”(X-Keyscore)、“美景”(Fairview)、“核心”(Main core)等近10個監控項目在內的監控體系,該監控體係由國家安全局、中央情報局、聯邦調查局等多個情報機構參與,幾乎覆蓋了網絡空間的社交網絡、郵件、即時通訊、網頁、影片、照片等所有信息。 [⑧] 國家安全局要求微軟、谷歌、臉譜等9家主要全球互聯網企業向監控項目開放數據庫以便開展數據監控。在“棱鏡門事件”曝光後,微軟、谷歌、臉譜等企業向法院公開起訴聯邦政府。 [⑨] 市民社會也紛紛行動起來,反對大規模數據監控。美國市民社會聯盟在網上發起“停止監視我們”(Stop Watch Us)的行動,向美國政府施加壓力,得到數万網民在網站上的簽名、留言及數百個公民團體的響應,他們通過組織遊行示威、向國會請願、發起網絡倡議等方式配合該行動。 [⑩]
在“棱鏡門事件”引發了其他國家對與美國政府合作開展監控項目ICT企業的不滿,各國紛紛採取新的措施保障網絡空間安全。例如,中國政府加快了網絡空間的法制化進程,並開始討論網絡安全設備自主可控的指導思想、制定了網絡安全審查辦法,在先後出台的《國家安全法》、《反恐怖主義法》、 《網絡安全法(草案)》和《刑法修正案(九)》中都大幅增加了涉及網絡安全的條款。這些舉措引起了美國信息通信技術企業的嚴重關切,並遊說美國政府對中國施壓,要求中國政府取消相關規定,如《反恐怖主義法》第十八條中規定“電信業務經營者、互聯網服務提供者應當為公安機關、國家安全機關依法進行防範、調查恐怖活動提供技術接口和解密技術支持和協助”。 [11] 儘管從政府角度看,這些舉措有助於維護網絡安全和國家安全,但在私營部門看來,上述規定的舉措不僅將增加技術上的投入,也會大幅度增加成本。只要網絡空間治理未實現突破,政府與私營部門、市民社會之間的博弈會繼續存在,並在一定程度上將演變為國家間博弈。
最後,美國政府與其境內的私營部門、市民社會之間結盟與其他國家在互聯網關鍵資源歸屬問題上的博弈。互聯網關鍵資源包括:IP地址分配、協議參數註冊、通用頂級域名(gTLD)系統管理,國家和地區頂級域名(ccTLD)系統的管理及根服務器系統的管理和時區數據庫管理等。有學者形像地用掌握網絡空間中的“封疆權”來形容互聯網名稱與數字地址分配機構(Internet Corporation for Assigned Names and Numbers, ICANN)在網絡空間治理中的地位。 [12]

由於歷史的原因,這些資源一直由美國國家通信與信息管理局(National Telecommunication and Information Administration, NTIA)下屬的互聯網數字分配機構(Internet Assigned Numbers Authority, IANA)負責管理,NTIA通過定期與ICANN簽訂合同,授權其管理IANA的職能。因此,可以認為美國政府控制著互聯網的關鍵資源。聯合國任命的互聯網治理工作組(WGIG)在報告中指出,美國政府單方面控制著如根區文件在內的互聯網關鍵資源。 [13] 國際社會對這種情況一直不滿,WGIG報告中提出了四種方案以取代既有架構,希望通過政府間組織或全球性機構來接管互聯網關鍵資源。 [14] 對於ICANN來說,雖然一直尋求獨立於美國政府之外並與之開展了多次爭奪,但它更關注的是如何避免其他政府間組織或機構接管或取代其地位。彌爾頓·穆勒將這種現象描述為“一些網絡自由主義者甚而最終轉變成了國家主義的秘密支持者,因為只要被挑戰的國家是他們的祖國,他們就轉而為美國辯護,允許其控制、主導互聯網。”[15]
因此,在一些情況下,ICANN選擇與美國政府“結盟”共同阻止其他國家或政府間組織影響其治理結構。在ICANN的組織架構和決策體制中,各國政府代表所在的政府諮詢委員會(Government Advisory Committee, GAC)只有資格提名一名不具有表決權的聯絡員。信息發展中國家認為,作為一種互聯網治理的國際機制,在ICANN中來自信息發展中國家的代表性不足,在其未來的管理架構中,應當體現政府的職責和權力,增加政府諮詢委員會的權限。但ICANN多次表示不會接受這種改變。對於這種情況,無論是在政府諮詢委員會中,還是在ICANN的全體會議上,美國政府代表與ICANN的官方立場高度一致。直到“棱鏡門事件”爆發,美國政府才迫於多方面壓力宣布重啟ICANN的國際化進程,這將網絡空間治理博弈導向了新的階段。

二、網絡空間治理未來的發展態勢

隨著網絡空間治理進程的推進,各方對網絡空間屬性的認知逐漸達成共識,並由此使其在治理方法、路徑上的分歧縮小​​。特別是在認知層面,各國對網絡空間的認知由基於不同的政治、經濟、文化背景,強調各自的獨特性轉向基於網絡空間的客觀屬性和規律,強調不同觀點之間的融合。 [16] 網絡空間的互聯、共享屬性決定了零和博弈不適用於網絡空間,網絡空間的安全、發展、自由是政府、私營部門和市民社會所追求的共同目標。同時,安全、發展、自由這三個議題的相互制約關係,使得任何一方都不能忽視其他行為體的利益,而追求自身的絕對利益。正如習近平主席2015年12月16日在第二屆世界互聯網大會(World Internet Conference, WIC)開幕式的主題演講中指出:“在信息領域沒有雙重標準,各國都有權維護自己的信息安全,不能一個國家安全而其他國家不安全,一部分國家安全而另一部分國家不安全,更不能犧牲別國安全謀求自身所謂絕對安全”。 [17] 這一立場反映了網絡空間治理的上述特殊屬性。由此,國際社會也逐步意識到,沒有任何一方可以主導網絡空間治理進程。
首先,美國的網絡空間戰略調整與ICANN國際化進程將推動網絡空間治理架構的重大轉型。面臨重重壓力,美國通過部分放棄互聯網關鍵資源的直接控制權,為其網絡空間國際戰略的調整做準備。 [18] 2014年3月14日,美國商務部下屬的NTIA宣布將放棄對ICANN的控制,並在移交聲明中指出,將由ICANN管理層組織全球多利益攸關方討論接收問題,但明確拒絕由聯合國或其他政府間組織接管。 [19] ICANN自成立以來一直在尋求自己的獨立地位,ICANN國際化的目標不僅是要擺脫美國政府的製約,同時還要確保在美國政府放權後,不會被其他國家和政府間組織接管。因此,ICANN既需要與美國政府達成協議以保證自己的獨立性,也要與其他國家政府展開博弈,避免其國際化遭到強烈反對。
其次,聯合國在網絡空間治理中的作用持續提升,將有力地推動網絡空間治理架構和規範的建設步伐。通過聯合國信息安全政府專家組(GGE)的努力,國際社會在網絡空間的行為規範和建立信任措施等方面也取得了重要突破。 2013年6月,聯合國發表了一份由15個國家的代表組成的專家組的報告。報告首次明確了“國家主權和源自主權的國際規範及原則適用於國家進行的通信技術活動,以及國家在其領土內對通信技術基礎設施的管轄權。”同時,報告進一步認可了“聯合國憲章在網絡空間中的適用性”。 [20] “各國在努力處理通信技術安全問題的同時,必須尊重《世界人權宣言》和其他國際文書所載的人權和基本自由。”[21] 與2010年的專家組報告相比,上述內容分別作為2013年報告的第20和21條款出現,這是一個巨大的進步,表明信息發達國家和信息發展中國家在網絡空間治理認知理念的兼容性不斷提高。 2015年7月,聯合國關於從國際安全的角度看信息和電信領域的發展政府專家組公佈了第三份關於網絡空間國家行為準則的報告。這份報告在保護網絡空間關鍵基礎設施、建立信任措施、國際合作等領域達成了原則性共識。信息發展中國家關心的網絡主權進一步得到明確,信息發達國家主張的國際法特別是武裝衝突法在網絡空間中的適用也寫入其中。 [22]
最後,政府與非國家行為體在網絡空間治理中的競爭與合作模式將發生重大轉變,多層次博弈將成為網絡空間治理的“新常態”。在治理方式和路徑方面,各國在網絡空間治理中的政策立場也更強調從實際出發,特別是在處理政府與其他行為體的關係上。各方都意識到應當根據網絡空間治理中的問題來劃分政府與其他行為體的職責。對於多利益攸關方治理模式,信息發達國家與信息發展中國家的認知逐步統一,政府與私營部門、市民社會根據各自的職能參與網絡空間治理。認知縮小意味著一方對另一方的關切更加了解,信息發達國家與信息發展中國家在網絡空間治理中的博弈將更具針對性,表現為競爭與合作同步進行,以競爭促進合作。當然,這與信息發展中國家加大了對網絡空間建章立制的投入,在網絡空間治理的話語權上的增長有關。巴西、中國先後建立了網絡空間多利益攸關方會議(NetMundial)和世界互聯網大會機制,探討網絡與國家安全、網絡主權等核心問題,信息發展中國家的聲音將越來越多、越來越大。

三、網絡空間治理的理念演變

在信息發達國家與信息發展中國家,政府、私營部門和市民社會等圍繞網絡空間治理的博弈從衝突轉向融合的背後,反映了網絡空間治理理念的持續演變。儘管圍繞網絡空間治理的博弈主要是為了爭奪網絡空間的權力與財富,但行為體對治理的主體、客體和方法的不同認知對治理的衝突與融合產生了重要影響。微軟首席研究及戰略官克瑞格·蒙迪(Craig Mundie)在第七屆中美互聯網論壇上就曾指出,“中美雙方在網絡空間的誤解很大程度上是由於對’互聯網治理’和’網絡空間治理’兩個概念的混淆所導致”。 [23] 同樣,網絡空間治理博弈和衝突也反映了上述兩種治理概念之間的衝突。
互聯網治理被認為屬於一種由非政府行為體主導的多利益攸關方治理模式,但網絡空間治理也需要政府和政府間組織的參與和協調。互聯網治理項目(Internet Governance Project, IGP)將互聯網治理定義為“所有者、運營商、開發者和用戶共同參與的一個由互聯網協議所聯接起來的與網絡相關的決策,包括確立政策、規則和技術標準的爭端解決機制,制定資源分配和全球互聯網中人類行為的標準。”[24] 上述定義包括三個方面,即技術標準和協議的接受和認可,域名和IP地址等互聯網資源的分配,人類的互聯網行為產生的垃圾郵件、網絡犯罪、版權和商標爭議、消費者保護問題、公共部門和私人的安全問題等相關的規定、規則和政策等。勞拉·迪娜尼斯(Laura DeNardis)提出要按照互聯網傳輸的TCP/IP協議的層級,並根據不同層級的不同功能構建互聯網模式,依據功能、任務和行為體分別討論互聯網資源控制、標准設定、網絡接入、網絡安全治理、信息流動、知識產權保護等六個層面的互聯網治理內容。 [25]
網絡空間治理從原先互聯網治理所強調的專業性、技術性領域轉向更廣泛的政治、安全和經濟範疇,政府和政府間組織在網絡空間治理中的重要性也日益凸顯。網絡空間是一個更廣泛的領域,它不僅包括互聯網,還包括網絡中傳輸的數據,網絡的用戶以及現實社會與虛擬社會的交互等。相對應的網絡空間治理則是一個更加寬泛的概念,它是“包括網絡空間基礎設施、標準、法律、社會文化、經濟、發展等多方面內容的一個範疇”。 [26] 它所包含的治理議題更加多元,面臨的挑戰也在不斷增加。如“棱鏡門事件”引發的對大規模數據監控的關注、政府在網絡空間開展的網絡行動導致的高持續性威脅(APT)、全球範圍內的數字鴻溝(Digital Divide)與數據貧困(Data Poverty )、網絡恐怖主義、網絡商業竊密等越來越多的治理議題已經超越了傳統的互聯網治理理念的範疇。
網絡空間治理博弈中涉及的“全球公域”與“網絡主權”、“網絡自治”與“國家主導”等衝突反映出人們未能客觀、正確地理解“互聯網治理”與“網絡空間治理”之間不同的治理主體、客體和方法,試圖用單一的治理方法去解決其中的多元議題。以ICANN為代表的互聯網治理主體所推崇的自下而上、公開透明的治理模式,對於國家在應對網絡戰、大規模數據監控、竊密等高可持續性威脅、網絡恐怖主義等問題而言,缺乏有效性和針對性。與此同時,以國家為中心、自上而下的網絡空間治理理念也無法有效應對當前國際互聯網治理的現實問題,不能取代互聯網國際組織在該領域的主導地位。
隨著網絡空間治理進程的推進,上述兩種治理理念和方法在碰撞中也開始不斷融合。約瑟夫·奈認為,網絡空間是由多個治理機制組成,其中互聯網治理聚焦於技術層面,是網絡空間治理的一個子集。應當根據不同的治理議題,構建不同的治理機制,讓不同的行為體來發揮主導作用。 [27] 治理觀念的融合還表現在各方對多利益攸關方治理模式共識的增加。 ICANN採用的是一種自下而上、基於共識基礎的決策過程,並主張限制政府作用的治理模式。 [28] 很多信息發展中國家最初對多利益攸關方治理模式持反對態度,強調應當採用政府主導的多邊治理模式。隨著治理進程的深入,信息發展中國家逐步接受多利益攸關方治理模式,只要政府的作用得到合理體現,這種觀點也在私營部門和市民社會代表中獲得越來越多的共識。政府、私營部門和市民社會根據各自的功能與責任來參與決策過程,不刻意將其他行為體排除在外,也不刻意追求個別行為體的領導權,體現出更加客觀和平衡的網絡空間治理理念。

四、中國的戰略應對

中國政府提出了網絡空間全球治理的兩大目標,即共同構建和平、安全、開放、合作的網絡空間和建立多邊、民主、透明的國際互聯網治理體系,同時還將網絡強國戰略作為重要戰略目標納入“十三五”規劃建議中。前者主張對外參與國際網絡空間治理進程,以此來建立有利的國際治理體系;後者主張發展網絡技術力量,培育網絡產業,增強國家網絡實力。兩者之間的相互支持和相互促進需要有一個能夠統籌內外、應對複雜網絡空間形勢的國際戰略。儘管中國政府並未公佈具體的網絡空間國際戰略文件,但通過分析現有的相關政策,仍可以發現中國的網絡空間國際戰略還處於摸索階段。因此,有必要對照網絡空間力量博弈的特點和網絡強國戰略來分析和探討中國的網絡空間國際戰略。
(一)中國網絡空間國際政策實踐
自1994年接入國際互聯網起,中國就制定了各種形式的網絡國際政策融入國際網絡空間體系。這一方面是擴大開放的需要,希望通過國際合作學習、引進國外先進的技術標準;另一方面是信息技術的驅動,融入全球化必須要全方位參與國際體系。 [29] 此外,隨著中國在國際事務中的影響力越來越大以及對網絡的依存度上升,主動參與網絡空間治理也是維護國家利益的重要路徑和方式。中國的網絡政策在很大程度上受到國際網絡空間治理形勢的影響,並在與國際網絡空間治理制度的互動中得到發展和提升,呈現出多領域、多層次和多主體的特點。
第一,中國政府網絡國際政策覆蓋了國際技術標準合作、信息通信技術產業合作、全球互聯網治理、打擊網絡犯罪、網絡經濟、數字鴻溝等多個領域,與全球網絡治理的發展趨勢總體上保持一致。首先,從早期的技術、產業和互聯網標準的合作逐步拓展至更加廣泛的網絡相關政策合作,很多政策領域實際上已經超出了互聯網本身的範疇,與國際經濟、政治、安全相結合。其次,“棱鏡門事件”之後,隨著網絡空間安全治理成為治理中的主要議題,中國網絡政策的關注點也相應聚焦於網絡安全治理,及建立在此基礎上的國家安全、政治安全、經濟安全和社會安全。中國不僅在國際上大力反對大規模網絡監控,提倡維護國家網絡主權,而且在國內政策上也更加註重與網絡安全相關的立法工作,在實踐中維護國家安全和主權。
第二,中國的網絡空間國際政策覆蓋了雙邊、地區、多邊和國際等多個層級。從雙邊層面來看,中國與韓國、英國、澳大利亞等國家建立了政府間對話合作機制,這些合作不僅覆蓋網絡安全、數字經濟和發展等內容,還成為雙邊外交關係的重要內容和支撐。此外,中美、中俄之間在網絡安全領域開展了不同程度的建立信任措施(Confidence Building Measures, CBMs)。 [30] 在地區層面,中國與東盟、上合組織、歐盟、阿盟等地區組織和國家之間建立了多種形式的網絡對話合作機制。 2009年中國政府分別與東盟和上合組織成員國簽訂了《中國—東盟電信監管理事會關於網絡安全問題的合作框架》和《上合組織成員國保障國際信息安全政府間合作協定》。 [31] 中國還積極參與東盟地區論壇網絡安全工作組的工作,並於2013年9月在北京召開了東盟地區論壇“加強網絡安全措施研討會——法律和文化視角”。會議倡議互聯網的發展需要法律規則的引領,也需要促進和尊重文化多樣性,各方應在網絡安全領域加強交流、增進互信、推進合作,共同構建和平、安全、開放、合作的網絡空間。 [32] 最後,中國還積極參與多邊和國際層面的網絡空間治理機制,無論是聯合國框架下的信息安全政府專家組、國際電信聯盟、信息社會世界峰會、互聯網治理論壇,還是聯合國框架之外的倫敦進程、網絡空間多利益攸關方會議等機制,中國都是主要參與者;此外,中國還通過召開世界互聯網大會來開展網絡空間的主場外交。中國還與俄羅斯、烏茲別克斯坦等上合組織成員國共同向聯合國大會提交了兩個版本的“信息安全國際行為準則”。 [33] 中國也是全球互聯網治理聯盟的主要參與方,國家互聯網信息辦公室(網信辦)主任魯煒和阿里巴巴集團董事局主席馬雲當選為該聯盟的委員。
第三,隨著網絡空間治理所覆蓋的內容越來越廣泛,中國網絡空間國際政策參與的主體也從傳統的外交部、工信部進一步擴展到公安部、商務部、財政部以及新成立的網信辦,外交部專門設立了“網絡事務辦公室”來應對網絡空間的外交事務。其中,外交部主要負責雙邊、地區、多邊和國際層面的網絡外交工作,它還是中國對接聯合國框架下網絡治理機制的主要力量,特別是來自外交部軍控司的官員全程參與四屆聯合國信息安全專家組的工作。網信辦作為中央網絡安全與信息化領導小組的常設機構,是中國為了統籌應對網絡安全與信息化新設立的重要機構。網信辦作為統籌、協調中國網絡事務的機構在網絡國際政策中的角色越來越重要,不僅開展了多層級的國際網絡安全與數字經濟合作,還建立了世界互聯網大會治理機制。此外,公安部在打擊網絡安全犯罪、網絡反恐,商務部在信息通信技術市場准入,財政部在網絡基礎設施對外援助等領域的工作都將是中國今後實施網絡空間國際戰略的堅實基礎。
由此可見,中國已經形成了一個較為全面、深入的網絡空間國際戰略架構,包括多元的參與主體、寬領域的議題覆蓋和多層級的參與路徑,這為網絡空間治理的國際戰略構建奠定了良好基礎。伴隨著中國從網絡大國向網絡強國的發展,中國將會建立一個全面、完善的網絡空間國際戰略。
(二)網絡空間國際戰略面臨的挑戰
網絡空間治理的力量博弈變化給中國的網絡空間國際戰略帶來了多重挑戰:一是信息發達國家將繼續主導網絡空間治理博弈的方向,這對中國的網絡空間國際戰略構成挑戰;二是由於缺乏高級互聯網治理人才,導致中國在互聯網國際組織中的代表性嚴重不足;三是網絡空間治理博弈轉向強調能力建設(Capacity Building)、最佳實踐(Best Practice)等方向,將給中國帶來競爭壓力。這些問題和挑戰對中國網絡空間國際戰略將產生較大衝擊,若處理不當,會對網絡強國戰略的實施造成負面影響。
第一,信息發達國家繼續主導網絡空間治理博弈方向對中國國際戰略構成的挑戰。網絡空間全球治理是通過各種形式的治理機制發揮作用,機制的構建取決於各行為體之間的談判,談判的籌碼不僅取決於各行為體的權力大小,還與各方在網絡空間全球治理中的議程設置能力息息相關。 [34] 按照約瑟夫·奈的定義,前者可稱之為“硬權力”,後者是“軟權力”。 [35] 信息發達國家在這兩個領域的優勢明顯,特別是在通過選擇性或者優先設置議程左右網絡空間治理的機制構建。比如在網絡安全治理中,美國依靠其議程設置能力阻止國際社會將大規模數據監控列為治理議程,同時將其重點關切的網絡經濟竊密設置為優先議程。此外,信息發達國家在設置網絡人權議程時,將重點置於自由領域,而民主(一國一票)、平等(大小國家擁有同等話語權)等同樣重要的議題則被排除在議程之外。不僅如此,對於各國在“棱鏡門事件”後要求加強行使網絡主權的趨勢,美國則提出“數據本地化”(Data Localization)這一議程以規避在全球治理機制中討論網絡主權。與信息發達國家相比,信息發展中國家在議程設置能力上還存在較大差距,缺乏主動設置議程的能力。近年來,隨著中國、巴西、印度等國先後建立了各種網絡空間治理機制,新興大國在網絡空間全球治理中的議程設置能力不斷增強。但總體而言,中國與信息發達國家在治理能力方面的差距依舊存在,並將影響中國通過國際機制維護自身國家利益,以及表達自身關切。

第二,由于缺乏高级网络空间治理人才,导致中国在互联网国际组织中的代表性严重不足。网络空间治理博弈的趋势表明,ICANN、IETF等国际组织对互联网关键资源的控制权不会受到政府和政府间组织的挑战。随着美国政府放弃对ICANN的控制权,后者将具有更大的独立性。网络空间建立在互联网基础之上,网络空间治理的基础也是互联网治理。因此,中国的网络空间国际战略必须要在互联网治理领域实现突破,同时提升在互联网国际组织中的影响力和代表性。对包括中国在内的广大信息发展中国家而言,必须增加在ICANN等国际组织中的代表性,让更多来自中国和其他发展中国家的声音出现在ICANN中。
第三,网络空间治理博弈转向强调能力建设、最佳实践等方向,这将给中国带来严峻的竞争压力。网络空间治理博弈理念的融合使得国际社会对网络空间治理的焦点转向了能力建设、最佳实践等可操作和可落实的领域,包括向信息发展中国家和信息不发达国家提供网络基础设施;提供与网络空间治理相关的技术、法律、政策等人才的培训;提供网络空间治理中遇到的解决各种具体问题的最佳实践。这对于中国参与网络空间治理的国际战略提出了更高的要求,信息发达国家在上述领域的资源优势、人才优势短期内难以撼动,这不仅需要中国政府投入更多资源,也需要中国的互联网企业、行业协会、法律专家的共同和积极参与。
(三)中国参与网络空间治理的战略思路
确立中国网络空间国际战略的基本路径与中国整体对外战略强调的融入国际体系,并推动改革国际体系的宏观目标相一致。[36] 为应对复杂的网络空间治理博弈,中国一方面要加强能力建设,并注重将能力转化为参与网络空间全球治理的影响力;另一方面在网络安全与开放之间寻求平衡,通过参与国际网络空间建章立制来维护自己的合法权益,避免过度安全化带来的负面影响;并加强网络强国战略与网络空间国际战略之间的战略互动,形成相互支持的网络空间战略体系。
第一,结合网络空间治理的新近和未来发展态势,强化对国际机制的塑造能力。在网络空间全球治理层面,围绕治理平台的斗争日趋激烈。包括互联网论坛、国际电信联盟、伦敦进程、巴西网络空间多利益攸关方会议以及中国的世界互联网大会在内,各个平台都有其主导力量,参与的行为体所关注的议题和发挥的影响力均不相同。中国应结合世界互联网论坛以及参与的其他网络空间治理机制,在网络安全、网络犯罪、能力建设、网络经济、网络文化、数字鸿沟等议题中,探索如何提升自身向国际社会提供能力建设方案、最佳实践和解决方案等公共产品的能力。
第二,着重培养参与网络空间治理的国际化人才。国际互联网治理组织多为非政府组织,其采用的多利益攸关方治理模式通常要求从互联网社群中选拔高级管理人才,根据选拔对象对互联网技术、治理所作出的贡献来来担任相应的高级管理职务,而非传统政府间组织的一国一票或按照人口、经济比例来分配名额。以ICANN为例,其现有的管理架构是由董事会和3个支持组织、3个咨询委员会及2个技术咨询机构组成。董事会由16名具有表决权的成员和5名不具有表决权的联络员组成,除ICANN总裁之外,其余15个名额分别来自支持组织、一般会员咨询委员会、区域一般会员组织和提名委员会。要想当选为有投票权的委员,必须要通过自下而上的提名和选举。因此,中国应当理顺体制和机制,积极向ICANN等国际非政府组织输送人才,鼓励互联网企业、行业组织和学术机构积极参与ICANN、IETF、互联网架构委员会(Internet Architecture Board, IAB)等机构的人才选拔,以此来提升在互联网国际组织中的代表性和发言权,并提高中国对互联网治理的影响力。
第三,加强网络强国战略与网络空间国际战略之间的战略互动。中国在“十三五”规划建议中正式提出网络强国战略,并从技术创新、网络文化、网络基础设施、网络安全和信息化建设、国际合作五个方面着手,推进网络强国建设。[37] 网络强国战略中多次提到了对外开放、积极参与国际互联网治理,甚至将国际合作作为单独一章。由此可见,网络空间国际战略与网络强国战略之间相互融合、相互支撑。两者的有效互动,关系到中国对网络空间的开放、安全与发展关系的处理。从双层博弈的角度来看,任何一个国家的战略都面临外部形势和内部利益集团的双重约束,过度强调开放或者安全都不利于整体国家安全和利益。强化网络强国战略与网络空间国际战略之间的互动,有助于提高决策者对于网络空间的安全与开放,网络空间的安全、发展、与开放之间关系的认知,打破双重约束,制定更加符合客观规律的政策。
从技术层面来说,网络强国战略可以更好地为中国参与全球网络空间治理提供支撑。当前网络空间治理的主要竞争已经从认知、理念层面的博弈,转向提供解决方案、最佳实践、能力建设等具体的议题合作领域。缺乏有效的支撑,网络空间国际战略难以持续,并赢得国际社会的认可。与此同时,网络空间国际战略也有助于为网络强国战略营造有利的外部环境、提供外部先进的经验和教训,向国内的ICT企业提供广阔的国际市场。最后,还可借鉴对外援助领域的经验,通过ICT领域的对外援助缓解甚至消除网络空间治理中的数字鸿沟问题,一方面可以为网络空间治理贡献中国力量,另一方面也有助于中国ICT企业的国际化战略.

Original URL: http://www.siis.org.cn/Research/Info/629

 

中央網信辦發布《國家網絡安全事件應急預案》Communist Chinese Party issues National Network Security Incident Contingency Plans

中央網信辦發布《國家網絡安全事件應急預案》

Communist Chinese Party issues National Network Security Incident Contingency Plans

2017年06月27日 17:16中国网信网

Notice of the Central Network Office on Printing and Distributing the Emergency Plan for National Network Security Incidents

China Network Office issued a document [2017] No. 4

Provinces, autonomous regions and municipalities, Xinjiang Production and Construction Corps Party Committee Network Security and Information Leading Group, the central and state organs of the ministries, the people’s organizations:

“National network security incident contingency plans” has been the central network security and information leading group agreed, is now issued to you, please carefully organize the implementation.

Central Network Security and Information Leading Group Office

January 10, 2017

National network security incident contingency plans

table of Contents

1 General

1.1 Purpose of preparation

1.2 Preparation basis

1.3 Scope of application

1.4 Event rating

1.5 working principle

Organizational Structure and Responsibilities

2.1 Leadership and Responsibilities

2.2 offices and responsibilities

2.3 Responsibilities of various departments

2.4 duties of provinces (autonomous regions and municipalities)

3 monitoring and early warning

3.1 Early warning classification

3.2 Early warning monitoring

3.3 Early warning judgment and release

3.4 Early warning response

3.5 warning release

4 emergency treatment

4.1 Event report

4.2 Emergency response

4.3 Emergency end

5 Investigation and evaluation

6 to prevent work

6.1 Daily management

6.2 Walkthrough

6.3 Advocacy

6.4 Training

Precautions during important events

7 safeguards

7.1 Institutions and personnel

7.2 technical support team

7.3 expert team

7.4 Social resources

7.5 base platform

7.6 Technology research and development and industry promotion

7.7 International cooperation

7.8 material security

7.9 Funds protection

7.10 Responsibility and rewards and punishments

8 Annex

8.1 Project Management

8.2 Explanation of the plan

8.3 Implementation time of the plan

1 General

1.1 Purpose of preparation

Establish and improve the national network security incident emergency mechanism to improve the ability to deal with network security events, prevent and reduce network security incidents caused by the loss and harm, protect the public interest, safeguard national security, public safety and social order.

1.2 Preparation basis

“People’s Republic of China Incident Response Law”, “People’s Republic of China Network Security Law”, “National General Public Emergency Plan”, “Emergency Emergency Plan Management Measures” and “Information Security Technology Information Security Event Classification Classification Guide “(GB / Z 20986-2007) and other relevant provisions.

1.3 Scope of application

The cybersecurity incident referred to in this plan refers to events that cause adverse effects to the society due to human causes, hardware and software defects or failures, natural disasters, etc., which cause harm to the network and the information system or the data in it, Network attack events, information corruption events, information content security incidents, device facility failures, catastrophic events, and other events.

This plan applies to the work of network security events. Among them, the information content security incident response, to develop a special plan.

1.4 Event rating

Network security events are divided into four levels: particularly significant network security events, major network security incidents, larger network security events, and general network security events.

(1) meets one of the following scenarios for a particularly significant cyber security incident:

① Significant network and information systems suffer from particularly serious system losses, resulting in large paralysis of the system and loss of business processing capacity.

② State secret information, important sensitive information and key data loss or theft, tampering, counterfeiting, constitute a particularly serious threat to national security and social stability.

③ other network security incidents that pose a particularly serious threat to national security, social order, economic construction and public interest, causing particularly serious impact.

(2) meets one of the following scenarios and does not meet significant network security incidents for significant network security incidents:

① important network and information systems suffered serious system losses, resulting in a long time the system interrupted or partial paralysis, business processing capacity has been greatly affected.

② State secret information, important sensitive information and key data loss or theft, tampering, counterfeiting, posing a serious threat to national security and social stability.

③ other serious threats to national security, social order, economic construction and public interest, causing serious impact on network security incidents.

(3) meet one of the following conditions and does not meet significant network security incidents for larger network security events:

① important network and information systems suffer from greater system loss, resulting in system interruption, significantly affect the system efficiency, business processing capacity is affected.

② State secret information, important sensitive information and key data loss or theft, tampering, counterfeiting, posing a serious threat to national security and social stability.

③ other on the national security, social order, economic construction and public interests constitute a more serious threat, resulting in more serious impact of network security incidents.

(4) In addition to the above, the national security, social order, economic construction and public interests constitute a certain threat, resulting in a certain impact on the network security incidents for the general network security incidents.

1.5 working principle

Adhere to the unified leadership, grading responsibility; adhere to the unified command, close coordination, rapid response, scientific treatment; adhere to the prevention of prevention, prevention and emergency combination; adhere to who is responsible for who, who is responsible for running, give full play to all forces together Prevention and disposal of network security incidents.

Organizational Structure and Responsibilities

2.1 Leadership and Responsibilities

Under the leadership of the Central Network Security and Information Leading Group (hereinafter referred to as the “Leading Group”), the Office of the Central Network Security and Information Leading Group (hereinafter referred to as the “Central Network Office”) coordinates the organization of national network security incident response, Establish and improve the cross-sectoral linkage mechanism, the Ministry of Industry and Information Technology, the Ministry of Public Security, the State Secrecy Bureau and other relevant departments in accordance with the division of responsibilities responsible for the relevant network security incident response. If necessary, the establishment of national network security incident emergency headquarters (hereinafter referred to as “the headquarters”), responsible for the special major network security incident handling organization and coordination and coordination.

2.2 offices and responsibilities

National Network Security Emergency Office (hereinafter referred to as “emergency office”) is located in the central network letter office, the specific work by the central network letter to do Network Security Coordination Bureau. Emergency Office is responsible for the network security emergency cross-sectoral, cross-regional coordination of the work and the headquarters of the transactional work, organization and guidance of national network security emergency technical support team to do emergency technical support work. The relevant departments are responsible for the relevant work of the Secretary-level comrades as liaison officers, contact emergency office work.

2.3 Responsibilities of various departments

The central and state departments and departments in accordance with their duties and authority, responsible for the sector, the industry network and information systems network security incident prevention, monitoring, reporting and emergency response.

2.4 duties of provinces (autonomous regions and municipalities)

The administrative departments of the provinces (autonomous regions and municipalities) shall coordinate and organize the prevention, monitoring, reporting and emergency handling of network security incidents in the regional network and information systems under the unified leadership of the Party Committee’s Network Safety and Information Leading Group.

3 monitoring and early warning

3.1 Early warning classification

The network security event warning level is divided into four levels: from high to low, followed by red, orange, yellow and blue, respectively, corresponding to occur or may occur particularly significant, significant, large and general network security events.

3.2 Early warning monitoring

The units in accordance with the “who is responsible for who is responsible for who who is responsible for” the requirements of the organization of the unit construction and operation of the network and information systems to carry out network security monitoring. Focus on industry executives or regulatory organizations to guide the organization to do the work of network security monitoring. The provinces (autonomous regions and municipalities) network letter department with the actual situation in the region, the organization of the region to carry out the network and information systems security monitoring. Provinces (autonomous regions and municipalities), the departments will be important monitoring information reported to be urgent, emergency office to carry out inter-provincial (district, city), cross-sectoral network security information sharing.

3.3 Early warning judgment and release

Provinces, autonomous regions and municipalities, departments of the monitoring of information on the judge, that the need for immediate preventive measures, should promptly notify the relevant departments and units, may occur on major and above network security incidents in a timely manner to the emergency response report. Provinces (autonomous regions and municipalities), the departments can be based on monitoring and judging the situation, the release of the region, the industry’s orange and the following warning.

Emergency organization to determine, determine and publish red warning and involving multi-province (district, city), multi-sectoral, multi-industry early warning.

Early warning information includes the category of the event, the level of the alert, the starting time, the possible scope, the warning, the measures and time limits that should be taken, the issuing authority, and so on.

3.4 Early warning response

3.4.1 Red warning response

(1) the emergency response organization organization early warning response work, contact experts and relevant agencies, organizations to track the development of the situation to study and formulate preventive measures and emergency work program, coordination of resource scheduling and departmental linkage of the preparatory work.

(2) the relevant provinces (autonomous regions and municipalities), the Department of network security incident emergency command agencies to implement 24 hours on duty, the relevant personnel to maintain communication links. Strengthen the network security incident monitoring and development of information collection work, organize and guide the emergency support team, the relevant operating units to carry out emergency treatment or preparation, risk assessment and control work, the important situation retribution urgent.

(3) the national network security emergency technical support team into the standby state, for the early warning information research to develop a response program, check emergency vehicles, equipment, software tools, to ensure a good condition.

3.4.2 Orange warning response

(1) the relevant provinces (autonomous regions and municipalities), departmental network security incident emergency command agencies to start the corresponding contingency plans, organize early warning response, do risk assessment, emergency preparedness and risk control.

(2) the relevant provinces (autonomous regions and municipalities), departments in a timely manner to the situation of the situation reported to the emergency response. The Emergency Office is closely following the development of the matter and timely notification of the relevant provinces (autonomous regions and municipalities) and departments.

(3) the national network security emergency technical support team to keep in touch, check emergency vehicles, equipment, software tools, to ensure that in good condition.

3.4.3 yellow, blue warning response

The relevant regional and departmental network security incident emergency command agencies to start the corresponding contingency plans to guide the organization to carry out early warning response.

3.5 warning release

Early warning release departments or regions according to the actual situation, to determine whether to lift the warning, timely release warning release information.

4 emergency treatment

4.1 Event report

After the network security incident occurs, the incident unit should immediately start the emergency plan, the implementation of disposal and timely submission of information. The relevant regions and departments immediately organize the early disposal, control the situation, eliminate hidden dangers, at the same time organization and judgment, pay attention to save the evidence, do a good job of information communication. For the primary judgment is particularly significant, major network security incidents, and immediately report to the emergency office.

4.2 Emergency response

The network security incident emergency response is divided into four levels, corresponding to particularly significant, significant, large and general network security events. Level I is the highest response level.

4.2.1 Class I response

Is a particularly important network security incidents, timely start I-level response, the establishment of the headquarters, the implementation of emergency response to the unified leadership, command and coordination responsibilities. Emergency Office 24 hours on duty.

The relevant departments (district, city), the department emergency response agencies into the emergency state, in the command of the unified leadership, command and coordination, responsible for the province (district, city), the department emergency work or support security work, 24 hours on duty, And sent to participate in emergency office work.

The relevant provinces (autonomous regions and municipalities), departments to track the development of the situation, check the scope of the impact of the situation in time to change the situation, the progress of the report retribution. The headquarters of the response to the work of the decision-making arrangements, the relevant provinces (autonomous regions and municipalities) and departments responsible for the organization and implementation.

4.2.2 Class II response

The level response of the network security incident is determined by the relevant province (district, city) and the department according to the nature and circumstances of the incident.

(1) the incident occurred in the province (district, city) or department of the emergency command agencies into the emergency state, in accordance with the relevant emergency plans to do emergency work.

(2) the incident occurred in the province (district, city) or departments in a timely manner to change the situation developments. The emergency office will keep the relevant matters and the relevant departments and departments in a timely manner.

(3) the disposal of the need for other relevant provinces (autonomous regions and municipalities), departments and national network security emergency technical support team with the support and business emergency response to be coordinated. Relevant provinces (autonomous regions and municipalities), departments and national network security emergency technical support team should be based on their respective responsibilities, and actively cooperate to provide support.

(4) The relevant provinces (autonomous regions and municipalities) and departments shall, in accordance with the notification of the emergency office, strengthen the prevention and prevent the greater impact and losses on the basis of their actual and targeted efforts.

4.2.3 Class Ⅲ, Ⅳ level response

Event areas and departments in accordance with the relevant plans for emergency response.

4.3 Emergency end

4.3.1 End of class I response

Emergency Office to make recommendations, reported to the headquarters after approval, timely notification of the relevant provinces (autonomous regions and municipalities) and departments.

4.3.2 Level II response ends

(Autonomous regions and municipalities) or departments, the emergency response, emergency response to the relevant provinces (autonomous regions and municipalities) and departments.

5 Investigation and evaluation

Special major network security incidents by the emergency branch of the relevant departments and provinces (autonomous regions and municipalities) to investigate and summarize the assessment, according to the procedures reported. Significant and the following network security incidents are organized by the event area or department to organize their own investigation and summary assessment, including the major network security incident related to the summary report of the report retribution. Summary of the investigation report should be the cause of the event, nature, impact, responsibility analysis and evaluation, put forward the views and improvement measures.

The investigation and summary of the incident is carried out in principle within 30 days after the end of the emergency response.

6 to prevent work

6.1 Daily management

All localities and departments should do a good job in the day-to-day prevention of network security incidents, formulate and improve relevant emergency plans, do a good job of network security inspection, risk investigation, risk assessment and disaster recovery, improve the network security information notification mechanism, take timely and effective measures, Reduce and avoid the occurrence and harm of network security incidents, improve the ability to deal with network security incidents.

6.2 Walkthrough

Central Network letter to coordinate the relevant departments to organize regular exercises, test and improve the plan to improve the actual combat capability.

The provinces (autonomous regions and municipalities), departments at least once a year to organize a plan exercise, and the exercise situation reported to the central network letter to do.

6.3 Advocacy

All localities and departments should make full use of various media and other effective propaganda forms to strengthen the publicity and disposal of relevant laws, regulations and policies for the prevention and disposal of sudden network security incidents and carry out propaganda activities on basic knowledge and skills of network security.

6.4 Training

All localities and departments should regard the emergency knowledge of cyber security incidents as the training content of leading cadres and relevant personnel, strengthen the training of network security, especially network security contingency plans, and improve awareness and skills.

Precautions during important events

In the national important activities, during the meeting, the provinces (autonomous regions and municipalities), various departments to strengthen the network security incidents to prevent and emergency response to ensure network security. Emergency Office to coordinate the work of network security, according to the requirements of the relevant provinces (autonomous regions and municipalities), departments to start the red warning response. The relevant provinces (autonomous regions and municipalities), departments to strengthen network security monitoring and analysis of judgments, timely warning may cause significant impact on the risks and risks, key departments, key positions to maintain 24 hours on duty, timely detection and disposal of network security incidents.

7 safeguards

7.1 Institutions and personnel

All localities and departments, units to implement the network security emergency work responsibility system, the responsibility to implement specific departments, specific positions and individuals, and establish a sound emergency working mechanism.

7.2 technical support team

Strengthen the network security emergency technical support team building, do a good job of network security incident monitoring and early warning, prevention and protection, emergency response, emergency technical support work. Support network security enterprises to improve emergency response capabilities, to provide emergency technical support. The central network to do assessment of the development of accreditation standards, organizational assessment and identification of national network security emergency technical support team. All provinces (autonomous regions and municipalities), departments should be equipped with the necessary network security professional and technical personnel, and strengthen the national network security related technical units of communication, coordination, the establishment of the necessary network security information sharing mechanism.

7.3 expert team

The establishment of national network security emergency expert group, for the network security incident prevention and disposal of technical advice and decision-making recommendations. All regions and departments to strengthen their own team of experts, give full play to the role of experts in the emergency response.

7.4 Social resources

From the educational research institutions, enterprises and institutions, associations in the selection of network security personnel, pooling technology and data resources, the establishment of network security incident emergency service system to improve the response to particularly significant, major network security incidents.

7.5 base platform

All regions and departments to strengthen the network security platform and management platform for emergency management, so early detection, early warning, early response, improve emergency response capability.

7.6 Technology research and development and industry promotion

Relevant departments to strengthen network security technology research, and constantly improve the technical equipment, emergency response to provide technical support. Strengthen the policy guidance, focus on supporting network security monitoring and early warning, prevention and protection, disposal of rescue, emergency services and other directions to enhance the overall level of network security industry and core competitiveness, and enhance the prevention and disposal of network security event industry support capabilities.

7.7 International cooperation

Relevant departments to establish international cooperation channels, signed a cooperation agreement, if necessary, through international cooperation to deal with sudden network security incidents.

7.8 material security

Strengthen the network security emergency equipment, tools, reserves, timely adjustment, upgrade software hardware tools, and constantly enhance the emergency technical support capabilities.

7.9 Funds protection

The financial department provides the necessary financial guarantee for the emergency disposal of the network security incident. Relevant departments to use the existing policies and funding channels to support the network security emergency technical support team building, expert team building, basic platform construction, technology research and development, planning exercises, material security and other work carried out. All regions and departments for the network security emergency work to provide the necessary financial protection.

7.10 Responsibility and rewards and punishments

Implementation of Responsibility System for Emergency Work of Network Security Incident.

The central network letter office and the relevant regional and departmental network security incident emergency management work to make outstanding contributions to the advanced collective and individuals to commend and reward.

The central network and the relevant departments and departments do not follow the provisions of the formulation of plans and organizations to carry out exercises, late, false, concealed and owe the network security incidents important or emergency management work in other misconduct, dereliction of duty, in accordance with the relevant Provides for the responsible person to be punished; constitute a crime, shall be held criminally responsible.

8 Annex

8.1 Project Management

The plan is evaluated in principle once a year and revised in a timely manner according to the actual situation. The revision work is handled by the central network.

All provinces (autonomous regions and municipalities), departments and units shall, according to the plan, formulate or revise the contingency plans for the network security incidents in the region, the department, the industry and the unit.

8.2 Explanation of the plan

The plan is interpreted by the central network letter office.

8.3 Implementation time of the plan

The plan has been implemented since the date of issuance.

Attachment:

1. Network security event classification

2. Terminology

3. Network and information system loss degree description

attachment1

Network Security Event Classification

Network security events are classified as unwanted program events, network attack events, information corruption events, information content security incidents, device facility failures, catastrophic events, and other network security incidents.

(1) Harmful program events are classified into computer virus events, worm events, Trojan events, botnet events, mixed program attack events, web embedded malicious code events, and other unwanted program events.

(2) network attacks are divided into denial of service attacks, backdoor attacks, vulnerability attacks, network scanning eavesdropping events, phishing events, interference events and other network attacks.

(3) information destruction events are classified as information tampering events, information fake events, information disclosure incidents, information theft events, information loss events and other information destruction events.

(4) Information content security incidents refer to the dissemination of laws and regulations through the Internet to prohibit information, organize illegal series, incite rallies or hype sensitive issues and endanger national security, social stability and public interest events.

(5) equipment and equipment failure is divided into hardware and software failure, peripheral protection facilities failure, man-made damage and other equipment and equipment failure.

(6) Disastrous events refer to network security incidents caused by other emergencies such as natural disasters.

(7) Other events refer to network security events that can not be classified as above.

Annex 2

Terminology

First, the important network and information systems

The network and information systems that are closely related to national security, social order, economic construction and public interest.

(Reference: “Information Security Technology Information Security Event Classification and Classification Guide” (GB / Z 20986-2007))

Second, the important sensitive information

Information that is not related to national secrets but is closely related to national security, economic development, social stability and corporate and public interest, which, once unauthorized, is disclosed, lost, misused, tampered with or destroyed, may have the following consequences:

A) damage to national defense, international relations;

B) damage to State property, public interest and personal property or personal safety;

C) affect the state to prevent and combat economic and military spies, political infiltration, organized crime;

D) affect the administrative organs to investigate and deal with illegal, dereliction of duty, or suspected of illegal, dereliction of duty;

E) interfere with government departments to carry out administrative activities such as supervision, management, inspection and auditing impartially, hinder government departments from performing their duties;

F) endanger the national key infrastructure, government information system security;

G) affect the market order, resulting in unfair competition, undermining the laws of the market;

H) can be inferred from the state secret matter;

I) infringement of personal privacy, corporate trade secrets and intellectual property rights;

J) damage to the country, business, personal other interests and reputation.

(Reference: “Information Security Technology Cloud Computing Service Security Guide” (GB / T31167-2014))

Annex 3

Network and Information System Losses

Network and information system loss refers to the network security incidents due to network hardware and software, functions and data damage, resulting in system business interruption, so as to the loss caused by the organization, the size of the main consideration to restore the normal operation of the system and eliminate security incidents Negative effects are deducted as particularly serious system losses, severe system losses, greater system losses, and minor system losses, as follows:

A) Particularly serious systemic damage: a large area of ​​paralysis of the system, loss of business processing capacity, or confidentiality, integrity, availability of critical data, serious damage to the system, normal operation of the system and elimination of the negative impact of security incidents The price paid is very great, for the incident is unbearable;

B) Serious system loss: causing the system to be interrupted for a long time or partially paralyzed, greatly compromising its business processing capacity, or the confidentiality, integrity, availability of the critical data, the recovery of the system and the elimination of security incidents Negative effects are huge, but are affordable for the organization;

C) Larger system losses: causing system outages, significantly affecting system efficiency, affecting the operational capacity of important information systems or general information systems, or the confidentiality, integrity, availability of system critical data, and the restoration of the system The cost of running and eliminating the negative effects of security incidents is greater, but it is entirely affordable for the organization;

D) Smaller system losses: causing system interruption, affecting system efficiency, affecting system operational capacity, or confidentiality, integrity, availability of system critical data, restoring system uptime and eliminating security incidents The cost of the impact is less.

Original Mandarin Chinese:

中央網信辦關於印發《國家網絡安全事件應急預案》的通知

中網辦發文〔2017〕4號

各省、自治區、直轄市、新疆生產建設兵團黨委網絡安全和信息化領導小組,中央和國家機關各部委、各人民團體:

《國家網絡安全事件應急預案》已經中央網絡安全和信息化領導小組同意,現印發給你們,請認真組織實施。

中央網絡安全和信息化領導小組辦公室

2017年1月10日

國家網絡安全事件應急預案

目 錄

1 總則

1.1 編制目的

1.2 編制依據

1.3 適用範圍

1.4 事件分級

1.5 工作原則

2 組織機構與職責

2.1 領導機構與職責

2.2 辦事機構與職責

2.3 各部門職責

2.4 各省(區、市)職責

3 監測與預警

3.1 預警分級

3.2 預警監測

3.3 預警研判和發布

3.4 預警響應

3.5 預警解除

4 應急處置

4.1 事件報告

4.2 應急響應

4.3 應急結束

5 調查與評估

6 預防工作

6.1 日常管理

6.2 演練

6.3 宣傳

6.4 培訓

6.5 重要活動期間的預防措施

7 保障措施

7.1 機構和人員

7.2 技術支撐隊伍

7.3 專家隊伍

7.4 社會資源

7.5 基礎平台

7.6 技術研發和產業促進

7.7 國際合作

7.8 物資保障

7.9 經費保障

7.10 責任與獎懲

8 附則

8.1 預案管理

8.2 預案解釋

8.3 預案實施時間

1 總則

1.1 編制目的

建立健全國家網絡安全事件應急工作機制,提高應對網絡安全事件能力,預防和減少網絡安全事件造成的損失和危害,保護公眾利益,維護國家安全、公共安全和社會秩序。

1.2 編制依據

《中華人民共和國突發事件應對法》、《中華人民共和國網絡安全法》、《國家突發公共事件總體應急預案》、《突發事件應急預案管理辦法》和《信息安全技術信息安全事件分類分級指南》(GB/Z 20986-2007)等相關規定。

1.3 適用範圍

本預案所指網絡安全事件是指由於人為原因、軟硬件缺陷或故障、自然災害等,對網絡和信息系統或者其中的數據造成危害,對社會造成負面影響的事件,可分為有害程序事件、網絡攻擊事件、信息破壞事件、信息內容安全事件、設備設施故障、災害性事件和其他事件。

本預案適用於網絡安全事件的應對工作。其中,有關信息內容安全事件的應對,另行製定專項預案。

1.4 事件分級

網絡安全事件分為四級:特別重大網絡安全事件、重大網絡安全事件、較大網絡安全事件、一般網絡安全事件。

(1)符合下列情形之一的,為特別重大網絡安全事件:

①重要網絡和信息系統遭受特別嚴重的系統損失,造成系統大面積癱瘓,喪失業務處理能力。

②國家秘密信息、重要敏感信息和關鍵數據丟失或被竊取、篡改、假冒,對國家安全和社會穩定構成特別嚴重威脅。

③其他對國家安全、社會秩序、經濟建設和公眾利益構成特別嚴重威脅、造成特別嚴重影響的網絡安全事件。

(2)符合下列情形之一且未達到特別重大網絡安全事件的,為重大網絡安全事件:

①重要網絡和信息系統遭受嚴重的系統損失,造成系統長時間中斷或局部癱瘓,業務處理能力受到極大影響。

②國家秘密信息、重要敏感信息和關鍵數據丟失或被竊取、篡改、假冒,對國家安全和社會穩定構成嚴重威脅。

③其他對國家安全、社會秩序、經濟建設和公眾利益構成嚴重威脅、造成嚴重影響的網絡安全事件。

(3)符合下列情形之一且未達到重大網絡安全事件的,為較大網絡安全事件:

①重要網絡和信息系統遭受較大的系統損失,造成系統中斷,明顯影響系統效率,業務處理能力受到影響。

②國家秘密信息、重要敏感信息和關鍵數據丟失或被竊取、篡改、假冒,對國家安全和社會穩定構成較嚴重威脅。

③其他對國家安全、社會秩序、經濟建設和公眾利益構成較嚴重威脅、造成較嚴重影響的網絡安全事件。

(4)除上述情形外,對國家安全、社會秩序、經濟建設和公眾利益構成一定威脅、造成一定影響的網絡安全事件,為一般網絡安全事件。

1.5 工作原則

堅持統一領導、分級負責;堅持統一指揮、密切協同、快速反應、科學處置;堅持預防為主,預防與應急相結合;堅持誰主管誰負責、誰運行誰負責,充分發揮各方面力量共同做好網絡安全事件的預防和處置工作。

2 組織機構與職責

2.1 領導機構與職責

在中央網絡安全和信息化領導小組(以下簡稱“領導小組”)的領導下,中央網絡安全和信息化領導小組辦公室(以下簡稱“中央網信辦”)統籌協調組織國家網絡安全事件應對工作,建立健全跨部門聯動處置機制,工業和信息化部、公安部、國家保密局等相關部門按照職責分工負責相關網絡安全事件應對工作。必要時成立國家網絡安全事件應急指揮部(以下簡稱“指揮部”),負責特別重大網絡安全事件處置的組織指揮和協調。

2.2 辦事機構與職責

國家網絡安全應急辦公室(以下簡稱“應急辦”)設在中央網信辦,具體工作由中央網信辦網絡安全協調局承擔。應急辦負責網絡安全應急跨部門、跨地區協調工作和指揮部的事務性工作,組織指導國家網絡安全應急技術支撐隊伍做好應急處置的技術支撐工作。有關部門派負責相關工作的司局級同志為聯絡員,聯絡應急辦工作。

2.3 各部門職責

中央和國家機關各部門按照職責和權限,負責本部門、本行業網絡和信息系統網絡安全事件的預防、監測、報告和應急處置工作。

2.4 各省(區、市)職責

各省(區、市)網信部門在本地區黨委網絡安全和信息化領導小組統一領導下,統籌協調組織本地區網絡和信息系統網絡安全事件的預防、監測、報告和應急處置工作。

3 監測與預警

3.1 預警分級

網絡安全事件預警等級分為四級:由高到低依次用紅色、橙色、黃色和藍色表示,分別對應發生或可能發生特別重大、重大、較大和一般網絡安全事件。

3.2 預警監測

各單位按照“誰主管誰負責、誰運行誰負責”的要求,組織對本單位建設運行的網絡和信息系統開展網絡安全監測工作。重點行業主管或監管部門組織指導做好本行業網絡安全監測工作。各省(區、市)網信部門結合本地區實際,統籌組織開展對本地區網絡和信息系統的安全監測工作。各省(區、市)、各部門將重要監測信息報應急辦,應急辦組織開展跨省(區、市)、跨部門的網絡安全信息共享。

3.3 預警研判和發布

各省(區、市)、各部門組織對監測信息進行研判,認為需要立即採取防範措施的,應當及時通知有關部門和單位,對可能發生重大及以上網絡安全事件的信息及時向應急辦報告。各省(區、市)、各部門可根據監測研判情況,發布本地區、本行業的橙色及以下預警。

應急辦組織研判,確定和發布紅色預警和涉及多省(區、市)、多部門、多行業的預警。

預警信息包括事件的類別、預警級別、起始時間、可能影響範圍、警示事項、應採取的措施和時限要求、發布機關等。

3.4 預警響應

3.4.1 紅色預警響應

(1)應急辦組織預警響應工作,聯繫專家和有關機構,組織對事態發展情況進行跟踪研判,研究制定防範措施和應急工作方案,協調組織資源調度和部門聯動的各項準備工作。

(2)有關省(區、市)、部門網絡安全事件應急指揮機構實行24小時值班,相關人員保持通信聯絡暢通。加強網絡安全事件監測和事態發展信息蒐集工作,組織指導應急支撐隊伍、相關運行單位開展應急處置或準備、風險評估和控制工作,重要情況報應急辦。

(3)國家網絡安全應急技術支撐隊伍進入待命狀態,針對預警信息研究制定應對方案,檢查應急車輛、設備、軟件工具等,確保處於良好狀態。

3.4.2 橙色預警響應

(1)有關省(區、市)、部門網絡安全事件應急指揮機構啟動相應應急預案,組織開展預警響應工作,做好風險評估、應急準備和風險控制工作。

(2)有關省(區、市)、部門及時將事態發展情況報應急辦。應急辦密切關注事態發展,有關重大事項及時通報相關省(區、市)和部門。

(3)國家網絡安全應急技術支撐隊伍保持聯絡暢通,檢查應急車輛、設備、軟件工具等,確保處於良好狀態。

3.4.3 黃色、藍色預警響應

有關地區、部門網絡安全事件應急指揮機構啟動相應應急預案,指導組織開展預警響應。

3.5 預警解除

預警發布部門或地區根據實際情況,確定是否解除預警,及時發布預警解除信息。

4 應急處置

4.1 事件報告

網絡安全事件發生後,事發單位應立即啟動應急預案,實施處置並及時報送信息。各有關地區、部門立即組織先期處置,控制事態,消除隱患,同時組織研判,注意保存證據,做好信息通報工作。對於初判為特別重大、重大網絡安全事件的,立即報告應急辦。

4.2 應急響應

網絡安全事件應急響應分為四級,分別對應特別重大、重大、較大和一般網絡安全事件。 I級為最高響應級別。

4.2.1 Ⅰ級響應

屬特別重大網絡安全事件的,及時啟動I級響應,成立指揮部,履行應急處置工作的統一領導、指揮、協調職責。應急辦24小時值班。

有關省(區、市)、部門應急指揮機構進入應急狀態,在指揮部的統一領導、指揮、協調下,負責本省(區、市)、本部門應急處置工作或支援保障工作,24小時值班,並派員參加應急辦工作。

有關省(區、市)、部門跟踪事態發展,檢查影響範圍,及時將事態發展變化情況、處置進展情況報應急辦。指揮部對應對工作進行決策部署,有關省(區、市)和部門負責組織實施。

4.2.2 Ⅱ級響應

網絡安全事件的Ⅱ級響應,由有關省(區、市)和部門根據事件的性質和情況確定。

(1)事件發生省(區、市)或部門的應急指揮機構進入應急狀態,按照相關應急預案做好應急處置工作。

(2)事件發生省(區、市)或部門及時將事態發展變化情況報應急辦。應急辦將有關重大事項及時通報相關地區和部門。

(3)處置中需要其他有關省(區、市)、部門和國家網絡安全應急技術支撐隊伍配合和支持的,商應急辦予以協調。相關省(區、市)、部門和國家網絡安全應急技術支撐隊伍應根據各自職責,積極配合、提供支持。

(4)有關省(區、市)和部門根據應急辦的通報,結合各自實際有針對性地加強防範,防止造成更大範圍影響和損失。

4.2.3 Ⅲ級、Ⅳ級響應

事件發生地區和部門按相關預案進行應急響應。

4.3 應急結束

4.3.1 Ⅰ級響應結束

應急辦提出建議,報指揮部批准後,及時通報有關省(區、市)和部門。

4.3.2 Ⅱ級響應結束

由事件發生省(區、市)或部門決定,報應急辦,應急辦通報相關省(區、市)和部門。

5 調查與評估

特別重大網絡安全事件由應急辦組織有關部門和省(區、市)進行調查處理和總結評估,並按程序上報。重大及以下網絡安全事件由事件發生地區或部門自行組織調查處理和總結評估,其中重大網絡安全事件相關總結調查報告報應急辦。總結調查報告應對事件的起因、性質、影響、責任等進行分析評估,提出處理意見和改進措施。

事件的調查處理和總結評估工作原則上在應急響應結束後30天內完成。

6 預防工作

6.1 日常管理

各地區、各部門按職責做好網絡安全事件日常預防工作,制定完善相關應急預案,做好網絡安全檢查、隱患排查、風險評估和容災備份,健全網絡安全信息通報機制,及時採取有效措施,減少和避免網絡安全事件的發生及危害,提高應對網絡安全事件的能力。

6.2 演練

中央網信辦協調有關部門定期組織演練,檢驗和完善預案,提高實戰能力。

各省(區、市)、各部門每年至少組織一次預案

,並將演練情況報中央網信辦。

6.3 宣傳

各地區、各部門應充分利用各種傳播媒介及其他有效的宣傳形式,加強突發網絡安全事件預防和處置的有關法律、法規和政策的宣傳,開展網絡安全基本知識和技能的宣傳活動。

6.4 培訓

各地區、各部門要將網絡安全事件的應急知識列為領導幹部和有關人員的培訓內容,加強網絡安全特別是網絡安全應急預案的培訓,提高防範意識及技能。

6.5 重要活動期間的預防措施

在國家重要活動、會議期間,各省(區、市)、各部門要加強網絡安全事件的防範和應急響應,確保網絡安全。應急辦統籌協調網絡安全保障工作,根據需要要求有關省(區、市)、部門啟動紅色預警響應。有關省(區、市)、部門加強網絡安全監測和分析研判,及時預警可能造成重大影響的風險和隱患,重點部門、重點崗位保持24小時值班,及時發現和處置網絡安全事件隱患。

7 保障措施

7.1 機構和人員

各地區、各部門、各單位要落實網絡安全應急工作責任制,把責任落實到具體部門、具體崗位和個人,並建立健全應急工作機制。

7.2 技術支撐隊伍

加強網絡安全應急技術支撐隊伍建設,做好網絡安全事件的監測預警、預防防護、應急處置、應急技術支援工作。支持網絡安全企業提升應急處置能力,提供應急技術支援。中央網信辦製定評估認定標準,組織評估和認定國家網絡安全應急技術支撐隊伍。各省(區、市)、各部門應配備必要的網絡安全專業技術人才,並加強與國家網絡安全相關技術單位的溝通、協調,建立必要的網絡安全信息共享機制。

7.3 專家隊伍

建立國家網絡安全應急專家組,為網絡安全事件的預防和處置提供技術諮詢和決策建議。各地區、各部門加強各自的專家隊伍建設,充分發揮專家在應急處置工作中的作用。

7.4 社會資源

從教育科研機構、企事業單位、協會中選拔網絡安全人才,匯集技術與數據資源,建立網絡安全事件應急服務體系,提高應對特別重大、重大網絡安全事件的能力。

7.5 基礎平台

各地區、各部門加強網絡安全應急基礎平台和管理平台建設,做到早發現、早預警、早響應,提高應急處置能力。

7.6 技術研發和產業促進

有關部門加強網絡安全防範技術研究,不斷改進技術裝備,為應急響應工作提供技術支撐。加強政策引導,重點支持網絡安全監測預警、預防防護、處置救援、應急服務等方向,提升網絡安全應急產業整體水平與核心競爭力,增強防範和處置網絡安全事件的產業支撐能力。

7.7 國際合作

有關部門建立國際合作渠道,簽訂合作協定,必要時通過國際合作共同應對突發網絡安全事件。

7.8 物資保障

加強對網絡安全應急裝備、工具的儲備,及時調整、升級軟件硬件工具,不斷增強應急技術支撐能力。

7.9 經費保障

財政部門為網絡安全事件應急處置提供必要的資金保障。有關部門利用現有政策和資金渠道,支持網絡安全應急技術支撐隊伍建設、專家隊伍建設、基礎平台建設、技術研發、預案演練、物資保障等工作開展。各地區、各部門為網絡安全應急工作提供必要的經費保障。

7.10 責任與獎懲

網絡安全事件應急處置工作實行責任追究制。

中央網信辦及有關地區和部門對網絡安全事件應急管理工作中作出突出貢獻的先進集體和個人給予表彰和獎勵。

中央網信辦及有關地區和部門對不按照規定制定預案和組織開展演練,遲報、謊報、瞞報和漏報網絡安全事件重要情況或者應急管理工作中有其他失職、瀆職行為的,依照相關規定對有關責任人給予處分;構成犯罪的,依法追究刑事責任。

8 附則

8.1 預案管理

本預案原則上每年評估一次,根據實際情況適時修訂。修訂工作由中央網信辦負責。

各省(區、市)、各部門、各單位要根據本預案製定或修訂本地區、本部門、本行業、本單位網絡安全事件應急預案。

8.2 預案解釋

本預案由中央網信辦負責解釋。

8.3 預案實施時間

本預案自印發之日起實施。

附件:

1. 網絡安全事件分類

2. 名詞術語

3. 網絡和信息系統損失程度劃分說明

附件1

網絡安全事件分類

網絡安全事件分為有害程序事件、網絡攻擊事件、信息破壞事件、信息內容安全事件、設備設施故障、災害性事件和其他網絡安全事件等。

(1)有害程序事件分為計算機病毒事件、蠕蟲事件、特洛伊木馬事件、殭屍網絡事件、混合程序攻擊事件、網頁內嵌惡意代碼事件和其他有害程序事件。

(2)網絡攻擊事件分為拒絕服務攻擊事件、後門攻擊事件、漏洞攻擊事件、網絡掃描竊聽事件、網絡釣魚事件、干擾事件和其他網絡攻擊事件。

(3)信息破壞事件分為信息篡改事件、信息假冒事件、信息洩露事件、信息竊取事件、信息丟失事件和其他信息破壞事件。

(4)信息內容安全事件是指通過網絡傳播法律法規禁止信息,組織非法串聯、煽動集會遊行或炒作敏感問題並危害國家安全、社會穩定和公眾利益的事件。

(5)設備設施故障分為軟硬件自身故障、外圍保障設施故障、人為破壞事故和其他設備設施故障。

(6)災害性事件是指由自然災害等其他突發事件導致的網絡安全事件。

(7)其他事件是指不能歸為以上分類的網絡安全事件。

附件2

名詞術語

一、重要網絡與信息系統

所承載的業務與國家安全、社會秩序、經濟建設、公眾利益密切相關的網絡和信息系統。

(參考依據:《信息安全技術信息安全事件分類分級指南》(GB/Z 20986-2007))

二、重要敏感信息

不涉及國家秘密,但與國家安全、經濟發展、社會穩定以及企業和公眾利益密切相關的信息,這些信息一旦未經授權披露、丟失、濫用、篡改或銷毀,可能造成以下後果:

a) 損害國防、國際關係;

b) 損害國家財產、公共利益以及個人財產或人身安全;

c) 影響國家預防和打擊經濟與軍事間諜、政治滲透、有組織犯罪等;

d) 影響行政機關依法調查處理違法、瀆職行為,或涉嫌違法、瀆職行為;

e) 干擾政府部門依法公正地開展監督、管理、檢查、審計等行政活動,妨礙政府部門履行職責;

f) 危害國家關鍵基礎設施、政府信息系統安全;

g) 影響市場秩序,造成不公平競爭,破壞市場規律;

h) 可推論出國家秘密事項;

i) 侵犯個人隱私、企業商業秘密和知識產權;

j) 損害國家、企業、個人的其他利益和聲譽。

(參考依據:《信息安全技術雲計算服務安全指南》(GB/T31167-2014))

附件3

網絡和信息系統損失程度劃分說明

網絡和信息系統損失是指由於網絡安全事件對系統的軟硬件、功能及數據的破壞,導致系統業務中斷,從而給事發組織所造成的損失,其大小主要考慮恢復系統正常運行和消除安全事件負面影響所需付出的代價,劃分為特別嚴重的系統損失、嚴重的系統損失、較大的系統損失和較小的系統損失,說明如下:

a) 特別嚴重的系統損失:造成系統大面積癱瘓,使其喪失業務處理能力,或系統關鍵數據的保密性、完整性、可用性遭到嚴重破壞,恢復系統正常運行和消除安全事件負面影響所需付出的代價十分巨大,對於事發組織是不可承受的;

b) 嚴重的系統損失:造成系統長時間中斷或局部癱瘓,使其業務處理能力受到極大影響,或系統關鍵數據的保密性、完整性、可用性遭到破壞,恢復系統正常運行和消除安全事件負面影響所需付出的代價巨大,但對於事發組織是可承受的;

c) 較大的系統損失:造成系統中斷,明顯影響系統效率,使重要信息系統或一般信息系統業務處理能力受到影響,或系統重要數據的保密性、完整性、可用性遭到破壞,恢復系統正常運行和消除安全事件負面影響所需付出的代價較大,但對於事發組織是完全可以承受的;

d) 較小的系統損失:造成系統短暫中斷,影響系統效率,使系統業務處理能力受到影響,或系統重要數據的保密性、完整性、可用性遭到影響,恢復系統正常運行和消除安全事件負面影響所需付出的代價較小。

Original referring URL:

http://www.cac.gov.cn/2017-06/27/c_1121220113.htm

 

美軍方憂慮中國信息戰 稱之為毛式網絡人民戰 // US Military Anxious & Worried About China’s Information Warfare – Mao-Style Network War is the People’s Warfare

美軍方憂慮中國信息戰 稱之為毛式網絡人民戰 //

US Military Anxious & Worried About China’s Information Warfare – Mao-Style Network War is the People’s Warfare

This article was originally published in the US Army “Military Intelligence” magazine July 7-9 months. The author Timothy Thomas is the US Army Lieutenant Colonel, now an analyst at the US Foreign Military Research Office (FMSO). The author graduated from the famous West Point military academy, served as the US military 82th Airborne Division unit commander, the information warfare, psychological warfare, low-intensity conflict in-depth study. This paper reflects the American military’s worries and alertness in the theory and construction of China’s information warfare. This article is specially translated for reference only.

In the past few years, the Chinese military and civil experts set off a wave of information warfare. After reading their works, it is not difficult to find that China’s theory of information warfare has several obvious characteristics: First, China is eager to develop its own theory of information warfare, which is related to its own security threats; secondly, China’s information War theory is influenced by its traditional military command art. Whether it is the ancient “Art of War” and “thirty-six”, or Mao Zedong’s people’s war thinking in the theory of information war laid a deep imprint; Third, China’s information warfare awareness and classification, obviously different In the beginning of the information warfare originator – the United States, although similar to the Russian information war theory, but only the shape and God is not.

Wai Wei save Zhao

The advent of the information age prompted people to rethink the way in which war was conducted. China is aware of its conventional armed forces and the superpower compared to the strength of disparity, in the near future, whether conventional or nuclear weapons, China can not constitute a strong deterrent to the United States. However, the ambitious Oriental dragon that: with the advent of the information age, the war form, the military structure, combat methods and command means will have a new change, the information will replace people full of future battlefield. As long as the focus of strategic research into the information warfare war form, grasp the trend of development of the times, it is not difficult to shorten the distance, and further lead.

Ancient China has a military order called “thirty-six dollars”, one of which “Wai Wei save Zhao” pointed out that if the enemy is too strong front power, should avoid the virtual, hit its weakness. For example, if you can not launch a direct attack (nuclear strike), then the information warfare, the weak financial, power, etc., to the West, and so on.

Network system to start. Although the conventional armed forces can not compete with the United States, however, China’s information warfare forces in theory is a real threat to the US political and economic security, the Americans can not afford the New York Stock Exchange and the Nasdaq Stock Exchange in an instant collapse. The global accessibility of information warfare, the speed of light transmission is not a feature of nuclear war, the Chinese people want is the speed of information warfare, accuracy and continuity to beat the opponent.

Information warfare can make up for the lack of conventional armed forces. The establishment of various battlefield information networks can not only improve the management level of traditional warfare, enhance the overall combat effectiveness of the troops, but also to a certain extent make up for the lack of conventional forces. In the eyes of the Chinese people, information warfare is even more powerful, is the power of conventional armed forces multiplier.

Information warfare

In 1996, China’s earliest information warfare expert Shen Weiguang to the information war under the definition is: “warring parties through the control of information and intelligence resources to compete for battlefield initiative of the war.” With the United States “to protect friendly information system, attack enemy information System “compared to the definition of Shen Weiguang more emphasis on” control “the enemy.

In 1998, the Chinese military information warfare Wei Wang Wang save major general classification of information warfare: according to time is divided into normal, crisis, wartime; by nature is divided into attack, defense; by level into the country, strategy, theater, tactics ; Divided by the scale of the battlefield, theater, local war. The characteristics of information warfare include directive and control warfare, intelligence warfare, electronic warfare, psychological warfare, space control war, hacker warfare, virtual warfare, economic warfare and so on. Information warfare in principle to take cut, blinded, transparent, fast and improve the viability and other measures. General Wang’s understanding of the information war is closer to the West, with emphasis on the confrontation of advanced technology.

In 1999, Chinese experts discussed the information warfare. Shen Weiguang at this time to expand the scope of information warfare, he believes that “information war, broadly refers to the confrontation of the military (including political, economic, science and technology and all areas of society) to seize the information space and information resources for the war, narrowly refers to the war Which is one of the essential characteristics of modern warfare.The essence of information war lies in the fact that by acquiring the right to information to achieve ‘no war and subdue the soldiers’. ”

The military another information warfare expert general general Wang Pufeng information warfare have a very deep understanding, in 2000, he information warfare and information warfare distinction. According to his explanation, the information war refers to a form of war, which contains information warfare, and information warfare refers to a combat activity. He believes that “information warfare includes all combat activities, including a series of intrusion and computer virus attacks on the theft, tampering, deception, deception, disruption, obstruction, interference, paralysis of information and information systems, and finally the enemy computer Network does not work. “He advocated China’s information warfare theory in drawing on foreign advanced combat ideas at the same time, should have China’s own characteristics.

“Mao-style network people’s war”

China’s knowledge of information warfare is very traditional. Many military theorists believe that the information age has given Mao Zedong a new connotation of the people’s war thinking, therefore, advocates rely on and mobilize the broad masses of people to carry out online war. It is conceivable that no matter which same family, with 1.3 billion people playing network warfare is daunting.

Mao Zedong’s network The most important feature of the people’s war theory is that it breaks the boundaries between the army and the people. Blurred the traditional boundaries of military installations and civilian facilities, military technology and civilian technology. The sharing of information technology in military and civilian use has created the conditions for the widespread use of civil technology for military purposes. For example, the use of civil electronic information equipment for information interception and transmission can use the civilian communication network for war mobilization; can use the private computer network attack and defense. Second, the difference between military personnel and non-military personnel is gradually disappearing. With the development of network technology and the expansion of application areas, a large number of network technology talent come to the fore. These have the special ability of the network elite will become the future network of people in the war of Gladiator. At the same time, communication, transportation, financial systems and other information networks and international networking, for China to carry out the people’s war provides the necessary conditions.

Nowadays, the idea of ​​people’s war has been established as the fundamental guiding principle of China’s network information warfare. A Chinese military writer wrote: “The flexible tactical and tactical principle is still the soul of the network information warfare.The broad masses of people actively participate in the war, especially technical support and online warfare, is to win the network information war victory of the masses and strength Source. ”

The power of the people’s war is so terrible, perhaps, we can understand why the Chinese are willing to cut the size of their armed forces – imagine that once the war broke out, China could launch a large number of people involved in war, information engineers and civilians will be organized through the home Computer attack on the US network information system, then why should we maintain a large combat force?

Information warfare

Over the past few years, China has held several major information warfare military exercises to test the theory of information warfare. The first “special war” (information warfare) exercise took place in October 1997. A military army of a military army was designed to paralyze its system of virus attacks, the group of military anti-virus software for defense. The exercise is called “invasion and anti-intrusion exercise”. The exercise also used ground logistics, medical and air forces.

In October 1998, China held a high-tech comprehensive exercise jointly conducted by the three military regions. The first use of the “military information superhighway” was used in the joint defense operations. The information network system in the command automation system is composed of digital, dialing, command network and secret channel. The other parts of the command automation system are subsystems such as command warfare, audio and graphics processing, control and data encryption.

In October 1999, the People’s Liberation Army for the first time between the two groups of war-level computer online confrontation exercises. Conducted reconnaissance and anti-reconnaissance, interference and anti-interference, blockade and anti-blockade, air strikes and anti-air raid and other subjects. In the software environment, resource sharing, combat command, situation display, auxiliary evaluation, signal transmission and intelligence warfare and other six types of operations. The computer evaluation system conducts data and quality analysis of the performance of both parties.

In July 2000, a military area also conducted an online confrontation exercise. The three training tasks related to the exercise are: organizing and planning the campaign, seizing air power and making information, implementing breakthroughs and breaking down. There are more than 100 terminal networking involved in the exercise.

Militia unit

China’s people’s war has a complete system, its overall development direction is “elite standing army and powerful reserve forces combined”, this defense system is conducive to play the overall effectiveness of the people’s war and “network tactics” advantage.

China 1.5 million reserve forces are very keen to play the network of people’s war. In some areas, the PLA has prepared the reserve forces into small information warfare forces. For example, in Yichang City, Hubei Province, the military division organized 20 municipal departments (electricity, finance, television, medical, etc.) technical staff set up a reserve information warfare. The Department has a network of war camps, electronic war camps, intelligence war camps and 35 technical units. The department has also established the first training base in China to accommodate 500 people.

Yichang is not the only area where the organization’s reserve and militia are engaged in information warfare training. December 1999 in Xiamen, Fujian held a reserve and militia meeting. During the subsequent exercise, the militia units with high-tech equipment carried out electronic countermeasures, cyber attacks and protection, radar reconnaissance performances. The goal of the fake attack is an encircled island, so it is easy for outsiders to think about being against Taiwan. Xiamen is a special economic zone, bringing together a large number of high-tech talent, so there are advantages of the implementation of information warfare.

In an exercise conducted by the Jinan Military Region, the Xi’an People’s Armed Forces Information Warfare team played the blue side of the attack, and they developed 10 kinds of information warfare measures, including information mine, information reconnaissance, change of network information, release of information bombs, dumping Network spam, distribute web leaflets, information spoofing, spread false information, organize information defense, and establish web spy stations. From these network information warfare can be seen that their research on the network information war has been quite specific and in-depth.

China’s military experts also suggested that all levels of militia organizations should set up network technology professional units, in order to facilitate the coordination of command, militia network technology professional units should be provincial or regional units for the implementation of the group, vertical management. Reserve forces to participate in the future war in the “network attack and defense” and “network technology security”, its actions should be organized by the military organization and unified coordination.

Training base

The Chinese People’s Liberation Army has developed its own set of information warfare education methods, the steps are: first to teach the basic knowledge of network information warfare; secondly through the military’s advanced military thinking to improve the level of information warfare knowledge; and then improve the use of information technology skills, Electronic technology, psychological warfare technology and information attack and defense technology; Finally, through the exercise of knowledge into practical ability. In China, mainly by the People’s Liberation Army institutions to foster information warfare high-tech talent responsibility:

People ‘s Liberation Army Communications Command College, located in Wuhan. In 1998, the hospital published two books, namely, “information combat command and control” and “information combat technology”, these two books is China’s information warfare education the most important teaching materials. The college has a high reputation for its excellent information warfare tutorials, which analyze the information, operational requirements of strategic, operational, and tactical levels.

People’s Liberation Army Information Engineering University, located in Zhengzhou, by the original PLA Information Engineering Institute, Institute of Electronic Technology and Surveying Institute merged. The main research areas of the school are information security, modern communication technology and space technology, and in some cutting-edge disciplines to explore, such as remote sensing information technology, satellite navigation and positioning technology, geographic information database technology.

People’s Liberation Army Polytechnic University, located in Nanjing, by the former People’s Liberation Army Communications Engineering College, Engineering Engineering College, Air Force Meteorological Institute and the General Association of 63 Institute merged. The school is responsible for training information warfare, commanding automation and other new disciplines of military talent. There are nearly 400 experts and professors in the university engaged in information war theory and technology research.

People’s Liberation Army National Defense Science and Technology University, located in Changsha, the school directly under the Central Military Commission. Has developed the famous “Galaxy” series of supercomputers. During the Kosovo war in April-June 1999, nearly 60 senior officers gathered in this study of high-tech wars.

People’s Liberation Army Naval Engineering University, located in Wuhan, is the only naval study of information warfare institutions. The purpose of the school’s information warfare is to apply information technology to naval equipment so that the Chinese navy can adapt to the information war.

in conclusion

What conclusions can we get from the study of information warfare in China? What can the American army get from it?

First of all, China’s military theorists have found a cheap and effective information warfare method, which makes China in the strategic military and international status to obtain the same position with the West, so that China in Asia to play a more important strategic role.

Secondly, China’s attention to the new information warfare forces is extraordinary. It may be possible to develop various forms of information warfare forces, such as: network forces (independent arms), “cyber warriors” raid units, information protection forces, information corps, electronic police and joint networks of people’s war institutions. It is interesting to note that Western countries, not China, have the ability to put these ideas into practice at this stage.

Thirdly, China’s information warfare theory reflects the combination of Western and Chinese ideas, and the influence of the former is getting weaker. Due to some common origins of military command art (Marxist dialectical thinking), China’s information warfare thought is more similar to that of Russia. However, in terms of its essence, China’s information war theory and Russia and the West are different. China’s information war theory emphasizes control, computerized warfare, cyber warfare, intellectual warfare and system of information rights.

Fourth, in the field of information warfare, China has spanned a number of technological developments and has used the Quartet’s technology to save time and save money. However, China does not fully follow the foreign, but the use of creative information war strategy. But no matter what, China is worthy of attention is different from other countries, the power of information.

For the US military, the study of China’s information war theory is not just to give the military a few opinions. “Art of War” called “know that know, victorious”. From the perspective of foreign information warfare theory to analyze the ability of the US information warfare in order to find the fatal flaws of the US information warfare system.

As the Chinese say, the losers of the information warfare are not necessarily behind the technology, and those who lack the art of command and strategic ability are the most likely to be losers. The United States to the reflection of their own information war thinking, and to study the information war strategy and tactical time. (Fan Shengqiu compilation) (“International Outlook”)

China and the latitude and longitude network February 11, 2004

 

Original Mandarin Chinese:

本文原載於美國陸軍《軍事情報》雜誌2003年7-9月號。作者蒂莫西·托馬斯是美國陸軍中校,現為美國外國軍事研究辦公室(FMSO)分析員。作者畢業於著名的西點軍校,曾任美軍第82空降師分隊指揮官,對信息戰、心理戰、低強度衝突有深入的研究。本文反映了美國軍方對中國信息戰理論和建設的憂慮與戒備心理。本刊特編譯此文,僅供讀者參考。
在過去幾年裡,中國軍方與民間專家們掀起了研究信息戰的熱潮。閱讀他們的作品後不難發現,中國的信息戰理論研究具有幾個明顯的特徵:首先,中國正迫不及待地發展自己的信息戰理論,這與其對自身安全威脅的判斷有關;其次,中國的信息戰理論受其傳統軍事指揮藝術影響頗深。無論是古代的《孫子兵法》和《三十六計》,還是毛澤東的人民戰爭思想都在信息戰理論中打下了深深的烙印;第三,中國對信息戰的認知與分類,顯然不同於信息戰的開山鼻祖——美國,雖近似於俄國的信息戰理論,卻也只是形似而神不是。

圍魏救趙
信息時代的到來促使人們對戰爭的進行方式重新進行思索。中國意識到其常規武裝力量與超級大國相比實力懸殊,近期內無論是常規力量還是核武器,中國都無法對美國構成強大威懾。但是,雄心勃勃的東方巨龍認為:隨著信息時代的來臨,戰爭形態、軍隊結構、作戰方式和指揮手段都會有嶄新的變化,信息將取代人充斥於未來戰場。只要把戰略研究的著眼點放到信息戰這一戰爭形態上,把握時代發展潮流,就不難縮短距離,並進一步取得領先地位。
中國古代有部兵書叫《三十六計》,其中的一計“圍魏救趙”就指出,如果敵人正面力量過於強大,應當避實就虛,擊其薄弱之處。中國人古為今用,把這個計謀應用到當前國家間鬥爭——如果你不能發動直接攻擊(核打擊),那就打信息戰,向西方薄弱的金融、電力等

網絡系統下手。常規武裝力量雖然無法與美國抗衡,然而,中國的信息戰部隊在理論上卻實實在在威脅到美國的政治及經濟安全,美國人無法承受紐約股票交易所和納斯達克股票交易所在瞬間崩潰。信息戰的全球可及性、光速傳播性是核戰爭所不具有的特性,中國人要的就是以信息戰的速度、準確性和持續性擊敗對手。
信息戰力量可彌補常規武裝力量的不足。各種戰場信息網絡的建立,不僅可以提高對傳統戰爭的管理水平,增強部隊的整體戰鬥力,還可以在一定程度上彌補常規力量的不足。在中國人眼中,信息戰好似如虎添翼,是常規武裝部隊的力量倍增器。
信息戰智囊
1996年,中國最早提出信息戰的專家沈偉光給信息戰下的定義是:“交戰雙方通過控制信息與情報資源來爭奪戰場主動權的戰爭。”與美國“保護友方信息系統,攻擊敵方信息系統”的定義相比,沈偉光更強調“控制”敵人。
1998年,中國軍方信息戰權威王保存少將對信息戰進行了分類:按時間分為平時、危機時、戰時;按性質分為進攻、防禦;按層次分為國家、戰略、戰區、戰術;按規模分為戰場、戰區、局部戰爭。信息戰表現的特徵包括指揮與控制戰、情報戰、電子戰、心理戰、空間控制戰、黑客戰、虛擬戰、經濟戰等方面的較量。信息戰原則上採取切斷、蒙蔽、透明、快速和提高生存力等措施。王將軍對信息戰的認識與西方較為接近,都把重點放在先進技術的對抗上。
1999年,中國專家對信息戰展開了大討論。沈偉光此時把信息戰的範圍擴大,他認為“信息戰,廣義地指對壘的軍事(也包括政治、經濟、科技及社會一切領域)集團搶占信息空間和爭奪信息資源的戰爭,狹義地指戰爭中交戰雙方在信息領域的對抗。它是現代戰爭的本質特徵之一。信息戰的本質在於通過奪取制信息權達到’不戰而屈人之兵’。”
軍方另一位信息戰專家王普豐少將對信息戰有很深入的理解,2000年,他把信息戰和信息戰爭區別開。根據他的解釋,信息戰爭指的是一種戰爭形態,它包含了信息戰,而信息戰指的是一種作戰活動。他認為“信息戰包括所有作戰活動,其中有對敵信息及信息系統實施信息竊取、篡改、刪除、欺騙、擾亂、阻塞、干擾、癱瘓等一系列的入侵活動和計算機病毒攻擊,最終使敵計算機網絡無法正常工作。”他主張中國的信息戰理論在藉鑒國外先進作戰思想的同時,應具有中國自己的特色。
“毛式網絡人民戰爭”
中國對信息戰的認知非常具有傳統特色。許多軍事理論家認為信息時代賦予了毛澤東人民戰爭思想新的內涵,因此,主張依靠和發動廣大人民群眾進行網上戰爭。可以想像,無論是哪個同家,與13億人打網絡戰都是令人生畏的。
毛澤東式網絡人民戰爭理論的最重要特徵是它打破了軍與民的界限。模糊了軍用設施與民用設施、軍用技術與民用技術的傳統分界線。信息技術在軍用和民用上的共享,為廣泛利用民間技術達成軍事目的創造了條件。例如,可以利用民間的電子信息設備進行情報截獲和傳輸可以利用民間的通信網絡進行戰爭動員;可以利用民間的計算機進行網絡進攻和防禦等。其次,軍事人員與非軍事人員的區別也在逐漸消失。隨著網絡技術的發展和應用領域的擴大,大批的網絡技術人才脫穎而出。這些具備特殊能力的網絡精英將成為未來網絡人民戰爭中的角斗士。與此同時,通信、交通、金融系統等信息網絡與國際聯網,為中國開展人民戰爭提供了必要條件。
如今,人民戰爭思想已經被確立為中國網絡信息戰的根本指導原則。一個中國軍方作者寫道:“靈活機動的戰略戰術原則,仍然是網絡信息戰的靈魂。廣大人民群眾積極參戰,特別是技術支援和網上參戰,則是奪取網絡信息戰勝利的群眾基礎和力量源泉。”
網絡人民戰爭的威力是如此可怕,或許,我們可以明白為何中國人願意削減其武裝部隊規模了——設想一旦戰爭爆發,中國可以發動大量民眾參戰,信息工程師和平民將被組織起來,通過家中的電腦攻擊美國的網絡信息系統,那又何必要維持規模龐大的作戰部隊呢?
信息戰演練
過去幾年裡,中國舉行過數次重大信息戰軍事演習對信息戰理論進行檢驗。首次“特種戰”(信息戰)演練於1997年10月進行。某軍區的一個集團軍遭到旨在癱瘓其係統的病毒攻擊,該集團軍用殺毒軟件進行了防衛。該演練被稱為“入侵與反入侵演練”。演習時還動用了地面後勤、醫療和空軍部隊。
1998年10月,中國舉行了一場由三大軍區聯合進行的高科技綜合演練。聯合防禦作戰演練中首次使用了“軍事信息高速公路”。指揮自動化系統中的信息網絡系統由數字、撥號、指揮網和保密信道組成。指揮自動化系統的其他部分是指揮作戰、音頻和圖形處理、控制和數據加密等子系統。
1999年10月,解放軍首次進行了兩個集團軍之間的戰役級計算機網上對抗演習。演練了偵察與反偵察、干擾與反干擾、封鎖與反封鎖、空襲與反空襲等科目。在軟件環境下進行了資源共享、作戰指揮、態勢顯示、輔助評估、信號傳輸和情報戰等6類作業。計算機評估系統對演習雙方的表現進行數據與質量分析。
2000年7月,某軍區也進行了網上對抗演練。與此次演練有關的3項訓練任務是:組織和計劃戰役、奪取制空權和製信息權、實施突破和反突破。有100多台終端聯網參與了演練。
民兵分隊
中國的人民戰爭有一套完備的體制,其總體發展方向是“精幹的常備軍與強大的後備力量相結合”,這種國防體制有利於發揮人民戰爭的整體效能和“網海戰術”優勢。
中國150萬預備役部隊十分熱衷於打網絡人民戰爭。在一些地區,解放軍已經把預備役部隊編成小型信息戰部隊。例如,在湖北省宜昌市,軍分區組織了20個市政部門(電力、財政、電視、醫療等)的技術人員成立了預備役信息戰團。該部擁有網絡戰營、電子戰營、情報心理戰營及35個技術分隊。該部還建立了中國第一個能容納500人的預備役信息戰訓練基地。
宜昌並不是組織預備役和民兵進行信息戰訓練的唯一地區。 1999年12月在福建廈門召開了預備役和民兵會議。在隨後進行的演習中,擁有高技術裝備的民兵分隊進行了電子對抗、網絡攻擊和防護、雷達偵察表演。山於假想攻擊的目標是一座被包圍的島嶼,因此很容易讓外人聯想到是針對台灣。廈門是經濟特區,匯集了大量高科技人才,因此有實施信息戰的優越條件。
在一次由濟南軍區舉行的演習中,西安人武部信息戰分隊扮演負責攻擊的藍方,他們制定了10種信息戰措施,其中有安放信息地雷、信息偵察、改動網絡資料、釋放信息炸彈、傾倒網絡垃圾、分發網絡傳單、信息欺騙、散佈虛假信息、組織信息防禦、建立網絡間諜站。從這些網絡信息戰法可以看出,他們對網絡信息戰的研究已相當具體、深入。
中國的軍事專家還建議,各級民兵組織都應成立網絡技術專業分隊,為便於指揮協調,民兵網絡技術專業分隊應以省或者地區為單位實行條條編組,垂直管理。後備力量參與未來戰爭中的“網絡攻防”和“網絡技術保障”,其行動要由軍隊組織實施和統一協調。
培養基地
中國人民解放軍發展出自己的一套信息戰教育方法,其步驟是:首先傳授網絡信息戰基礎知識;其次通過講述外軍的先進軍事思想提高信息戰知識水平;然後提高信息戰使用技能,特別是電子技術、心理戰技術和信息攻防技術;最後,通過演習把知識轉化為實際操作能力。在中國,主要由解放軍院校擔負培養信息戰高技術人才的責任:
解放軍通信指揮學院,位於武漢。 1998年,該院出版了兩部書籍,分別是《信息作戰指揮控制學》和《信息作戰技術學》,這兩部書籍是中國信息戰教育最重要的教材。該學院以其優良的信息戰教程設置而享有很高的聲譽,這些教程分析了戰略、戰役、戰術層次的信息作戰要求。
解放軍信息工程大學,位於鄭州,由原解放軍信息工程學院、電子技術學院和測繪學院合併而成。該校目前主要研究領域是信息安全,現代通信技術和空間技術,並且在一些尖端學科領域進行探索,如遙感信息技術、衛星導航與定位技術、地理信息數據庫技術。
解放軍理工大學,位於南京,由原解放軍通信工程學院、工程兵工程學院、空軍氣象學院和總參第63研究所合併而成。該校專門負責訓練信息戰、指揮自動化和其它新學科的軍事人才。有近400名專家教授在該大學從事信息戰理論與技術研究。
解放軍國防科技大學,位於長沙,該校直接隸屬於中央軍委。曾開發了著名的“銀河”系列超級計算機。 1999年4月到6月科索沃戰爭期間,近60名高級軍官匯集在此研究高科技戰爭。
解放軍海軍工程大學,位於武漢,是海軍唯一研究信息戰的院校。該校研究信息戰的目的是把信息技術應用到海軍裝備,使中國海軍能適應信息化戰爭。
結論
我們從中國的信息戰研究中能得到什麼結論呢?美國軍隊又能從中得到什麼啟示呢?
首先,中國的軍事理論家找到了一廉價而有效的信息戰方法,它使中國在戰略軍事和國際地位上取得與西方相等的位置,從而使中國在亞人地區發揮更重要的戰略角色。
其次,中國對新型信息戰部隊的重視非同尋常。因此可能會發展形式各樣的信息戰部隊,例如:網絡部隊(獨立兵種)、“網絡勇士”突襲分隊、信息保護部隊、信息兵團,電子警察和聯合網絡人民戰爭機構。有意思的是,就現階段的能力而言,西方國家,而不是中國,更具有把這些設想付諸實施的能力。
第三,中國的信息戰理論反映了西方和中國思想的結合,而且前者的影響力越來越弱。由於軍事指揮藝術的一些共同淵源(馬克思主義辯證思想),中國的信息戰思想更類似於俄國。但是,就其本質而言,中國的信息戰理論與俄國和西方都不同。中國的信息戰理論強調控制、電腦化戰爭、網絡戰、知識戰和製信息權。
第四,在信息戰領域,中國跨越了若干技術發展階段,利用四方的技術,不僅節省了時間而且還節省了金錢。不過,中國沒有完全仿效外國,而是採用創造性的信息戰策略。但不管怎麼樣,中國都是值得關注的一支不同於其他國家的信息戰力量。
對美軍而言,研究中國的信息戰理論絕非僅僅為了給軍方提供幾條意見。 《孫子兵法》稱“知彼知已,百戰百勝”。從外國信息戰理論的角度來分析美國的信息戰能力,才能發現美國信息戰系統的致命缺陷。
正如中國人所言,信息戰的失敗者不一定是技術落後方,那些缺乏指揮藝術和戰略能力的人才最可能是失敗者。美國到了該反省自己的信息戰思想,並研究信息戰戰略和戰術的時候了。 (範胜球編譯)(《國際展望》)
華夏經緯網 2004年02月11日

 

中華人民共和國國家信息與情報法草案 // People’s Republic of China DRAFT National Information & Intelligence Law

中華人民共和國國家信息與情報法草案

People’s Republic of China DRAFT National Information & Intelligence Law

A Note on the “National Information Law of the People ‘s Republic of China (Draft)”

First, the general idea of ​​legislation
First, under the guidance of the overall national security concept, adhere to the principle of socialist rule of law, focus on strengthening and safeguarding national intelligence work, respecting and safeguarding human rights, providing basic legal principles and legal basis for national intelligence work.
The second is to sum up the successful experience of China’s national intelligence work, based on the current and future period to carry out the actual needs of national intelligence work, provides the national intelligence work system mechanism, the national intelligence work agency’s authority and national intelligence work and so on.
The third is to deal with the national security law, anti-espionage law, anti-terrorism law and other legal relations, do with these laws convergence.

Second, the main content of the draft
(A) clear the national intelligence work tasks and institutional mechanisms. The draft stipulates that the national intelligence work should adhere to the overall national security concept and provide information for the major national decision-making, provide intelligence support for the prevention and mitigation of the risks that endanger national security, safeguard national power, sovereignty, unity, independence and territorial integrity, people’s well-being and economy Social sustainable development and other significant national interests (Article 2). Establish a sound national reunification, division of labor, scientific and efficient national intelligence system (Article 3). National security organs and public security organs intelligence agencies, military intelligence agencies in accordance with the division of responsibilities, with each other, do intelligence work, carry out intelligence action (Article 5).
(2) to clarify the powers of the State Intelligence Working Party. The drafting regulations stipulate that the national intelligence work agencies shall collect and deal with the organs of foreign institutions, organizations, individuals or implement or direct the financing of others, or the harm that the domestic institutions, organizations and individuals collusion with the overseas institutions, organizations and individuals of the People’s Republic of China Information on interests (Article 10). The national intelligence work agency shall provide information reference or basis (Article 11) for the prevention, suppression and punishment of foreign institutions, organizations and individuals in China to carry out acts that endanger our national security and interests in China. When the staff of the State Intelligence Working Party carry out their tasks according to law, they may go to the relevant authorities, organizations, enterprises and organizations and individuals to understand and inquire about the relevant circumstances, inspect or retrieve the relevant files, materials and articles; enter the relevant areas and places that restrict access; Enjoy the convenience of accommodation (Article 15, Article 16).
(3) to clarify the protection of national intelligence work. The drafting stipulates that the state shall strengthen the construction of the national intelligence work organization and carry out special management of its institutions, personnel, establishment, funds and assets; establish a management system for personnel recruitment, selection, assessment, training, treatment and withdrawal of personnel Nineteen). (Article 21) shall be protected by the staff of the national intelligence working agency and the personnel of the cooperative relationship and their close relatives. For those who contribute to the national intelligence work and need to be resettled, the relevant departments shall assist the national intelligence work agencies to properly resettle (Article 22). The draft also provides for the support and cooperation of citizens and organizations (Article 6, Article 13). Provides for the imposition of national intelligence work, disclosure of legal responsibility for state secrets related to national intelligence work (Article 25, Article 26).
(4) to clarify the norms and supervision of national intelligence work. The draft stipulates that national intelligence work should be carried out in accordance with the law, respect and protect human rights (Article VII). The national intelligence working agencies and their staff shall not go beyond their powers, abuse their power and engage in malpractices for personal gains, and shall not violate the lawful rights and interests of citizens and organizations and shall not disclose state secrets, trade secrets and personal privacy (Article 18). The State Intelligence Working Party shall abide by the relevant provisions of the State when using the necessary means, means and channels (Article 14, Article 15, Article 16 and Article 17). The national intelligence working agency shall establish a supervision and safety review system (Article 23). The draft also stipulates that any individual and organization shall have the right to report to the higher authorities or relevant departments for the violation of the powers, abuse of power, malpractice for personal gains and other offenses against the national intelligence working agencies and their staff members (Article 24).

Original Mandarin Chinese:

關於《中華人民共和國國家情報法(草案)》的說明

一、立法的總體思路
一是以總體國家安全觀為指導,堅持社會主義法治原則,著眼於加強和保障國家情報工作,尊重和保障人權,為國家情報工作提供基本的法律原則和法律依據。
二是總結我國國家情報工作的成功經驗,立足於當前和今後一段時期開展國家情報工作的實際需要,規定了國家情報工作的體制機制、國家情報工作機構的職權以及國家情報工作保障等內容。
三是處理好與國家安全法、反間諜法、反恐怖主義法等法律的關係,做好與這些法律的銜接。
二、草案的主要內容
(一)明確國家情報工作的任務和體制機制。草案規定,國家情報工作堅持總體國家安全觀,為國家重大決策提供情報參考,為防範和化解危害國家安全的風險提供情報支持,維護國家政權、主權、統一、獨立和領土完整、人民福祉、經濟社會可持續發展和國家其他重大利益(第二條)。建立健全集中統一、分工協作、科學高效的國家情報體制(第三條)。國家安全機關和公安機關情報機構、軍隊情報機構按照職責分工,相互配合,做好情報工作、開展情報行動(第五條)。
(二)明確國家情報工作機構的職權。草案規定,國家情報工作機構應當依法蒐集、處理境外機構、組織、個人實施或者指使、資助他人實施,或者境內機構、組織、個人與境外機構、組織、個人相勾結實施的危害中華人民共和國國家安全、利益的相關信息(第十條)。國家情報工作機構應當為防範、制止和懲治境外機構、組織、個人在中國境內實施的危害我國國家安全、利益的行為提供情報參考或依據(第十一條)。國家情報工作機構工作人員依法執行任務時,可以向有關機關、團體、企業事業組織和個人了解、詢問有關情況,查閱或者調取有關的檔案、資料、物品;進入限制進入的有關地區、場所;享受通行便利等(第十五條、第十六條)。
(三)明確國家情報工作保障。草案規定,國家加強國家情報工作機構建設,對其機構設置、人員、編制、經費、資產實行特殊管理;建立適應情報工作需要的人員錄用、選調、考核、培訓、待遇、退出等管理制度(第十九條)。對國家情報工作機構工作人員和有合作關係人員及其近親屬人身安全予以保護(第二十一條)。對為國家情報工作作出貢獻並需要安置的人員,有關部門應當協助國家情報工作機構妥善安置(第二十二條)。草案還規定了公民和組織的支持、配合義務(第六條、第十三條)。規定了阻礙國家情報工作、洩露與國家情報工作有關的國家秘密的法律責任(第二十五條、第二十六條)。
(四)明確對國家情報工作的規範和監督。草案規定,國家情報工作應當依法進行,尊重和保障人權(第七條)。國家情報工作機構及其工作人員不得超越職權、濫用職權、徇私舞弊,不得侵犯公民和組織的合法權益,不得洩露國家秘密、商業秘密和個人隱私(第十八條)。國家情報工作機構使用必要的方式、手段和渠道開展工作時,應當遵守國家有關規定(第十四條、第十五條、第十六條、第十七條)。國家情報工作機構應當建立監督和安全審查制度(第二十三條)。草案還規定了任何個人和組織對國家情報工作機構及其工作人員超越職權、濫用職權、徇私舞弊和其他違法行為,有權向上級機關或者有關部門檢舉、控告(第二十四條)。

 

Original Communist Chinese Government Source:

http://www.npc.gov.cn/COBRS_LFYJNEW/user/UserIndex.jsp?ID=8289337

Full Text of China’s National Cyberspace Security Strategy // 國家網絡空間安全戰略全文

Full Text of China’s National Cyberspace Security Strategy

國家網絡空間安全戰略全文

Beijing,People’s Republic of China

27 DEC 2017

December 27, approved by the Central Network Security and Information Technology Leading Group, the National Internet Information Office released the “national cyberspace security strategy”, the full text is as follows.

The extensive application of information technology and the rise and development of cyberspace have greatly promoted the economic and social prosperity and progress, but also brought new security risks and challenges. Cyberspace security (hereinafter referred to as cybersecurity) concerns the common interests of mankind, related to world peace and development, and national security. Safeguarding China’s network security is an important measure to coordinate and promote the comprehensive construction of a well-off society, comprehensively deepen reform, comprehensively administer the country according to law, and strictly pursue the strategic layout of the party, and realize the goal of “two hundred years” and realize the great rejuvenation of the Chinese nation An important guarantee. In order to implement the “four principles” of promoting the transformation of the global Internet governance system and the “five-point proposition” to build the cyberspace destiny community, we have clarified China’s important position on cyberspace development and security, guided China’s network security work, The state in the cyberspace of sovereignty, security, development interests, the development of this strategy.

First, opportunities and challenges

(A) a major opportunity

With the rapid development of information revolution, Internet, communication network, computer system, automation control system, digital equipment and its application, service and data, such as the network space, is a comprehensive change in people’s production and lifestyle, profound impact on human society Development process.

New channels for information dissemination. The development of network technology, breaking the time and space constraints, expanding the scope of communication, innovative means of communication, triggering a fundamental change in the pattern of communication. The network has become a new channel for people to access information and learn to communicate, and become a new carrier of human knowledge transmission.

Production and life of the new space. In today’s world, the depth of the network into people’s learning, life, work and other aspects of online education, entrepreneurship, health care, shopping, finance and other increasingly popular, more and more people through the network exchange ideas, achievements and dreams.

The new engine of economic development. The Internet is becoming the leading force of innovation-driven development. Information technology is widely used in all sectors of the national economy. It has promoted the upgrading of traditional industries, promoted new technologies, new forms, new industries and new models, promoted the adjustment of economic structure and economic development , For economic and social development has injected new impetus.

Cultural prosperity of the new carrier. The network promotes the cultural exchange and the popularization of knowledge, the release of cultural development vitality, the promotion of cultural innovation creation, the enrichment of people’s spiritual and cultural life, has become a new way to spread culture, provide a new means of public cultural services. Network culture has become an important part of cultural construction.

A new platform for social governance. The role of the network in advancing the national governance system and the modernization of the governance capability has become increasingly prominent. The application of e-government has been deepened, and the government information has been shared and publicized. The government has made scientific decision-making, democratization and rule of law, and has smoothed the channels of citizens’ participation in social governance. An important way to protect citizens’ right to know, to participate, to express and to supervise.

Exchange and cooperation of the new link. The development of information and globalization has promoted the global flow of information, capital, technology, talent and other elements, and promoted the integration of different civilizations. Network to the world into a global village, the international community more and more you have me, I have your fate in the community.

National sovereignty of the new territory. Cyber ​​space has become an important part of human activity with land, sea, sky and space. National sovereignty extension extends to cyberspace, and cyberspace sovereignty becomes an important part of national sovereignty. Respect for cyberspace sovereignty, safeguard network security, seek co-governance, achieve win-win situation, is becoming the international community consensus.

(B) severe challenges

The security situation of the network is becoming more and more serious, the national politics, economy, culture, society, national defense security and the legitimate rights and interests of citizens in cyberspace are facing severe risks and challenges.

Network penetration threatens political security. Political stability is the basic prerequisite for national development and people’s happiness. The use of the network to interfere in the internal affairs of other countries, to attack other countries political system, incite social unrest, subversion of other countries, as well as large-scale network monitoring, network theft and other activities seriously endanger the national political security and user information security.

Network attacks threaten economic security. Network and information systems have become the key infrastructure and the entire economic and social center of the nerve, suffered damage, a major security incident, will lead to energy, transportation, communications, financial and other infrastructure paralysis, resulting in catastrophic consequences, seriously endangering national economic security And public interest.

Network Harmful Information Erosion Cultural Security. Various ideological and cultural networks on the network agitation, confrontation, excellent traditional culture and mainstream values ​​facing the impact. Network rumors, decadent culture and obscenity, violence, superstition and other harmful information contrary to the socialist core values ​​erode the physical and mental health of young people, corrupt the social atmosphere, misleading the value orientation, endangering cultural security. Online moral anomie, the phenomenon of lack of integrity frequent, the degree of network civilization need to be improved.

Network terror and criminals undermine social security. Terrorism, separatism, extremism and other forces to use the network to incite, plan, organize and implement violent terrorist activities, a direct threat to people’s lives and property security, social order. Computer viruses, Trojans and other cyberspace spread spread, cyber-fraud, hacking, infringement of intellectual property rights, abuse of personal information and other illegal acts exist, some organizations want to steal user information, transaction data, location information and business secrets, serious damage to the country , Business and personal interests, affecting social harmony and stability.

The international competition in cyberspace is in the ascendant. International competition and control of cyberspace strategic resources, to seize the right to formulate rules and strategic high ground, to seek strategic competition in the increasingly fierce. Individual countries to strengthen the network deterrence strategy, intensify the cyberspace arms race, world peace by new challenges.

Cyberspace opportunities and challenges coexist, opportunities are greater than challenges. We must insist on active use, scientific development, management according to law, ensure safety, resolutely safeguard network security, make maximum use of cyberspace development potential, and benefit more than 1.3 billion Chinese people for the benefit of all mankind and firm maintenance of world peace.

Second, the goal

With the overall national security concept as the guide, implement the innovation, coordination, green, open and shared development concept, enhance the sense of risk and crisis awareness, the overall situation of domestic and international, overall development of security two major events, active defense, effective response, Promote network space peace, security, openness, cooperation and orderly, safeguard national sovereignty, security, development interests, and realize the strategic goal of building a network power.

Peace: the abuse of information technology has been effectively curbed, cyberspace arms race and other activities threatening international peace have been effectively controlled, cyberspace conflict has been effectively prevented.

Security: network security risks are effectively controlled, the national network security system is sound and perfect, the core technology and equipment are safe and controllable, and the network and information system are stable and reliable. Network security personnel to meet the needs of the whole society of network security awareness, basic protection skills and the use of network confidence greatly improved.

Open: Information technology standards, policies and markets open, transparent, product circulation and information dissemination more smoothly, the digital divide is increasingly bridging. Regardless of size, strength, rich and poor, countries around the world, especially developing countries can share development opportunities, share the fruits of development, fair participation in cyberspace governance.

Cooperation: the world in the technical exchanges, the fight against cyber terrorist and cyber crime and other areas of cooperation more closely, multilateral, democratic and transparent Internet governance system sound and perfect, win-win cooperation as the core of the network space fate community gradually formed.

Order: public interest in the cyberspace, participation, expression, supervision and other legitimate rights and interests are fully protected, cyberspace personal privacy is effectively protected, human rights are fully respected. The network environment of the domestic and international legal system, the standard norms gradually established, the network space to achieve effective management according to law, network environment integrity, civilization, health, freedom of information flow and safeguard national security, public interests to achieve organic unity.

Third, the principle

A safe, stable and prosperous cyberspace is of great significance to all countries and the world. China is willing to work with all countries to strengthen communication, expand consensus, deepen cooperation, and actively promote the global Internet governance system changes, and jointly safeguard the peace and security of cyberspace.

(A) respect for the maintenance of cyberspace sovereignty

Cyberspace sovereignty is inviolable, respect for the independent choice of development path, network management model, Internet public policy and equal participation in international network space management rights. The network affairs within the sovereign scope of each country are made by the people of each country, and each country has the right to take the necessary measures to manage the network activities of its own information system and its own territory according to its own national conditions and draw lessons from international experience, formulate laws and regulations on cyberspace, National information systems and information resources from intrusion, interference, attack and destruction, to protect the legitimate rights and interests of citizens in cyberspace; to prevent, prevent and punish harmful information harmful to national security and interests in the national network to disseminate and maintain cyberspace order. Any country does not engage in network hegemony, do not engage in double standards, do not use the network to interfere in the internal affairs of other countries, do not engage in, condone or support national activities against national security.

(B) the peaceful use of cyberspace

Peaceful use of cyberspace is in the common interest of mankind. States should abide by the principles of the Charter of the United Nations concerning the non-use or threat of use of force and prevent the use of information technology in the context of the maintenance of international security and stability, to boycott cyberspace arms races and prevent cyberspace conflicts. Adhere to mutual respect, equal treatment, seeking common ground while reserving differences, tolerance and mutual trust, respect for each other in cyberspace security interests and major concerns, to promote the construction of a harmonious network world. Against the use of national security as an excuse to use technological advantages to control other countries network and information systems, to collect and steal other countries data, but can not sacrifice the security of other countries to seek their own so-called absolute security.

(C) to manage cyberspace according to law

Comprehensively promote the legalization of cyberspace, adhere to the rule of law network, according to the law network, according to the Internet, so that the Internet in the rule of law on the healthy operation of the track. According to the law to build a good network order, the protection of cyber space information according to the law of free flow, protection of personal privacy, protection of intellectual property rights. Any organization and individual in the cyberspace to enjoy freedom, exercise the rights at the same time, to comply with the law, respect for the rights of others, their own words and deeds on the network.

(4) co-ordinate network security and development

There is no national security without national security, there is no information without modernization. Network security and information is one of the two wings, driven by the two wheels. Correctly handle the development and security of the relationship, adhere to the security development, to promote the development of security. Security is the prerequisite for development, and any development at the expense of security is difficult to sustain. Development is the foundation of security, and development is not the greatest insecurity. No information development, network security is not guaranteed, the existing security and even lost.

Fourth, strategic tasks

China’s Internet users and network size of the world’s first, to maintain China’s network security, not only their own needs, for the maintenance of global network security and world peace are of great significance. China is committed to safeguarding the national cyberspace sovereignty, security, development interests, promote the Internet for the benefit of mankind, and promote the peaceful use of cyberspace and co-governance.

(A) firmly defended cyberspace sovereignty

According to the Constitution and laws and regulations to manage China’s sovereignty within the network activities to protect China’s information facilities and information resources security, including economic, administrative, scientific and technological, legal, diplomatic, military and other measures, unswervingly maintain China’s cyberspace sovereignty. Resolutely oppose all the acts of subverting China’s state power through the Internet and undermining our national sovereignty.

(B) firmly uphold national security

To prevent, stop and punish any act of using the Internet for treason, secession, incitement to rebellion, subversion or incitement to subdue the people’s democratic dictatorship; to prevent, stop and punish the use of the Internet to steal, to disclose state secrets and other acts endangering national security; Prevent, stop and punish foreign forces to use the network to penetrate, destroy, subvert, split the activities.

(Iii) Protection of critical information infrastructures

The key information infrastructure of the country refers to the information facilities that are related to national security, national economy and people’s livelihood, which have been damaged, destroyed or lost, which may seriously endanger the national security and public interests, including but not limited to the provision of public communication, radio and television transmission Information network, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, health care, social security, public utilities and other areas of important information systems, important Internet applications. Take all necessary measures to protect critical information infrastructures and their important data from attack damage. Adhere to the combination of technology and management, protection and deterrence simultaneously, focus on identification, protection, detection, early warning, response, disposal and other aspects, the establishment of the implementation of key information infrastructure protection system, from management, technology, personnel, Comprehensive measures to effectively strengthen the key information infrastructure security protection.

Key information infrastructure protection is the common responsibility of the government, enterprises and society as a whole. The supervisors, the operating units and organizations shall take the necessary measures to ensure the safety of the key information infrastructure in accordance with the requirements of laws, regulations and system standards. Strengthen critical information infrastructure risk assessment. Strengthen the party and government organs and key areas of the site security protection, grassroots party and government organs to build an intensive mode of operation and management. The establishment of government, industry and business network security information orderly sharing mechanism, give full play to enterprises in the protection of key information infrastructure in the important role.

Adhere to open to the outside world, based on open environment to maintain network security. Establish and implement the network security review system, strengthen the supply chain security management, the party and government organs, key industries procurement and use of important information technology products and services to carry out security review, improve product and service security and control, to prevent product service providers And other organizations use information technology to implement unfair competition or harm the interests of users.

(D) to strengthen the construction of network culture

Strengthen the construction of online ideological and cultural positions, vigorously cultivate and practice the socialist core values, the implementation of network content construction projects, the development of a positive network culture, the dissemination of positive energy, gather a strong spiritual strength, and create a good network atmosphere. Encourage the development of new business, create new products, to create the spirit of the times reflect the network culture brand, and constantly improve the network culture industry scale. The implementation of the outstanding culture of Chinese online communication project, and actively promote the excellent traditional culture and contemporary culture of digital, network production and dissemination. Play the advantages of Internet communication platform, promote the excellent cultural exchange between China and foreign countries, so that people understand the Chinese culture, so that the Chinese people understand the excellent culture of all countries, and jointly promote the prosperity and development of network culture, enrich people’s spiritual world and promote the progress of human civilization.

Strengthen the network ethics, network civilization construction, play moral education guide role, with human civilization excellent results nourish network space, repair network ecology. The construction of civilized integrity of the network environment, advocate civilization network, civilized Internet, the formation of safe, civilized and orderly information dissemination order. Resolutely crack down on rumors, obscenity, violence, superstition, cults and other harmful information spread in cyberspace spread. Improve the youth network literacy literacy, strengthen the protection of minors online, through the government, social organizations, communities, schools, families and other aspects of the joint efforts for the healthy growth of young people to create a good network environment.

(5) to combat cyber terror and crime

Strengthen the network anti-terrorism, anti-spy, anti-stealing capacity building, crack down on cyber terror and cyber espionage.

Adhere to comprehensive management, source control, according to the law to prevent, crack down on cyber fraud, Internet theft, trafficking in drug trafficking, infringement of personal information, dissemination of pornography, hacking, infringement of intellectual property rights and other criminal acts.

(6) improve the network management system

Adhere to the law, open, transparent network management network, and effectively do law, according to law, law enforcement must be strict, illegal research. Improve the network security laws and regulations system, enacted network security law, minor network protection regulations and other laws and regulations, a clear social responsibility and obligations, a clear network security management requirements. To speed up the revision and interpretation of existing laws, so that it applies to cyberspace. Improve the network security related system, establish a network trust system, improve the network security management of the scientific standardization level.

Speed ​​up the construction of legal norms, administrative supervision, industry self-discipline, technical support, public supervision, social education, a combination of network governance system to promote the network of social organization and management innovation, improve the basic management, content management, industry management and network crime prevention and combat Work linkage mechanism. Strengthen the cyberspace communication secrets, freedom of speech, trade secrets, as well as the right to reputation, property rights and other legitimate rights and interests of protection.

Encourage social organizations to participate in network governance, the development of network public welfare undertakings, strengthen the new network of social organization. Encourage Internet users to report network violations and bad information.

(7) reinforce the network security foundation

Adhere to innovation-driven development, and actively create a policy environment conducive to technological innovation, co-ordinate resources and strength to enterprises as the main body, combining production and research, collaborative research to point to the surface, the overall advance, as soon as possible in the core technology breakthrough. Attention to software security, accelerate the application of secure and credible products. The development of network infrastructure, rich network space information content. The implementation of “Internet +” action, vigorously develop the network economy. The implementation of national large data strategy, the establishment of large data security management system to support large data, cloud computing and other new generation of information technology innovation and application. Optimize the market environment, encourage network security enterprises bigger and stronger, to protect the national network security and consolidate the industrial base.

Establish and improve the national network security technology support system. Strengthening the basic theory and major problems of network security. Strengthen the network security standardization and certification work, more use of standard norms cyberspace behavior. Do a good job of level protection, risk assessment, vulnerability discovery and other basic work, improve the network security monitoring and early warning and network security emergency response mechanism.

The implementation of network security personnel projects, strengthen the network security professional construction, build first-class network security college and innovation park, the formation of personnel training and innovation and entrepreneurship of the ecological environment. Run the network security publicity week activities, vigorously carry out the national network security publicity and education. Promote the network security education into the teaching materials, into the school, into the classroom, improve the network media literacy, enhance the whole society network security awareness and protection skills, improve the network of Internet users harmful information, network fraud and other illegal and criminal activities identification and resistance.

(8) to enhance the ability of network space protection

Cyberspace is the new territory of national sovereignty. Construction and international status commensurate with the network power to adapt to the network space protection, and vigorously develop the network security and defense means to detect and resist the network invasion, casting and maintenance of national network security strong backing.

(9) to strengthen international cooperation in cyberspace

On the basis of mutual respect and mutual trust, strengthen cooperation in international cyberspace dialogue and promote the transformation of the global governance system of the Internet. Deepen cooperation with the bilateral and multilateral network security dialogue and information communication, effective control of differences, and actively participate in global and regional organizations, network security cooperation, to promote the Internet address, root domain name servers and other basic resource management internationalization.

Support the United Nations to play a leading role in promoting the development of international agreements on cyberspace, international cyberspace international anti-terrorism conventions, and sound legal mechanisms to combat cybercrime, deepening policy and legal, technical innovation, standards, emergency response, critical information infrastructure Protection and other fields of international cooperation.

Strengthen support for assistance in the development of Internet technologies and infrastructure in developing and backward regions, and strive to bridge the digital divide. To promote “along the way” building, improve the level of international communication interoperability, smooth information Silk Road. To build the World Internet Conference and other global Internet sharing system, and jointly promote the healthy development of the Internet. We will build a multilateral, democratic and transparent international Internet governance system through active and effective international cooperation to build a peaceful, safe, open, cooperative and orderly cyberspace.

Original Mandarin Chinese:

12月27日,經中央網絡安全和信息化領導小組批准,國家互聯網信息辦公室發布《國家網絡空間安全戰略》,全文如下。

信息技術廣泛應用和網絡空間興起發展,極大促進了經濟社會繁榮進步,同時也帶來了新的安全風險和挑戰。網絡空間安全(以下稱網絡安全)事關人類共同利益,事關世界和平與發展,事關各國國家安全。維護我國網絡安全是協調推進全面建成小康社會、全面深化改革、全面依法治國、全面從嚴治黨戰略佈局的重要舉措,是實現“兩個一百年”奮鬥目標、實現中華民族偉大復興中國夢的重要保障。為貫徹落實習近平主席關於推進全球互聯網治理體系變革的“四項原則”和構建網絡空間命運共同體的“五點主張”,闡明中國關於網絡空間發展和安全的重大立場,指導中國網絡安全工作,維護國家在網絡空間的主權、安全、發展利益,制定本戰略。

一、機遇和挑戰

(一)重大機遇

伴隨信息革命的飛速發展,互聯網、通信網、計算機系統、自動化控制系統、數字設備及其承載的應用、服務和數據等組成的網絡空間,正在全面改變人們的生產生活方式,深刻影響人類社會歷史發展進程。

信息傳播的新渠道。網絡技術的發展,突破了時空限制,拓展了傳播範圍,創新了傳播手段,引發了傳播格局的根本性變革。網絡已成為人們獲取信息、學習交流的新渠道,成為人類知識傳播的新載體。

生產生活的新空間。當今世界,網絡深度融入人們的學習、生活、工作等方方面面,網絡教育、創業、醫療、購物、金融等日益普及,越來越多的人通過網絡交流思想、成就事業、實現夢想。

經濟發展的新引擎。互聯網日益成為創新驅動發展的先導力量,信息技術在國民經濟各行業廣泛應用,推動傳統產業改造升級,催生了新技術、新業態、新產業、新模式,促進了經濟結構調整和經濟發展方式轉變,為經濟社會發展注入了新的動力。

文化繁榮的新載體。網絡促進了文化交流和知識普及,釋放了文化發展活力,推動了文化創新創造,豐富了人們精神文化生活,已經成為傳播文化的新途徑、提供公共文化服務的新手段。網絡文化已成為文化建設的重要組成部分。

社會治理的新平台。網絡在推進國家治理體系和治理能力現代化方面的作用日益凸顯,電子政務應用走向深入,政府信息公開共享,推動了政府決策科學化、民主化、法治化,暢通了公民​​參與社會治理的渠道,成為保障公民知情權、參與權、表達權、監督權的重要途徑。

交流合作的新紐帶。信息化與全球化交織發展,促進了信息、資金、技術、人才等要素的全球流動,增進了不同文明交流融合。網絡讓世界變成了地球村,國際社會越來越成為你中有我、我中有你的命運共同體。

國家主權的新疆域。網絡空間已經成為與陸地、海洋、天空、太空同等重要的人類活動新領域,國家主權拓展延伸到網絡空間,網絡空間主權成為國家主權的重要組成部分。尊重網絡空間主權,維護網絡安全,謀求共治,實現共贏,正在成為國際社會共識。

(二)嚴峻挑戰

網絡安全形勢日益嚴峻,國家政治、經濟、文化、社會、國防安全及公民在網絡空間的合法權益面臨嚴峻風險與挑戰。

網絡滲透危害政治安全。政治穩定是國家發展、人民幸福的基本前提。利用網絡干涉他國內政、攻擊他國政治制度、煽動社會動亂、顛覆他國政權,以及大規模網絡監控、網絡竊密等活動嚴重危害國家政治安全和用戶信息安全。

網絡攻擊威脅經濟安全。網絡和信息系統已經成為關鍵基礎設施乃至整個經濟社會的神經中樞,遭受攻擊破壞、發生重大安全事件,將導致能源、交通、通信、金融等基礎設施癱瘓,造成災難性後果,嚴重危害國家經濟安全和公共利益。

網絡有害信息侵蝕文化安全。網絡上各種思想文化相互激盪、交鋒,優秀傳統文化和主流價值觀面臨衝擊。網絡謠言、頹廢文化和淫穢、暴力、迷信等違背社會主義核心價值觀的有害信息侵蝕青少年身心健康,敗壞社會風氣,誤導價值取向,危害文化安全。網上道德失範、誠信缺失現象頻發,網絡文明程度亟待提高。

網絡恐怖和違法犯罪破壞社會安全。恐怖主義、分裂主義、極端主義等勢力利用網絡煽動、策劃、組織和實施暴力恐怖活動,直接威脅人民生命財產安全、社會秩序。計算機病毒、木馬等在網絡空間傳播蔓延,網絡欺詐、黑客攻擊、侵犯知識產權、濫用個人信息等不法行為大量存在,一些組織肆意竊取用戶信息、交易數據、位置信息以及企業商業秘密,嚴重損害國家、企業和個人利益,影響社會和諧穩定。

網絡空間的國際競爭方興未艾。國際上爭奪和控製網絡空間戰略資源、搶占規則制定權和戰略制高點、謀求戰略主動權的競爭日趨激烈。個別國家強化網絡威懾戰略,加劇網絡空間軍備競賽,世界和平受到新的挑戰。

網絡空間機遇和挑戰並存,機遇大於挑戰。必須堅持積極利用、科學發展、依法管理、確保安全,堅決維護網絡安全,最大限度利用網絡空間發展潛力,更好惠及13億多中國人民,造福全人類,堅定維護世界和平。

二、目標

以總體國家安全觀為指導,貫徹落實創新、協調、綠色、開放、共享的發展理念,增強風險意識和危機意識,統籌國內國際兩個大局,統籌發展安全兩件大事,積極防禦、有效應對,推進網絡空間和平、安全、開放、合作、有序,維護國家主權、安全、發展利益,實現建設網絡強國的戰略目標。

和平:信息技術濫用得到有效遏制,網絡空間軍備競賽等威脅國際和平的活動得到有效控制,網絡空間衝突得到有效防範。

安全:網絡安全風險得到有效控制,國家網絡安全保障體系健全完善,核心技術裝備安全可控,網絡和信息系統運行穩定可靠。網絡安全人才滿足需求,全社會的網絡安全意識、基本防護技能和利用網絡的信心大幅提升。

開放:信息技術標準、政策和市場開放、透明,產品流通和信息傳播更加順暢,數字鴻溝日益彌合。不分大小、強弱、貧富,世界各國特別是發展中國家都能分享發展機遇、共享發展成果、公平參與網絡空間治理。

合作:世界各國在技術交流、打擊網絡恐怖和網絡犯罪等領域的合作更加密切,多邊、民主、透明的國際互聯網治理體系健全完善,以合作共贏為核心的網絡空間命運共同體逐步形成。

有序:公眾在網絡空間的知情權、參與權、表達權、監督權等合法權益得到充分保障,網絡空間個人隱私獲得有效保護,人權受到充分尊重。網絡空間的國內和國際法律體系、標準規範逐步建立,網絡空間實現依法有效治理,網絡環境誠信、文明、健康,信息自由流動與維護國家安全、公共利益實現有機統一。

三、原則

一個安全穩定繁榮的網絡空間,對各國乃至世界都具有重大意義。中國願與各國一道,加強溝通、擴大共識、深化合作,積極推進全球互聯網治理體系變革,共同維護網絡空間和平安全。

(一)尊重維護網絡空間主權

網絡空間主權不容侵犯,尊重各國自主選擇發展道路、網絡管理模式、互聯網公共政策和平等參與國際網絡空間治理的權利。各國主權範圍內的網絡事務由各國人民自己做主,各國有權根據本國國情,借鑒國際經驗,制定有關網絡空間的法律法規,依法採取必要措施,管理本國信息系統及本國疆域上的網絡活動;保護本國信息系統和信息資源免受侵入、干擾、攻擊和破壞,保障公民在網絡空間的合法權益;防範、阻止和懲治危害國家安全和利益的有害信息在本國網絡傳播,維護網絡空間秩序。任何國家都不搞網絡霸權、不搞雙重標準,不利用網絡干涉他國內政,不從事、縱容或支持危害他國國家安全的網絡活動。

(二)和平利用網絡空間

和平利用網絡空間符合人類的共同利益。各國應遵守《聯合國憲章》關於不得使用或威脅使用武力的原則,防止信息技術被用於與維護國際安全與穩定相悖的目的,共同抵製網絡空間軍備競賽、防範網絡空間衝突。堅持相互尊重、平等相待,求同存異、包容互信,尊重彼此在網絡空間的安全利益和重大關切,推動構建和諧網絡世界。反對以國家安全為藉口,利用技術優勢控制他國網絡和信息系統、收集和竊取他國數據,更不能以犧牲別國安全謀求自身所謂絕對安全。

(三)依法治理網絡空間

全面推進網絡空間法治化,堅持依法治網、依法辦網、依法上網,讓互聯網在法治軌道上健康運行。依法構建良好網絡秩序,保護網絡空間信息依法有序自由流動,保護個人隱私,保護知識產權。任何組織和個人在網絡空間享有自由、行使權利的同時,須遵守法律,尊重他人權利,對自己在網絡上的言行負責。

(四)統籌網絡安全與發展

沒有網絡安全就沒有國家安全,沒有信息化就沒有現代化。網絡安全和信息化是一體之兩翼、驅動之雙輪。正確處理髮展和安全的關係,堅持以安全保發展,以發展促安全。安全是發展的前提,任何以犧牲安全為代價的發展都難以持續。發展是安全的基礎,不發展是最大的不安全。沒有信息化發展,網絡安全也沒有保障,已有的安全甚至會喪失。

四、戰略任務

中國的網民數量和網絡規模世界第一,維護好中國網絡安全,不僅是自身需要,對於維護全球網絡安全乃至世界和平都具有重大意義。中國致力於維護國家網絡空間主權、安全、發展利益,推動互聯網造福人類,推動網絡空間和平利用和共同治理。

(一)堅定捍衛網絡空間主權

根據憲法和法律法規管理我國主權範圍內的網絡活動,保護我國信息設施和信息資源安全,採取包括經濟、行政、科技、法律、外交、軍事等一切措施,堅定不移地維護我國網絡空間主權。堅決反對通過網絡顛覆我國國家政權、破壞我國國家主權的一切行為。

(二)堅決維護國家安全

防範、制止和依法懲治任何利用網絡進行叛國、分裂國家、煽動叛亂、顛覆或者煽動顛覆人民民主專政政權的行為;防範、制止和依法懲治利用網絡進行竊取、洩露國家秘密等危害國家安全的行為;防範、制止和依法懲治境外勢力利用網絡進行滲透、破壞、顛覆、分裂活動。

(三)保護關鍵信息基礎設施

國家關鍵信息基礎設施是指關係國家安全、國計民生,一旦數據洩露、遭到破壞或者喪失功能可能嚴重危害國家安全、公共利益的信息設施,包括但不限於提供公共通信、廣播電視傳輸等服務的基礎信息網絡,能源、金融、交通、教育、科研、水利、工業製造、醫療衛生、社會保障、公用事業等領域和國家機關的重要信息系統,重要互聯網應用系統等。採取一切必要措施保護關鍵信息基礎設施及其重要數據不受攻擊破壞。堅持技術和管理並重、保護和震懾並舉,著眼識別、防護、檢測、預警、響應、處置等環節,建立實施關鍵信息基礎設施保護製度,從管理、技術、人才、資金等方面加大投入,依法綜合施策,切實加強關鍵信息基礎設施安全防護。

關鍵信息基礎設施保護是政府、企業和全社會的共同責任,主管、運營單位和組織要按照法律法規、制度標準的要求,採取必要措施保障關鍵信息基礎設施安全,逐步實現先評估後使用。加強關鍵信息基礎設施風險評估。加強黨政機關以及重點領域網站的安全防護,基層黨政機關網站要按集約化模式建設運行和管理。建立政府、行業與企業的網絡安全信息有序共享機制,充分發揮企業在保護關鍵信息基礎設施中的重要作用。

堅持對外開放,立足開放環境下維護網絡安全。建立實施網絡安全審查制度,加強供應鏈安全管理,對黨政機關、重點行業採購使用的重要信息技術產品和服務開展安全審查,提高產品和服務的安全性和可控性,防止產品服務提供者和其他組織利用信息技術優勢實施不正當競爭或損害用戶利益。

(四)統籌網絡安全與發展

沒有網絡安全就沒有國家安全,沒有信息化就沒有現代化。網絡安全和信息化是一體之兩翼、驅動之雙輪。正確處理髮展和安全的關係,堅持以安全保發展,以發展促安全。安全是發展的前提,任何以犧牲安全為代價的發展都難以持續。發展是安全的基礎,不發展是最大的不安全。沒有信息化發展,網絡安全也沒有保障,已有的安全甚至會喪失。

四、戰略任務

中國的網民數量和網絡規模世界第一,維護好中國網絡安全,不僅是自身需要,對於維護全球網絡安全乃至世界和平都具有重大意義。中國致力於維護國家網絡空間主權、安全、發展利益,推動互聯網造福人類,推動網絡空間和平利用和共同治理。

(一)堅定捍衛網絡空間主權

根據憲法和法律法規管理我國主權範圍內的網絡活動,保護我國信息設施和信息資源安全,採取包括經濟、行政、科技、法律、外交、軍事等一切措施,堅定不移地維護我國網絡空間主權。堅決反對通過網絡顛覆我國國家政權、破壞我國國家主權的一切行為。

(二)堅決維護國家安全

防範、制止和依法懲治任何利用網絡進行叛國、分裂國家、煽動叛亂、顛覆或者煽動顛覆人民民主專政政權的行為;防範、制止和依法懲治利用網絡進行竊取、洩露國家秘密等危害國家安全的行為;防範、制止和依法懲治境外勢力利用網絡進行滲透、破壞、顛覆、分裂活動。

(三)保護關鍵信息基礎設施

國家關鍵信息基礎設施是指關係國家安全、國計民生,一旦數據洩露、遭到破壞或者喪失功能可能嚴重危害國家安全、公共利益的信息設施,包括但不限於提供公共通信、廣播電視傳輸等服務的基礎信息網絡,能源、金融、交通、教育、科研、水利、工業製造、醫療衛生、社會保障、公用事業等領域和國家機關的重要信息系統,重要互聯網應用系統等。採取一切必要措施保護關鍵信息基礎設施及其重要數據不受攻擊破壞。堅持技術和管理並重、保護和震懾並舉,著眼識別、防護、檢測、預警、響應、處置等環節,建立實施關鍵信息基礎設施保護製度,從管理、技術、人才、資金等方面加大投入,依法綜合施策,切實加強關鍵信息基礎設施安全防護。

關鍵信息基礎設施保護是政府、企業和全社會的共同責任,主管、運營單位和組織要按照法律法規、制度標準的要求,採取必要措施保障關鍵信息基礎設施安全,逐步實現先評估後使用。加強關鍵信息基礎設施風險評估。加強黨政機關以及重點領域網站的安全防護,基層黨政機關網站要按集約化模式建設運行和管理。建立政府、行業與企業的網絡安全信息有序共享機制,充分發揮企業在保護關鍵信息基礎設施中的重要作用。

堅持對外開放,立足開放環境下維護網絡安全。建立實施網絡安全審查制度,加強供應鏈安全管理,對黨政機關、重點行業採購使用的重要信息技術產品和服務開展安全審查,提高產品和服務的安全性和可控性,防止產品服務提供者和其他組織利用信息技術優勢實施不正當競爭或損害用戶利益。

(四)加強網絡文化建設

加強網上思想文化陣地建設,大力培育和踐行社會主義核心價值觀,實施網絡內容建設工程,發展積極向上的網絡文化,傳播正能量,凝聚強大精神力量,營造良好網絡氛圍。鼓勵拓展新業務、創作新產品,打造體現時代精神的網絡文化品牌,不斷提高網絡文化產業規模水平。實施中華優秀文化網上傳播工程,積極推動優秀傳統文化和當代文化精品的數字化、網絡化製作和傳播。發揮互聯網傳播平台優勢,推動中外優秀文化交流互鑑,讓各國人民了解中華優秀文化,讓中國人民了解各國優秀文化,共同推動網絡文化繁榮發展,豐富人們精神世界,促進人類文明進步。

加強網絡倫理、網絡文明建設,發揮道德教化引導作用,用人類文明優秀成果滋養網絡空間、修復網絡生態。建設文明誠信的網絡環境,倡導文明辦網、文明上網,形成安全、文明、有序的信息傳播秩序。堅決打擊謠言、淫穢、暴力、迷信、邪教等違法有害信息在網絡空間傳播蔓延。提高青少年網絡文明素養,加強對未成年人上網保護,通過政府、社會組織、社區、學校、家庭等方面的共同努力,為青少年健康成長創造良好的網絡環境。

(五)打擊網絡恐怖和違法犯罪

加強網絡反恐、反間諜、反竊密能力建設,嚴厲打擊網絡恐怖和網絡間諜活動。

堅持綜合治理、源頭控制、依法防範,嚴厲打擊網絡詐騙、網絡盜竊、販槍販毒、侵害公民個人信息、傳播淫穢色情、黑客攻擊、侵犯知識產權等違法犯罪行為。

(六)完善網絡治理體系

堅持依法、公開、透明管網治網,切實做到有法可依、有法必依、執法必嚴、違法必究。健全網絡安全法律法規體系,制定出台網絡安全法、未成年人網絡保護條例等法律法規,明確社會各方面的責任和義務,明確網絡安全管理要求。加快對現行法律的修訂和解釋,使之適用於網絡空間。完善網絡安全相關製度,建立網絡信任體系,提高網絡安全管理的科學化規範化水平。

加快構建法律規範、行政監管、行業自律、技術保障、公眾監督、社會教育相結合的網絡治理體系,推進網絡社會組織管理創新,健全基礎管理、內容管理、行業管理以及網絡違法犯罪防範和打擊等工作聯動機制。加強網絡空間通信秘密、言論自由、商業秘密,以及名譽權、財產權等合法權益的保護。

鼓勵社會組織等參與網絡治理,發展網絡公益事業,加強新型網絡社會組織建設。鼓勵網民舉報網絡違法行為和不良信息。

(七)夯實網絡安全基礎

堅持創新驅動發展,積極創造有利於技術創新的政策環境,統籌資源和力量,以企業為主體,產學研用相結合,協同攻關、以點帶面、整體推進,盡快在核心技術上取得突破。重視軟件安全,加快安全可信產品推廣應用。發展網絡基礎設施,豐富網絡空間信息內容。實施“互聯網+”行動,大力發展網絡經濟。實施國家大數據戰略,建立大數據安全管理制度,支持大數據、雲計算等新一代信息技術創新和應用。優化市場環境,鼓勵網絡安全企業做大做強,為保障國家網絡安全夯實產業基礎。

建立完善國家網絡安全技術支撐體系。加強網絡安全基礎理論和重大問題研究。加強網絡安全標準化和認證認可工作,更多地利用標準規範網絡空間行為。做好等級保護、風險評估、漏洞發現等基礎性工作,完善網絡安全監測預警和網絡安全重大事件應急處置機制。

實施網絡安全人才工程,加強網絡安全學科專業建設,打造一流網絡安全學院和創新園區,形成有利於人才培養和創新創業的生態環境。辦好網絡安全宣傳周活動,大力開展全民網絡安全宣傳教育。推動網絡安全教育進教材、進學校、進課堂,提高網絡媒介素養,增強全社會網絡安全意識和防護技能,提高廣大網民對網絡違法有害信息、網絡欺詐等違法犯罪活動的辨識和抵禦能力。

(八)提升網絡空間防護能力

網絡空間是國家主權的新疆域。建設與我國國際地位相稱、與網絡強國相適應的網絡空間防護力量,大力發展網絡安全防御手段,及時發現和抵禦網絡入侵,鑄造維護國家網絡安全的堅強後盾。

(九)強化網絡空間國際合作

在相互尊重、相互信任的基礎上,加強國際網絡空間對話合作,推動互聯網全球治理體系變革。深化同各國的雙邊、多邊網絡安全對話交流和信息溝通,有效管控分歧,積極參與全球和區域組織網絡安全合作,推動互聯網地址、根域名服務器等基礎資源管理國際化。

支持聯合國發揮主導作用,推動制定各方普遍接受的網絡空間國際規則、網絡空間國際反恐公約,健全打擊網絡犯罪司法協助機制,深化在政策法律、技術創新、標準規範、應急響應、關鍵信息基礎設施保護等領域的國際合作。

加強對發展中國家和落後地區互聯網技術普及和基礎設施建設的支持援助,努力彌合數字鴻溝。推動“一帶一路”建設,提高國際通信互聯互通水平,暢通信息絲綢之路。搭建世界互聯網大會等全球互聯網共享共治平台,共同推動互聯網健康發展。通過積極有效的國際合作,建立多邊、民主、透明的國際互聯網治理體系,共同構建和平、安全、開放、合作、有序的網絡空間。

Original Source: http://politics.people.com.cn/n1/2016/1227/c1001-28980829.html

 

A Summary of China ‘s Internet Security Situation in China in 2016 // 2016年中國中國互聯網安全形勢總結

A Summary of China ‘s Internet Security Situation in China in 2016

2016年中國中國互聯網安全形勢總結

19 APRIL 2017 BEIJING, People’s Republic of China

April 19, the National Computer Network Emergency Technology Processing Coordination Center (referred to as “National Internet Emergency Response Center”, the English referred to as “CNCERT”) released “China’s Internet security situation in 2016,” a review of China’s Internet macro security situation monitoring On the basis of the combination of network security warning and emergency response work, the paper focuses on analyzing and summarizing the Internet security situation of China in 2016 and predicting the hotspot of network security in 2017.

Analysis of Internet Security Monitoring Data in China in 2016

CNCs continued to monitor the macroeconomic situation of China’s cybersecurity. In 2016, the number of mobile Internet malicious programs was captured, the number of backdoor attacks and the number of security vulnerabilities were increased compared with 2015, and the number of Trojans and botnets was denied. Quantity, phishing and page tampering the number of pages have declined.

According to the sampling monitoring, about 70,000 Trojans and botnet control servers in 2016 control 1699 million hosts in our country, the number of control servers decreased by 8.0% compared with 2015, the number of domestic infection host decreased by 14.1% compared with 2015. The Among them, about 48,000 from outside the control server control of China’s 1499 million units in the host, from the United States the number of control servers in the first place, followed by Hong Kong, China and Japan.

In the botnet found in the detection of malicious programs and the formation of botnets, the size of more than 100 hosts in the number of botnets 4896, of which the size of more than 100,000 units in the number of botnets 52. According to the quantitative analysis of the distribution of Trojans and botnets in China, the top three were Guangdong Province (13.4% of the total number of infections in China), Jiangsu Province (9.2%) and Shandong Province (8.3 %). In order to effectively control the damage caused by the host of Trojans and botnets, in 2016, under the guidance of the Ministry of Industry and Information Technology, under the guidance of “Trojan and botnet monitoring and disposal mechanism”, CNCERT organization basic telecommunications companies, domain name service agencies, etc. successfully closed 1011 Control the larger botnets.

In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor switching, an increase of 39.0% over 2015, and continued to maintain rapid growth in the past seven years. According to their malicious behavior classification, the top three were hooliganism, malicious deductions and tariff consumption class 1, accounting for 61.1%, respectively, 18.2% and 13.6%. CNCERT found that mobile Internet malicious program download links nearly 670,000, an increase of nearly 1.2 times compared with 2015, involving more than 22 million source of the source, IP address of more than 30,000, the number of malicious programs spread to 124 million times.

In 2016, CNCERT focused on the “album” category 2 Andrews and malicious pornographic software with malicious deductions and maliciously disseminated attributes that were spread by SMS and had malicious behavior such as stealing user messages and correspondence, and coordinated work The A total of 47,316 cases of such malicious programs were found in the year, and more than 1.01 million were collected, and 6045 domain names were used to disseminate malicious programs. 7645 malicious mailbox accounts for receiving user’s text messages and contacts were used to receive user text messages Malicious mobile phone number 6616, leaked users SMS and address book mail 222 million, seriously endangering the user’s personal information security and property security. Under the guidance of the Ministry of Industry and Information Technology, according to the “mobile Internet malicious program monitoring and disposal mechanism”, CNCERT organization of e-mail service providers, domain name registrar and other active coordination work to find the malicious mailbox account, malicious domain name, etc. Dispose of.

Second, 2016 China’s Internet security situation

In recent years, with China’s network security laws and regulations, management system of continuous improvement, China’s network security technology strength, personnel, international cooperation, and achieved remarkable results. In 2016, China’s Internet security situation is generally stable, the rapid development of network security industry, network security and protection capabilities have been improved, international cooperation to further strengthen the network security. But with cyberspace strategically

The increasing number of countries, the world’s major countries have set up cyberspace attack capability, the growing national network conflict, China’s cyberspace security challenges facing increasingly complex.

Domain name system security in good condition, anti-attack ability increased significantly. In 2016, China’s domain name service system security in good condition, no major security incidents. According to the sampling monitoring, 2016 years for China’s domain name system traffic scale of more than 1Gpbs DDoS attacks on the daily average of about 32 cases, did not affect the domain name resolution services in China, the basic telecommunications companies have not seriously affected the success rate of analysis Attack events, mainly with the domain name system to strengthen security measures, anti-DDoS attack ability significantly improved related. In June 2016, there were large-scale DDoS attacks against the global root domain name servers and their mirrors. Most of the root domain servers were affected to varying degrees. The domain name mirroring servers in China also suffered large-scale network traffic attacks at the same time. Due to emergency treatment in a timely manner, and the root zone top-level domain cache expiration time is often more than 1 day, the attack did not affect the domain name system network security.

For the industrial control system of network security attacks increasing, many important industrial control system security incidents should pay attention. In 2016, the world occurred more than the major areas of industrial accidents worthy of our country wake up. In August, Kaspersky Security Laboratories exposed the “ghoul” network attack against the industrial sector, which focused on the Middle East and other countries’ Industrial enterprises launched a targeted network intrusion; in December, the Ukrainian power grid once again experienced a power supply failure, according to the analysis of the origin of this malpractice “dark forces” variants.

China’s industrial control system is huge, security vulnerabilities, malicious detection, etc. to our industrial control system to bring some security risks. As of the end of 2016, CNVD included 1036 industrial malpractices, of which 173 were included in 2016, an increase of 38.4% over 2015. Industrial control system mainly exists buffer overflow, lack of access control mechanism, weak password, directory traversal and other loopholes risk. Through the analysis of network traffic, 2016 CNCERT cumulative monitoring to the network of industrial equipment fingerprint detection event more than 880,000 times, and found 60 countries from outside the 1610 IP address of China’s network of industrial equipment for fingerprint detection.

High-level persistent threat normalization, China’s attack is particularly serious threat. As of the end of 2016, domestic enterprises issued a senior Sustainability Threat (APT) study reported a total of 43 APT organizations, including targeted targets for China’s APT organizations have 36 4. From the attack to achieve the point of view, more APT attacks using engineering to achieve, that is, relying on commercial attack platform and the Internet black industry

Chain data and other mature resources to achieve APT attacks. This kind of attack not only reduces the technical and resource threshold of initiating APT attack, but also increases the difficulty of traceability analysis. In 2016, many of the important information system for the implementation of the APT attacks were exposed, including “white elephant action 5”, “Man Linghua attack action”, mainly in China’s education, energy, military and scientific research as the main target The In August 2016, the hacker organization “Shadow Brokers” published the Formula Organization 6 frequently used toolkits, including various firewall exploits, hacking tools and scripts involving Juniper, Flying Tower, Cisco, and Financial letter, Huawei and other manufacturers products. CNCERT released 11 software vulnerabilities (there are four suspected 0day vulnerability) for census analysis and found that the world has about 120,000 IP addresses carrying the relevant products of network equipment, of which China’s IP address of about 33,000, accounting for 27.8% of all IP addresses poses a serious potential threat to cyberspace security in China. In November 2016, the hacker organization “shadow broker” also announced a group has been attacked by the National Security Agency network control and IP address and domain name data, China is the most attacked countries, involving at least nine universities in China, 12 Energy, aviation, telecommunications and other important information systems departments and two government information centers.

A large number of networked smart devices were attacked by malicious programs to form botnets, which were used to initiate large traffic DDoS attacks. In recent years, with the intelligent wearable equipment, intelligent home, intelligent routers and other terminal equipment and network equipment, the rapid development and popularization, for the Internet of intelligent devices, the proportion of network attacks increased, the attackers use the Internet of things intelligent device vulnerabilities Access to device control rights, or other hacker underground transactions for user information data theft, network traffic hijacking, or for controlling the formation of large-scale botnets. CNCERT on-line monitoring of vehicle network security system analysis and found that some car network information service providers and related products, security vulnerabilities can lead to vehicle, location and vehicle owners information disclosure and vehicle remote control and other security risks. At the end of 2016, Mirai malicious programs were widely watched as a result of large-scale off-site events on the east coast of the United States and a large number of users of Deutsche Telekom visited Internet anomalies. Mirai is a typical use of Internet of things intelligent device vulnerabilities to penetrate infiltration to achieve the control of the device malicious code, the number of charged devices accumulated to a certain extent will form a huge “botnet”, known as “Mirai botnet.” And because of Internet of things intelligent devices are generally 24 hours online, infected with malicious programs are not easily perceived by the user, forming a “stable” attack source. CNC inspections of the Mirai botnet show that by the end of 2016, a total of 2526 control servers were deployed to control 125.4 million devices, which posed a serious potential security threat to the stable operation of the Internet. In addition, CNCERT also analyzed the Gafgyt botnet sampling analysis. In the fourth quarter of 2016, a total of 817 control servers were selected to control 425,000 devices, and more than 18,000 DDoS attacks were initiated, with peak traffic 5Gpbs more than 72 times the number of attacks.

Web site data and personal information leak is not uncommon, “derivative disaster” serious. Due to the disappearance of the traditional boundaries of the Internet, all kinds of data spread across the terminal, network, mobile phone and cloud, coupled with the interests of the Internet black industry chain driven by data leakage threats are increasing. In 2016, the domestic and international website data and personal information leakage incidents frequently, the political, economic and social impact gradually deepened, and even personal life safety has also been violated. In the United States, the United States election candidate Hillary’s mail leak, directly affect the US election process; Yahoo two account information disclosure involving about 1.5 billion personal accounts, resulting in US telecom operators Verizon $ 4.8 billion acquisition of Yahoo plans to shelve May even be canceled. In the country, China’s immune planning system network was malicious invasion, 200,000 children’s information was stolen and publicly sold online; information leakage led to frequent fraud cases, college entrance examination information leaks to take away the university students will soon enter the life of Xu Yuyu ; 2016 public security organs were detected more than 1,800 cases of infringement of personal information, seized 30 million pieces of personal information of various types of citizens. In addition, according to the news media reported that Russia, Mexico, Turkey, the Philippines, Syria, Kenya and other countries of the government website data leaked.

Mobile Internet malicious program more profitable, mobile Internet black industry chain has matured. In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor exchange, up 39.0% from 2015 and continued to grow at a high rate in the past six years. Through malware behavior analysis, it was found that the number of applications for fraudulent, malicious deductions, lockdowns and other economic interests was 59.6% of the total number of malicious programs, nearly three times over 2015. From the spread of malicious programs found that fraudulent acts of fraudulent procedures mainly through SMS, advertising and network disk and other specific communication channels to spread, the number of infected users reached 24.93 million, causing significant economic losses. From the attack mode of malicious programs, it is found that the number of malicious programs that steal SMS verification codes is larger than that of SMS, and 10845 samples are obtained in the whole year. It shows the characteristics of simple production, fixed attack mode and huge profits. The mobile Internet industry Mature.

Extortion software raging, a serious threat to local data and intelligent equipment security. According to CNCERT monitoring found in 2016 in the traditional PC side, to capture extortion class malicious program sample of about 19,000, the number of a record high in recent years. Analysis of extortion software attack object found that extortion software has been gradually extended from the individual terminal equipment to business users, especially for high-value target blackmail situation

Heavy. For enterprise users, blackmail software exploits security vulnerabilities to attack, the enterprise database encryption and extortion, the end of 2016 open source MongoDB database was a blackmail software attacks, a large number of users affected. For personal terminal equipment, extortion software malicious behavior in the traditional PC and mobile terminals show obvious different characteristics: in the traditional PC side, mainly through the “encrypted data” to blackmail, that is, the user’s computer file encryption, stress users Purchase the decryption key; on the mobile side, mainly through the “encryption device” to blackmail, that is, remote lock the user mobile devices, so that users can not use the device, and to coerce users to pay the cost of unlocking. However, from the extortion of software transmission point of view, the traditional PC and mobile side show a common, mainly through e-mail, counterfeit normal application, QQ group, network disk, paste it, victims and other spread.

Three, 2017 worthy of attention to the hot spots

According to the analysis of the characteristics of China’s Internet security situation in 2016, CNCERT predicts that the hot spots that are worthy of attention in 2017 are as follows.

(A) cyberspace according to the law of governance more clear. On November 7, 2016, the Twenty-fourth Session of the Standing Committee of the 12th National People’s Congress passed the “Network Security Law” and came into effect on June 1, 2017. The Act has 7 chapters and 79 articles on cyberspace sovereignty, network products and service providers ‘security obligations, network operators’ safety obligations, personal information protection rules, critical information infrastructure security protection systems and important data cross-border transmission rules, etc. Has been clearly defined. It is expected that the departments will pay more attention to the propaganda and interpretation work of the “Network Security Law” in 2017, compile relevant supporting policies and regulations, implement various supporting measures, and make cyberspace according to law more clear.

(B) the use of Internet of things intelligent device network attacks will continue to increase. 2016 CNVD collection of intelligent networking equipment vulnerabilities 1117, mainly related to web cameras, intelligent routers, smart appliances, intelligent gateway and other equipment. The vulnerability type is mainly privilege to bypass, information disclosure, command execution, etc., which weak password (or built-in default password) vulnerability is easy to be used, the actual impact is very extensive, malicious code attack to use an important risk point. With the development of unmanned aerial vehicles, autopilot vehicles, the popularity of smart home appliances and the development of smart cities, the number of vulnerabilities in networked smart devices will increase significantly, and network attacks against or using intelligent networking devices will be more frequent.

(C) the Internet and the traditional industry integration caused by the security threat is more complex. With the deepening of China’s “Internet +” and “Made in China 2025” action plan, almost all traditional industries, traditional applications and services in China are being changed by the Internet, bringing innovation and development opportunities to various industries. In the process of integration innovation and development, the traditional industry closed mode gradually changed to open mode, but also the future of the Internet virtual network security events into real-world security threats. Internet finance, industrial Internet and other emerging industries rapid development, but triggered a new network security threats can not be ignored, the Internet financial integration of information flow and capital flow, the risk of information flow is likely to lead to loss of capital flow; industrial control system more For the intelligent, network, open Internet brings malicious sniffing behavior increased, the risk of malicious attacks continue to increase. Traditional Internet security and real-world security issues intertwined with the security threat is more complex, the consequences are more serious.

(D) personal information and important data protection will be more attention. In recent years, the development of Internet technology is extremely convenient and rich in our lives and work, online shopping, online job search, social platform, government services and other platforms are filled with a large number of personal detailed privacy information. Since 2011, China’s serious personal information on the leak of the event, especially in recent years, the case of network fraud, the victim’s details have been grasped by fraud, to social stability and serious harm. 2013 “Snowdon incident” and the follow-up of the US government has been a large-scale monitoring of the project, to stimulate countries to strengthen the protection of important data measures, strict norms of Internet data collection, use, storage and so on. China in the “Network Security Law” on the personal information protection rules, important data cross-border transmission has been clearly defined, is expected on personal information and important data protection of the detailed regulatory documents will be enacted, and effectively implement the protection measures.

(5) Network security threats Information sharing has attracted the attention of all parties. Timely comprehensive access to and analysis of network security threats, ahead of network security early warning and deployment of emergency response measures, fully embodies a national network security comprehensive defense capabilities. Through the network security threat information sharing, the use of collective knowledge and technical ability, is to achieve a comprehensive grasp of the network security threats an effective way. The United States as early as 1998 in the Clinton administration signed a presidential decree to encourage the government and enterprises to carry out network security information sharing, to the Obama administration is the network security information sharing is written into the government bill. In recent years, China attaches great importance to the work of network security information sharing, in the “Network Security Law” clearly put forward to promote the relevant departments, key information infrastructure operators and the relevant research institutions, network security services and other network security information sharing The However, in the face of complex and multi-dimensional data source information, how to carry out sharing and in-depth analysis efficiently, we need to establish a set of information security standards for network security threats based on large data analysis. At present, many organizations in our country have been engaged in the exploration and practice of information sharing of network security threats. The relevant national standards and industry standards have been formulated. CNCERT has also established a network security threat information sharing platform for sharing in the communication industry and security industry. jobs.

(6) the background of the network disputes will continue to heat up the degree of concern. At present, China’s Internet penetration rate has reached 53.2% 7, the public through the Internet to get the news more and more fast and convenient, people concerned about the global political hot spots are also rising. 2016 US presidential election “mail door” incident, the Russian hacker exposure of the World Anti-Doping Agency scandal, etc., allow netizens to feel organized, purposeful careful network attacks can have a serious impact on the politics of other countries, Will have a national background of the network disputes from the perspective of industry concerns extended to all Internet users. With a large number of countries continue to strengthen the network space military capacity building, there are national background of the network dispute event will be hot, the crisis frequently, the trend of popular discussion will continue to heat up.

(7) based on artificial intelligence network security technology research in full swing. In the third World Internet Conference, “World Internet leading technology results release activities” site, Microsoft, IBM, Google three major international technology giants show machine learning based on artificial intelligence technology, for us to describe a beautiful future of artificial intelligence. At present, the network attack events are endless, the means are complex, the purpose is complex, the shortage of network security personnel is difficult to cope with the rapid changes in the network security situation, and machine learning in the field of data analysis outstanding performance, artificial intelligence is considered in the network security will “Great as”. There are statistical agencies found that the 2016 “network security” and “artificial intelligence” co-appeared in the article the frequency of rapid rise, indicating that more and more discussions will be linked together with the two together. Based on the large data related to network security, artificial intelligence technology such as machine learning can make breakthrough progress in unknown threat discovery, network behavior analysis and network security warning.

Original Mandarin Chinese:

4月19日消息,國家計算機網絡應急技術處理協調中心(簡稱“國家互聯網應急中心”,英文簡稱“CNCERT”)發布《2016年我國互聯網網絡安全態勢綜述》,在對我國互聯網宏觀安全態勢監測的基礎上,結合網絡安全預警通報、應急處置工作實踐成果,著重分析和總結了2016年我國互聯網網絡安全狀況,並預測2017年網絡安全熱點問題。
一、2016年我國互聯網網絡安全監測數據分析
CNCERT持續對我國網絡安全宏觀狀況開展抽樣監測,2016年,移動互聯網惡意程序捕獲數量、網站後門攻擊數量以及安全漏洞收錄數量較2015年有所上升,而木馬和殭屍網絡感染數量、拒絕服務攻擊事件數量、網頁仿冒和網頁篡改頁面數量等均有所下降。
據抽樣監測,2016年約9.7萬個木馬和殭屍網絡控制服務器控制了我國境內1699萬餘台主機,控制服務器數量較2015年下降8.0%,境內感染主機數量較2015年下降了14.1%。 。其中,來自境外的約4.8萬個控制服務器控制了我國境內1499萬餘台主機,來自美國的控制服務器數量居首位,其次是中國香港和日本。
在監測發現的因感染惡意程序而形成的殭屍網絡中,規模在100台主機以上的殭屍網絡數量4896個,其中規模在10萬台以上的殭屍網絡數量52個。從我國境內感染木馬和殭屍網絡主機按地區分佈數量分析來看,排名前三位的分別是廣東省(占我國境內感染數量的13.4%)、江蘇省(佔9.2%)和山東省(佔8.3 %)。為有效控制木馬和殭屍網絡感染主機引發的危害,2016年,在工業和信息化部指導下,根據《木馬和殭屍網絡監測與處置機制》,CNCERT組織基礎電信企業、域名服務機構等成功關閉1011個控制規模較大的殭屍網絡。
2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近7年來持續保持高速增長趨勢。按其惡意行為進行分類,前三位分別是流氓行為類、惡意扣費類和資費消耗類1,佔比分別為61.1%、18.2%和13.6%。 CNCERT發現移動互聯網惡意程序下載鏈接近67萬條,較2015年增長近1.2倍,涉及的傳播源域名22萬餘個、IP地址3萬餘個,惡意程序傳播次數達1.24億次。
2016年,CNCERT重點對通過短信傳播,且具有竊取用戶短信和通信錄等惡意行為的“相冊”類2安卓惡意程序及具有惡意扣費、惡意傳播屬性的色情軟件進行監測,並開展協調處置工作。全年共發現此類惡意程序47316個,累計感染用戶超過101萬人,用於傳播惡意程序的域名6045個,用於接收用戶短信和通訊錄的惡意郵箱賬戶7645個,用於接收用戶短信的惡意手機號6616個,洩露用戶短信和通訊錄的郵件222萬封,嚴重危害用戶個人信息安全和財產安全。在工業和信息化部指導下,根據《移動互聯網惡意程序監測與處置機制》,CNCERT組織郵箱服務商、域名註冊商等積極開展協調處置工作,對發現的惡意郵箱賬號、惡意域名等進行關停處置。
二、2016年我國互聯網網絡安全狀況
近年來,隨著我國網絡安全法律法規、管理制度的不斷完善,我國在網絡安全技術實力、人才隊伍、國際合作等方面取得了明顯的成效。 2016年,我國互聯網網絡安全狀況總體平穩,網絡安全產業快速發展,網絡安全防護能力得到提升,網絡安全國際合作進一步加強。但隨著網絡空間戰略地
位的日益提升,世界主要國家紛紛建立網絡空間攻擊能力,國家級網絡衝突日益增多,我國網絡空間面臨的安全挑戰日益複雜。
域名系統安全狀況良好,防攻擊能力明顯上升。 2016年,我國域名服務系統安全狀況良好,無重大安全事件發生。據抽樣監測,2016年針對我國域名系統的流量規模達1Gpbs以上的DDoS攻擊事件日均約32起,均未對我國域名解析服務造成影響,在基礎電信企業側也未發生嚴重影響解析成功率的攻擊事件,主要與域名系統普遍加強安全防護措施,抗DDoS攻擊能力顯著提升相關。 2016年6月,發生針對全球根域名服務器及其鏡像的大規模DDoS攻擊,大部分根域名服務器受到不同程度的影響,位於我國的域名根鏡像服務器也在同時段遭受大規模網絡流量攻擊。因應急處置及時,且根區頂級域緩存過期時間往往超過1天,此次攻擊未對我國域名系統網絡安全造成影響。
針對工業控制系統的網絡安全攻擊日益增多,多起重要工控系統安全事件應引起重視。 2016年,全球發生的多起工控領域重大事件值得我國警醒。 3月,美國紐約鮑曼水壩的一個小型防洪控制系統遭攻擊;8月,卡巴斯基安全實驗室揭露了針對工控行業的“食屍鬼”網絡攻擊活動,該攻擊主要對中東和其他國家的工業企業發起定向網絡入侵;12月,烏克蘭電網再一次經歷了供電故障,據分析本次故障緣起惡意程序“黑暗勢力”的變種。
我國工控系統規模巨大,安全漏洞、惡意探測等均給我國工控系統帶來一定安全隱患。截至2016年年底,CNVD共收錄工控漏洞1036條,其中2016年收錄了173個,較2015年增長了38.4%。工控系統主要存在緩衝區溢出、缺乏訪問控制機制、弱口令、目錄遍歷等漏洞風險。通過對網絡流量分析發現,2016年度CNCERT累計監測到聯網工控設備指紋探測事件88萬餘次,並發現來自境外60個國家的1610個IP地址對我國聯網工控設備進行了指紋探測。
高級持續性威脅常態化,我國面臨的攻擊威脅尤為嚴重。截止到2016年底,國內企業發布高級持續性威脅(APT)研究報告共提及43個APT組織,其中針對我國境內目標發動攻擊的APT組織有36個4。從攻擊實現方式來看,更多APT攻擊採用工程化實現,即依托商業攻擊平台和互聯網黑色產業
鏈數據等成熟資源實現 APT攻擊。這類攻擊不僅降低了發起APT攻擊的技術和資源門檻,而且加大了受害方溯源分析的難度。 2016年,多起針對我國重要信息系統實施的APT攻擊事件被曝光,包括“白象行動5”、“蔓靈花攻擊行動”等,主要以我國教育、能源、軍事和科研領域為主要攻擊目標。 2016年8月,黑客組織“影子經紀人(Shadow Brokers)”公佈了方程式組織6經常使用的工具包,包含各種防火牆的漏洞利用代碼、黑客工具和腳本,涉及Juniper、飛塔、思科、天融信、華為等廠商產品。 CNCERT對公佈的11個產品漏洞(有4個疑似為0day漏洞)進行普查分析,發現全球有約12萬個IP地址承載了相關產品的網絡設備,其中我國境內IP地址有約3.3萬個,佔全部IP地址的27.8%,對我國網絡空間安全造成嚴重的潛在威脅。 2016年11月,黑客組織“影子經紀人”又公佈一組曾受美國國家安全局網絡攻擊與控制的IP地址和域名數據,中國是被攻擊最多的國家,涉及我國至少9所高校,12家能源、航空、電信等重要信息系統部門和2個政府部門信息中心。
大量聯網智能設備遭惡意程序攻擊形成殭屍網絡,被用於發起大流量DDoS攻擊。近年來,隨著智能可穿戴設備、智能家居、智能路由器等終端設備和網絡設備的迅速發展和普及利用,針對物聯網智能設備的網絡攻擊事件比例呈上升趨勢,攻擊者利用物聯網智能設備漏洞可獲取設備控制權限,或用於用戶信息數據竊取、網絡流量劫持等其他黑客地下產業交易,或用於被控制形成大規模殭屍網絡。 CNCERT對車聯網系統安全性進行在線監測分析,發現部分車聯網信息服務商及相關產品存在安全漏洞,可導致車輛、位置及車主信息洩露和車輛被遠程控制等安全風險。 2016年底,因美國東海岸大規模斷網事件和德國電信大量用戶訪問網絡異常事件,Mirai惡意程序受到廣泛關注。 Mirai是一款典型的利用物聯網智能設備漏洞進行入侵滲透以實現對設備控制的惡意代碼,被控設備數量積累到一定程度將形成一個龐大的“殭屍網絡”,稱為“Mirai殭屍網絡”。又因物聯網智能設備普遍是24小時在線,感染惡意程序後也不易被用戶察覺,形成了“穩定”的攻擊源。 CNCERT對Mirai殭屍網絡進行抽樣監測顯示,截至2016年年底,共發現2526台控制服務器控制了125.4萬餘台物聯網智能設備,對互聯網的穩定運行形成了嚴重的潛在安全威脅。此外,CNCERT還對Gafgyt殭屍網絡進行抽樣檢測分析,在2016年第四季度,共發現817台控制服務器控制了42.5萬台物聯網智能設備,累計發起超過1.8萬次的DDoS攻擊,其中峰值流量在5Gpbs以上的攻擊次數高達72次。
網站數據和個人信息洩露屢見不鮮,“衍生災害”嚴重。由於互聯網傳統邊界的消失,各種數據遍布終端、網絡、手機和雲上,加上互聯網黑色產業鏈的利益驅動,數據洩露威脅日益加劇。 2016年,國內外網站數據和個人信息洩露事件頻發,對政治、經濟、社會的影響逐步加深,甚至個人生命安全也受到侵犯。在國外,美國大選候選人希拉里的郵件洩露,直接影響到美國大選的進程;雅虎兩次賬戶信息洩露涉及約15億的個人賬戶,致使美國電信運營商威瑞森48億美元收購雅虎計劃擱置甚至可能取消。在國內,我國免疫規劃系統網絡被惡意入侵,20萬兒童信息被竊取並在網上公開售賣;信息洩露導致精準詐騙案件頻發,高考考生信息洩露間接奪去即將步入大學的女學生徐玉玉的生命;2016年公安機關共偵破侵犯個人信息案件1800餘起,查獲各類公民個人信息300億餘條。此外,據新聞媒體報導,俄羅斯、墨西哥、土耳其、菲律賓、敘利亞、肯尼亞等多個國家政府的網站數據發生了洩漏。
移動互聯網惡意程序趨利性更加明確,移動互聯網黑色產業鏈已經成熟。 2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近6年來持續保持高速增長趨勢。通過惡意程序行為分析發現,以誘騙欺詐、惡意扣費、鎖屏勒索等攫取經濟利益為目的的應用程序驟增,佔惡意程序總數的59.6%,較2015年增長了近三倍。從惡意程序傳播途徑發現,誘騙欺詐行為的惡意程序主要通過短信、廣告和網盤等特定傳播渠道進行傳播,感染用戶數達到2493萬人,造成重大經濟損失。從惡意程序的攻擊模式發現,通過短信方式傳播竊取短信驗證碼的惡意程序數量佔比較大,全年獲得相關樣本10845個,表現出製作簡單、攻擊模式固定、暴利等特點,移動互聯網黑色產業鏈已經成熟。
敲詐勒索軟件肆虐,嚴重威脅本地數據和智能設備安全。根據CNCERT監測發現,2016年在傳統PC端,捕獲敲詐勒索類惡意程序樣本約1.9萬個,數量創近年來新高。對敲詐勒索軟件攻擊對象分析發現,勒索軟件已逐漸由針對個人終端設備延伸至企業用戶,特別是針對高價值目標的勒索情況嚴
重。針對企業用戶方面,勒索軟件利用安全漏洞發起攻擊,對企業數據庫進行加密勒索,2016年底開源MongoDB數據庫遭一輪勒索軟件攻擊,大量的用戶受到影響。針對個人終端設備方面,敲詐勒索軟件惡意行為在傳統PC端和移動端表現出明顯的不同特點:在傳統PC端,主要通過“加密數據”進行勒索,即對用戶電腦中的文件加密,脅迫用戶購買解密密鑰;在移動端,主要通過“加密設備”進行勒索,即遠程鎖住用戶移動設備,使用戶無法正常使用設備,並以此脅迫用戶支付解鎖費用。但從敲詐勒索軟件傳播方式來看,傳統PC端和移動端表現出共性,主要是通過郵件、仿冒正常應用、QQ群、網盤、貼吧、受害者等傳播。
三、2017年值得關注的熱點
根據對2016年我國互聯網網絡安全形勢特點的分析,CNCERT預測2017年值得關注的熱點方向主要如下。
(一)網絡空間依法治理脈絡更為清晰。 2016年11月7日第十二屆全國人大常委會第二十四次會議表決通過《網絡安全法》,並將於2017年6月1日起施行。該法有7章79條,對網絡空間主權、網絡產品和服務提供者的安全義務、網絡運營者的安全義務、個人信息保護規則、關鍵信息基礎設施安全保護製度和重要數據跨境傳輸規則等進行了明確規定。預計2017年各部門將更加重視《網絡安全法》的宣傳和解讀工作,編制出台相關配套政策法規,落實各項配套措施,網絡空間依法治理脈絡將更為清晰。
(二)利用物聯網智能設備的網絡攻擊事件將繼續增多。 2016年CNVD收錄物聯網智能設備漏洞1117個,

(三)互聯網與傳統產業融合引發的安全威脅更為複雜。隨著我國“互聯網+”、“中國製造2025”行動計劃的深入推進,我國幾乎所有的傳統行業、傳統應用與服務都在被互聯網改變,給各個行業帶來了創新和發展機會。在融合創新發展的過程中,傳統產業封閉的模式逐漸轉變為開放模式,也將以往互聯網上虛擬的網絡安全事件轉變為現實世界安全威脅。互聯網金融、工業互聯網等融合的新興行業快速發展,但引發的新的網絡安全威脅也不容忽略,互聯網金融整合了信息流和資金流,信息流的風險很可能引發資金流損失;工業控制系統更為智能化、網絡化,開放互聯帶來的惡意嗅探行為增多,被惡意攻擊的風險不斷加大。傳統互聯網安全與現實世界安全問題相交織引發的安全威脅更為複雜,產生的後果也更為嚴重。
(四)個人信息和重要數據保護將更受重視。近年來,互聯網技術的發展極大的方便和豐富了我們的生活和工作,網上購物、網上求職、社交平台、政府服務等平台上充斥著大量的個人詳細隱私信息。自2011年以來我國關於嚴重個人信息洩露的事件不絕於耳,特別是近年來的網絡詐騙案件中,受害人的詳細信息都被詐騙分子所掌握,給社會安定帶來嚴重危害。 2013年 “斯諾登事件”及後續相繼爆出的美國政府大範圍監聽項目,刺激著各國加強重要數據的保護措施,嚴格規範互聯網數據的收集、使用、存儲等。我國在《網絡安全法》中對個人信息保護規則、重要數據跨境傳輸進行了明確規定,預計關於個人信息和重要數據信息保護的詳細規範性文件將製定出台,切實落實保護措施。
(五)網絡安全威脅信息共享工作備受各方關注。及時全面獲取和分析網絡安全威脅,提前做好網絡安全預警和部署應急響應措施,充分體現了一個國家網絡安全綜合防禦能力。通過網絡安全威脅信息共享,利用集體的知識和技術能力,是實現全面掌握網絡安全威脅情況的有效途徑。美國早在1998年的克林頓政府時期就簽署了總統令,鼓勵政府與企業開展網絡安全信息共享,到奧巴馬政府時期更是將網絡安全信息共享寫入了政府法案。近年來,我國高度重視網絡安全信息共享工作,在《網絡安全法》中明確提出了促進有關部門、關鍵信息基礎設施的運營者以及有關研究機構、網絡安全服務機構等之間的網絡安全信息共享。但面對紛繁複雜的、多維度的數據源信息,如何高效地開展共享和深入分析,需建立一套基於大數據分析的網絡安全威脅信息共享標準。目前,我國很多機構已經在開展網絡安全威脅信息共享的探索與實踐,相關國家標準和行業標準已在製定中,CNCERT也建立了網絡安全威脅信息共享平台,在通信行業和安全行業內進行相關共享工作。
(六)有國家背景的網絡爭端受關注度將繼續升溫。目前,我國互聯網普及率已經達到53.2%7,民眾通過互聯網獲得的新聞資訊越來越快捷方便,民眾關注全球政治熱點的熱度也不斷高漲。 2016年美國總統大選“郵件門”事件、俄羅斯黑客曝光世界反興奮劑機構醜聞事件等,都讓網民真切感受到有組織、有目的的一場縝密的網絡攻擊可以對他國政治產生嚴重的影響,將有國家背景的網絡爭端從行業領域關注視角延伸到了全體網民。隨著大量的國家不斷強化網絡空間軍事能力建設,有國家背景的網絡爭端事件將會熱點不斷、危機頻出,全民討論的趨勢將會持續升溫。
(七)基於人工智能的網絡安全技術研究全面鋪開。在第三屆世界互聯網大會“世界互聯網領先科技成果發布活動”現場,微軟、IBM、谷歌三大國際科技巨頭展示了基於機器學習的人工智能技術,為我們描繪了人工智能美好的未來。目前,網絡攻擊事件層出不窮、手段多樣、目的複雜,較為短缺的網絡安全人才難以應對變化過快的網絡安全形勢,而機器學習在數據分析領域的出色表現,人工智能被認為在網絡安全方面將會“大有作為”。有研究機構8統計發現,2016年“網絡安全”與“人工智能”兩詞共同出現在文章中的頻率快速上升,表明越來越多的討論將二者聯繫在一起共同關注。以網絡安全相關的大數據為基礎,利用機器學習等人工智能技術,能夠在未知威脅發現、網絡行為分析、網絡安全預警等方面取得突破性進展。

中國軍事戰雲 ~ Chinese Military Use of the Battle Cloud

中國軍事戰雲 ~ Chinese Military Use of the Battle Cloud

“Cloud” is a metaphor of the network, the Internet, “cloud concept” is one of the hottest high-tech concept in recent years, its Internet, efficient, shared and other characteristics, not only profound impact and change our lives, Is also promoting major changes in the military field. In 2013, the US Air Force for the first time the “cloud concept” into the field of operations, put forward the “operational cloud” concept, and quickly get the US Department of Defense, Navy and other military recognition, and gradually become the US military response to the 21st century, a new information war Strategy.

Why –

Intended to build the new US military superiority

In the 21st century, the US military has launched a number of wars in Afghanistan, Iraq, Libya and Syria in the name of anti-terrorism and the suppression of the proliferation of weapons of mass destruction. Every time the war is almost entirely dominated by powerful information and firepower, Quickly won the war. But the US military has a clear sense of this: the above war a few US military did not encounter a truly strong opponent, the war in the United States to grasp the absolute air power and the right to information under the low confrontation environment, the future if the loss of absolute space and information advantages , The US military will be difficult to maintain control of the battlefield. The US military believes that if you want to maintain a sustained battlefield advantage in future wars, facing an unprecedented “threat and challenge”:

Rival strong “anti-entry / regional denial” threat. The US military believes that its information in previous local wars, the advantages of firepower, mainly rely on a strong space-based information systems, large-scale maritime combat platform, joint command and control center, etc., and in the “opponents into the area and the ability to continue Enhance the “background, especially in the face of a large number of” precision-guided long-range cruise missiles and ballistic missiles “threat, these traditional strengths and the strength of the US military to rely on these forces formed by the combat style” will not be renewed, “” opponents Can be a small number of key nodes through the attack quickly paralyzed US military combat power system.

The Challenges of Advanced Combat Weapons and Backward Combat. In the new century, after a large number of equipment F-22 advanced stealth fighters, the US military has ushered in F-35 fighters, DDG-1000 missile destroyers, Ford-class aircraft carrier and other highly informative weapons and equipment. But the appearance of the US military command and control, but also remain in the 2003 “free Iraq” action, highly dependent on satellite, early warning aircraft and other core equipment platform “network-centric war” era. Former US Air Force Secretary Mike Wayne exclaimed: “Just as the use of the 20th century mechanized forces in the First World War was fighting in the 19th century, we now have the danger of fighting in the twentieth century in the twentieth century. “The US military in urgent need of new operational theory to activate the new information technology equipment combat potential,” to regain the US military and rival superiority. ”

Combat power to maintain the challenges with the defense budget tightening. In the United States “financial crisis” “debt crisis” and “national security needs continue to grow” and other factors, the US military arms are also caught in financial dilemma. In the same report, the US Air Force is mainly from the old A-10, F-15/16, B-1, B-1, the first deputy chief of staff, 52 aircraft and B-2 and a small number of F-22, F-35, not enough to meet the opponent’s “anti-entry and regional denial” capabilities, and called to “change strategy” to deal with “available for defense resources The proportion of decline “challenge.

These “threats and challenges” that the US military consider themselves are the context of the concept of “operational cloud”.

Core concept –

To achieve a variety of platforms cross-domain joint operations

In the face of these new “threats and challenges”, in January 2013, the US Air Force Air Combat Command Commander Michael Ostić first proposed the “operational cloud” concept program. In 2014, David de Putura on its basis, the “operational cloud” concept of a comprehensive program, pointed out: “similar to the way cloud computing, ‘combat cloud’ is a kind of military air force use Decentralized air combat, in the evolution of the data chain, anti-jamming communication systems and new targeting tools to support the realization of the air, ground, sea and space field information sharing capabilities jump, and thus maximize the stealth aircraft, accurate Combat weapons, advanced command and control systems, and the combined use of unmanned systems to create large, modular and flexible combat capabilities to ensure that enemies’ attacks on single combat units will not paralyze US operations.

In the same year, the United States “Aviation Week” released a “operational cloud” concept map, described by the orbital space reconnaissance / communications / navigation satellites, airborne early warning aircraft, F-15/16 fighter, maritime aviation battle group, and in-depth integrated air defense system F-22/35 stealth fighter, RQ-180 unmanned reconnaissance aircraft, new long-range bomber (LRS-B) and other multi-dimensional combat unit, jointly build the “air superiority cloud” development prospects, more clearly show the US military “combat Cloud “concept of the whole picture.

From the above US military interpretation and description of the concept of “operational cloud”, we can roughly analyze the characteristics of the US military “operational cloud” and its basic ideas to deal with “threats and challenges”

Battlefield information cross – domain integration. “Combat cloud” relying on “evolving data link, anti-jamming communication system” and other advanced battlefield information network, and “new targeting tool” and other new battlefield sensor system, large data and cloud computing and other information network technology support , Will be widely distributed in space, near the space, air, ground, sea and underwater combat platform of the battlefield intelligence information integration, and real-time seamless operation in the various areas of the platform on-demand distribution. “Combat cloud” formed by the “information sharing capabilities”, both to ensure that the US military on the battlefield on demand is highly transparent, but also to avoid the “anti-entry / regional denial” ability of opponents, its space-based information system , Large-scale maritime combat platform, joint command and control center and other key information nodes “break a little, paralysis of a” situation. The US military envisages that in the “battle cloud” system, the absence of any one or more battlefield nodes will not decisively influence the sharing and distribution of information on the unity of its battlefield.

Group strength distribution operations. With the traditional combat forces of the air forces according to the platform attribute classification allocation, according to the administrative means of combining different ways, “combat cloud” through the “continuous evolution of the data chain, anti-jamming communication system”, the arms of the air force to ” Decentralized air combat form “, according to real-time task requirements, online optimization configuration combination, the formation of” modular “group strength. Each group of forces in a highly integrated cross-domain integration of information support, through the “operational cloud” system of efficient scheduling and control, distribution operations. This group of forces distribution mode of operation, not only inherited the “network-centric war” to obtain the advantages of information, and further developed from the information to the fire distribution, target damage transformation advantages, significantly reduced the combat ” – Review “cycle chain, comprehensively enhance the combat effectiveness of US military information equipment.

Cross – platform platform synergies. Through the “battle cloud” battlefield information cross-domain integration capabilities, three generations of four generations of combat platform to gain dive into the enemy of the five generations of stealth combat platform, unmanned combat platform target information, to achieve an effective blow to the depth of the battlefield; But also to get three generations of four generations of combat platform for long-range fire support, to make up for their own lack of volatility. “Combat cloud” of this inter-generation platform synergies, is considered the US military to deal with “power and financial dilemma” an important means. In September 2014, the outgoing Michael Ostić at the annual meeting of the American Air Force Association made it clear that the US Air Force did not have enough budget to form a full five fleet, to fulfill the role of the Air Force, the highest priority The task is to achieve the “four generations and five generations” of information fusion, collaborative operations.

Development status –

Is changing from concept to actual action

As soon as possible to the “operational cloud” concept program into a practical state, in the United States Department of Defense co-ordination and traction, the US military arms and arms are in line with their own military functions and equipment characteristics, to promote their own “combat cloud” project construction and experiment verification.

Ministry of Defense steadily traction “cloud” infrastructure and conceptual improvement. As early as 2009, the US Department of Defense proposed a concept of data sharing at sea, air and space, and tried to apply the increasingly sophisticated Internet technology to tactical intelligence. In July 2012, the US Department of Defense Chief Information Officer signed the “Ministry of Defense cloud computing strategy” to the military strategy in the form of advancing the process, and continued to carry out “cloud” related storage facilities, computing platform and software services. At present, the US Department of Defense has identified this concept as a “war cloud”, and from the arms and arms, industrial sector and academia deployed personnel, work together to create a perfect “combat cloud” concept program, the ultimate goal is to form an arch Data network, expansion and upgrading of the existing “global information grid” to achieve the maritime warships, combat aircraft, space satellite real-time data sharing.

Each army and arms competing to carry out “combat cloud” project construction. The Air Force is the pioneer of the concept of “operational cloud”, which argues that the key to achieving the “operational cloud” is information fusion and the focus of the “Sky Advantage Cloud” on F-15/16 and F-22/35 Five generations of information on the exchange of information. In 2014, the “Multi-Domain Adaptive System (MAPS) Program” was launched to attempt to integrate the F16-16 Link16 data link, the F-22 IFDL data link, and the F-35’s MADL data link to achieve battlefield data Real-time exchange. US Navy also through the “Naval Integrated Fire Control and Air Defense (NIFC-CA) program” to achieve its use of air E-2D early warning aircraft or sea “Aegis” ship and other combat platforms for the F / A-18E / F and F- 35C and other carrier-based aircraft and the “standard” series of ship-to-air missiles to provide targeted information, and even command the future of the sixth generation F / A-XX multi-purpose fighter aircraft to launch weapons vision. Although the Navy project is not called “combat cloud” due to military interests, the project emphasizes multi-platform information cross-domain integration has a typical “cloud” features. In addition, the US Marine Corps also launched the implementation of its “expeditionary combat sea tactical cloud” project construction.

“Combat cloud” combat mode test verification has been in full swing. September 23, 2014, the US Air Force F-22 for the first time led the joint air raid fleet, the Syrian territory of the “Islamic countries” extreme organizational goals of air strikes. After the completion of the task, when the US Air Operations Commander Mike Hustage in an interview with “defense headlines”, said, “generally believed that stealth is a symbol of the five generations of machines, in fact, the focus is on ‘integration’,” Fusion “makes the F-22 fundamentally different from other platforms,” ​​”Fusion” is the fundamental feature of the five generations of machines, “” Five generations of machines in front of reconnaissance detection targets, and then let four generations of machines in the area to fight it, you must have ‘combat Cloud ‘, which has the ability to transfer data back and forth. ” The position, but also directly proved that the US Air Force is actively against the “combat cloud” combat mode to carry out actual test verification.

(Author: Air Force Military Theory Institute)

Edit comments

Jump on the “cloud” end of the wind and thunder

Huyongbo

When we shop online, the website will be based on the previous shopping records to determine our purchase preferences, push a lot of commodity information; when we browse the news, the software will be based on our reading habits, “good” Directional push content topic … … these phenomena are that we have come to a cloud computing era.

“Combat cloud” reason to enter our topic vision, not only because it frequently appeared in the latest US combat theory, everywhere revealed against the “system of combat” thinking, more importantly, it represents the US military cloud computing used in the field of military the latest achievements, reflecting the US military use of scientific and technological achievements to maximize the effectiveness of combat a train of thought.

Like many high-tech, cloud computing first appeared in the commercial field. In August 2006, Google CEO Eric Schmidt first proposed the “cloud computing” concept. Soon, the US military on this new technology showed a strong interest. In 2008, the US Department of Defense and Hewlett-Packard Company to establish a cloud computing infrastructure. Then, the United States air, sea, land and other military services are signed with commercial companies related to cloud computing systems. The US military’s passion for cloud computing has a strong background in the field of information technology, but it also reflects their keen sense of smell and rapid transformation of the latest cutting-edge technology.

In attending the plenary session of the PLA delegation at the Second Session of the 12th National People’s Congress, the Chairman stressed that “it is necessary to take the initiative to discover, cultivate and use the cutting-edge technology that can serve the national defense and army building to capture the potential growth point of military capability development”. Obviously, to promote the field of cloud computing military and civilian collaboration innovation, we are promising. Because, compared to the United States and other developed countries in the field of cloud computing development, China is not backward, some domestic companies have a more mature use of experience. The key is how to combine our military reality, to achieve the transformation of cloud computing technology in the military field.

Of course, we develop the use of cloud computing technology, we must learn from the experience of foreign troops, but not step by step also cloning. The practice of the US military is only to provide a model used. In the era of information revolution boom, through the core key technological breakthrough is possible to achieve “corner overtaking”. Dare to hit the water flow, Fang Xian hero character.

Original Mandarin Chinese:

“雲”是對網絡、互聯網的一種比喻說法,“雲概念”則是近年來最火的高科技概念之一,其互聯、高效、共享等特質,不但深刻影響和改變著我們的生活,也正在推動軍事領域的重大變革。 2013年,美空軍首次將“雲概念”引入作戰領域,提出“作戰雲”概念,並迅速得到美國防部、海軍及其他軍種的認可,逐漸成為美軍應對21世紀下一場信息化戰爭的新方略。

緣何提出——

意在打造美軍新的跨代優勢

進入21世紀,美軍先後以反恐和製止大規模殺傷性武器擴散等名義在阿富汗、伊拉克、利比亞和敘利亞發動多場戰爭,每次戰爭美國幾乎都憑藉強大的信息、火力優勢,完全掌控戰場局面,快速取得戰爭勝利。但美軍高層對此有著清醒意識:以上幾場戰爭美軍並未遇到真正強大的對手,戰爭在美軍掌握絕對製空權和製信息權的低對抗環境下進行,未來倘若喪失絕對的空天和信息優勢,美軍將很難保持對戰場的控制。美軍認為,若想在未來戰爭中保持持續的戰場優勢,面臨著前所未有的“威脅和挑戰”:

對手強大“反進入/區域拒止”能力的威脅。美軍認為,其在歷次局部戰爭中所仰仗的信息、火力優勢,主要依托強大的天基信息系統、大型海上作戰平台、聯合指揮控制中心等獲得,而在“對手反進入與區域拒止能力不斷提升”的背景下,尤其是面對大量“精確制導遠程巡航導彈和彈道導彈”威脅,這些傳統的優勢力量,以及美軍依托這些優勢力量所形成的作戰樣式“都將不可續存”,“對手可以通過對少數關鍵節點的攻擊迅速癱瘓美軍的作戰力量體系”。

先進作戰武器與落後作戰方式的挑戰。進入新世紀,在大量裝備F-22先進隱身戰機後,美軍又先後迎來F-35戰機、DDG-1000導彈驅逐艦、福特級航母等高度信息化武器裝備。但綜觀美軍的作戰指揮與控制,還停留在2003年“自由伊拉克”行動時,高度依賴衛星、預警機等核心裝備平台的“網絡中心戰”時代。美國前空軍部長麥克·韋恩就驚呼:“正如第一次世界大戰使用20世紀的機械化部隊卻在以19世紀的方式作戰,我們現在同樣存在以20世紀的方式在21世紀作戰的危險。 ”美軍急需新的作戰理論來激活新型信息化裝備的作戰潛能,“重拾美​​軍與對手的跨代優勢”。

作戰力量保持與國防預算緊縮的挑戰。在美國“金融危機”“債務危機”和“國家安全需求不斷增長”等多重因素影響下,美軍各軍兵種也陷入財政窘境。美空軍前情報主管、第一副參謀長大衛·德普圖拉在一份報告中指出,目前美軍空中力量主要由老舊的A-10、F-15/16、B-1、B- 52飛機和B-2以及少量的F-22、F-35組成,不足以應對21世紀對手的“反進入與區域拒止”能力,並呼籲要“改變方略”以應對“可用於國防的資源比重下降”的挑戰。

美軍自認為的這些“威脅和挑戰”,正是其提出“作戰雲”概念的背景。

核心理念——

實現多種平台跨域聯合作戰

面對這些新的“威脅和挑戰”,2013年1月,美空軍空中作戰司令部司令邁克爾·奧斯蒂奇首次提出“作戰雲”概念方案。 2014年,大衛·德普圖拉在其基礎上,對“作戰雲”概念方案進行了全面闡述,指出:“類似於雲計算的方式,’作戰雲’是一種各軍種的空中力量採用分散的空中作戰形式,在不斷進化的數據鏈、抗干擾通信系統和新的瞄準工具等支持下,實現空中、地面、海上和太空領域信息共享能力的躍升,進而最大程度地發揮隱身飛機、精確打擊武器、先進指揮與控制系統以及有人與無人系統結合的優勢,創造出規模化、模塊化的靈活作戰能力,並以此確保敵人對單一作戰單元的攻擊不會癱瘓美軍的作戰行動。”

同年,美國《航空周刊》發布了“作戰雲”構想圖,描述了由在軌太空偵察/通信/導航衛星,空中預警機、F-15/16戰鬥機,海上航空戰鬥群,與深入對方綜合防空系統區的F-22/35隱身戰機、RQ-180無人偵察機、新型遠程轟炸機(LRS-B)等多維作戰單元,共同構建的“空中優勢雲”發展遠景,更加清晰地展現了美軍“作戰雲”概念全貌。

從以上美軍對於“作戰雲”概念的闡釋和描述,我們可以粗略探析美軍“作戰雲”的特徵和其應對“威脅和挑戰”的基本思路:

戰場信息跨域融合。 “作戰雲”依托“不斷進化的數據鏈、抗干擾通信系統”等先進的戰場信息網絡,和“新的瞄準工具”等新型戰場傳感系統,在大數據和雲計算等信息網絡技術的支撐下,將廣泛分佈於太空、臨近空間、空中、地面、海上和水下各域作戰平台的戰場情報信息一體融合,並實時無縫地在各域作戰平台按需分發。 “作戰雲”所形成的這種“信息共享能力”,既保證了美軍對戰場的按需高度透明,同時也避免了具備“反進入/區域拒止”能力的對手,對其天基信息系統、大型海上作戰平台、聯合指揮控制中心等關鍵信息節點“破一點、癱一片”的局面。美軍設想,在“作戰雲”體系中,任何一個和多個戰場節點的缺失,都不會決定性地影響其戰場統一態勢信息的共享和分發。

群組力量分佈作戰。與傳統作戰各軍兵種空中力量按平台屬性分類編配、按行政手段組合的方式不同,“作戰雲”通過“不斷進化的數據鏈、抗干擾通信系統”,將各軍兵種的空中力量以“分散的空中作戰形式”,根據實時任務需求,在線優化配置組合,形成“模塊化”的群組力量。各群組力量在高度一體跨域融合的信息支撐下,通過“作戰雲”體系的高效調度和管控,分佈實施作戰。這種群組力量分佈作戰的模式,既繼承了“網絡中心戰”獲取信息的優勢,又進一步發展了從信息向火力分配、目標毀傷轉化的優勢,大幅縮減了作戰的“偵-控-打-評”週期鏈,全面提升了美軍信息化裝備的作戰效能。

跨代平台協同增效。通過“作戰雲”的戰場信息跨域融合能力,三代四代作戰平台能夠獲得潛入敵縱深的五代隱身作戰平台、無人作戰平台的目標指示信息,實現對縱深戰場的有效打擊;五代隱身作戰平台也能夠獲得三代四代作戰平台的遠程火力支援,彌補自身載彈量不足的劣勢。 “作戰雲”的這種跨代平台協同增效,被認為是美軍應對“力量與財務困局”的重要手段。 2014年9月,即將離任的邁克爾·奧斯蒂奇在美國空軍協會年會上明確表示,美國空軍沒有足夠的預算來組建一支全五代機隊,要履行好空軍的職能,最優先的任務是實現“四代與五代”的信息融合、協同作戰。

發展現狀——

正在由概念向實戰行動轉變

為盡快地將“作戰雲”概念方案轉化到實用狀態,在美國防部的統籌和牽引下,美軍各軍兵種都在結合自身軍種職能和裝備特色,推進自己的“作戰雲”項目建設和實驗驗證。

國防部穩步牽引“雲”基礎建設和概念完善。早在2009年,美國防部就提出了覆蓋海上、空中、太空的數據共享概念,嘗試將日益成熟的互聯網技術應用到戰術情報領域。 2012年7月,美國防部首席信息官簽署了《國防部雲計算戰略》,以軍隊戰略的形式推進這一進程,並持續穩步開展“雲”相關的存儲設施、計算平台和軟件服務建設。目前,美國防部已將這一概念確定為“作戰雲”,並分別從各軍兵種、工業部門和學術界抽調人員,共同著力塑造完善“作戰雲”概念方案,最終目標是要形成一個拱形數據網絡,擴展升級現有“全球信息柵格”,實現海上戰艦、作戰飛機、空間衛星的實時數據共享。

各軍兵種爭相開展“作戰雲”項目建設。美空軍是“作戰雲”概念的先行者,其認為實現“作戰雲”的關鍵是信息融合,並將“空中優勢雲”的重點放在F-15/16等四代機與F-22/35五代機的信息互通上。 2014年啟動了“多域自適應系統(MAPS)計劃”,企圖將F-15/16的Link16數據鏈、F-22的IFDL數據鏈、F-35的MADL數據鏈有機融合,實現戰場數據的實時交換。美海軍也在通過“海軍綜合火控與防空(NIFC-CA)計劃”,實現其用空中E-2D預警機或海上“宙斯盾”艦等作戰平台,為F/A-18E/F和F- 35C等艦載機及“標準”系列艦空導彈提供瞄准信息,甚至指揮未來第六代F/A-XX多用途戰鬥機發射武器的願景。雖然由於軍種利益,海軍項目並不叫“作戰雲”,但其項目強調的多平台信息跨域融合具有典型的“雲”特徵。此外,美海軍陸戰隊也啟動實施了其“遠征作戰海上戰術雲”項目建設。

“作戰雲”作戰模式檢驗驗證已經全面展開。 2014年9月23日,美空軍F-22首次率領聯合空襲機群,對敘利亞境內的“伊斯蘭國”極端組織目標實施空襲作戰。任務完成後,時任美軍空中作戰司令部司令麥克·侯斯塔奇在接受《防務頭條》採訪時,表示“一般認為隱身是五代機的標誌,其實不然,重點在於’融合’”,“’融合’使得F-22與其他平台根本不同”,“’融合’是五代機的根本特徵”,“五代機在前方偵察探測目標,然後讓四代機在防區外打擊它,你必須擁有’作戰雲’,其擁有將數據來回傳輸的能力”。這次表態,也直接證明了美空軍正在積極針對“作戰雲”作戰模式開展實戰性檢驗驗證。

(作者單位:空軍軍事理論研究所)

編輯點評

躍上“雲”端觀風雷

侯永波

當我們在網上購物時,網站會根據以往的購物記錄來判斷我們的購買偏好,推送大量的商品信息;當我們在瀏覽新聞時,軟件同樣會根據我們的閱讀習慣,“投其所好”地定向推送內容話題……這些現像都說明,我們已經來到了一個雲計算時代。

“作戰雲”之所以進入我們的選題視野,不僅僅是因為它頻繁地出現於美軍最新的作戰理論中,處處透露著對抗消解“體系破擊戰”的思維,更重要的是它代表著美軍把雲計算運用於軍事領域的最新成果,反映出美軍運用科技成果最大限度提高作戰效能的一種思路。
像很多高新技術一樣,雲計算最早出現在民用商業領域。 2006年8月,谷歌首席執行官埃里克·施密特首次提出“雲計算”概念。很快,美軍就對這種新技術表現出濃厚興趣。 2008年,美國防部與惠普公司合作建立了一個雲計算基礎設施。緊接著,美國空、海、陸等各軍種都與商業公司簽約設計相關雲計算系統。美軍對雲計算技術的熱情擁抱,有其在信息技術領域處於領先地位的大背景,但同時也反映了他們對最新前沿科技的敏銳嗅覺以及迅速的轉化運用能力。

習主席在出席十二屆全國人大五次會議解放軍代表團全體會議時強調,“要主動發現、培育、運用可服務於國防和軍隊建設的前沿尖端技術,捕捉軍事能力發展的潛在增長點”。顯然,推進云計算領域的軍民協同創新,我們是大有可為的。因為,相比美國等發達國家在雲計算領域的發展,我國並不落後,國內一些公司已經有著較為成熟的運用經驗。關鍵是如何結合我軍實際,來實現雲計算技術在軍事領域的轉化運用。

當然,我們發展運用雲計算技術,須藉鑑外軍的經驗,但絕非亦步亦趨克隆。美軍的做法只是提供了運用的一種模式。在信息革命大潮雲湧的時代,通過核心關鍵性技術突破是有可能實現“彎道超車”的。敢於擊水中流,方顯英雄本色。

Original Source:

2017年03月21日09:52  来源:解放军报

美國陸軍網空作戰力量演變與歷史 – US Army cyberspace combat force evolution & history

美國陸軍網空作戰力量演變與歷史 –

US Army cyberspace combat force evolution & history

With the rapid development of the global information grid system of the US military, the conceptual research based on the information technology system is becoming more and more thorough. Finally, the American combat theory establishes the cyberspace as a combat domain with land, sea, air and sky. In this context, the US Army will be the construction of cyberspace as a key factor in promoting the process of modernization of the army, determined to follow the formal militarization of the organization’s standards and structure of high-quality network combat forces. Since the establishment of the Army Network Command in 2010, the US Army has established a comprehensive network of operational forces based on the goal of combating the military forces of cyberspace through new means such as new construction, adjustment, transformation and integration.

The basic organizational structure under the guidance of the concept of network operations

From the 90s of the 20th century, in order to ensure the US military information grid system in the army part of the efficient and safe operation, the US Army under the guidance of the joint army, around the concept of network operations carried out a series of organizational restructuring, the dissolution of the information system commander And has set up the Army Signal Command and the network enterprise technology command and other institutions, and gradually formed based on technology, defense, focusing on the basic network of emergency operations organizational structure.

In 2005, the US Strategic Command issued the “Global Information Grid Collaborative Combat Concept”, which elaborated on the organizational structure of the US Army’s cyberspace forces during this period, dividing the Army’s network operations system into three Level: At the first level, under the command of the Army Space and Missile Defense Command / Army Strategic Command, the Army’s Global Network Operations and Security Center is responsible for situational awareness and command coordination as the only governing body for Army operations, In the US Army Joint Force Network Power System, the agency functions as a global network of operations and security centers. At the second level, the Theater Network Operations and Security Center is the supporting element of the operational headquarters, which is responsible for “guiding network operations, managing and defending the global information grid elements that are part of the Army’s jurisdiction.” The regional network operations and security centers in the theater constitute the third dimension of the Army’s network operations system. In addition, the Army Computer Emergency Response Unit is the disposal of the network emergency response, in the emergency can accept the global network operations task force tactical control, each theater network operations and security center also established a computer emergency response unit.

New Universal Military

Global military clean sweep, do in the public micro-signal “new global military”

Long press the next two-dimensional code can be concerned about

Set up Army Network Command

With the US military for the degree of dependence on cyberspace, control and weaken the threat of the Internet has continued to become the focus of US military tasks, the establishment of an independent network of space operations command of the voice of the growing US military. In 2008, “Yankee deer bomb action” directly under the impetus, the US military decided to end the unit of independent decentralization of the development of network combat capability of the situation, through the withdrawal, transfer, change and other measures to reorganize the relevant institutions, the establishment of a comprehensive network Space operations of the joint command agencies, the US Army network power organization construction has entered a stage of rapid development.

Through the global deployment of decentralized development of the formation of cyberspace combat organization of the backbone. As the awareness of the network operations will have a far-reaching impact on the military field, the US Army in the combat force level into a lot of resources, and gradually establish the backbone of the network operations. For example, the Army launched its first cyber warfare in July 2008, which provides tactical support, brigade combatant support, and strategic support to other service units, joint forces and even cross-agency partners; the Army also operates on cyber operations The upper-level command system to implement the adjustment, so that the relevant action to be appropriate authority to monitor. During this period, the Army’s future network combat forces were integrated in the form of units in the military and joint forces within the combat unit, including from the Defense Information Systems Agency, the global network operations joint contingent, the National Security Agency to the brigade combat team and other Level of strategic and tactical institutions.
The new core coordination agencies, straighten out the headquarters to the unit level of the command relationship. In June 2009, the US Department of Defense announced the establishment of the US Internet Command in the form of a memorandum to consolidate and promote the construction of cyberspace military forces through a dedicated subordinate joint command. At the same time, as a transitional measure for the formation of the Army Force Network Command in the future, the Army decided to retain the organizational structure of the Army Space and Missile Defense Command / Army Strategic Command and rename it as Army Force Network Command. February 2010, the US Army announced on this basis, the formal formation of the Army Network Force Command, its formation and initial construction phase of the work mainly around the three tasks: to achieve cyber space military forces combat, increase the Army network combat power Capacity and scale, the development of the Army network space professionals team. As the previous command system was disrupted, the newly established Army Network Space Operations and Integration Center under the Cyber ​​Command actually played a central role in command control and coordinated synchronization. The agency is similar to the previous Army Global Network Operations and Security Center, but in addition to “providing clear, concise and timely guidance in the implementation of full spectrum cyberspace operations,” the organization is also responsible for “with the Army’s other headquarters, Other units in the same type of institutions, the United States cyberspace joint operations center to share information. ” At the beginning of the establishment of the organization, some members of the cyberspace operations and integration center also joined the US Department of Network Command staff to better promote the unity of command and operation of the joint force and service units.

US Army Network Space Force Organizational Structure, 2005

The transformation of combat forces functions, to promote the traditional ability to network space combat capability development. At the level of the combat force construction, the field signal force as the main body of the network Enterprise Technology Command / 9 signal command to the Army Network Force Command, the Army Intelligence and Security Command of the cyberspace combat forces combat command by the army Network command. Through this organizational adjustment, the Army Network Command for the first time mastered the forefront of the deployment of combat forces, to form a global presence and have the expedition, you can combat commander to provide more comprehensive combat support capabilities. It is noteworthy that the network enterprise technology command and the intelligence and security commander in the Army Network Command as deputy commander, respectively, responsible for different types of network operations mission, the basic formation of the original signal forces in charge of network defense, the original military Intelligence forces in charge of the network attack mode, which will be previously discrete deployment, loosely combined network space related organizations into a complete army network strength. In addition, the Army Network Command in 2011 was also given the task of carrying out information operations, master the first information combat command of the operational command, intelligence and security headquarters under the 780 military intelligence brigade will also be transformed into Army Network Command Direct command of the network brigade.

Continuously optimize the Army cyberspace forces

After the establishment of the Army Network Command, cyber space military forces combat is always the center of its work, which in the Army Network Power Organization continue to optimize the integration process has been highlighted. For the current network operations have been formed, electronic warfare, information operations, military intelligence and even space combat capability, the US Army in the network of military organizational structure design also reflects the integration of a variety of capacity trends. The US Army is also actively promoting the overall military model in the construction of network forces, highlighting the development of the national guards and reserve forces. After years of construction, the US Army network power organization has been basically formed.
Army Network Combat Force Organizational Structure, 2011

Optimize the combat strength of the organizational structure, to adapt to operational support needs. At the headquarters level, in order to further improve the command and implementation of cyberspace operations, the Army approved the Network Command in March 2014 as the headquarters of the Army Force, and designated the 2nd Army as its immediate unit, and the network enterprise technology Command to become the second army direct command of the network combat troops, network enterprise technology command commander of the second group army deputy commander. And the previous year, the network command has been under the guidance of the US Internet Command and Army headquarters began to form a joint force network headquarters, which will be the implementation of the network space combat command command, and have direct support to the combat command of the network combat capability The At the combat forces and theater levels, the network command is trying to improve the global network defense situation through regional network centers. Based on the strength of the original Theater Network Operations and Security Center and Regional Computer Emergency Response Center, these regional cybersecurity centers streamline the operational plan of the network operations, and can play a strong planning, coordination and synchronization function to more effectively support geography Operation of the Combat Command.

To determine the development of the responsible institutions, improve the network to build military theory guidance. As the US Army Network Command merged with the original network operations, information operations and the strength of the signal forces, a large number of signal forces combat theory urgent need to be revised and translated into the network combat theory, in order to achieve a unified operational capability development model, to avoid the concept of guidance On the chaos. In March 2014, the US Training and Command Command, on the basis of the Center for Excellence, integrated other relevant professional elements to form the Army Network Center of Excellence, with the goal of providing guidance, network and signal The full ability of training. The cyberspace promotion office under the Cyber ​​Command is also incorporated into the Network Excellence Center to further enhance the advantages of the Network Excellence Center in summing up lessons learned from the construction of network forces. Through the implementation of the Ordinance to publish the project, the Network Excellence Center tried to merge the original signal and electronic warfare forces regulations, according to the Army “2015 order system” related requirements to develop new cyberspace operations, electronic warfare and signal forces regulations. At present, the Army has completed the revision of the field command FM6-02 “signal force support operations” to guide the signal forces to the network forces for functional transformation; the first release of the field order FM3-38 “network electromagnetic action”, clear “Army in the unified ground action to integrate the overall principles of network electromagnetic activity, tactics and procedures”; as the Army network army building a basic guidance document, field command FM3-12 “cyberspace combat” also basically completed the final approval process, Officially distributed within the Army in 2015. With the above documents as the main body, the Network Excellence Center will continue to improve the publication of dozens of related military ordinances publications, build a complete Army cyber space combat technology, tactics and procedures for the Army network forces to provide comprehensive theoretical guidance.
Army Network Combat Force Organizational Structure, 2015

Integration of cyberspace education and training strength, and promote the regular development of network forces. The US Army will promote the development of formal training as a fundamental way to improve the level of network operations and combat readiness. In the Army Network Center of excellence at the same time, the Army Network School as its affiliated institutions in the original electronic warfare school set up on the basis of the Army Signal School is also under the network center of excellence will continue to be retained, the Army on the regularization of the construction of cyberspace “Regulations – Organization – Training – Resources – Leadership and Education – Personnel – Facilities” model has been further refined. With the establishment of the Army Network Arsenal (“17-Series” Career Management), the Army requested new staff members to enter the network career field to complete the school’s school training program, from signal, intelligence and information operations forces and other units to the Corresponding to a large number of network operations staff also need to carry out new vocational education and training, the two schools will jointly set up the new Army network arms units officers, warrant officers and noncommissioned officers for individual personnel skills training. For example, the Army Leadership Foundation Training Program was officially launched at the online school in August 2015, and the 14-week Senior Officer Training Program was implemented in May 2016. For the first batch of network combatants recruited by the Army in October 2015, the senior personal training program that must be attended by the Army began in February 2016. As the cyberspace operations essentially have the characteristics of joint operations, the first phase of the 22-week training program will be the Naval Joint Network Analyst Course, the second phase of training for the same 22 weeks, training venues from the Navy The facility is transferred to the Army Network School.

Attention to the National Guard and reserve network strength, highlighting the support and coordination functions. In view of the development of the network combat force, the Army believes that the reserve department can assist the active forces to share some of the tasks and be able to provide reinforcements with high levels of training as quickly as necessary. Because of its unique dual legal position, the Army National Guard can play the role of state and federal government agencies, civil and military organizations, private and public sector convergence, “with the development of cyberspace capabilities of the natural advantages.” Therefore, the Army in the development of network combat forces also pay attention to the construction of the relevant reserve organizations. For example, the First Information Operations Command also includes four reserve forces theater information operations brigade, which has the ability to provide information operations and cyberspace planning, analysis and technical support. According to a memorandum signed by the Army National Guard in June 2014 with the Army Network Command, the Army National Guard transferred one of its network defenses in the previous year to the Army Network Command / 2nd Army. The cyber force, known as the 1636th Network Defense Unit, will be in Service No. 10 of the United States Code, which is a full-time service and will receive the same standard training with other active forces of the Army Network Command and jointly All types of tasks.

This article from the “Military Digest” December Editor: Zhang Chuanliang

Original Mandarin Chinese:

伴隨著美軍全球信息柵格系統的高速發展,基於信息技術系統作戰的概念研究不斷走向深入,最終美軍作戰理論將網絡空間確立為一種與陸、海、空、天並列的作戰域。在這種背景下,美國陸軍將網絡空間力量建設作為推進陸軍現代化進程的關鍵因素,決心按照正規軍事化組織的標準和結構高質量建設網絡作戰部隊。自陸軍網絡司令部於2010年成立以來,美國陸軍圍繞網絡空間軍事力量作戰化的目標,通過新建、調整、轉型和融合等手段逐步建立起完善的網絡作戰力量組織結構。

網絡作戰概念指導下的基本組織結構

從20世紀90年代開始,為確保美軍全球信息柵格系統中的陸軍部分高效安全運行,美國陸軍在聯合軍隊的指導下,圍繞網絡作戰行動概念進行了一系列組織結構調整,解散了信息系統司令部,並先後組建了陸軍信號司令部以及網絡企業技術司令部等機構,逐步形成基於技術、防禦為主、重在應急的網絡作戰基本組織架構。

2005年,美國戰略司令部發布了《全球信息柵格網絡作戰聯合作戰概念》,對這一時期美國陸軍網絡空間力量建設的組織結構進行了詳細說明,將陸軍網絡作戰體系組織架構劃分為三個層次:在第一個層面,在陸軍太空和導彈防禦司令部/陸軍戰略司令部的指揮下,作為陸軍網絡作戰行動唯一的領導機構,陸軍全球網絡行動和安全中心負責態勢感知和指揮協調工作,在美軍聯合部隊網絡力量體系中,該機構發揮軍種全球網絡作戰與安全中心的功能。在第二個層面,戰區網絡行動和安全中心是各作戰司令部的支持元素,負責“指導網絡作戰行動,管理和防禦屬於陸軍管轄的全球信息柵格元素”。戰區內各地區網絡行動和安全中心構成了陸軍網絡作戰體系的第三個層面。此外,陸軍計算機應急響應分隊是應對網絡突發事件的處置力量,在緊急情況下可以接受全球網絡作戰特遣部隊的戰術控制,每個戰區網絡行動和安全中心也都建立了計算機應急響應分隊。

新環球軍事

全球軍事一網打盡,盡在公眾微信號“新環球軍事”

長按下方二維碼即可關注

成立陸軍網絡司令部

隨著美軍對於網絡空間依賴程度的加深,控制和削弱網絡威脅持續成為美軍關注的重點任務,組建獨立負責網絡空間作戰指揮機構的呼聲在美軍內部日益高漲。在2008年“揚基鹿彈行動”的直接推動下,美軍決定結束軍種單位獨立分散發展網絡作戰能力的局面,通過並、撤、轉、改等措施對相關機構進行結構重組,成立全面負責網絡空間作戰的聯合指揮機構,美國陸軍網絡力量組織建設也進入快速發展階段。

通過全球部署分散發展的方式形成網絡空間作戰組織的基幹力量。由於意識到網絡作戰行動將對軍事領域產生更加深遠的影響,美國陸軍在作戰部隊層面投入大量資源,逐步建立起網絡作戰行動的基幹力量。例如,陸軍在2008年7月啟動了第一支網絡戰營,其能夠提供戰術支持、旅戰鬥隊支援以及向其他軍種單位、聯合部隊甚至跨機構夥伴提供戰略支援;陸軍還對網絡作戰行動的上層指揮體系實施調整,從而使相關行動得到適度權限的監管。在這個時期,陸軍未來網絡作戰力量都以分隊形式整合在軍種和聯合部隊架構下作戰單位的內部,包括從國防信息系統局、全球網絡作戰聯合特遣隊、國家安全局到旅戰鬥隊等各個級別的戰略和戰術機構。
新建核心協調機構,理順總部到分隊層面的指揮關係。 2009年6月,美國國防部通過發表備忘錄的形式宣佈建立美國網絡司令部,旨在通過一個專門的次級聯合司令部集中統籌和推進網絡空間軍事力量建設。與此同時,作為日後組建陸軍部隊網絡司令部的過渡性措施,陸軍決定保留陸軍太空和導彈防禦司令部/陸軍戰略司令部的組織架構,並將其重新命名為陸軍部隊網絡司令部。 2010年2月,美國陸軍宣佈在此基礎上正式組建陸軍網絡部隊司令部,其在組建和初始建設階段的工作主要圍繞三項任務展開:實現網絡空間軍事力量作戰化、增加陸軍網絡作戰力量的能力和規模、發展陸軍網絡空間專業人才隊伍。由於以往的指揮體係被打亂,網絡司令部下新成立的陸軍網絡空間作戰與整合中心實際上發揮了指揮控制和協調同步的核心作用。該機構與此前的陸軍全球網絡行動和安全中心功能類似,但是除了“在執行全譜網絡空間作戰行動過程中提供清晰、簡潔、及時的指導”以外,該組織還負責“與陸軍其他司令部、其他軍種單位中的同類機構、美國網絡空間聯合作戰中心共享信息”。在機構建立之初,網絡空間作戰與整合中心的部分人員還直接加入美國網絡司令部參謀機構,從而更好地促進實現聯合部隊與軍種單位網絡作戰行動的指揮統一。

美國陸軍網絡空間力量組織結構,2005年

轉型作戰部隊職能,促進傳統能力向網絡空間作戰能力發展。在作戰部隊建設層面,以野戰信號部隊為主體的網絡企業技術司令部/第9信號司令部轉隸陸軍網絡部隊司令部,陸軍情報和安全司令部所屬網絡空間作戰部隊的作戰指揮權也由陸軍網絡司令部掌握。通過這種組織調整,陸軍網絡司令部第一次掌握了前沿部署作戰力量,能夠形成全球存在態勢並具備遠征能力,可以向作戰指揮官提供更加全面的戰鬥支援能力。值得注意的是,網絡企業技術司令部以及情報和安全司令部指揮官都在陸軍網絡司令部擔任副司令,分別負責不同類型的網絡作戰行動任務,基本形成了原信號部隊主管網絡防禦、原軍事情報部隊主管網絡進攻的模式,從而將此前離散部署、鬆散聯合的網絡空間相關組織整合為一支完備的陸軍網絡力量。此外,陸軍網絡司令部在2011年還被賦予執行信息作戰的任務,掌握第1信息作戰司令部的作戰指揮權,情報和安全司令部下屬的第780軍事情報旅也將轉型為陸軍網絡司令部直接指揮的網絡旅。

持續優化陸軍網絡空間部隊

陸軍網絡司令部成立後,網絡空間軍事力量作戰化始終是其中心工作,這一點在陸軍網絡力量組織不斷優化整合的過程中得到突出體現。對於當前已經形成的網絡作戰、電子戰、信息作戰、軍事情報甚至太空作戰能力,美軍陸軍在進行網絡軍隊組織結構設計時也體現出融合多種能力的趨勢。美國陸軍還在網絡部隊建設中積極推進整體型軍隊模式,突出國民警衛隊和預備役網絡力量的發展。經過多年建設,美國陸軍網絡力量組織結構已經基本形成。
陸軍網絡作戰力量組織結構,2011年

優化戰鬥力量組織結構,適應作戰行動支援需求。在總部機構層面,為了進一步完善網絡空間作戰行動的指揮程序並實現意圖統一,陸軍在2014年3月批准網絡司令部為陸軍部隊組成總部,同時指定第2集團軍為其直屬單位,而網絡企業技術司令部成為第2集團軍直接指揮的網絡作戰部隊,網絡企業技術司令部指揮官兼任第2集團軍副軍長。而且在前一年,網絡司令部已經在美國網絡司令部和陸軍總部的指導下開始組建聯合部隊網絡總部,其將對網絡空間作戰部隊實施任務指揮,並且具備直接支持作戰司令部的網絡作戰能力。在作戰部隊和戰區層面,網絡司令部試圖通過地區網絡中心改善全球網絡防禦態勢。在原有戰區網絡作戰和安全中心、地區計算機應急響應中心力量基礎上,這些地區網絡安全中心對網絡作戰行動指揮程序進行精簡,能夠發揮較強的計劃、協調和同步功能,從而更加高效地支援地理作戰司令部的行動。

確定條令開發負責機構,完善網絡建軍理論指導。由於美國陸軍網絡司令部合併了原網絡作戰、信息作戰和信號部隊的力量,信號部隊的大量作戰理論迫切需要修訂並轉化為網絡作戰理論,從而實現協調統一的作戰能力發展模式,避免出現概念指導上的混亂。 2014年3月,美國訓練和條令司令部在原信號卓越中心的基礎上,整合其他相關專業力量元素,組建了陸軍網絡卓越中心,目標在2015年10月使其具備指導網絡、信號和電子戰部隊訓練的全面能力。網絡司令部下屬的網絡空間促進辦公室也被合併入網絡卓越中心,從而進一步增強網絡卓越中心在總結網絡部隊建設經驗教訓方面的優勢。通過實施條令出版項目,網絡卓越中心試圖合併原有的信號和電子戰部隊條令,根據陸軍“2015條令體系”的相關要求開發全新的網絡空間作戰、電子戰以及信號部隊條令。目前,陸軍已經完成了對野戰條令FM6-02《信號部隊支持作戰行動》的修訂,指導信號部隊向網絡部隊進行職能轉型;第一次發布了野戰條令FM3-38《網絡電磁行動》,明確了“陸軍在統一地面行動中整合網絡電磁活動的總體原則、戰術和規程”;作為陸軍網絡軍隊建設的根本性指導文件,野戰條令FM3-12《網絡空間作戰》也基本完成了最後的批准程序,於2015年正式在陸軍內部發行。以上述條令文件為主體,網絡卓越中心將繼續完善數十種相關陸軍條令出版物的編撰發布工作,構建完整的陸軍網絡空間作戰技術、戰術和規程體系,為陸軍網絡部隊建設提供全面理論指導。
陸軍網絡作戰力量組織結構,2015年

整合網絡空間教育訓練力量,促進網絡部隊正規化發展。美國陸軍將推進網絡訓練正規化發展視為提高網絡作戰和戰備水平的根本途徑。在陸軍網絡卓越中心組建的同時,陸軍網絡學校作為其下屬機構在原電子戰學校的基礎上成立,而且陸軍信號學校也在網絡卓越中心的建制下繼續得以保留,陸軍關於網絡空間力量正規化建設的“條令-組織-訓練-資源-領導力和教育-人員-設施”模型得到進一步完善。隨著陸軍網絡兵種(“17-系列”職業管理領域)的設立,陸軍要求進入網絡職業領域的新任職人員必須完成網絡學校的駐校訓練項目,從信號、情報和信息作戰部隊等單位調動到相應網絡作戰崗位的大量人員也需要進行新的職業教育訓練,上述兩所學校將共同對新成立的陸軍網絡兵種單位的軍官、準尉和士官進行單個人員技能訓練。例如,軍官領導力基礎訓練課程於2015年8月在網絡學校正式啟動,為期14週的準尉軍官高級訓練項目則在2016年5月開始實施。對於陸軍在2015年10月徵募的第一批網絡作戰士兵,其必須參加的高級個人訓練項目則在2016年2月開始。由於網絡空間作戰行動本質上具有聯合作戰的屬性,高級個人訓練項目為期22週的第一階段訓練內容將是海軍聯合網絡分析師課程,第二階段訓練同樣持續22週,訓練場地也會從海軍設施轉移到陸軍網絡學校。

重視國民警衛隊和預備役網絡力量,突出支援和協調功能。針對網絡作戰力量的發展問題,陸軍認為預備役部門可以協助現役部隊分擔部分任務,能夠在必要時迅速提供具備較高訓練水平的增援力量。因其獨特的雙重法律定位,陸軍國民警衛隊可以發揮各州與聯邦政府機構、民事與軍事組織、私營與公共部門之間的銜接作用,“具備發展網絡空間能力的天然優勢”。因此,陸軍在網絡作戰力量發展過程中也注重相關預備役組織的建設。例如,第1信息作戰司令部還包含4支預備役部隊戰區信息作戰大隊,其都具備提供信息作戰和網絡空間計劃、分析、技術支持能力。根據陸軍國民警衛隊2014年6月與陸軍網絡司令部簽署的一份備忘錄,陸軍國民警衛隊將其在此前一年組建的1支網絡防禦分隊轉隸於陸軍網絡司令部/第2集團軍。這支被稱為第1636網絡防禦分隊的網絡部隊將處於《美國法典》第10卷服役狀態,即全時服役狀態,將與陸軍網絡司令部其他現役部隊共同接受同等標準的訓練,並共同執行所有類型的任務。

本文轉自《軍事文摘》12月刊 責任編輯:張傳良

中國軍隊戰略層面的網絡空間特種作戰 China’s Strategic Level of Cyberspace Special Operations

战略层面的网络空间特种作战 –

China’s Strategic level of Cyberspace Special Operations

Editor’s Note: US Army Lieutenant Colonel Patrick Mitchell Dugen at the US Army War College during the fourth quarter of 2015, “Joint Force Quarterly” published “strategic level of cyberspace special operations,” a paper, the article was Chairman of the Association of the United Nations in 2008 Strategic Papers Competition Strategy Research Award.

In this paper, by reviewing the cyberspace special operations cases, this paper analyzes the potential power of using network tools in asymmetric conflicts, and points out that cyberspace special operations have become an effective strategic tool to achieve national goals. Become a regional power to avoid the US military dominance and to ensure that their strategic interests of the unconventional path. The author proposes three new options for integrating emerging technologies and special operations: “cloud-driven” foreign defense, network counter-insurgency and unconventional cyber warfare advance team. Designed to maintain the US network technology advantages, and to build an important partnership, shaping the full spectrum of the conflict environment has a revolutionary impact. Iran and Russia and other regional forces of cyberspace special combat readiness why more than the United States? How does Iran and Russia strengthen its power at the tactical level while the United States has assembled its network and network capabilities at the strategic level? The United States in more than 20 years ago issued a network of special operations related documents, but why the network of special operations policies, departments and regulations are still not mature enough? For the US military, the most basic question is: how will the United States build a strategic level of network special combat capability?

As early as 1993, Internet technology theorists John Achilla and David Lennfield in his book “cyber war is coming” a book has predicted the recent Iran and Russia to implement the cyberspace special operations. “A large number of scattered small groups around the use of the latest communications technology coordinated” control network, to obtain the decisive advantage of the opponent. In reality this scene has been staged again and again. “We are using the information and the more information we have, and the less demand for traditional weapons,” says Achilla and Lunfield. US military executives have also realized that with asymmetric network tools, unconventional tactics and a large number of false information armed, a small amount of special combatants can form a certain strategic impact. There is news that both Iran and Russia have succeeded in using cyberspace special operations as a strategic tool to achieve their national goals. Both countries have an integrated network of special operations forces that know how to exploit the potential power of network tools in asymmetric conflicts. The asymmetric approach of the two countries has become a strong and unconventional path for regional powers to circumvent US military superiority and to ensure their strategic interests. Low price Of the network of high-tech allows potential rivals can develop a strong network warfare capabilities. Therefore, the United States urgently need to make strategic choices, the development of cyberspace special operations, as a tool for the protection and projection of national interests.

Low-cost network of high-tech technology allows potential rivals to develop a strong network warfare capabilities In February 2013, the Russian chief of staff Grazimov in the Russian “military messenger” magazine published “science in the forecast value” article. In the paper, Gracimov predicted a new generation of war that could “change the rules of the game”, whose strategic value would exceed “the effectiveness of weapon forces.” He called for universal asymmetric action to counter the enemy’s strengths and create a permanent frontier in the territory of the enemy through “special forces and internal confrontation and continuous improvement of information operations, equipment and means.” In the spring of 2014, Western media reported that in the eastern part of Ukraine, a casual special operations squad from Russia through the Ukrainian border, occupation of government buildings and arsenal and transferred to the separatist armed. At the same time, the Ukrainian authorities claim that their digital, telephone and cyber communications are cut off, interfered or attacked. The Ukrainian government attributed the cyber attacks on information and logistics infrastructure, including Internet servers and railroad control systems, to the destruction of Russia, and argued that the implementation of information fraud in Russia was costly in important social media, blogs, and News website published 50 pro-Russian comments every day, inside and outside Ukraine to form a large number of false information flow, on the one hand to cover up its non-traditional military operations in cyberspace, on the other hand to create a political illusion. “Russia is not doing the usual information warfare about false information, lies, leaks or cyber sabotage, it reshapes reality, creates public illusions, and then translates them into political action,” said senior government officials. To this end, in September 2014 at the NATO security summit, the NATO Allied Supreme Commander, US Air Force Admiral Philip Bride Leaf pointed out that Russia in East Ukraine to implement the “mixed” non-traditional operations on behalf of the war The most amazing information in history is Blitzkrieg. Bride Leaf urges the Allies to immediately develop the ability to counter the Russian non-traditional warfare, propaganda and cyber attacks. Russia’s use of the “non-traditional Western as a war” non-traditional means to achieve its political purpose, which makes the Western and NATO countries by surprise. Russia is not a fragmented way to use special forces, information operations or network capabilities.

On the contrary, as General Glashimov said, “the war does not need to be publicly announced, when the special forces with advanced technology and a lot of information for the traditional forces in the maintenance of peace and crisis under the cover of strategic objectives to create good conditions, the war on “Cybercrime deception and cyber attacks are special forces in” war and peace ”

Network information spoofing and cyber attack action for special combat forces in the “war and peace” between the implementation of non-traditional warfare to win the time and space lessons learned from the Russian case can draw four major experience, for the United States special operations Action and network capacity integration to provide a viable theoretical framework. First, there are tactical and strategic differences in the offensive network tools used by the Russian Special Forces, targeting tactical “closed networks”, such as local communications, social media, regional networks and logistics infrastructure, while retaining Its more advanced open network tools as a backup. Second, the network special operations are primarily an agent behavior, emphasizing the minimization of the source tracking. As Gracimov described, “the long-distance, non-contact action against the enemy is becoming the primary means of the tactical battle.” Network special operations usually avoid direct contact with people, but in peace and war in the gray area to start action. Third, information and communication technology, network attacks and information operations in the network to form a non-conventional warfare play an important role. As long as the appropriate implementation, the traditional special operations can go far beyond its original function, “which involves the comprehensive application of a wide range of capabilities to achieve policy objectives.” To be effective, it must also be integrated to synchronize other areas of expertise. Fourth, the network special operations can both deter the conflict, can also be used to deal with the whole spectrum of conflict, because “it is suitable for all stages of action, from shaping the environment to the intense war to post-war reconstruction.” Although the network war to destroy the original intention, but also has a constructive side. The widespread dissemination of low-cost information and communication technologies is conducive to strengthening the security of partner countries and thus helping to prevent the occurrence of conflicts.

“‘Foreign help defense’ (FID) under ‘cloud drive’ is both a concept of cloud computing and a metaphorical description of partnering and trust through virtual means. “The concept of” cloud-driven “FID” has not yet been clearly defined, but it can be integrated into an interdisciplinary field to better understand people, geography and virtual worlds and to act together on related goals. Technically, the “cloud-driven” FID “strengthens the partnership, consolidates data through the federated facilities, enhances automation, and disseminates the analysis process. “Cloud-driven” is flexible and can be developed in private, public, community, or mixed form, using different software, platforms, and infrastructure. Security personnel use intelligent technology to drive confidential mobile applications, analyze tools and share data through “cloud-driven” FIDs. Although the data associated with the virtual cloud, but its real value is to make the timely dissemination of information to the hands of tactics. “The cloud-driven” FID “can also be likened to a persistent, active partnership, the data never stops, the network has been busy. Technology is only a tool to drive deeper, extensive socio-cultural, political and historical factors that are often prone to conflict. “Cloud-driven” FID “can build more sustainable competencies and trust with partner countries. “The cloud-driven” FID “lay a virtual foundation for the future establishment of various institutions, centers and laboratories to bridge the benefits of inter-agency across the United States. From the strategic point of view of the US government, “cloud-driven” FID “is a pragmatic” partnership-centered approach designed to target the core interests of partner countries rather than to Way to change the partner country “. “The cloud-driven” FID “is also a prudent strategic move to” prevent the US partner countries from becoming a public relations crisis due to domestic political problems. ” “The cloud drive ‘FID’ also offers other opportunities. The technology and networks it forms can react quickly to emergencies, such as humanitarian relief or relief operations, prevent mass killings, or evacuate personnel from non-combatants. This saves time, money and manpower by providing information for the decision-making process. For the construction of the partnership, the cloud-driven FID can store local non-US social media information, rich social network analysis, social network maps, and behavioral and opinion trends analysis. Most importantly, the “cloud drive ‘FID” builds trust in an innovative and extremely powerful way to build lasting influence on allies and partners.

Today’s global environment drives the United States to use cyber special operations as a strategic tool network for national military strategies Anti-riot counterintelligence network Anti-riot operations (CNCOIN) aims to use social media networks to achieve the purpose of rebellion. To break the asymmetric information superiority of the enemy, CNCOIN uses non-technical means to combat the relevant crowd and control its perception, behavior and action. It adds a military color to the cyber space’s ubiquitous anti-social network. Although these means are not clearly defined, this article believes that it actually refers to the manipulation of social media, cover up the true identity, to achieve ulterior motives. While social media provides a wide range of opportunities for anti-social networks, such as malicious use, intentional misconduct, but from the military point of view, social media provides a wealth of information resources to affect the psychological vulnerability, but also an ideal attack platform. There are several technologies that contribute to its implementation in each functional category. The scope of action includes, but is not limited to, cyber-pseudo operation and cyber-herding operation. Network fraud is a classic counter-insurgency strategy, “government forces and technical staff will pretend to be insurgents, into the enemy network after the use of advanced intelligence technology in the network within the implementation of the destruction.” Internet expulsion means that “individuals, groups, or organizations deport other individuals, groups, or organizations to the default network area.” The magic of the two technologies is the expulsion of insurgents in the virtual network by exploiting the inherent flaws of the communication technology and communication platform. The two tactics are aimed at rebel activist online communities, manipulating or disrupting them, and ultimately providing more opportunities for cyberbullying. The virtual world magnifies the environmental factors, because the characters in the network are more difficult to determine their authenticity. Planning command control, communication frequency and equipment platform and other elements will become the key to the implementation of network fraud or network expulsion operations to manipulate, mislead or expel the target group to the desired results. The scope of information includes, but is not limited to, Crowdsourcing and Social Networking Analysis, SNA). Crowdsourcing is the use of large-scale knowledge base, provided by the participants voluntarily, to solve the problem to provide new ideas, services or observation, you can quickly expand the organizers of the field of vision. Social network analysis depicts and measures the relationships, strengths, and cores of social links in a visual way to illustrate the social network structure. Social network visualization or social networking maps can provide a unique window for assessing, depicting and even predicting the intensity, time, space, and relationship dimensions of relationship events. In September 2013, during the crisis in the Philippines, the anti-government armed Moro National Liberation Front (hereinafter referred to as “the dismount”) was dissatisfied with the situation of national reconciliation, hijacked more than 200 civilians as hostages, attacked commercial shops and burned urban buildings. Throughout the crisis, crowdsourcing and social network analysis are very successful non-traditional tactical means. The Philippine security forces use crowdsourcing tactics to encourage Zamboang residents to discover and report on the “melodic” members of the hiding place. FEI security forces, together with crowdsourcing information and intelligence analysis, provide information for security operations and humanitarian operations. The use of social network analysis to assess the “Mobility” of the public support, and in the social media against the “interpretation” declaration, to ban the violation of social media user agreement propaganda site, but also the use of crowds of information blockade ” Troops, attacking their temporary command post. The Philippine security forces used solid media to track the key information and lead the use of social media, and then use the solid forces to defeat the “interpretation” of the asymmetric advantage. The information warfare category includes but is not limited to cyber intrusion (cyber Aggression, forum vest (sock-puppeting), astro-turfing and so on. Three tactics are anonymous use of social media to implement misleading, false information to manipulate behavior, public opinion and action. The cyber-invasion is proposed by Teanna Felmyr, which refers to “an electronic or online act that is intended to cause psychological harm to others or damage its reputation by using e-mail, instant messaging, cell phones, digital information, chat rooms

As well as social media, video, game sites, etc. “. It is much broader than the range of ordinary cyber-aggressive behavior. Its anonymity may cause substantial psychological harm and negative consequences, as the relevant information will be repeatedly sent to the target or published in the social media. Its value to CNCOIN is that it can use sensitive digital information to humiliate, defame or hurt the target, causing psychological barriers. This powerful cyber-invading action can reduce the credibility, influence and power of the target, and ultimately lose the power of the target or other insurgents. The other two tactics, the forum vest and the fake are all fictitious online propaganda tools used to spread distorted views to create a wider range of support or opposition to the illusion. In fact, with the forum vest is the same concept, but more complex, more organized, larger. Both tactics use virtual characters to distribute false information in cyberspace, with the aim of initiating group reactions or actions. Combining massive amounts of text, images, and video with a planned misleading network activity will significantly enhance the effectiveness of CNCOIN’s action. The third way to advance the US network’s special operations is the unconventional cyber warfare team (cyber-UW Pilot Team, using social media networks to shape the physical environment, the establishment of regional mechanisms, in the implementation of non – conventional war before the regional connectivity. The core of the unconventional network warfare team is the special forces, with a number of professional organizations to provide technical support, its task is in the field of network security for the preparation of unconventional operations. The penetration of the traditional advance team is the target of enemy territory, military facilities and other entities, rather than the conventional advance team is through the virtual means of infiltration, and then into the sensitive, hostile or refused to area. Through the virtual means, can reduce the United States and partner countries armed forces in time, risk, equipment and other aspects of the loss and risk. Conceptually, unconventional cyber warfare teams use web tools and advanced technology to build people, entities, intelligence, and information infrastructures on social media. While deepening understanding of the local human terrain, the team can strengthen its local language and cultural skills, as well as identify resistance leaders, assess motivation and resistance, and overall support for US government goals, while at the same time understanding Informal hierarchical distribution, psychology and behavior. In addition, you can also incorporate the Internet’s white noise into the social media network to “improve the cultural understanding of potential collaborators in the United States and the local situation before action.” While the US national security strategy has long recognized the strategy of cyber warfare Role, but this understanding is not fully translated into a clear strategic level of thinking and combat capability. For example, the US Department of Defense cyberspace action strategy did not give much solution or specific measures, only from five aspects of the previous repeated network ideas. Lack of clear ideas lead to our network strategy is flawed, making the United States advanced network technology advantages to hand over to the potential rival risk. In contrast, Iran and Russia’s asymmetric innovation modeled other regions and global forces, trying to circumvent the US military advantage by unconventional means to ensure their strategic interests. Cyberspace special operations are a must to fill the strategic level of the blank. Obviously, the United States must actively seek a tactical level of unconventional combat into the cyber space operations in the form of special operations. Rand’s recent study of special operations concluded that “the United States needs to use a more advanced form of special operations to ensure national interests, taking into account the recent US and its interests facing the security threat situation, special operations

Become the most appropriate form of ensuring national interests “. In an increasingly interconnected global environment, the physical infrastructure is quickly allocated Internet protocol addresses, accessory networking. By 2020, there will be 50 billion “machine-to-machine” equipment (currently 1 3 billion units) will be through the “embedded computer, sensor and Internet capabilities” access to network space. Cyberspace special operations Unicom virtual and reality, through the modern information network and with the traditional face-to-face combination of special operations partnership. Today’s global environment has prompted the United States to use cyber special operations as a strategic tool for national military strategies. Potential rivals combine offensive network capabilities with unconventional tactics to set a terrible example for other enemies in the United States, and they will follow suit quickly. This paper presents three new options for integrating emerging technologies and special operations: foreign-assisted defense under “cloud-driven”, anti-riot operations in the network, and non-conventional cyber warfare advance teams. Full play of these three tactics will not only maintain the advantages of the US network technology, but also to build an important partnership, shaping the whole spectrum of combat environment have a revolutionary impact. If successful implementation, network special operations will become the United States a strong new strategic options

Original Mandarin Chinese:

编者按:美国陆军中校帕特里克·米歇尔·杜根在美陆军战争学院就读期间,于2015年第4季度《联合部队季刊》发表《战略层面的网络空间特种作战》一文,该文曾获得2015年度参联会主席战略论文竞赛战略研究类奖。本文通过回顾网络空间特种作战案例,分析了在非对称性冲突中利用网络工具的潜在力量,指出网络空间特种作战已经成为达成国家目标的有效战略工具。成为地区强国用以规避美国军事主导权以及确保本国战略利益的非常规性路径。作者提出了融合新兴技术与特种作战的三种新选项:“云驱动”下的国外协助防御,网络反暴乱平叛行动与非常规网络战先遣队。旨在维持美国的网络技术优势,并对构建重要伙伴关系、塑造全频谱冲突环境产生革命性影响。伊朗和俄罗斯等地区力量的网络空间特种作战战备为何比美国更为充分?

美国在战略层面集结其网络部门和网络能力的同时,伊朗和俄罗斯又是如何在战术层面强化其力量的呢?美国在20多年前就发布了网络特种作战的相关文件,但为何其网络特种作战的政策、部门和条令仍然不够成熟呢?对于美军而言,最基本的问题是:美国将如何打造战略层面的网络特种作战能力?早在1993年,互联网技术理论家约翰·阿奇拉和大卫·伦菲尔德在其著作《网络战争即将来临》一书中就已经预言了最近伊朗和俄罗斯所实施的网络空间特种作战行动。“大量分散各地的小规模团体利用最新的通信技术协调一致”控制网络,取得对对手的决定性优势。现实中这一情景一再上演。阿奇拉和伦菲尔德认为,“战争中我们投向敌人的不再是质量和能量;如今我们使用的是信息,掌握的信息越多,对传统武器的需求就越少”。

美军高层也已经意识到,有了非对称性网络工具、非常规战术以及大量虚假信息的武装,少量的特种作战人员就可以形成一定的战略影响。目前有消息表明,伊朗和俄罗斯均已成功地将网络空间特种作战作为一种战略工具来达成其国家目标。两国都拥有一体化的网络特种作战部队,知道如何在非对称性冲突中利用网络工具的潜在力量。两国的非对称性手段成为地区强国用以规避美国军事优势以及确保本国战略利益的强大非常规性路径。价格低廉的网络高新技术使得潜在对手可以发展出强大的网络战能力。因此,美国亟需做出战略选择,发展网络空间特种作战,作为保护和投射国家利益的工具。

价格低廉的网络高新技术使得潜在对手可以发展出强大的网络战能力2013年2月,俄罗斯总参谋长格拉西莫夫在俄《军工信使》杂志发表了《科学在预测中的价值》一文。文中,格拉西莫夫预测了能够“改变游戏规则”的新一代战争,其战略价值将超过“武器力量的效能”。他号召普遍开展非对称性行动,以抵消敌方的优势,通过“特种作战力量和内部对抗以及不断完善的信息行动、装备和手段,在敌国的领土中创造一个永久活动的前线”。2014年春,有西方媒体报道,在乌克兰东部的乱局中,一支便装的特种作战小分队从俄罗斯境内穿越乌克兰边界,占领政府建筑和武器库并转交给分裂主义武装。与此同时,乌克兰当局声称,其全境的数字、电话及网络通信均遭到切断、干扰或攻击活动。乌克兰政府将信息和物流基础设施(包括互联网服务器和铁路控制系统)遭受的网络攻击归因于俄方的破坏,同时还认为,俄罗斯实施信息欺骗行动,花费巨资在重要的社交媒体、博客以及新闻网站每天发布50条亲俄评论,在乌克兰内外形成大量的虚假信息流,一方面掩盖其在网络空间的非传统军事行动,另一方面制造了政治假象。乌政府高级官员表示,“俄罗斯所做的并不是通常的信息作战所涉及的虚假信息、谎言、泄漏机密或网络破坏活动,它重新塑造现实,造成大众幻象,然后将之转化为政治行动”。为此,在2014年9月召开的北约安全峰会上,北约盟军最高司令、美国空军上将菲利普·布里德莱弗指出,俄罗斯在东乌克兰实施的“混合型”非传统作战代表了战争史上最惊人的信息闪电战。布里德莱弗敦促盟军立即发展相应的能力以反制俄罗斯的非传统战、宣传战及网络攻击行动。俄罗斯使用“根本不被西方视为战争的”非传统手段达成其政治目的,这使得西方及北约国家措手不及。俄罗斯并不是以碎片化的方式来使用特种力量、信息作战或网络能力。相反,正如格拉西莫夫将军所言,“发动战争不再需要公开宣布,当配备先进技术和大量信息的特种力量为传统部队在维持和平与危机的掩护下达成战略目标创造好条件,战争就发生了。”言外之意,网络信息欺骗和网络攻击行动为特种作战力量在“战争与和平之间”实施非传统战赢得了时间和空间。俄罗斯的网络赋能非传统战极为成功,不仅是其网络特种力量的混成,而且还成功地侵入欧盟成员国,甚至没有引起西方有效的军事反应。

网络信息欺骗和网络攻击行动为特种作战力量在“战争与和平之间”实施非传统战赢得了时间和空间 经验教训从俄罗斯的案例中可以得出四个方面的主要经验,可为美国特种作战行动与网络能力整合提供一个可行的理论框架。第一,俄罗斯特种部队所使用的进攻性网络工具存在战术和战略层面的差别,主要以战术层面的“封闭网络”为目标,如本地通讯、社交媒体、区域网络和后勤基础设施等,同时保留其更为先进的开放网络工具作为备用。第二,网络特种作战主要是一种代理人行为,强调最小化的来源跟踪。正如格拉西莫夫所描述的那样,“对敌方的远距离、无接触行动正在成为战术战役目标的主要手段”。网络特种作战通常避免人员的直接接触,而是在和平与战争的灰色地带展开行动。第三,信息与通信技术、网络攻击及信息作战等在网络赋能的非常规战中发挥着重要作用。只要恰当的实施,传统的特种作战可以远远超出其原有的功能,“这涉及到对广泛能力的综合运用,以达成政策目标”。要发挥效能,还必须整合同步其他领域的专门知识。第四,网络特种作战既可以慑止冲突,也可用于应对全频谱冲突,因为“它适合行动的各个阶段,从塑造环境到剧烈战争再到战后重建等”。虽然网络战以破坏为初衷,但也具有建设性的一面。低成本的信息和通信技术的广泛传播有利于强化伙伴国安全,从而有助于阻止冲突的发生。

网络空间特种作战是一种必须填补的战略层面的能力空白,美国必须积极寻求一种在战术层面的非常规作战中融入网络空间作战的特种作战形式 “‘云驱动’下的‘国外协助防御’(FID)”既是一种云计算概念,也是通过虚拟手段增强伙伴能力和信任的一种比喻性描述。“‘云驱动’FID”概念虽然还未经明确界定,但是它却可以联接整合跨学科领域,以更好地理解人员、地理及虚拟世界,并对相关目标展开共同行动。从技术上而言,“‘云驱动’FID”可以强化伙伴关系,通过联合设施,实时共享数据,增强自动化,传播分析过程。“云驱动”是灵活多变的,能够以私人、公共、社区或混合形式出现,各自使用不同的软件、平台和基础设施等。安全人员通过“‘云驱动’FID”使用智能技术驱动保密的移动应用软件、分析工具和共享数据。虽然数据与虚拟云相联,但其真正价值在于使信息及时传播到战术人员手中。“‘云驱动’FID”也可比喻为一种持续的、活跃的伙伴关系,数据永不停止,网络一直忙碌。技术仅仅是一种工具,用以驱动更深入、广泛的社会文化、政治和历史因素的理解,这些往往是容易造成冲突的因素。“‘云驱动’FID”可以与伙伴国构建更具持续性的能力和信任。“‘云驱动’FID”为未来建立各种机构、中心和实验室弥合美国各跨机构间的利益打下一个虚拟的基础。从美国政府的战略视角而言,“‘云驱动’FID”是一种实用主义的“以伙伴国为中心的方式,旨在围绕伙伴国的核心利益设计行动,而不是寄希望于以短视的方式来改变伙伴国”。“‘云驱动’FID”还是一种审慎的战略举措,“以防美国的伙伴国由于国内政治问题出现公共关系危机”。“‘云驱动’FID”也提供了其他的机会。它所形成的技术和关系网络可以迅速对紧急事件做出反应,如人道主义救援或救灾行动、阻止大规模屠杀,或者非战斗人员撤离任务等。这样可以通过为决策过程提供信息而节约时间、金钱和人力等。对于伙伴关系的构建而言,“‘云驱动’FID”可以存储当地的非美国社交媒体信息、丰富的社交网络分析、社会网络地图以及行为和舆论趋势分析等信息。最为重要的是,“‘云驱动’FID”以富有创新性和极为有力的方式构建信任,打造对盟友及伙伴国的持久影响力。

当今的全球环境促使美国采用网络特种作战作为国家军事战略的战略性工具 网络反暴乱平叛行动网络反暴乱平叛行动(CNCOIN)旨在利用社交媒体网络达成平叛的目的。为打破敌人的非对称性信息优势,CNCOIN使用非技术手段打击相关人群,控制其感知、行为和行动。它为网络空间无处不在的反社交网络手段增添了军事色彩。虽然这些手段没有明确界定,本文认为,它实际上就是指操纵社交媒体,掩盖真实身份,达成不可告人的目的。虽然社交媒体为反社交网络提供了广泛的机会,如恶意利用、有意误导等,但从军事角度而言,社交媒体提供了丰富的信息资源以影响心理脆弱性,也是一个理想的攻击平台。每种功能性范畴中都有几种有助于其实施的技术。行动范畴包括但不局限于网络欺骗行动(cyber-pseudo operation)和网络驱逐行动(cyber-herding operation)。网络欺骗行动是一种经典的平叛策略,“政府军和技术人员将自己假扮为叛乱分子,渗入敌方网络后使用先进的谍报技术在该网络内部实施破坏”。网络驱逐行动就是指,“个人、团体或组织把其他的个人、团体或组织驱逐到预设的网络区域”。两种技术的奇妙之处在于,通过利用通信技术与通信平台的内在缺陷来驱逐虚拟网络中的叛乱分子。两种战术以叛乱分子活跃的网络社群为目标,对其进行操控或者瓦解,最终为网络平叛提供更多的机会。虚拟世界放大了环境因素,因为网络中的人物更难确定其真实性。规划指挥控制、通信频率以及设备平台等要素将成为网络欺骗行动或网络驱逐行动实施的关键点,用以操纵、误导或者驱逐目标群走向预想的结果。情报范畴包括但不局限于众包(Crowdsourcing)和社交网络分析技术(Social Networking Analysis, SNA)。众包就是利用大规模的知识库,由参与者自愿提供的,为解决问题提供新思路、服务或观察,可以迅速扩展组织者的视野。社交网络分析以可视的方式描绘和测量社交链接的关系、强度及核心性以说明社会网络结构。社交网络可视化或者社网图可以提供独特的窗口用以评估、描绘甚至预测关系事件的强度、时间、空间和关系维度。2013年9月,菲律宾三宝颜危机期间,反政府武装摩洛民族解放阵线(以下简称“摩解”)对民族和解状况感到不满,挟持200多名平民为人质,袭击商业店铺,烧毁城市建筑。整个危机期间,众包和社交网络分析都是非常成功的非传统战术手段。菲律宾安全部队使用众包战术鼓励三宝颜居民发现并报告“摩解”成员的藏身地点。菲安全部队结合众包信息和情报分析,为安全行动和人道主义行动提供信息。使用社交网络分析来评估“摩解”的民众支持度,并在社交媒体上反制“摩解”宣言,封禁违反社交媒体用户协议的宣传网站,还使用众包信息封锁“摩解”小股部队,攻击其临时指挥哨所。菲安全部队通过使用社交媒体跟踪关键信息和领导节点,随后使用实体部队挫败了“摩解”的非对称性优势。信息作战范畴包括但不局限于网络入侵(cyber aggression)、论坛马甲(袜子手偶sock-puppeting)、以假乱真(Astro-turfing)等。三种战术都是匿名利用社交媒体实施误导、假信息等来操纵行为、舆论及行动。网络入侵是由蒂安娜·菲尔姆利提出,是指“一种电子或在线行为,旨在对他人实施心理伤害或损毁其名誉,通过使用电子邮件、即时信息、手机、数字信息、聊天室以及社交媒体、视频、游戏网站等”。它比普通的网络攻击性行为的范围要广泛得多。它的匿名性可能会引起实质性的心理伤害和负面后果,因为相关信息会被重复发送给目标或者在社交媒体发布。它对CNCOIN的价值在于,可以利用敏感的数字信息来羞辱、诽谤或伤害目标,造成心理障碍行为。这种强大的网络入侵行动可以降低目标的可信度、影响力和权力,最终使目标或其它叛乱分子丧失实力。其它两种战术,论坛马甲和以假乱真都是虚构的在线宣传工具,用来散布扭曲的观点,以制造更广范围的支持或者反对的假象。以假乱真实际上跟论坛马甲是同一个概念,只不过更为复杂、更有组织、规模更大。两种战术都使用虚拟人物在网络空间散布虚假信息,目的是引发群体反应或行动。以假乱真的网络信息作战行动包含海量文字、图片和视频,与有计划的误导性网络活动相结合,将显著增强CNCOIN行动的效果。 非常规网络战先遣队推进美国网络特种作战的第三种方式是非常规网络战先遣队(cyber-UW Pilot Team),利用社交媒体网络塑造实体环境,建立区域机制,在实施非常规战之前将各区域联通起来。非常规网络战先遣队的核心是特种部队,拥有多个专业机构提供的技术支持,其任务是在网络安全领域进行非常规作战的准备。传统先遣队的渗透目标是敌方领土、军事设施等实体目标,而非常规先遣队则是通过虚拟手段进行渗透,再潜入敏感、敌对或拒止区域。通过虚拟手段,可以减少美国及伙伴国武装力量在时间、风险、装备等方面的损失和风险。从概念上讲,非常规网络战先遣队利用网络工具和先进技术在社交媒体上打造人员、实体、情报以及信息基础设施。在加深对当地人文地形理解的同时,小组可以强化其本地语言和文化技能,还可识别抵抗活动领导者、评估动机和抵抗能力以及对美国政府目标的总体支持度,与此同时,还可以了解非正式的层级分布、心理及行为等。此外,还可以通过接入社交媒体网络混入互联网白噪音,以“提高美国对潜在合作者的文化理解以及在采取行动之前的当地形势。”虽然美国国家安全战略中早就承认了网络作战的战略作用,但是这种认识并没有完全转化成明晰的战略层面的思维和作战能力。例如,美国《国防部网络空间行动战略》中并没有给出多少解决方案或具体措施,仅仅从五个方面重复了先前的网络思路。缺乏明确的思路导致我们的网络战略存在缺陷,使得美国先进的网络技术优势有拱手让给潜在对手的风险。对比之下,伊朗和俄罗斯的非对称性创新为其他地区和全球力量树立了模仿的样板,都试图以非常规手段规避美国的军事优势,确保各自的战略利益。网络空间特种作战是一种必须填补的战略层面的能力空白。很显然,美国必须积极寻求一种在战术层面的非常规作战中融入网络空间作战的特种作战形式。兰德公司最近的一份研究特种作战的报告得出结论,称“美国需要运用一种更为先进的特种作战形式来确保国家利益,考虑到近来美国及其利益面临的安全威胁形势,特种作战成为确保国家利益的最合适的形式”。在一个日益互联的全球环境中,实体性基础设施快速被分配互联网协议地址,接入物联网。到2020年,将有500亿台“机器对机器”设备(目前为130亿台)会通过“嵌入计算机、传感器和互联网能力”接入网络空间。网络空间特种作战联通了虚拟与现实,通过现代的信息网络并与传统的面对面的特种作战伙伴关系相结合。当今的全球环境促使美国采用网络特种作战作为国家军事战略的战略性工具。潜在对手将进攻性网络能力与非常规战术相结合为美国的其他敌人树立了可怕的榜样,他们必将快速跟进。本文提出了融合新兴技术与特种作战的三种新选项:“云驱动”下的国外协助防御、网络反暴乱平叛行动以及非常规网络战先遣队。充分发挥这三种战术将不仅仅能维持美国的网络技术优势,还可对构建重要伙伴关系、塑造全频谱作战环境产生革命性影响。如果能成功实施,网络特种作战必将成为美国强有力的新战略选项。

 

2016-08-22 17:42现代军事

中國的網絡空間治理或衝突的困境選擇 – China’s Dilemma Choice of Cyberspace Governance or Conflict

中國的網絡空間治理或衝突的困境選擇 –

China’s Dilemma Choice of Cyberspace Governance or Conflict

Introduction
The problem of cyberspace security governance is attracting more and more attention from the international community. Among them, the problem of cyberspace conflict management is more and more concerned. Compared with the physical space conflict, the cyber space conflict has the characteristics of diversification of the actors, rapid updating of the attack means and unpredictability of the conflict. This leads to the reality that the cyberspace conflict management is faced with serious challenges such as serious cognitive differences, difficult to effectively govern, deterrence and “structural problems”. Therefore, the network space conflict governance needs to change the governance concept, through the pragmatic cooperation between countries, the integration of all the advantages of resources, to build a global network of governance mechanisms, and cultivate cooperation and sharing of governance culture. As a global network of countries, China has been actively advocating the establishment of multilateral, democratic and transparent global governance system. At the same time, China will make a positive contribution to the construction of international rules of cyberspace and the global network governance mechanism in the areas of innovation governance, bridging the digital divide, carrying out bilateral and multilateral international cooperation.
text
With the extensive application and rapid development of network information technology in the world, the relationship between network and national security is becoming more and more closely. Among the security issues, the most interesting is cyberspace conflict. Cyberspace is called “next battlespace” by military strategists and futurists. The primary objective of governments in cyberspace is to ensure that their core interests are not compromised and that nationals are protected from cyber attacks. But the reality is that the vast majority of cyber attacks are not directly initiated and implemented by the government, but are operated directly by non-state actors. Moreover, the cost of launching a network attack is low, action is hidden, and can cause serious consequences. This also causes cyberspace to burst out of clashes or even cyber warfare (cyber warfare). Once the cyberspace conflict or war, its size and scope of influence will be difficult to estimate. Cyber ​​space conflicts can also lead to direct hostility and conflict among nations in the real world. In addition, due to the lack of necessary international legal jurisdiction and norms, cyber conflict management is also facing serious challenges. Effective control of the intensity of cyberspace conflict, the development of cyberspace national code of conduct, will be the international community to explore new issues of cyber conflict.

First, the changes and challenges of

cyberspace conflict Network space conflict from the behavior of the network threat to the perception and the resulting response. Network threats can be broadly divided into two categories: one is called cyber attacks, is deliberately destroying the behavior of the network system; the other is called cyber exploitation (cyber exploitation), that is, the use of network infrastructure to achieve illegal purposes, but Will not harm the network system itself. [1] The target of cyber attacks is aimed at national and non-state actors, including sovereign states, organizations and individuals, which can disrupt both hardware and software and other aspects of the computer, or by improperly invasive computer operating systems Information or implement remote control. Network attacks can cause network conflicts, and network conflicts can be upgraded to cyber warfare. A cyber war generally refers to the destruction and disruption of a nation or nation that infiltrates another country’s computer or network. [2] cyber war can seriously endanger the country’s political, economic and social security and stability, is the highest form of network conflict. <A I = 3> Network information technology has the immediacy, convenience, cheap nature, so that conflict and war becomes easy to operate and implement. Network information technology to the traditional conflict and war has undergone a subversive change. As long as there is a network of computers, a few people can implement a network attack, launched a small-scale war without smoke. Network space weapons development costs are very low, as long as there are one or two computers, and can achieve network connectivity, and then equipped with several high-level hackers, is enough to create a very lethal network weapons. [3] Therefore, the impact of the Internet on national security will be comprehensive, thorough and unprecedented. Network information technology from the continuous innovation and development of communication technology. The emergence and continuous updating of instant messaging technology has enhanced the efficiency of political decision-making on the battlefield. Network information technology for the innovation of weapons technology has an important role in promoting, especially in the era of nuclear weapons, computer technology to make nuclear weapons more accurate, reliable and high speed. During the Cold War, the United States and the Soviet Union attached great importance to the development of information processing technology. With the comprehensive development of computer technology, the United States first proposed the “information warfare doctrine” (information warfare doctrine), that is, the use of information technology, tactics and means beyond the opponent. Western scholars said that the current international society is no greater risk of weapons of mass destruction, but large-scale destructive weapons (weapons of mass disruption). [4] In the technical breakthrough, cyber space conflict and war more profound changes reflected in the behavior of the main, means of attack and the consequences of conflict and so on. (I) Increasing diversity of actors The cyberspace provides a broader platform for non-State actors to move beyond the limits of territory and sovereignty and to play a greater role in reality and in the virtual world. Traditional conflicts and wars occur between different groups, generally monopolized by powerful states, and individual individuals are difficult to attack groups. Network information technology has greatly enlarged the power of relatively weak behavior. With the help of a network information platform, small countries can challenge the hegemonic countries, small groups can attack the powerful sovereign states, individuals can also attack the group. The United States has always regarded North Korea as a threat in cyberspace. According to the US Fox News Network reported that the beginning of 2010, the report shows that North Korea has trained thousands of top computer students to become excellent “cyber warrior” (cyber Warrior), whose operational targets are locked for the United States and South Korea. [⑤] In recent years, terrorism has also gained the “new life” with the help of network carrier and information tools. Al Qaeda uses Internet technology to promote its extreme ideas, and use the network platform to implement member recruitment, online training, fund raising, remote command and other activities. It can be said that the cyber space of the hidden and open features to increase the international community to prevent and combat the difficulty of terrorism. [⑥] In 2008, a 14-year-old boy in Poland, through the invasion and control of the Lodz tram system, caused confusion, resulting in four trams derailed, 12 people were injured, the accident did not cause death. [⑦] for the increasingly diverse network attackers, the US Strategic Command Command Kevin Hilton (Gen. Kevin P. Chilton) vividly believes that “our enemy range, including not only the boring young hackers, but also criminal organizations, but also related to national actors.” [ 2] Attack means to constantly update the original intention of the development of the Internet is to facilitate the effective flow of information to achieve resource sharing, interoperability. Open environment will often bring more risks and challenges to security, cyberspace and thus appeared in the “offensive and defensive imbalance” problem. This structural imbalance triggers cyber malicious attacks, thereby reducing confidence in deterrence and effective defense. [⑨] static defense in cyberspace (static defenses), that is, passive defense, refers to the most powerful hackers as a new challenge or to be resolved. [⑩] Skilled cyber attackers can easily find network vulnerabilities and successfully bypass security defense software. Compared with the traditional conflict, cyber space in the attackers in a shelter, and specifically attack the target of the weak links. In the “offensive side of the defensive side” in the context of the network of offensive weapons has become very common. The general network of offensive weapons, including computer viruses, malware, logic bombs (logic bombs, denial of service (denial of service) and so on. Low-end network weapons, the goal is simply to steal information, access to passwords, modify the program, generally do not produce significant harm. By contrast, high-end network weapons can cause data or critical facilities to be interrupted or severely damaged. A series of cyber attacks can evolve into major emergencies, breaking critical services over a period of time, including disrupting military command or information systems, shutting down power supply or oil pipelines, and stopping financial services. In 2008, the US Department of Defense to store encrypted military information on the computer network had infected with malicious code. Malicious code diffuses to encrypted and unencrypted file systems without being perceived. Although it was found in time, but the US military is very scared that such an event may make its military confidential documents are uploaded to foreign intelligence agencies, and even unknown hostile forces, the consequences will be disastrous. [11] Complex high-end malicious code has a strong self-camouflage ability, it is difficult to be found, often has been caused after serious injury will be found. In 2010, Iran’s nuclear facilities were attacked by “Stuxnet” (Stuxnet), making Iran’s Natanz uranium enrichment plant 1 More than 1,000 IR-1 centrifuges have to be replaced due to abnormal operation and damage. The fact that the “shock virus” attack target is very accurate or single, that is, the German Siemens control system (SIMATIC WinCC). This is a data acquisition and monitoring (SCADA) system, widely used by Iran in the defense of basic industrial facilities. “Seismic virus” in the invasion of a computer, it will automatically find the Siemens software to confirm the software found, the virus will be unaware of the state control of industrial computer systems, and control the computer software to other factories on the computer Issue a given order. Network security experts believe that the “earthquake network virus” is the first physical world infrastructure for the target “precision guidance” worm. [12] As the first disclosure of “shock virus” German well-known network security experts, Ralph Langner (Ralph Langner) through systematic analysis, that “shock network virus” structure than imagined even more complex , Including two different “digital warhead” (digital warhead), respectively, for different offensive targets, uranium enrichment facilities and Bushehr nuclear power plant external turbine. He believes that the power of the second warhead is equivalent to the Bushehr nuclear power plant for a precise air strike. [13] US information security expert Kevin Clayman (Kevin Coleman) 2010 in the United States National Defense Science and Technology published an article that the number of network attacks will be a sharp upgrade. To support this assertion, he mentioned that the number of malware in 2009 reached the highest level in the past 20 years, with multiple reports showing that more than 25 million malware was confirmed, and that growth would continue. [14] Through the above examples, it is easy to see the cyber space in the offensive weapon technology content is high and has a strong pertinence. Such weapons are more subtle, more precise, more offensive and destructive than conventional weapons. At the same time, network offensive weapons can not be reused, must be constantly upgrading. Matin Libici, a digital warfare expert at the famous American think tank, argues that it is no longer a weapon once someone knows how the cyber warfare works. The best weapon is the enemy does not know, but they already have. [15] (c) the consequences of conflict unpredictable <a I = 11> opponents in traditional conflicts are clearly visible, and the results of the conflict are predictable. In the conflict of cyberspace, once the offensive weapon is in power, the damage scale and influence caused by it are constantly copied and disseminated, and it is difficult to get effective control as the traditional conflict. More seriously, cyber attacks can bring serious panic to society, which is more serious than traditional wars. All kinds of infrastructure in modern society are controlled by computer and Internet systems. Once the network attacks are affected by water, electricity and financial control systems, the losses will be immeasurable and may even cause serious social unrest. American scholars envisioned the serious consequences of cyber attacks: no air control system or airport security system, no electronic control of rail traffic, no reliance on electronic computer day and night delivery of parcels or e-mails, no employer through payment software to pay workers wages Check, no electronic withdrawal record, no automatic teller machine, hospital or health center No reliable digital record, no electricity leads no light, no heat, no refueling system or fuel, petrol, no traffic lights, no phone, no internet service , There is no police effective security management, this series of problems will make the American society into a short-term paralysis. [16] According to the CIA revealed that the number of cyber attacks against the US public utility network in 2007 showed that the person in charge of the power company was even reluctant to talk about the risk of these events because of fear of serious social panic. In addition, the openness of cyberspace makes the network attacks happen and its scope of influence will be diffuse. In April 2013, hackers stole the Associated Press’s Twitter account and posted a false message that US President Barack Obama was injured in an explosion at the White House. A few minutes later, the Associated Press official used another Twitter account before the account was stolen. White House spokesman also clarified by President Obama did not hurt the radio. But many people have seen the news of the stolen Twitter account, the event led to the Dow Jones Industrial Average and S & P500 index both fell, after the two trading index and rapid rebound. Alert alleged that the Twitter account has 2 million audiences, the release of instant messaging is very influential. [17] The incident also sounded the alarm to the US government, with a simple account stolen event is likely to trigger a financial panic, which seriously disrupt the social order. The above new features of cyber conflict governance have had serious consequences. The diversity of the behavior makes it difficult to change the concept in a short time to overcome the differences and differences of cognition. The continuous innovation of the network attack means makes the international legal system and deterrence difficult to play the role. The unpredictable consequence is aggravating the inter- Mutual suspicion. These factors will seriously hinder the formation of cyberspace conflict management mechanism and play a role. Second, the network space conflict governance mechanism of the plight of cyberspace conflict and the traditional sense of the international conflict is very different. The main actors in the current global governance mechanism are sovereign states, who propose a series of rules and regulations on the basis of understanding and understanding of traditional armed conflicts. But in cyberspace, the effective regulation of the behavior of non-State actors is a matter of law and morality. And “structural dilemma” and other practical problems also exacerbated the difficulty of cyber conflict. (A) cognitive differences hinder effective governance At present, countries on the core concept of network security understanding of the network security events and their attribution (attribution) and identified there are deep differences. For example, the United States, Britain, Japan, Germany, France and the European Union have developed a network security strategy, through comparison can be found, the parties to “cyberspace”, “network security”, “network war” and other core concepts defined difference. [18] In cyberspace, how to determine that some of the acts have violated the basic norms of international law and can be used to combat Can individuals and organizations become the target of a national network attack? How do you define the national sovereignty of cyberspace? For these questions, the current international legal system has no ready answers. The United Nations, as a broadly representative international organization for the maintenance of international peace and security, has its own limitations, highlighting the development of the Charter of the United Nations much earlier than the arrival of the cyber-information age and therefore does not take into account the issue of cyber attacks. It is difficult to define cyber attacks as the use of force in accordance with prevailing norms of international law. During the three weeks before the 2008 Russian-Russian war, Unknown Acts used a commercial IP address to launch a decentralized denial service in several countries to attack the Georgian president’s website. The outside world believes that the relevant malware (named MachBo) was written in Russia and used by Russian hackers, although there is no definite proof that the Russian government has planned and implemented cyber attacks. Another dilemma faced by current international legal norms is the blurring boundary between cybercrime and cyber warfare. Realistic disagreement is manifested in the fact that the attacked state considers cybercrime to be a cybercrime and encourages implementation or support in the back of the country that cyber attacks are a cyber warfare for the maintenance of national interests. It can be seen that the lack of unified cognitive standards and operational guidelines make cyberspace conflict management difficult to carry out. In general, cyberspace behavior can be divided into three categories, one is legal (recognized is legal); the second is crime (illegal, the current legal norms that it is a crime); three is not legal (by the state and Non-state actors are found to be malicious, but the existing legal framework is not clearly defined). To be sure, cyber attacks should first fall within the jurisdiction of domestic law. If the attacker violates domestic law, the government of the host country is bound to enforce the jurisdiction. If the attacker attacked the target of another country, and the relationship between the target country and the host country is not friendly, there is a realistic problem. Especially for intelligence gathering, disruption of communications, or network behavior such as issuing erroneous directives to the enemy, it is easy for the implementer to be deemed to be a cyber attack because of being favored by the host country, So that it will not be punished. [19] (b) difficult to effectively govern international legal norms <a There are indeed many problems with the current international legal system and governance mechanisms. First, the existence of existing rules on armed conflict applied to cyberspace issues; second, the existing international rules can be applied to cyberspace governance, the majority of international rules focus on inter-State conflict, and cyberspace in the unconventional conflict But the more and more; third, the lack of legal experts; Fourth, the current rules focus on how to limit the network war, but the physical and collateral damage and other potential issues less concerned. [20] These problems make the existing international legal system not only effective control of cybercrime behavior, nor can it provide legal protection for civilian infrastructure and ordinary civilians. The Law of War and Armed Conflict (“the Law of Armed Conflict”) originated in the mid-19th century and is a humanitarian norm that regulates violence and conflict. The law of armed conflict applies exclusively to the conflict between the regular forces of the state. Countries in 1864 on the “Geneva Convention” to reach a consensus in 1868 in St. Petersburg officially signed. But the law of armed conflict, the Charter of the United Nations in the legal control of the war and wartime war behavior constraints are not applicable to cyberspace. And the existing legal norms do not clearly define the “war behavior” (war of act) concept. In general, war refers to the legal consequences of the use of force between States. The law of armed conflict is based on the use of force and aggression. In cyberspace, there is a great deal of controversy over whether cyber attacks are equal to the use of force and should be governed by the law of armed conflict. On the one hand, although not explicitly defined, it is generally believed that cyber attacks are hostile in cyberspace using network and information technology to achieve a certain purpose or effect; on the other hand, whether a cyber attack can be called For the conflict or war, still need the international community generally recognized. [21] There are gaps in the existing international legal norms for the control network space conflict. Within the existing international legal framework, the international legal norms governing conflict are the law of armed conflict, whose main legal sources are international treaties and international customs. It is the sum of binding principles, rules and regulations, and systems that adjust the relations between the warring parties and the warring parties and the neutral States in war and armed conflict. [twenty two] The subject of the law of armed conflict rests with the State and does not involve the question of the exercise of jurisdiction over individuals and international organizations. In addition, in the network attack, how to effectively distinguish between military and non-military objectives is also a real challenge. In the field of traditional warfare, military and non-military objectives are clearly defined, just as green tanks carry soldiers, and yellow cars carry students. But in the absence of clear boundaries in the cyberspace, the boundaries of the two are vague. The blurring of boundaries will lead to bias and shift of offensive targets, such as the blow to a country’s military facilities likely to shift to civilian infrastructure targets. In the network war, for the commander, it is difficult to distinguish which networks have military strategic objectives, which goals are civil. The more difficult problem is that it is difficult to determine the attacker’s long-range attack. Even if it is possible to determine the presence of the attacker and the attack itself, it is difficult to determine the identity of the attacker. Cyber ​​space conflict also exists on the application of the right of self-defense in traditional war. If a cyber attack against a country has occurred, the State under attack has the right to self-defense in accordance with the provisions of the Charter of the United Nations. But how to determine the implementation of the main body to determine whether the attack on the country’s attack, to define the extent of the attack, there is no uniform standard. Although the existing international legal system clearly stipulates that conventional wars can not use weapons of mass destruction, they are almost equivalent to the use of weapons of mass destruction if they are likely to be devastated by malicious code and malware. If this assumption is true, it will pose a serious challenge to the above principles. And if the network army in the public website embedded malicious code, and the infection code of the non-military system than the military system, which should be considered a violation of the principle of abuse of weapons. Whether there is a “network of weapons of mass destruction” in cyberspace, and the international community has not reached a consensus on the use and co-operation of these weapons that can cause serious consequences. In addition, the development of network information technology in the 21st century makes the soldiers separated from their war behavior. The closer the separation of the acts of war, the harder it is to preserve the humanitarian spirit implicit in the law of armed conflict. At the same time, the openness of cyberspace makes the public and private, government and private network mutual penetration, overlap each other. This will result in a joint attack on the consequences of a network attack and may cause physical damage and injury. (C) the network deterrence lost utility <a I = 25> cyberspace The international legal system is not yet sound is an existing fact, then can the cyber deterrence strategy be effectively implemented and achieve the intended purpose? The deterrence strategy emphasizes the strength and the will of the contest. Deterance refers to the strength of one party is strong enough to make its opponents can not attack, otherwise it will pay a significant price. The prerequisite for deterrence is the possibility and credibility: the possibility that one party has the absolute ability to launch retaliation and counterattack, credible means that at the crucial moment one party decides to impose the necessary blow to its opponent. To achieve the purpose of affecting the opponent’s decision-making, you need to let the opponent clearly understand and perceive the deterrent implementation of the absolute strength and revenge. In reality, there are serious limitations in the use of deterrence strategies in cyberspace: first, deterrence theory is generally applied between two powerful opponents, the deterrent can be effective to assume that the other is rational, can not bear the cost of attack. But in cyberspace, there may be a serious asymmetry between the attacking entity and the attacked object, and even if effective retaliation is implemented, the purpose of deterrence can not be achieved. Second, the asymmetry of retaliatory means would disrupt the existing international rules. If the network attacker only launched a general decentralized denial of attack, only led to the attacking country network system paralysis, if the attacking countries using conventional military and nuclear forces to fight back, will cause a lot of economic losses and casualties, which will Deviation from the “principle of proportionality” in international law, the return action will be the loss of legal legitimacy. Finally, cyber attacks are instantaneous, one-off, successful, or failing only in the twinkling of an eye. Successful attacks can cause harm, and the victim is retaliated after being attacked, and deterrence will be completely lost because the injury has arisen. In a cyber environment, a party that initiates a cyber attack usually attacks an attack through a “zombie computer” (a computer that has been hijacked after it invades), which adds significant difficulty to the attacker’s determination of the attacker. In addition, the process of determining the identity of the attacker takes a long time, after the confirmation is correct, the loss has been generated and irreversible. Re-implementation of such retaliation under such conditions would challenge the “self-defense principle” under international law, since Article 51 of the Charter of the United Nations clearly stipulates that “self-defense” is prerequisite for action against force. The more challenging issue is that if the attackers are identified as being an organization or an individual, the various norms of international law will not work. Former deputy secretary of the United States Department of Defense William Lynn Lynn) also mentioned the difficulty of the network deterrent, “deterrence credible prerequisite for the identity of the adversaries to confirm no doubt, but in the cyberspace almost no such case.” [23] (d) “structural problems” threat to international cooperation and the real world, cyberspace is also in anarchy. In this state, there is no absolute authority, so the relationship between the cyberspace state is facing a “structural problem.” This is highlighted as two aspects: First, the network developed countries and emerging network power between the competitive relationship, which is reflected in the network security issues on the two camps, “different voices.” The first camp is the United States led the Western countries group, they have introduced the corresponding national network security strategy, and put forward the values ​​of Western countries to reflect the cooperation and governance philosophy. In March 2014, the United States stated that it had strengthened bilateral and multilateral coordination and cooperation with the EU in matters related to the Internet. The United States made it clear that US-European cooperation is based on shared values, common interests, multi-stake governance concepts, cyber freedom and the protection of cyberspace human rights. [24] Early 2015, the United States and the United Kingdom expressed the need to protect key infrastructure, strengthen network defense, support network academic research and other aspects of pragmatic cooperation. [25] In June the same year, the United States and Japan to enhance network deterrence and strengthen information and intelligence sharing agreement. [26] It is not difficult to find that the first camp headed by the United States places more emphasis on the values ​​of freedom and democracy in cyberspace and strengthens its own network deterrent. The second camp is China, Russia and other emerging countries group. “Prism door incident” occurred, China and Russia and other countries are very concerned about maintaining the network of national sovereignty, called on the international community to pay attention to the United States to cyberspace open, free in the name of the actual violation of the sovereignty of other countries. At the BRICS National Summit in Brazil in 2014, Russia proposed strengthening the BRIC network security cooperation. [27] Russia and China as the representative of the BRIC countries that “WikiLeaks” and “prism door incident” shows that the United States and other Western countries in the network security issues on the implementation of double standards: on the one hand advocate the so-called absolute freedom of cyberspace, On the other hand use the network to steal other countries information. One of the two camps advocated “network freedom first”, the other side advocated “network sovereignty first”, the two sides views obvious and difficult to eliminate. <A I = 32> Second is the inequality between developed and developing countries. Developed countries because of the advantages of early development, has been in the network information technology has the initiative; and the majority of developing countries due to historical, economic development and technical conditions and other factors, network information technology has long been lagging behind. According to the statistics of the International Telecommunication Union and other relevant agencies, the number of online online users has reached 2.3 billion by 2011, the Internet penetration rate in developing countries is about 25%, the penetration of the Internet in developed countries is 70%, and the per capita Internet users in Europe Bandwidth is equivalent to 25 times the bandwidth of Africa’s per capita. [28] Inequality in status will allow the vast majority of developing countries to remain marginal and passive. Although the United States and other Western countries put forward on the network security issues to the vast number of developing countries to provide the necessary assistance, but because they are in the implementation of assistance along with the concept of Western values, in fact, the majority of developing countries, “value output.” The majority of developing countries are very worried about the United States and other Western countries to form a network security technology level of “dependency”, the network space conflict governance North-South cooperation is also difficult to achieve. Third, the network space conflict mechanism of governance mechanism to explore the war has entered the information age, the existing international law should be necessary to improve and upgrade. The diversity of actors, the escalating offensive technology, and the uncertainty of the consequences call global governance of cyberspace conflicts. People are aware that cybercrime, cybercriminals, and cyber-terrorism have become global problems that can not be solved by the power of individual countries alone. Thus, the issue of cybersecurity is not just the domestic security of individual countries, but it is necessary to carry out long-term, extensive and in-depth international cooperation. At the same time, the existing international legal norms need to be updated and perfected. In the case of international legal norms governing the international conflict, prevention and control of cyberspace conflicts should be increased. At the same time, cyberspace cooperation requires the cultivation of peace and cooperation, development and win-win governance philosophy. Only the concept of governance enjoys popular support, international cyberspace conflict governance action will be concerned about, but also in the international community is widely recognized. (A) the transformation of global governance awareness Although there are Estonia, the Georgia network attack and “earthquake network virus” on Iran’s nuclear facilities caused serious damage and other typical cases, but so far there has been no large-scale inter-country network conflict. Nevertheless, people are still highly concerned about the cyberspace conflict, the urgent need to change the corresponding sense of governance. <A First, the most important subject involved in the management of cyberspace conflict is still the sovereign state. Although the role of individuals and groups is magnified by cyberspace, their power is still limited. Individuals and groups lead to large-scale network conflict and even the possibility of war is still minimal. Therefore, the focus on the network conflict should still be the country. Only countries in accordance with the law to effectively manage and regulate their own and their domestic organizations, individual behavior, cooperation between countries can play a role. Second, to coordinate and integrate the power and resources. Need to pay special attention to is that cyberspace itself beyond the borders, can not fully rely on government and national power. The United States and Europe and other Western countries in the network defense is the most worth learning experience is the full integration of civil resources, to achieve effective interaction between the official and civil. Should be aware of non-state actors in the field of cybersecurity in the important role, rather than national actors also hope to cooperate with the government to reduce network risk. [29] In 2010, the National Security Agency (NSA) in the Google company suffered high persistence attacks (Advanced Persistent Threat, APT), to provide information and technical assistance. [30] The basic elements of cyberspace are individuals and social groups, only to stimulate the vitality of individuals and social organizations, to enhance their network security and cooperation awareness, cyberspace will be more secure. In the government’s active promotion, the integration of technical personnel, experts and scholars, social groups, enterprises, government and other resources in order to effectively eliminate all kinds of cyberspace threats. In some cases, the need to deal with cyberspace problems also need to find answers in the network. In reality, the use of “white off” is an important strategic choice. In January 2014, the Russian Federation Committee proposed the use of “white off” (no criminal criminal record, can find a system of loopholes and experienced network of experts) services to deal with complex and volatile network attacks. [31] US network security software vendor experts also stressed that should be concerned about the “white” group, can not let it be tempted by the dark forces or even use. [32] Third, the implementation of hierarchical management of network behavior. The biggest challenge facing the international community is that countries can not agree on many cyberspace governance issues. From the point of view of harm, low to high behavior includes cyber vandalism, cyber espionage and cybercrime, denial of service, cyber attacks and large-scale cyber attacks. The first three categories already exist, and network attacks and large-scale network attacks have not yet occurred, although it is the most concern, but also the most likely to lead to network conflict behavior. Because cyber attacks and large-scale cyber attacks are targeted at key infrastructure, it can lead to serious social unrest in the attacked countries. Thus, such acts are almost intolerable and can cause reprisals by the injured State. For the first three categories of relatively light sabotage, the parties can be resolved through consultation and cooperation; for possible serious consequences of network attacks and large-scale attacks, countries should be through consultation to achieve a clear ban on such acts of cyberspace international code of conduct The (B) to cultivate the concept of cooperation in cyberspace “attack side overwhelming” reality makes cyberspace deterrence difficult to achieve, which will encourage the network intruder from another direction, eventually leading to network arms race. On the surface, the attack can bring some benefits and produce a sense of security, but the consequences will be cyberspace behavior between the competition, mutual hostility. Therefore, in the Internet, open network space is impossible to obtain absolute security. <A I = 42> On the contrary, if the defensive side is dominant, the behavior is more inclined to cooperate. Any threatened intrusion is carried out on the basis of successful defensive measures. Therefore, to enhance the defense capacity in order to obtain positive and lasting security. This requires the establishment of two types of mechanisms: one is the early warning mechanism, so that the attacked countries can early detection and take the necessary preventive measures. From the “network virus” attacks can be seen in the case, the virus invasion must bypass the victim’s security firewall. If you take a security defense measures, “earthquake network virus” is unable to implement the damage. Second, the information sharing mechanism, the parties to coordinate and cooperate with each other will help to achieve common security. This first requires the sharing of information between countries, which can increase mutual trust, is conducive to pragmatic and effective cooperation to achieve mutually beneficial win-win goal. Second, the sharing of information between government and private enterprises is also necessary. In many cases, the country’s infrastructure is operated by private enterprises, but there are obvious shortcomings in the information and intelligence collection channels, quantity and quality compared with the country. Third, in the network space conflict management should also focus on cultivating the “humanitarian” spirit, in the physical space to attack the party has the obligation to minimize the harm of civilians. Any country with strong technical capacity must also consider minimizing civilian damage when using cyber weapons. Some scholars even believe that the degree of damage caused by network weapons should be limited to less than a bomb damage. [33] (c) the establishment of conflict governance mechanism The international community has been advocating the creation of international mechanisms for conflict resolution, its purpose is through the policy coordination between countries, on the basis of consensus on the formation of network conflict management mechanism, and gradually establish cyberspace International order, and thus cultivate a global network of space management culture. [34] The international community attaches great importance to the inconceivable destructive power and influence of cyber space conflicts. In practice, attempts are made to bilateral and multilateral cooperation and have achieved some results, which can provide the necessary reference for the construction of global cyberspace governance mechanism. As the most influential intergovernmental organization, the United Nations should play a leading role in the governance of cyberspace conflict. The United Nations cyberspace conflict management mechanism is not widely represented and is not universally recognized by the international community. As early as 2006, the United Nations set up an open Internet Governance Forum (Internet Governance Forum, IGF). [35] As of 2014, the Internet Governance Forum has been held for nine consecutive sessions. In April 2015, the United Nations launched a dialogue with Russia on the International Convention on Cybercrime, but there was no consensus on the serious differences between developed countries and developed countries and organizations such as the United States, Canada and the European Union. This shows that countries have opened the door to dialogue for a global agreement. [36] As a specialized agency of the United Nations, the International Telecommunication Union (ITU) has also played an important role, actively advocating the “stakeholder” (stakeholder) concept, called on countries around the world to participate in the process of safeguarding the international community network security. The exploration and attempt of the international community shows that cyberspace governance itself is part of global governance. Every country faces the threat of cyber attacks, network conflicts and even cyber warfare. Participation in multilateral cooperation is the best choice for all countries to safeguard their own interests. At the same time, regional international organizations are also exploring new models of cyberspace governance. The 7th SCO Council of the Shanghai Cooperation Organization (SCO), held in 2007, proposed the Action Plan for information security, emphasizing the state’s control over the network system and information content. At the beginning of 2008, NATO convened an emergency meeting of the North Atlantic Council for the Estonian incident and introduced a cyber-defense policy, which for the first time established cyber security issues as the content of its collective defense obligations. NATO claims that if its member countries are subjected to catastrophic cyber attacks, the new cybersecurity policy will provide an effective counterattack tool. In April, NATO Cyber ​​Defense Management Authority (CDMA) was established to form a unified deployment of allied network action capabilities. In May, the Cooperative Cyber ​​Defense Center of Excellence, CCS COE) was formally established in Tallinn to strengthen the comprehensive capabilities of NATO’s network defense, and the establishment of the two institutions became a symbol of NATO’s network defense. [37] NATO officials also expressed their intention to cooperate safely with cyberspace in South Korea and other East Asian countries. In the current global governance mechanism, the success of cyberspace conflict management is the Mutual Legal Assistance Treaties (MLATs). It is aimed at nationally recognized cybercrime, which stipulates that participating countries share information, evidence and other forms of cooperation. The treaty is mainly applicable to the use of the network system to implement the crime. The Council of Europe Convention on Cybercrime (CEC) was signed by the Council of Europe in 2001 to define and punish the deterrence of cybercrime. The Cybercrime Convention is the most important multilateral cooperation agreement against cyber attacks and the world’s first international convention against cybercrime, which will have a significant impact on the legislation of many countries. Some scholars have suggested that international justice cooperation in the fight against cybercrime be carried out in accordance with the Convention. [38] Joseph Chennai believes that restricting all cybercrime is impossible, but it can be done from combating cybercrime and cyber-terrorism, and the great powers have many common interests on these issues. [39] Whether it is the United Nations or other regional international organizations, through their own practice to explore the global model of cyberspace governance. These practices will greatly enrich the theoretical basis and practical experience of cyberspace conflict management, which is of great significance to promote the international community to construct the relevant governance mechanism. The ultimate goal of cyberspace conflict management is to break through the differences of ideas, on the basis of common interests, to achieve beyond the borders, areas, levels of all-round, three-dimensional cooperation, and ultimately clean up the network space, to good governance. This process may take a long time and requires the joint efforts of the international community. China’s role and contribution in cyberspace conflict management According to China’s Internet Center (CNNIC) released the 36th “China Network Development Statistics Report” shows that by June 2015, the number of Internet users in China has reached 668 million, the Internet Penetration rate of 48%. 4%. This shows that China is already the largest number of Internet users in the country, but also shows that the Chinese people’s production and life, economic growth and innovation are closely related with the network, China has become a veritable global network power. As a global power, China has always positioned itself as a participant, builder and practitioner in cyberspace security governance. China’s national strategy is to develop from a network of major powers as a network power, and to promote the development of balanced development, sound rules and reasonable order of the global network space and make unremitting efforts. As the largest developing country, China has long been committed to the struggle for the vast number of developing countries, and actively participate in the construction of peace, security, openness and cooperation of cyberspace, and promote the establishment of multilateral, democratic and transparent global Internet governance system. At the same time, the Chinese government has put forward the principle of network governance with Chinese characteristics on the basis of the existing experience of governance, such as the rule of law, the order priority and the positive integration, which is similar to those of China. Furniture has important reference value and reference significance. [41] In September 2015, when the Chinese President visited the United States, he said in a written interview with The Wall Street Journal that China was a strong defender of cybersecurity. On the one hand, China will strengthen cooperation with the United States, the European Union, Russia, through the establishment of bilateral and multilateral cooperation mechanism to increase mutual trust, and is committed to building network security code of conduct. On the other hand, China will be more active in cyberspace global governance, and strive to incorporate the concept of safeguarding network sovereignty, network fairness and pragmatic cooperation advocated by China into cyberspace international standards. At the same time, China will also fulfill its commitments to actively promote the construction of cyberspace global order. In addition, China is working on the development of national network security for the relevant legal norms. In June 2015, the National People’s Congress for the first time considered the “People’s Republic of China Network Security Law (Draft)”. Article 5 of the General Regulations clearly states that “China will actively strengthen international exchanges and cooperation in the areas of cyberspace governance, network technology research and development and standard setting, and crack down on crimes against the Internet, and promote the construction of peaceful, safe, open and cooperative cyberspace. [42] This shows that China is committed to the law through the definition of network security, safeguarding network sovereignty, standardize network behavior, promote international cooperation in cyberspace. At the same time, China is also actively advocated in cyberspace governance to play the leading role of the United Nations. In 2011, China and Russia jointly submitted the International Code of Conduct for Information Security to the 66th Session of the General Assembly, put forward a series of basic principles of national conduct on the maintenance of information and cybersecurity, and called on countries to carry out further discussions within the framework of the United Nations. [43] In June 2013, China and the United States and other 15 countries in the United Nations network security dialogue, clearly advocated the “United Nations Charter” applies to cyberspace. [44] In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. The focus will include advancing national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. The focus will include advancing national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation.

 

Original Mandarin Chinese:

簡介
網絡空間安全治理問題正日益引起國際社會的普遍關注;其中,網絡空間衝突治理問題更是備受關注。與現實的物理空間衝突相比,網絡空間衝突具有行為體多元化、進攻手段快速更新、衝突後果不可預知等新特點。這導致網絡空間衝突治理面臨認知分歧嚴重、規範難以有效管轄、威懾無效和“結構性難題”等現實挑戰。因而,網絡空間衝突治理需要轉變治理理念,通過國家間務實合作,整合各方優勢資源,構建網絡空間全球治理機制,並培育合作、共享的治理文化。作為全球網絡大國,中國一直以來都積極倡導建立多邊、民主、透明的全球治理體系。同時中國將在創新治理理念,彌合數字鴻溝,開展雙邊、多邊國際合作等方面,為構建網絡空間國際規則和全球網絡治理機製作出積極貢獻。
正文
隨著網絡信息技術在全球範圍內的廣泛應用和快速發展,網絡與國家安全的關係日趨緊密且受到各國高度重視。在安全議題中,最引人關注的是網絡空間衝突。網絡空間被軍事戰略學家和未來學家稱為“下一個戰爭空間”(next battlespace)。各國政府在網絡空間中的首要目標是確保本國的核心利益不受損害,保障國民免受網絡襲擊的侵擾。但現實情況是絕大多數網絡襲擊並非由政府直接發動和實施,而是由非國家行為體直接策劃操作。而且,發動網絡襲擊的成本低廉、行動隱蔽,且能引發嚴重後果。這也造成網絡空間容易爆發衝突甚至網絡戰爭(cyber warfare)。一旦網絡空間發生衝突或戰爭,其規模和影響範圍將難以估量。網絡空間衝突也可能導致國家間在現實世界中的直接敵對與衝突。此外,由於缺乏必要的國際法律管轄與規範,網絡空間衝突治理也面臨著嚴峻挑戰。有效控製網絡空間衝突的烈度,制定網絡空間國家行為準則,將是國際社會探索網絡空間衝突治理的新課題。

一、網絡空間衝突的變化與挑戰

網絡空間衝突源於行為體對網絡威脅的感知和由此作出的反應。網絡威脅大致可分為兩類:一類被稱為網絡襲擊,是指蓄意破壞網絡系統的行為;另一類被稱為網絡牟利(cyber exploitation),即利用網絡基礎設施來達到非法目的,但不會對網絡系統本身造成傷害的行為。 [①] 網絡襲擊針對的目標是國家和非國家行為體,包括主權國家、組織和個人,既可以破壞軟硬件和計算機的其他方面,也可以通過非法入侵計算機操作系統,運用不正當的手段獲取信息或實施遠程控制。網絡襲擊可能引發網絡衝突,而網絡衝突又可能升級為網絡戰爭。網絡戰爭一般是指一個民族國家為滲入另一個國家的計算機或網絡所進行的破壞和擾亂行為。 [②] 網絡戰爭可能嚴重危害國家的政治、經濟和社會安全與穩定,是網絡衝突的最高形式。
網絡信息技術所具備的即時性、便捷性、廉價性特質,使衝突和戰爭變得易於操作和實施。網絡信息技術使傳統的衝突與戰爭發生了顛覆性變革。只要有一台聯網的計算機,少數人就可以實施網絡攻擊,發動一場沒有硝煙的小規模戰爭。網絡空間的武器開發成本極低,只要有一兩台計算機,且能夠實現網絡連接,再配備幾名高水平的黑客,就足以製造極具殺傷力的網絡武器。 [③] 因此,互聯網對國家安全的影響都將是全面的、徹底的和前所未有的。網絡信息技術源自通訊技術的不斷創新與發展。即時通訊技術的出現和不斷更新,提升了戰場上的政治決策效率。網絡信息技術對於武器技術的革新具有重要推動作用,尤其是在核武器時代,計算機技術使核武器更加精準、可靠和高速。冷戰時期,美、蘇兩國十分重視發展信息處理技術。隨著計算機技術的全面發展,美國率先提出了“信息戰理念”(information warfare doctrine),也就是利用信息技術力量,在策略和手段方面超越對手。西方學者表示,目前國際社會最大的隱患不再是大規模殺傷性武器,而是大規模破壞性武器(weapons of mass disruption)。 [④] 在技術突破之外,網絡空間衝突與戰爭更深刻的變革體現在行為主體、攻擊手段和衝突後果等方面。
(一)行為主體日益多元化
網絡空間為非國家行為體提供了更加廣闊的活動平台,使其可以超越領土和主權的限制,在現實和虛擬世界發揮更大的作用。傳統的衝突與戰爭發生在不同群體之間,一般被實力強大的國家所壟斷,而單獨個體難於發動對群體的攻擊。網絡信息技術極度放大了相對弱小行為體的力量。借助於網絡信息平台,小國可以向霸權國發起挑戰,規模小的群體可以向實力強大的主權國家發動襲擊,個人也可以發動對群體的攻擊。美國一直以來都將朝鮮視為網絡空間中的威脅。據美國福克斯新聞網透露,2010年年初的報告顯示,朝鮮已經培訓了數千名頂級的計算機專業學生成為出色的“網絡戰士”(cyber warrior),其行動目標鎖定為美國和韓國。 [⑤] 近年來,恐怖主義也藉助網絡載體和信息工具獲得了“新生”。基地組織利用互聯網技術宣傳其極端理念,並利用網絡平台實施成員招募、在線培訓、資金募集、遠程指揮等活動。可以說,網絡空間的隱蔽性和開放性特徵加大了國際社會防範和打擊恐怖主義的難度。 [⑥] 2008年,波蘭一名14歲少年通過入侵並控制洛茲市(Lodz)的有軌電車系統,從而引發混亂,導致4輛電車脫軌,12人受傷,所幸事故未造成人員死亡。 [⑦] 對於日益多元化的網絡襲擊者,美國戰略司令部司令凱文·希爾頓(Gen. Kevin P. Chilton)曾形像地認為,“我們的敵人范圍,不僅包括令人厭煩的年輕黑客,也包括犯罪組織,還涉及國家行為體”。 [⑧]
(二)攻擊手段不斷更新
互聯網發展的初衷是便於信息的有效流動,實現資源共享、互聯互通。開放的環境往往會給安全防禦帶來更多風險和挑戰,網絡空間中因而出現了“攻守不平衡”問題。這種結構上的不平衡會激發網絡惡意攻擊,從而降低對威懾和有效防禦的信心。 [⑨] 網絡空間中的簡單靜態防禦(static defenses),即被動防禦,是指最多被強大的黑客視為一個新挑戰或待解決的問題。 [⑩] 技術嫻熟的網絡襲擊者能夠輕鬆找到網絡漏洞並成功繞開安全防禦軟件。與傳統的衝突相比,網絡空間中的襲擊者處於隱蔽處,並專門攻擊目標的薄弱環節。在“攻方壓倒守方”的背景下,網絡進攻性武器變得十分普遍。一般的網絡進攻武器,包括計算機病毒、惡意軟件、邏輯炸彈(logic bomb)、拒絕式服務(denial of service)等。低端網絡武器的目標只是簡單的竊取信息、獲取密碼、修改程序等,一般不會產生重大危害。相比較而言,高端網絡武器能夠造成數據和關鍵設施的中斷或嚴重受損。一系列的網絡攻擊能夠演變為重大突發事件,在一段時期內中斷關鍵服務,包括破壞軍事指揮或信息系統,關閉電力供應或石油管道,停止金融服務等。 2008年,美國國防部儲存加密軍事信息的電腦網絡就曾感染惡意代碼。惡意代碼在未被察覺的情況下擴散到加密和未加密文件系統。雖然被及時發現,但美國軍方對此十分恐慌,認為此類事件可能會使其軍事機密文件被上傳給國外情報機構,甚至是未知的敵對勢力,後果將不堪設想。 [11]
複雜高端的惡意代碼具有很強的自我偽裝能力,很難被發現,往往是在已經造成嚴重傷害後才會被發現。 2010年,伊朗核設施受到“震網病毒”(Stuxnet)的攻擊,使伊朗納坦茲鈾濃縮工廠的1 000多台IR-1型離心機由於非正常運轉並遭到破壞而不得不更換。事實表明,“震網病毒”的攻擊目標非常精確或單一,即德國西門子公司控制系統(SIMATIC WinCC)。這是一款數據採集與監視控制(SCADA)系統,被伊朗廣泛使用於國防基礎工業設施。 “震網病毒”在入侵一台電腦後,就會自動尋找西門子軟件,確認找到軟件後,這種病毒會在無人察覺的狀態下控制工業用的電腦系統,並控制電腦軟件對工廠其他電腦發出既定指令。網絡安全專家認為,“震網病毒”是第一個以物理世界基礎設施為攻擊目標的“精確制導”蠕蟲病毒。 [12] 作為第一個披露“震網病毒”的德國著名網絡安全問題專家,拉爾夫·朗納(Ralph Langner)經過系統分析,認為“震網病毒”的結構比想像中的還要復雜,包含兩個不同的“數字彈頭”(digital warhead),分別針對不同的進攻目標,鈾濃縮設施和布什爾核電站的外部渦輪機。他認為第二個彈頭的威力相當於對布什爾核電站進行一次精確的空中打擊。 [13] 美國信息安全問題專家凱文·克萊曼(Kevin Coleman)2010年在美國國防科技網上發表的文章認為,網絡襲擊的數量將會急劇升級。為支持這一論斷,他提到2009年惡意軟件的數量達到了此前20年來的最高水平,多份報告顯示超過2 500萬個惡意軟件被確認,而且這種增長趨勢還將繼續。 [14]
通過以上事例,不難看出網絡空間中的進攻武器技術含量高且具有極強的針對性。這樣的武器比常規武器更隱蔽、更精準、更具進攻性和破壞性。與此同時,網絡進攻性武器不能重複使用,必須不斷升級換代。美國著名智庫蘭德公司的數字戰專家馬丁·利比奇(Matin Libici)認為,一旦有人了解了網絡戰武器的工作原理,它就不再是一種武器了。最好的武器是敵人所不知,但自己卻已擁有的。 [15]
(三)衝突後果不可預知
傳統衝突中的對手是清晰可見的,衝突的結果也是可以預測的。在網絡空間的衝突中,進攻武器一旦發揮威力,所造成的破壞規模和影響力一般都會不斷地複制和散播,很難像傳統衝突那樣能夠得到有效控制。更為嚴重的是,網絡襲擊會給社會帶來嚴重恐慌,其後果比傳統戰爭更為嚴重。現代社會中的各類基礎設施都是由計算機和互聯網系統控制,一旦網絡襲擊波及水、電、金融控制系統,帶來的損失將是無法估量的,甚至可能造成嚴重的社會動盪。美國學者設想了網絡攻擊可能引發的嚴重後果:沒有航空控制系統或者機場安監系統,沒有電子管控的鐵路交通,沒有依賴電子計算機日夜投遞的包裹或郵件,沒有雇主通過支付軟件支付工人工資的電子支票,沒有電子取款記錄,沒有自動取款機,醫院或者健康中心沒有可信賴的數字記錄,沒有電力導致沒有燈光,沒有熱力,沒有加油系統或者燃料、汽油,沒有交通信號燈,沒有電話,沒有網絡服務,沒有警察有效的治安管理,這一系列問題將使美國社會陷入短時癱瘓。 [16] 據美國中央情報局透露的發生在2007年針對美國公用電力網的多起網絡襲擊事件表明,由於擔心會造成嚴重的社會恐慌,電力公司的負責人甚至不願談及這些事件的風險。
此外,網絡空間的開放性特徵使網絡襲擊一旦發生,其影響範圍將具有擴散性。 2013年4月,黑客竊取了美聯社的推特賬號,發布了美國總統奧巴馬在白宮的一次爆炸中受傷的虛假消息。幾分鐘後,美聯社官方使用另一個推特賬號聲明之前的賬戶已被盜。白宮發言人也通過廣播澄清奧巴馬總統沒有受傷。但已有很多人看到了被盜推特賬號發布的消息,該事件導致道瓊斯工業指數和S&P500指數雙雙下挫,之後兩個交易指數又快速反彈。據稱美聯社的推特賬號有200萬受眾,其發布的即時消息影響力十分巨大。 [17] 這一事件也給美國政府敲響了警鐘,一起簡單的賬戶被盜事件很可能引發一場金融恐慌,從而嚴重擾亂社會秩序。
網絡衝突治理的上述新特點產生了嚴重的後果。行為體的多樣性使人們很難在短時間內轉變觀念,克服認知差異與分歧;網絡攻擊手段的不斷革新使國際法律制度和威懾很難發揮作用;而後果的難以預測則加重了國家間的相互猜疑。這些因素將嚴重阻礙網絡空間衝突治理機制的形成並發揮作用。

二、網絡空間衝突治理機制的困境

網絡空間衝突與傳統意義上的國際衝突有很大差異。現行全球治理機制的主要行為體是主權國家,它們在對傳統武裝衝突理解和認知的基礎上提出一系列管控規則。但在網絡空間中,對非國家行為體的行為進行有效規範在法律和道德方面是一個空白。而“結構性困境”等現實問題也加劇了網絡空間衝突治理的難度。
(一)認知分歧阻礙有效治理
當前,各國對網絡安全核心概念的理解以及對網絡安全事件的歸因(attribution)和認定都存在深刻分歧。例如,美、英、日、德、法和歐盟等都制定了網絡安全戰略,通過對比可以發現,各方對“網絡空間”、“網絡安全”、“網絡戰爭”等核心概念的界定存在明顯差別。 [18] 在網絡空間中,如何確定一些行為已經違反了國際法基本準則,並可以實施武力打擊?個人和組織是否可以成為國家發動網絡進攻的目標?如何界定網絡空間的國家主權?對

注释:

[①] Abraham D. Sofaer, David Clark, Whitfield Diffie, “Cyber Security and International Agreements,” in Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, Washington, D.C.: The National Academies Press, 2010, pp. 179-180.
[②] Richard A. Clarke and Robert Knake, Cyber War: The Next Threat to National Security and What to Do about It, New York: Harper Collins, 2010, p. 10.
[③] 樊高月、赵力昌主编:《不流血的战争:网络攻防经典之战》,解放军出版社2014年版,第117页。
[④] Craig B. Greathouse, “Cyber War and Strategic Thought: Do the Classic Theorists Still Matter?” in Jan-Frederik Kremer and Benedikt Muller, eds, Cyberspace and International Relations: Theory, Prospects and Challenges, Verlag Berlin and Heidelberg: Spinger, 2014, p. 23.
[⑤] Kelley Beaucar Vlahos, “Special Report: The Cyberwar Threat from North Korea,” Fox News, February 14, 2014, http://www.foxnews.com/tech/2014/02/14/cyberwar-experts-question– north-korea-cyber-capabilities.
[⑥] 丛培影、黄日涵:《网络恐怖主义对国家安全的新挑战》,载《江南社会学院学报》2012年第2期,第2页。
[⑦] John Leyden, “Polish Teen Derails Tram after Hacking Train Network,” The Register, January 11, 2008, http://www.theregister.co.uk/2008/01/11/tram_hack/.
[⑧] Kelvin P. Chilton, “Cyberspace Leadership Towards New Culture, Conduct and Capabilities,” Air & Space Power Journal, Fall 2009, p. 7.
[⑨] Kenneth Lieberthal and Peter W. Singer, “Cybersecurity and U.S.-China Relations,” Brookings Institution, February 23, 2012, http://www.brookings.edu/~/media/research/files/papers/ 2012/2/23 cybersecurity china us singer lieberthal/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf.
[⑩] Erik M. Mudrinich, “Cyber 3.0: The Department of Defense Strategy for Operating in Cyberspace and Attribution Problem,” The Air Force Law Review, Vol. 68, p. 181.
[11] William J. Lynn, “Defending a New Domain: The Pentagon’s Cyber Strategy,” Foreign Affairs, September/October 2010, Vol. 89, No. 5, p. 97.
[12] 樊高月、赵力昌主编:《不流血的战争:网络攻防经典之战》,第123页。
[13] Jerusalem Post, “Stuxnet Specifically Targeted Iranian Nuclear Program,” The Jerusalem Post, November 20, 2010, http://www.jpost.com/Iranian-Threat/News/Stuxnet-specifically– targeted-Iranian-nuclear-program.
[14] Paul A. Matus, “Strategic Impact of Cyber Warfare Rules for the United States,” Homeland Security Digital Library, March 23, 2010, http://www.handle.dtic.mil/100.2/ADA522001.
[15] 《源代码之战》,载《国际金融报》2011年8月1日,第4版,http://paper.people.com.cn/ gjjrb/html/2011-08/01/content_885812.htm?div=-1。
[16] Michael J. Glennon, “State-level Cybersecurity,” Policy Review, February/March, 2012, p. 85.
[17] “Hacked AP Twitter Account Sends Dow Jones Down,” Southern California Public Radio, April 24, 2013, http://www.scpr.org/programs/airtalk/2013/04/23/31465/hacked-ap-twitter-account -sends-dow-jones-down/.
[18] 蒋丽、张晓兰、徐飞彪:《国际网络安全合作的困境与出路》,载《现代国际关系》2013年第9期,第56页。
[19] Yoram Dinstein, “Cyber War and International Law: Concluding Remarks at the 2012 Naval War College International Law Conference,” International Law Studies, Vol. 89, 2013, p. 284.
[20] Duncan B. Hollis, “Why States Need an International Law for Information Operations,” Lewis & Clark Law Review, Vol. 11, No. 4, 2007, pp. 1023-1024.
[21] Scott W. Beidleman, “Defining and Deterring Cyber War,” Military Technology, Vol. 11, 2011, p. 60.
[22] 顾德欣编:《战争法概论》,国防大学出版社1991年版,第9页。
[23] William Lynn, “Cyber Security,” Speech at the Center for Strategic and International Studies, June 15, 2009.
[24] “Fact Sheet: U.S.-EU Cyber Cooperation,” The White House Office of the Press Secretary, March 26, 2014, https://www.whitehouse.gov/the-press-office/2014/03/26/fact-sheet-us-eu-cyber– cooperation.
[25] “Fact Sheet: U.S.-United Kingdom Cybersecurity Cooperation,” The White House Office of the Press Secretary, January 16, 2015, https://www.whitehouse.gov/the-press-office/2015/01/16/ fact-sheet-us-united-kingdom-cybersecurity-cooperation.
[26] Franz-Stefan Gady, “Japan and the United States to Deepen Cybersecurity Cooperation,” The Diplomat, June 2, 2015, http://thediplomat.com/2015/06/japan-and-the-united-states-to– deepen-cybersecurity-cooperation.
[27]“China, Russia to Sign Information Security Pact: Report,” The Brics Post, October 21, 2014, http://thebricspost.com/china-russia-to-sign-information-security-pact-report/#.Vg4sYi-hdMs.
[28] 复旦国务智库编:《增量改进——全球治理体系的改进和升级》,复旦全球治理报告2014,复旦大学国际关系与公共事务学院,2014年,http://www.sirpa.fudan.edu.cn/_upload/arti cle/8e/7e/f72c6ae04f998c052fe4230493c5/b3ef8190-df38-40fb-829f-1a0c6f6f49a5.pdf,第36页。
[29] Salma Shaheen: “Offense-Defense Balance in Cyber Warfare,” in Jan-Frederik Kremer and Benedikt Muller, eds., Cyberspace and International Relations, Berlin: Springer, 2014, p. 91.
[30] Jon R. Lindsay: “The Impact of China on Cybersecurity,” International Security, Vol. 39, No. 3, 2014, p. 27.
[31] 《俄联邦委员会拟利用“白色黑客”应对网络攻击》,人民网,2014年1月26日,http://world.people.com.cn/n/2014/0126/c157278-24226902.html
[32] “The Chinese Cyber Threat: Challenges and Solutions,” AEI, July 22, 2015, http://www.aei.org/events/the-chinese-cyber-threat-challenges-and-sollutions/.
[33] “Cyber Security and International Law,” Chatham House, May 29, 2012, https://www. chathamhouse.org/sites/files/chathamhouse/public/Research/International Law/290512summary.pdf.
[34] 黄日涵:《网络战山雨欲来 安全困境亟须破局》,载《中国社会科学报》2014年12月10日,第B02版。
[35] 《联合国互联网治理论坛(IGF)简介》,国家工信部网站,2008年2月21日,http://www.miit.gov.cn/n11293472/n11295361/n11296722/11642344.html
[36] Mark Ballard, “UN Rejects International Cybercrime Treaty,” ComputerWeekly.com, April 20, 2010, http://www.computerweekly.com/news/1280092617/UN-rejects-international-cyber crime-treaty.
[37] 毛雨:《北约网络安全战略及其启示》,载《国际安全研究》2014年第4期,第112页。
[38] 王孔祥:《网络安全的国际合作机制探析》,载《国际论坛》2013年第5期,第4页。
[39] Joseph S. Nye, Jr, “From Bombs to Bytes: Can Our Nuclear History Inform Our Cyber Future?” Bulletin of the Atomic Scientists, 2013, Vol. 69, No. 5, p. 13.
[40] 《共同构建和平、安全、开放、合作的网络空间  建立多边、民主、透明的国际互联网治理体系》,人民网,2014年11月20日,http://politics.people.com.cn/n/2014/1120/c1024– 26057363.html。
[41] 丛培影、黄日涵:《中国网络治理模式的世界意义》,光明网,2014年12月15日,http://theory.gmw.cn/2015-12/15/content_18098761.htm
[42] 《中华人民共和国网络安全法(草案)》,中国人大网,2015年7月6日,http://www.npc. gov.cn/npc/xinwen/lfgz/flca/2015-07/06/content_1940614.htm。
[43] 《中俄等国向联合国提交“信息安全国际行为准则”文件》,新华网,2011年9月13日,http://news.xinhuanet.com/2011-09/13/c_122022390.htm
[44] Patrick Goodenough, “U.S., China Among 15 Countries Agreeing U.N. Charter Applies in Cyberspace,” CNS News, June 10, 2013, http://cnsnews.com/news/article/us-china-among-15– countries-agreeing-un-charter-applies-cyberspace.
[45] 《习近平在第二届世界互联网大会开幕式上的讲话》,新华网,2015年12月17日,http://news.xinhuanet.com/zgjx/2015-12/17/c_134925295.htm