Category Archives: Uncategorized

Anxious US Military Worried about China’s Information Warfare // 焦急美國軍方擔心中國信息戰

Anxious US Military Worried about China’s Information Warfare // 焦急美國軍方擔心中國信息戰

In the past few years, the Chinese military and folk experts have set off a wave of research information warfare. After reading their works, it is not difficult to find that China’s information warfare theory research has several obvious characteristics: First, China is eager to develop its own information warfare theory, which is related to its judgment on its own security threats; secondly, China’s information War theory is deeply influenced by its traditional military command art. Both the ancient “Sun Tzu’s Art of War” and “Thirty-six”, or Mao Zedong’s people’s war thoughts have deeply imprinted in the information warfare theory; third, China’s cognition and classification of information warfare is obviously different. In the United States, the originator of information warfare, the United States, although similar to Russia’s information warfare theory, is only similar and God is not.

Wei Wei Zhao

The advent of the information age has prompted people to rethink the way war is carried out. China is aware that its conventional armed forces are far less powerful than superpowers. In the near future, neither conventional forces nor nuclear weapons can pose a powerful deterrent to the United States. However, the ambitious Eastern Dragon believes that with the advent of the information age, there will be new changes in the form of war, military structure, methods of warfare and command means, and information will replace people in the future battlefield. As long as the focus of strategic research is placed on the warfare of information warfare and grasping the trend of the times, it is not difficult to shorten the distance and further gain a leading position.

In ancient China, there was a military book called “Thirty-six Meters”. One of them, “Wei Wei Zhao”, pointed out that if the enemy’s positive power is too strong, it should be avoided and it should be weak. The Chinese are used for the present, applying this strategy to the current struggle between countries – if you can’t launch a direct attack (nuclear strike), then fight information warfare, weak financial, electricity, etc.

The network system starts. Although conventional armed forces cannot compete with the United States, China’s information warfare forces theoretically threaten the political and economic security of the United States. Americans cannot afford the instant of the New York Stock Exchange and the NASDAQ stock exchange. collapse. The global accessibility of information warfare and the spread of light speed are characteristics that nuclear war does not have. What Chinese want is to defeat opponents with the speed, accuracy and continuity of information warfare.

The power of information warfare can make up for the shortcomings of conventional armed forces. The establishment of various battlefield information networks can not only improve the management level of traditional warfare, enhance the overall combat effectiveness of the troops, but also compensate for the shortage of conventional forces to a certain extent. In the eyes of the Chinese, the information warfare seems to be more powerful, and it is the force multiplier of the conventional armed forces.

Information war think tank

In 1996, Shen Weiguang, the earliest expert on information warfare in China, defined the information warfare as: “The warring parties fight for the battlefield initiative by controlling information and intelligence resources.” and the United States “protecting the friendly information system and attacking enemy information.” Compared with the definition of “system”, Shen Weiguang emphasizes “controlling” the enemy.

In 1998, the Chinese military information warfare authority Wang saves the classification of information warfare: divided into normal time, crisis time, war time according to time; divided into attack and defense according to nature; divided into country, strategy, theater, tactic according to level According to the scale, it is divided into battlefield, theater, and local war. The characteristics of information warfare include command and control warfare, intelligence warfare, electronic warfare, psychological warfare, space control warfare, hacker warfare, virtual warfare, and economic warfare. In principle, information warfare measures such as cutting off, blinding, transparent, rapid, and improving viability. General Wang’s understanding of information warfare is closer to that of the West, and he focuses on the confrontation of advanced technology.

In 1999, Chinese experts launched a big discussion on information warfare. At this time, Shen Weiguang expanded the scope of information warfare. He believes that “information warfare, broadly refers to the war against the information space and the competition for information resources in the military (including political, economic, scientific, and social fields), narrowly refers to war. The confrontation between the two parties in the field of information. It is one of the essential characteristics of modern warfare. The essence of information warfare is to achieve the ‘no war and defeat the soldiers’ by capturing the right to control the system.”

Major military expert Wang Pufeng, who is another information warfare expert in the military, has a deep understanding of information warfare. In 2000, he distinguished information warfare from information warfare. According to his explanation, information warfare refers to a form of warfare, which contains information warfare, and information warfare refers to a kind of warfare activity. He believes that “information warfare includes all combat activities, including a series of intrusion activities and computer virus attacks on enemy information and information systems, such as information theft, tampering, deletion, deception, disruption, blocking, interference, and shackles. The network is not working properly.” He advocates that China’s information warfare theory should have its own characteristics while drawing on foreign advanced combat thinking.

“Mao Network People’s War”

China’s perception of information warfare is very traditional. Many military theorists believe that the information age has given new meaning to Mao Zedong’s people’s war thoughts. Therefore, he advocates relying on and mobilizing the masses of the people to conduct online wars. It is conceivable that no matter which of the same family, playing online with 1.3 billion people is daunting.

The most important feature of the Mao Zedong-style cyber war theory is that it breaks the boundary between the military and the people. The traditional dividing line between military and civilian facilities, military technology and civil technology has been blurred. The sharing of information technology in military and civilian use has created conditions for the widespread use of civilian technology for military purposes. For example, private electronic information equipment can be used for intelligence interception and transmission. Civil communication networks can be used for war mobilization; private computers can be used for network attack and defense. Second, the difference between military and non-military personnel is gradually disappearing. With the development of network technology and the expansion of application fields, a large number of network technology talents stand out. These network elites with special abilities will become gladiators in the future network people’s war. At the same time, information networks such as communications, transportation, and financial systems and international networking have provided the necessary conditions for China to carry out the people’s war.

Today, the idea of ​​the people’s war has been established as the fundamental guiding principle of China’s network information warfare. A Chinese military author wrote: “The strategic and tactical principles of flexible maneuvering are still the soul of network information warfare. The broad masses of the people actively participate in the war, especially the technical support and online warfare, which is the mass base and strength to win the victory of the network information war. Source.”

The power of the Internet People’s War is so terrible. Perhaps we can understand why the Chinese are willing to reduce the size of their armed forces. Imagine that once the war breaks out, China can launch a large number of people to participate in the war, information engineers and civilians will be organized through the home. When computers attack the US network information system, why should we maintain a large-scale combat force?

Information war drill

In the past few years, China has conducted several major information warfare military exercises to test the information warfare theory. The first “special warfare” (information warfare) drill was conducted in October 1997. A group army in a military region was attacked by a virus designed to smash its system. The group used military anti-virus software to defend it. The drill was called “invasion and anti-invasion drills.” Ground logistics, medical and air force units were also used during the exercise.

In October 1998, China held a high-tech comprehensive exercise jointly conducted by the three major military regions. For the first time in the joint defense operations exercise, the “military information highway” was used. The information network system in the command automation system consists of digital, dialing, command network and secret channel. The other parts of the command automation system are subsystems for command operations, audio and graphics processing, control, and data encryption.

In October 1999, the PLA conducted the first battle-level computer online confrontation exercise between two group armies. Reconnaissance and anti-reconnaissance, interference and anti-interference, blockade and anti-blockade, air strikes and anti-air strikes. In the software environment, six types of operations such as resource sharing, operational command, situation display, auxiliary evaluation, signal transmission and intelligence warfare were carried out. The computer evaluation system performs data and quality analysis on the performance of both sides of the exercise.

In July 2000, a military region also conducted an online confrontation drill. The three training tasks related to this exercise are: organizing and planning campaigns, seizing air and information rights, implementing breakthroughs and counter-breakthroughs. More than 100 terminals were connected to the walkthrough.

Militia detachment

China’s people’s war has a complete system. Its overall development direction is “the combination of a capable standing army and a strong reserve force.” This national defense system is conducive to giving full play to the overall effectiveness of the people’s war and the advantages of “network tactics.”

China’s 1.5 million reserve forces are very keen on playing the online people’s war. In some areas, the PLA has compiled reserve forces into small information warfare units. For example, in Yichang City, Hubei Province, the military division organized 20 municipal departments (electricity, finance, television, medical, etc.) technical personnel to set up a reserve information warfare. The department has a network battle camp, an electronic war camp, an intelligence psychological war camp and 35 technical teams. The Ministry also established the first reserve information warfare training base in China that can accommodate 500 people.

Yichang is not the only area where the reserve and militia are trained in information warfare. In December 1999, a reserve and militia meeting was held in Xiamen, Fujian. In the subsequent exercises, the militia detachment with high-tech equipment carried out electronic countermeasures, cyber attacks and protection, and radar reconnaissance performances. The goal of the imaginary attack is an island that is surrounded, so it is easy for outsiders to think of Taiwan. Xiamen is a special economic zone that brings together a large number of high-tech talents, so it has the superior conditions for implementing information warfare.

In an exercise held by the Jinan Military Region, the Xi’an People’s Armed Forces Information Warfare Division played the blue party responsible for the attack. They developed 10 information warfare measures, including information mines, information reconnaissance, alteration of network information, release of information bombs, and dumping. Web spam, distribution of network flyers, information spoofing, dissemination of false information, organization of information defense, establishment of cyber espionage stations. It can be seen from these network information warfare methods that their research on network information warfare has been quite specific and in-depth.

Chinese military experts also suggest that militia organizations at all levels should set up network technology professional detachments. In order to facilitate command and coordination, the militia network technology professional detachment should implement grouping and vertical management in the province or region. The reserve forces participate in the “network attack and defense” and “network technology guarantee” in the future war, and their actions must be implemented and unified by the military organization.

Medium

The Chinese People’s Liberation Army has developed its own set of information warfare education methods. The steps are: first, teach the basic knowledge of network information warfare; secondly, improve the information warfare knowledge level by telling the advanced military thoughts of foreign troops; then improve the information warfare use skills, especially Electronic technology, psychological warfare techniques, and information offensive and defensive techniques; finally, through exercises, knowledge is translated into practical operational capabilities. In China, it is mainly the responsibility of the PLA Academy to train high-tech talents in information warfare:

The People’s Liberation Army Communication Command College is located in Wuhan. In 1998, the Institute published two books, Information Command and Control Science and Information Warfare Technology. These two books are the most important textbooks for information warfare education in China. The college enjoys a high reputation for its excellent information warfare tutorials, which analyze information warfare requirements at the strategic, operational, and tactical levels.

The People’s Liberation Army Information Engineering University, located in Zhengzhou, was formed by the merger of the former People’s Liberation Army Information Engineering College, Electronic Technology College and Surveying and Mapping College. The school’s current main research areas are information security, modern communication technology and space technology, and exploration in some cutting-edge disciplines, such as remote sensing information technology, satellite navigation and positioning technology, geographic information database technology.

The PLA University of Science and Technology, located in Nanjing, was formed by the merger of the former People’s Liberation Army Communication Engineering College, the Engineering Corps Engineering College, the Air Force Meteorological College and the General Staff No. 63 Research Institute. The school specializes in training military personnel in information warfare, command automation and other new disciplines. Nearly 400 experts and professors are engaged in information warfare theory and technology research at the university.

The National Defense Science and Technology University of the People’s Liberation Army is located in Changsha. The school is directly affiliated to the Central Military Commission. Has developed the famous “Galaxy” series supercomputer. During the Kosovo War between April and June 1999, nearly 60 senior officers gathered here to study high-tech wars.

The Naval Engineering University of the People’s Liberation Army, located in Wuhan, is the only institution in the Navy that studies information warfare. The purpose of the school’s research information warfare is to apply information technology to naval equipment so that the Chinese navy can adapt to information warfare.

in conclusion

What conclusions can we draw from China’s information warfare research? What lessons can the US military get from it?

First, Chinese military theorists have found a cheap and effective method of information warfare that gives China a position equal to that of the West in terms of strategic military and international status, thus enabling China to play a more important strategic role in the Asian region.

Second, China’s emphasis on new information warfare forces is extraordinary. Therefore, it is possible to develop various forms of information warfare forces, such as: network forces (independent units), “network warriors” raid units, information protection units, information units, electronic police and joint network people’s war organizations. Interestingly, in terms of current capabilities, Western countries, not China, have the ability to put these ideas into practice.

Third, China’s information warfare theory reflects the combination of Western and Chinese thoughts, and the influence of the former is getting weaker. Due to some common sources of military command art (Marxist dialectical thinking), China’s information warfare is more similar to Russia. However, by its very nature, China’s information warfare theory is different from Russia and the West. China’s information warfare theory emphasizes control, computerized warfare, cyber warfare, knowledge warfare, and information rights.

Fourth, in the field of information warfare, China has crossed several stages of technological development, and using the technology of the Quartet has not only saved time but also saved money. However, China does not fully emulate foreign countries, but adopts a creative information warfare strategy. But no matter what, China is a different information warfare force that is worthy of attention.

For the US military, studying China’s information warfare theory is not just to provide the military with several opinions. “Sun Tzu’s Art of War” said that “knowing that he knows, has won every battle.” From the perspective of foreign information warfare theory to analyze the information warfare capabilities of the United States, we can discover the fatal flaws of the US information warfare system.

As the Chinese say, the losers of information warfare are not necessarily technically backward, and those who lack the ability to direct art and strategy are most likely to be losers. It is time for the United States to reflect on its own information warfare and to study information warfare strategies and tactics. 

Original Mandarin Chinese:

在過去幾年裡,中國軍方與民間專家們掀起了研究信息戰的熱潮。閱讀他們的作品後不難發現,中國的信息戰理論研究具有幾個明顯的特徵:首先,中國正迫不及待地發展自己的信息戰理論,這與其對自身安全威脅的判斷有關;其次,中國的信息戰理論受其傳統軍事指揮藝術影響頗深。無論是古代的《孫子兵法》和《三十六計》,還是毛澤東的人民戰爭思想都在信息戰理論中打下了深深的烙印;第三,中國對信息戰的認知與分類,顯然不同於信息戰的開山鼻祖——美國,雖近似於俄國的信息戰理論,卻也只是形似而神不是。

圍魏救趙

信息時代的到來促使人們對戰爭的進行方式重新進行思索。中國意識到其常規武裝力量與超級大國相比實力懸殊,近期內無論是常規力量還是核武器,中國都無法對美國構成強大威懾。但是,雄心勃勃的東方巨龍認為:隨著信息時代的來臨,戰爭形態、軍隊結構、作戰方式和指揮手段都會有嶄新的變化,信息將取代人充斥於未來戰場。只要把戰略研究的著眼點放到信息戰這一戰爭形態上,把握時代發展潮流,就不難縮短距離,並進一步取得領先地位。

中國古代有部兵書叫《三十六計》,其中的一計“圍魏救趙”就指出,如果敵人正面力量過於強大,應當避實就虛,擊其薄弱之處。中國人古為今用,把這個計謀應用到當前國家間鬥爭——如果你不能發動直接攻擊(核打擊),那就打信息戰,向西方薄弱的金融、電力等

網絡系統下手。常規武裝力量雖然無法與美國抗衡,然而,中國的信息戰部隊在理論上卻實實在在威脅到美國的政治及經濟安全,美國人無法承受紐約股票交易所和納斯達克股票交易所在瞬間崩潰。信息戰的全球可及性、光速傳播性是核戰爭所不具有的特性,中國人要的就是以信息戰的速度、準確性和持續性擊敗對手。

信息戰力量可彌補常規武裝力量的不足。各種戰場信息網絡的建立,不僅可以提高對傳統戰爭的管理水平,增強部隊的整體戰鬥力,還可以在一定程度上彌補常規力量的不足。在中國人眼中,信息戰好似如虎添翼,是常規武裝部隊的力量倍增器。

信息戰智囊

1996年,中國最早提出信息戰的專家沈偉光給信息戰下的定義是:“交戰雙方通過控制信息與情報資源來爭奪戰場主動權的戰爭。”與美國“保護友方信息系統,攻擊敵方信息系統”的定義相比,沈偉光更強調“控制”敵人。

1998年,中國軍方信息戰權威王保存少將對信息戰進行了分類:按時間分為平時、危機時、戰時;按性質分為進攻、防禦;按層次分為國家、戰略、戰區、戰術;按規模分為戰場、戰區、局部戰爭。信息戰表現的特徵包括指揮與控制戰、情報戰、電子戰、心理戰、空間控制戰、黑客戰、虛擬戰、經濟戰等方面的較量。信息戰原則上採取切斷、蒙蔽、透明、快速和提高生存力等措施。王將軍對信息戰的認識與西方較為接近,都把重點放在先進技術的對抗上。

1999年,中國專家對信息戰展開了大討論。沈偉光此時把信息戰的範圍擴大,他認為“信息戰,廣義地指對壘的軍事(也包括政治、經濟、科技及社會一切領域)集團搶占信息空間和爭奪信息資源的戰爭,狹義地指戰爭中交戰雙方在信息領域的對抗。它是現代戰爭的本質特徵之一。信息戰的本質在於通過奪取制信息權達到’不戰而屈人之兵’。”

軍方另一位信息戰專家王普豐少將對信息戰有很深入的理解,2000年,他把信息戰和信息戰爭區別開。根據他的解釋,信息戰爭指的是一種戰爭形態,它包含了信息戰,而信息戰指的是一種作戰活動。他認為“信息戰包括所有作戰活動,其中有對敵信息及信息系統實施信息竊取、篡改、刪除、欺騙、擾亂、阻塞、干擾、癱瘓等一系列的入侵活動和計算機病毒攻擊,最終使敵計算機網絡無法正常工作。”他主張中國的信息戰理論在藉鑒國外先進作戰思想的同時,應具有中國自己的特色。

“毛式網絡人民戰爭”

中國對信息戰的認知非常具有傳統特色。許多軍事理論家認為信息時代賦予了毛澤東人民戰爭思想新的內涵,因此,主張依靠和發動廣大人民群眾進行網上戰爭。可以想像,無論是哪個同家,與13億人打網絡戰都是令人生畏的。

毛澤東式網絡人民戰爭理論的最重要特徵是它打破了軍與民的界限。模糊了軍用設施與民用設施、軍用技術與民用技術的傳統分界線。信息技術在軍用和民用上的共享,為廣泛利用民間技術達成軍事目的創造了條件。例如,可以利用民間的電子信息設備進行情報截獲和傳輸可以利用民間的通信網絡進行戰爭動員;可以利用民間的計算機進行網絡進攻和防禦等。其次,軍事人員與非軍事人員的區別也在逐漸消失。隨著網絡技術的發展和應用領域的擴大,大批的網絡技術人才脫穎而出。這些具備特殊能力的網絡精英將成為未來網絡人民戰爭中的角斗士。與此同時,通信、交通、金融系統等信息網絡與國際聯網,為中國開展人民戰爭提供了必要條件。

如今,人民戰爭思想已經被確立為中國網絡信息戰的根本指導原則。一個中國軍方作者寫道:“靈活機動的戰略戰術原則,仍然是網絡信息戰的靈魂。廣大人民群眾積極參戰,特別是技術支援和網上參戰,則是奪取網絡信息戰勝利的群眾基礎和力量源泉。”

網絡人民戰爭的威力是如此可怕,或許,我們可以明白為何中國人願意削減其武裝部隊規模了——設想一旦戰爭爆發,中國可以發動大量民眾參戰,信息工程師和平民將被組織起來,通過家中的電腦攻擊美國的網絡信息系統,那又何必要維持規模龐大的作戰部隊呢?

信息戰演練

過去幾年裡,中國舉行過數次重大信息戰軍事演習對信息戰理論進行檢驗。首次“特種戰”(信息戰)演練於1997年10月進行。某軍區的一個集團軍遭到旨在癱瘓其係統的病毒攻擊,該集團軍用殺毒軟件進行了防衛。該演練被稱為“入侵與反入侵演練”。演習時還動用了地面後勤、醫療和空軍部隊。

1998年10月,中國舉行了一場由三大軍區聯合進行的高科技綜合演練。聯合防禦作戰演練中首次使用了“軍事信息高速公路”。指揮自動化系統中的信息網絡系統由數字、撥號、指揮網和保密信道組成。指揮自動化系統的其他部分是指揮作戰、音頻和圖形處理、控制和數據加密等子系統。

1999年10月,解放軍首次進行了兩個集團軍之間的戰役級計算機網上對抗演習。演練了偵察與反偵察、干擾與反干擾、封鎖與反封鎖、空襲與反空襲等科目。在軟件環境下進行了資源共享、作戰指揮、態勢顯示、輔助評估、信號傳輸和情報戰等6類作業。計算機評估系統對演習雙方的表現進行數據與質量分析。

2000年7月,某軍區也進行了網上對抗演練。與此次演練有關的3項訓練任務是:組織和計劃戰役、奪取制空權和製信息權、實施突破和反突破。有100多台終端聯網參與了演練。

民兵分隊

中國的人民戰爭有一套完備的體制,其總體發展方向是“精幹的常備軍與強大的後備力量相結合”,這種國防體制有利於發揮人民戰爭的整體效能和“網海戰術”優勢。

中國150萬預備役部隊十分熱衷於打網絡人民戰爭。在一些地區,解放軍已經把預備役部隊編成小型信息戰部隊。例如,在湖北省宜昌市,軍分區組織了20個市政部門(電力、財政、電視、醫療等)的技術人員成立了預備役信息戰團。該部擁有網絡戰營、電子戰營、情報心理戰營及35個技術分隊。該部還建立了中國第一個能容納500人的預備役信息戰訓練基地。

宜昌並不是組織預備役和民兵進行信息戰訓練的唯一地區。 1999年12月在福建廈門召開了預備役和民兵會議。在隨後進行的演習中,擁有高技術裝備的民兵分隊進行了電子對抗、網絡攻擊和防護、雷達偵察表演。山於假想攻擊的目標是一座被包圍的島嶼,因此很容易讓外人聯想到是針對台灣。廈門是經濟特區,匯集了大量高科技人才,因此有實施信息戰的優越條件。

在一次由濟南軍區舉行的演習中,西安人武部信息戰分隊扮演負責攻擊的藍方,他們制定了10種信息戰措施,其中有安放信息地雷、信息偵察、改動網絡資料、釋放信息炸彈、傾倒網絡垃圾、分發網絡傳單、信息欺騙、散佈虛假信息、組織信息防禦、建立網絡間諜站。從這些網絡信息戰法可以看出,他們對網絡信息戰的研究已相當具體、深入。

中國的軍事專家還建議,各級民兵組織都應成立網絡技術專業分隊,為便於指揮協調,民兵網絡技術專業分隊應以省或者地區為單位實行條條編組,垂直管理。後備力量參與未來戰爭中的“網絡攻防”和“網絡技術保障”,其行動要由軍隊組織實施和統一協調。

培養基地

中國人民解放軍發展出自己的一套信息戰教育方法,其步驟是:首先傳授網絡信息戰基礎知識;其次通過講述外軍的先進軍事思想提高信息戰知識水平;然後提高信息戰使用技能,特別是電子技術、心理戰技術和信息攻防技術;最後,通過演習把知識轉化為實際操作能力。在中國,主要由解放軍院校擔負培養信息戰高技術人才的責任:

解放軍通信指揮學院,位於武漢。 1998年,該院出版了兩部書籍,分別是《信息作戰指揮控制學》和《信息作戰技術學》,這兩部書籍是中國信息戰教育最重要的教材。該學院以其優良的信息戰教程設置而享有很高的聲譽,這些教程分析了戰略、戰役、戰術層次的信息作戰要求。

解放軍信息工程大學,位於鄭州,由原解放軍信息工程學院、電子技術學院和測繪學院合併而成。該校目前主要研究領域是信息安全,現代通信技術和空間技術,並且在一些尖端學科領域進行探索,如遙感信息技術、衛星導航與定位技術、地理信息數據庫技術。

解放軍理工大學,位於南京,由原解放軍通信工程學院、工程兵工程學院、空軍氣象學院和總參第63研究所合併而成。該校專門負責訓練信息戰、指揮自動化和其它新學科的軍事人才。有近400名專家教授在該大學從事信息戰理論與技術研究。

解放軍國防科技大學,位於長沙,該校直接隸屬於中央軍委。曾開發了著名的“銀河”系列超級計算機。 1999年4月到6月科索沃戰爭期間,近60名高級軍官匯集在此研究高科技戰爭。

解放軍海軍工程大學,位於武漢,是海軍唯一研究信息戰的院校。該校研究信息戰的目的是把信息技術應用到海軍裝備,使中國海軍能適應信息化戰爭。

結論

我們從中國的信息戰研究中能得到什麼結論呢?美國軍隊又能從中得到什麼啟示呢?

首先,中國的軍事理論家找到了一廉價而有效的信息戰方法,它使中國在戰略軍事和國際地位上取得與西方相等的位置,從而使中國在亞人地區發揮更重要的戰略角色。

其次,中國對新型信息戰部隊的重視非同尋常。因此可能會發展形式各樣的信息戰部隊,例如:網絡部隊(獨立兵種)、“網絡勇士”突襲分隊、信息保護部隊、信息兵團,電子警察和聯合網絡人民戰爭機構。有意思的是,就現階段的能力而言,西方國家,而不是中國,更具有把這些設想付諸實施的能力。

第三,中國的信息戰理論反映了西方和中國思想的結合,而且前者的影響力越來越弱。由於軍事指揮藝術的一些共同淵源(馬克思主義辯證思想),中國的信息戰思想更類似於俄國。但是,就其本質而言,中國的信息戰理論與俄國和西方都不同。中國的信息戰理論強調控制、電腦化戰爭、網絡戰、知識戰和製信息權。

第四,在信息戰領域,中國跨越了若干技術發展階段,利用四方的技術,不僅節省了時間而且還節省了金錢。不過,中國沒有完全仿效外國,而是採用創造性的信息戰策略。但不管怎麼樣,中國都是值得關注的一支不同於其他國家的信息戰力量。

對美軍而言,研究中國的信息戰理論絕非僅僅為了給軍方提供幾條意見。 《孫子兵法》稱“知彼知已,百戰百勝”。從外國信息戰理論的角度來分析美國的信息戰能力,才能發現美國信息戰系統的致命缺陷。

正如中國人所言,信息戰的失敗者不一定是技術落後方,那些缺乏指揮藝術和戰略能力的人才最可能是失敗者。美國到了該反省自己的信息戰思想,並研究信息戰戰略和戰術的時候了。

Original Referring url:

China’s Cyberspace National Security Strategy: Actively Defending Network Sovereignty! // 中國的網絡空間國家安全戰略:積極捍衛網絡主權!

China’s Cyberspace National Security Strategy: Actively Defending Network Sovereignty! //

中國的網絡空間國家安全戰略:積極捍衛網絡主權!

According to CCTV news client reports, today (27th) morning, the National Internet Information Office released the “National Cyberspace Security Strategy “, which is the first time China released a strategy on cyberspace security. The “Strategy” clarifies China’s major positions and propositions on the development and security of cyberspace, clarifies the strategic guidelines and main tasks, and is a programmatic document guiding national cybersecurity work.

“Strategy” pointed out that information networks such as the Internet have become a new channel for information dissemination, a new space for production and life, a new engine for economic development, a new carrier for cultural prosperity, a new platform for social governance, a new bond for exchanges and cooperation, and a national sovereignty. New territory. With the in-depth development of information technology, the network security situation is becoming more and more serious. The use of network interference in other countries’ internal affairs and large-scale network monitoring and stealing activities seriously endangers national political security and user information security. The critical information infrastructure has been attacked and destroyed, and major security incidents have occurred. Harmful to national economic security and public interests, network rumors, decadent culture and obscenity, violence, superstition and other harmful information eroding cultural security and youth physical and mental health, cyber terror and illegal crimes directly threaten people’s lives and property security, social order, around cyberspace The international competition for resource control, rulemaking, and strategic initiative is becoming increasingly fierce, and the cyberspace arms race challenges world peace. Cyberspace opportunities and challenges coexist, and opportunities outweigh challenges. We must adhere to active use, scientific development, management according to law, ensure security, resolutely safeguard network security, maximize the utilization potential of cyberspace, better benefit more than 1.3 billion Chinese people, benefit all mankind, and firmly safeguard world peace.

The “Strategy” requires that the overall national security concept should be taken as a guide to implement the development concept of innovation, coordination, green, openness, and sharing, enhance risk awareness and crisis awareness, coordinate the two domestic and international situations, and coordinate the development of two major events. Actively defend and effectively respond to promote the peaceful, secure, open, cooperative, and orderly cyberspace, safeguard national sovereignty, security, and development interests, and realize the strategic goal of building a network power.

The Strategy emphasizes that a safe, stable and prosperous cyberspace is of great significance to all countries and the world. China is willing to work with other countries to respect and uphold cyberspace sovereignty, peacefully utilize cyberspace, manage cyberspace according to law, coordinate network security and development, strengthen communication, expand consensus, deepen cooperation, actively promote global Internet governance system reform, and jointly maintain cyberspace. Peace and security. China is committed to safeguarding the sovereignty, security, and development interests of the country’s cyberspace, promoting the Internet for the benefit of mankind, and promoting the peaceful use and common governance of cyberspace.

The Strategy clarifies that the strategic task of national cyberspace security work in the current and future period is to firmly defend cyberspace sovereignty, resolutely safeguard national security, protect key information infrastructure, strengthen network culture construction, combat cyber terrorism and crimes, and improve the network. Governance system, solid foundation of network security, improvement of cyberspace protection capability, and strengthening international cooperation in cyberspace.

The full text of the National Cyberspace Security Strategy

On December 27th, approved by the Central Network Security and Informatization Leading Group, the National Internet Information Office released the National Cyberspace Security Strategy, the full text of which is as follows.

The widespread use of information technology and the development of cyberspace have greatly promoted economic and social prosperity and progress, but also brought new security risks and challenges. Cyberspace security (hereinafter referred to as cybersecurity) is related to the common interests of mankind, to world peace and development, and to national security. Safeguarding China’s cybersecurity is an important measure to coordinate and promote the comprehensive construction of a well-off society, comprehensively deepen reforms, comprehensively ruling the country according to law, and comprehensively and strictly manage the party’s strategic layout. It is to achieve the goal of “two hundred years” and realize the great Chinese rejuvenation of the Chinese nation. An important guarantee. In order to implement the “Four Principles” of Chairman Xi Jinping’s promotion of the global Internet governance system reform and the “five-point proposal” for building a community of cyberspace destiny, clarify China’s important position on cyberspace development and security, guide China’s cybersecurity work, and maintain The state develops this strategy in the interests of sovereignty, security, and development of cyberspace.

I. Opportunities and challenges

(1) Major opportunities

With the rapid development of the information revolution, the cyberspace composed of the Internet, communication networks, computer systems, automation control systems, digital devices and their applications, services and data is transforming people’s production and life styles and profoundly affecting the history of human society. Development process.

New channels for information dissemination. The development of network technology has broken through the limitations of time and space, expanded the scope of communication, and innovated the means of communication, which triggered a fundamental change in the pattern of communication. The Internet has become a new channel for people to obtain information, learn and communicate, and become a new carrier of human knowledge transmission.

A new space for production and life. In today’s world, the depth of the network is integrated into people’s learning, life, and work. Online education, entrepreneurship, medical care, shopping, and finance are becoming more and more popular. More and more people exchange ideas, achieve careers, and realize their dreams through the Internet.

The new engine of economic development. The Internet has increasingly become the leading force for innovation-driven development. Information technology has been widely used in various industries of the national economy, promoting the upgrading and upgrading of traditional industries, and has spawned new technologies, new formats, new industries, and new models, and promoted the adjustment of economic structure and the transformation of economic development mode. It has injected new impetus into economic and social development.

A new carrier of cultural prosperity. The network promotes cultural exchanges and knowledge popularization, releases the vitality of cultural development, promotes cultural innovation and creation, enriches people’s spiritual and cultural life, and has become a new means of disseminating culture and providing new means of public cultural services. Network culture has become an important part of cultural construction.

A new platform for social governance. The role of the network in promoting the modernization of the national governance system and governance capacity has become increasingly prominent. The application of e-government has become more in-depth, and government information has been publicly shared. It has promoted the scientific, democratic, and rule-based government decision-making, and has smoothed the channels for citizens to participate in social governance. An important way to protect citizens’ right to know, participate, express, and supervise.

A new link for exchanges and cooperation. The interweaving of informationization and globalization has promoted the global flow of information, capital, technology, talents and other factors, and has enhanced the exchange and integration of different civilizations. The Internet has turned the world into a global village, and the international community has increasingly become a community of destiny among you and me.

The new territory of national sovereignty. Cyberspace has become a new field of human activity that is as important as land, sea, sky and space. The expansion of national sovereignty extends to cyberspace, and cyberspace sovereignty has become an important part of national sovereignty. Respecting cyberspace sovereignty, maintaining cybersecurity, seeking common governance, and achieving win-win results are becoming the consensus of the international community.

(2) Severe challenges

The cyber security situation is becoming increasingly severe. The country’s political, economic, cultural, social, and national defense security and citizens’ legitimate rights and interests in cyberspace are facing serious risks and challenges.

Network penetration harms political security. Political stability is the basic prerequisite for national development and people’s happiness. The use of the network to interfere in his internal affairs, attack the political system of other countries, incite social unrest, subvert the political power of other countries, and large-scale network monitoring, network theft and other activities seriously endanger the political security of the country and the security of user information.

Cyber ​​attacks threaten economic security. Network and information systems have become the backbone of critical infrastructure and the entire economic society. Attacks and destruction and major security incidents will lead to rampant infrastructure such as energy, transportation, communications, and finance, causing disastrous consequences and seriously jeopardizing national economic security. And the public interest.

Harmful information on the Internet erodes cultural security. Various ideological and cultural networks on the Internet are in conflict and confrontation, and excellent traditional culture and mainstream values ​​are facing impact. Internet rumors, decadent culture and obscenity, violence, superstition and other harmful information that violates the core values ​​of socialism erodes the physical and mental health of young people, ruin the social atmosphere, mislead value orientation and endanger cultural security. Online morality is out of order, lack of integrity is frequent, and the degree of network civilization needs to be improved.

Cyber ​​terror and illegal crimes undermine social security. Terrorism, separatism, extremism and other forces use the Internet to incite, plan, organize and implement violent terrorist activities, directly threatening people’s lives and property, and social order. Computer viruses, Trojans, etc. spread in the cyberspace. Internet fraud, hacker attacks, intellectual property infringement, and misuse of personal information are abundant. Some organizations deliberately steal user information, transaction data, location information, and corporate trade secrets, seriously damaging the country. , corporate and personal interests, affecting social harmony and stability.

The international competition in cyberspace is on the rise. The international competition for competing for and controlling cyberspace strategic resources, seizing the rule-making power and strategic commanding heights, and seeking strategic initiative is becoming increasingly fierce. Individual countries have strengthened their network deterrence strategies and intensified the cyberspace arms race, and world peace has been challenged by new challenges.

Cyberspace opportunities and challenges coexist, and opportunities outweigh challenges. We must adhere to active use, scientific development, management according to law, ensure security, resolutely safeguard network security, maximize the utilization potential of cyberspace, better benefit more than 1.3 billion Chinese people, benefit all mankind, and firmly safeguard world peace.

Second, the goal

Guided by the overall national security concept, we will implement the development concept of innovation, coordination, green, openness, and sharing, enhance risk awareness and crisis awareness, coordinate the two major domestic and international situations, and coordinate the development of two major events, actively defending and responding effectively. Promote cyberspace peace, security, openness, cooperation, orderly, safeguard national sovereignty, security, development interests, and achieve the strategic goal of building a network power.

Peace: Information technology abuse has been effectively curbed, and activities such as the cyberspace arms race that threaten international peace have been effectively controlled, and cyberspace conflicts have been effectively prevented.

Security: The network security risks are effectively controlled, the national network security assurance system is sound and complete, the core technical equipment is safe and controllable, and the network and information systems are stable and reliable. Network security talents meet the needs, and the society’s cyber security awareness, basic protection skills and confidence in using the network have increased significantly.

Openness: Information technology standards, policies and markets are open and transparent, product circulation and information dissemination are smoother, and the digital divide is increasingly bridging. Regardless of size, strength, or wealth, countries around the world, especially developing countries, can share development opportunities, share development results, and participate fairly in cyberspace governance.

Cooperation: All countries in the world have closer cooperation in the fields of technology exchange, combating cyber terrorism and cybercrime. The multilateral, democratic and transparent international Internet governance system is sound and perfect, and the cyberspace destiny community with cooperation and win-win as the core has gradually formed.

Orderly: The public’s right to know, participation, expression, and supervision in the cyberspace is fully protected, and the privacy of cyberspace is effectively protected and human rights are fully respected. The domestic and international legal systems and standards of cyberspace have been gradually established. The cyberspace has been effectively governed according to law. The network environment is honest, civilized and healthy. The free flow of information and the maintenance of national security and public interests are organically unified.

Third, the principle

A safe, stable and prosperous cyberspace is of great significance to all countries and the world. China is willing to work with other countries to strengthen communication, expand consensus, deepen cooperation, actively promote the transformation of the global Internet governance system, and jointly safeguard cyberspace peace and security.

(1) Respect for maintaining cyberspace sovereignty

The cyberspace sovereignty is inviolable and respects the right of countries to choose their own development path, network management model, Internet public policy and equal participation in international cyberspace governance. The network affairs within the sovereignty of each country are the responsibility of the people of each country. The countries have the right to formulate laws and regulations concerning cyberspace according to their national conditions and draw on international experience, and take necessary measures to manage their own information systems and network activities on their own territory. The domestic information systems and information resources are protected from intrusion, interference, attacks and destruction, guarantee the legitimate rights and interests of citizens in cyberspace; prevent, prevent and punish harmful information that endangers national security and interests from spreading in the domestic network and maintain the cyberspace order. No country engages in cyber hegemony, does not engage in double standards, does not use the network to interfere in its internal affairs, and does not engage in, condone or support network activities that endanger the national security of other countries.

(2) Peaceful use of cyberspace

The peaceful use of cyberspace is in the common interest of mankind. All countries should abide by the UN Charter’s principle of not using or threatening to use force, prevent information technology from being used for the purpose of maintaining international security and stability, and jointly resist the cyberspace arms race and prevent cyberspace conflicts. Adhere to mutual respect, treat each other as equals, seek common ground while reserving differences, embrace mutual trust, respect each other’s security interests and major concerns in cyberspace, and promote the building of a harmonious network world. Oppose the use of national security as an excuse to use technological superiority to control other countries’ networks and information systems, collect and steal data from other countries, and not to seek their own absolute security at the expense of other countries’ security.

(3) Governing cyberspace according to law

We will comprehensively promote the rule of law in cyberspace, adhere to the rule of law, establish networks according to law, and go online according to law, so that the Internet can operate healthily on the rule of law. Establish a good network order according to law, protect the cyberspace information in a legal and orderly free flow, protect personal privacy, and protect intellectual property rights. Any organization or individual who enjoys freedom and exercise rights in cyberspace must abide by the law, respect the rights of others, and be responsible for their words and deeds on the Internet.

(4) Coordinating network security and development

Without cybersecurity, there is no national security. Without informationization, there will be no modernization. Network security and informationization are two wings of the two wings and the drive. Correctly handle the relationship between development and security, adhere to safety and development, and promote safety through development. Security is a prerequisite for development, and any development at the expense of security is difficult to sustain. Development is the foundation of security, and development is the biggest insecurity. Without information development, network security is not guaranteed, and existing security may even be lost.

Fourth, strategic tasks

China’s number of Internet users and network scale is the highest in the world. Maintaining China’s network security is not only its own needs, but also of great significance for maintaining global network security and even world peace. China is committed to safeguarding the sovereignty, security, and development interests of the country’s cyberspace, promoting the Internet for the benefit of mankind, and promoting the peaceful use and common governance of cyberspace.

(1) Firmly defending cyberspace sovereignty

In accordance with the Constitution and laws and regulations, we will manage the network activities within the scope of our sovereignty, protect the security of our information facilities and information resources, and adopt all measures including economy, administration, science and technology, law, diplomacy, and military, and unswervingly safeguard China’s cyberspace sovereignty. Resolutely oppose all acts of subverting our state’s political power and undermining our national sovereignty through the Internet.

(2) Resolutely safeguard national security

Prevent, stop and punish any use of the Internet for treason, secession, sedition, subversion or incitement to subvert the people’s democratic dictatorship; prevent, deter and punish the use of the Internet for theft, disclosure of state secrets and other acts that endanger national security; Prevent, stop and punish foreign forces in the use of the network for infiltration, destruction, subversion and separatist activities.

(iii) Protection of critical information infrastructure

National key information infrastructure refers to information facilities that are related to national security, national economy and people’s livelihood. Once data leakage, destruction or loss of function may seriously endanger national security and public interest, including but not limited to providing services such as public communication and radio and television transmission. Information networks, important information systems in the fields of energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health care, social security, public utilities, and state agencies, and important Internet application systems. Take all necessary steps to protect critical information infrastructure and its critical data from attack. Adhere to the combination of technology and management, focus on protection, prevention, detection, early warning, response, disposal, etc., establish and implement key information infrastructure protection systems, and increase investment in management, technology, talents, and capital. Comprehensively implement policies to effectively strengthen the security protection of key information infrastructure.

The protection of key information infrastructure is the common responsibility of the government, enterprises and the whole society. The competent authorities, operating units and organizations must take necessary measures to ensure the security of key information infrastructures in accordance with the requirements of laws, regulations and system standards, and gradually realize the first evaluation and use. Strengthen risk assessment of key information infrastructure. Strengthen the security protection of party and government organs and websites in key areas, and build and operate the website of grassroots party and government organs in an intensive mode. Establish an orderly sharing mechanism for cyber security information of government, industry and enterprises, and give full play to the important role of enterprises in protecting key information infrastructure.

Adhere to opening up and maintain network security in an open environment. Establish and implement a network security review system, strengthen supply chain security management, conduct security reviews on important information technology products and services purchased by party and government organs and key industries, improve the security and controllability of products and services, and prevent product service providers. And other organizations use the advantages of information technology to implement unfair competition or harm the interests of users.

(4) Strengthening the construction of network culture

Strengthen the construction of online ideological and cultural positions, vigorously cultivate and practice the core values ​​of socialism, implement network content construction projects, develop a positive and upward network culture, spread positive energy, unite powerful spiritual strength, and create a good network atmosphere. Encourage the development of new business, create new products, create a network culture brand that reflects the spirit of the times, and continuously improve the scale of the network culture industry. Implement the China Excellent Culture Online Communication Project and actively promote the digitalization, network production and dissemination of excellent traditional culture and contemporary cultural products. Give full play to the advantages of the Internet communication platform, promote the exchange of excellent cultural exchanges between China and foreign countries, let the people of all countries understand the excellent Chinese culture, let the Chinese people understand the excellent culture of each country, jointly promote the prosperity and development of the network culture, enrich people’s spiritual world, and promote the progress of human civilization.

Strengthen the network ethics and network civilization construction, give play to the role of moral education, and use the excellent results of human civilization to nourish cyberspace and repair the network ecology. Building a civilized and honest network environment, advocating civilized network and civilized Internet access, and forming a safe, civilized and orderly information dissemination order. Resolutely crack down on illegal and harmful information such as rumors, obscenity, violence, superstition, and cults in the cyberspace. Improve the network civilization of young people, strengthen the protection of minors online, and create a good network environment for the healthy growth of young people through the joint efforts of the government, social organizations, communities, schools, and families.

(5) Combating cyber terror and illegal crimes

Strengthen the network’s anti-terrorism, anti-espionage and anti-stealing capabilities, and crack down on cyber terror and cyber espionage activities.

Adhere to comprehensive governance, source control, and legal prevention, and severely crack down on illegal activities such as online fraud, cyber theft, drug trafficking, infringement of citizens’ personal information, dissemination of obscene pornography, hacking, and infringement of intellectual property rights.

(6) Improve the network governance system

Adhere to the rule of law, open and transparent management of the network, and earnestly do the law, the law must be enforced, the law enforcement must be strict, and the law must be investigated. We will improve the network security laws and regulations, formulate laws and regulations such as the Cyber ​​Security Law and the Minor Network Protection Regulations, clarify the responsibilities and obligations of all aspects of society, and clarify the requirements for network security management. Accelerate the revision and interpretation of existing laws to make them applicable to cyberspace. Improve the network security related system, establish a network trust system, and improve the scientific and standardized level of network security management.

Accelerate the construction of a network governance system that combines legal norms, administrative supervision, industry self-discipline, technical support, public supervision, and social education, promotes network social organization management innovation, and improves basic management, content management, industry management, and network crime prevention and combat. Work linkage mechanism. Strengthen the protection of cyberspace communication secrets, freedom of speech, trade secrets, and the legitimate rights and interests of property rights and property rights.

Encourage social organizations to participate in network governance, develop online public welfare undertakings, and strengthen the construction of new types of network social organizations. Encourage netizens to report cyber violations and bad information.

(7) Consolidating the foundation of network security

Adhere to innovation-driven development, actively create a policy environment conducive to technological innovation, pool resources and strength, take enterprises as the main body, combine production, study and research, coordinate research, point-to-face, and overall advancement, and make breakthroughs in core technologies as soon as possible. Pay attention to software security and accelerate the promotion and application of security and trusted products. Develop network infrastructure and enrich cyberspace information content. Implement the “Internet +” initiative and vigorously develop the network economy. Implement national big data strategy, establish a big data security management system, and support next-generation information technology innovation and application such as big data and cloud computing. Optimize the market environment, encourage network security enterprises to become bigger and stronger, and consolidate the industrial foundation for safeguarding national network security.

Establish and improve the national network security technology support system. Strengthen the basic theory of network security and research on major issues. Strengthen network security standardization and certification and accreditation, and make greater use of standards to standardize cyberspace behavior. Do basic work such as level protection, risk assessment, and vulnerability discovery, and improve the network security monitoring and early warning and network security major incident emergency response mechanism.

Implement network security talent project, strengthen the construction of network security disciplines, build a first-class network security college and innovation park, and form an ecological environment conducive to talent cultivation and innovation and entrepreneurship. We will do a good job in the network security publicity week and vigorously carry out publicity and education on the national network security. Promote cybersecurity education into teaching materials, enter the school, enter the classroom, improve the network media literacy, enhance the cyber security awareness and protection skills of the whole society, and improve the identification and resilience of the majority of netizens on illegal criminal activities such as network illegal information and online fraud.

(8) Improving the ability of cyberspace protection

Cyberspace is a new frontier of national sovereignty. We will build a network space protection force that is commensurate with China’s international status and compatible with the network powers. We will vigorously develop network security defense methods, timely discover and resist network intrusion, and build a strong backing for national security.

(9) Strengthening international cooperation in cyberspace

On the basis of mutual respect and mutual trust, we will strengthen international cyberspace dialogue and cooperation and promote the transformation of the Internet global governance system. We will deepen dialogue and exchanges and information communication with bilateral and multilateral networks in various countries, effectively control differences, actively participate in network security cooperation between global and regional organizations, and promote the internationalization of basic resource management such as Internet addresses and root name servers.

Support the United Nations to play a leading role in promoting the development of universally accepted international rules on cyberspace, cyberspace international counter-terrorism conventions, sound judicial assistance mechanisms against cybercrime, deepening policy and law, technological innovation, standards and norms, emergency response, and critical information infrastructure International cooperation in areas such as protection.

Strengthen support for Internet technology diffusion and infrastructure construction in developing and underdeveloped regions, and strive to bridge the digital divide. Promote the construction of the “Belt and Road”, improve the level of international communication and interconnection, and smooth the information silk road. Establish a global Internet sharing and governance platform, such as the World Internet Conference, to jointly promote the healthy development of the Internet. Through active and effective international cooperation, we will establish a multilateral, democratic and transparent international Internet governance system to jointly build a peaceful, secure, open, cooperative and orderly network space.

Original Mandarin Chinese:

據央視新聞客戶端報導,今天(27日)上午,國家互聯網信息辦公室發布了《國家網絡空間安全戰略》,這是我國首次發布關於網絡空間安全的戰略。 《戰略》闡明了中國關於網絡空間發展和安全的重大立場和主張,明確了戰略方針和主要任務,是指導國家網絡安全工作的綱領性文件。

《戰略》指出,互聯網等信息網絡已經成為信息傳播的新渠道、生產生活的新空間、經濟發展的新引擎、文化繁榮的新載體、社會治理的新平台、交流合作的新紐帶、國家主權的新疆域。隨著信息技術深入發展,網絡安全形勢日益嚴峻,利用網絡干涉他國內政以及大規模網絡監控、竊密等活動嚴重危害國家政治安全和用戶信息安全,關鍵信息基礎設施遭受攻擊破壞、發生重大安全事件嚴重危害國家經濟安全和公共利益,網絡謠言、頹廢文化和淫穢、暴力、迷信等有害信息侵蝕文化安全和青少年身心健康,網絡恐怖和違法犯罪大量存在直接威脅人民生命財產安全、社會秩序,圍繞網絡空間資源控制權、規則制定權、戰略主動權的國際競爭日趨激烈,網絡空間軍備競賽挑戰世界和平。網絡空間機遇和挑戰並存,機遇大於挑戰。必須堅持積極利用、科學發展、依法管理、確保安全,堅決維護網絡安全,最大限度利用網絡空間發展潛力,更好惠及13億多中國人民,造福全人類,堅定維護世界和平。

《戰略》要求,要以總體國家安全觀為指導,貫徹落實創新、協調、綠色、開放、共享的發展理念,增強風險意識和危機意識,統籌國內國際兩個大局,統籌發展安全兩件大事,積極防禦、有效應對,推進網絡空間和平、安全、開放、合作、有序,維護國家主權、安全、發展利益,實現建設網絡強國的戰略目標。

《戰略》強調,一個安全穩定繁榮的網絡空間,對各國乃至世界都具有重大意義。中國願與各國一道,堅持尊重維護網絡空間主權、和平利用網絡空間、依法治理網絡空間、統籌網絡安全與發展,加強溝通、擴大共識、深化合作,積極推進全球互聯網治理體系變革,共同維護網絡空間和平安全。中國致力於維護國家網絡空間主權、安全、發展利益,推動互聯網造福人類,推動網絡空間和平利用和共同治理。

《戰略》明確,當前和今後一個時期國家網絡空間安全工作的戰略任務是堅定捍衛網絡空間主權、堅決維護國家安全、保護關鍵信息基礎設施、加強網絡文化建設、打擊網絡恐怖和違法犯罪、完善網絡治理體系、夯實網絡安全基礎、提升網絡空間防護能力、強化網絡空間國際合作等9個方面。

資料圖

《國家網絡空間安全戰略》全文

12月27日,經中央網絡安全和信息化領導小組批准,國家互聯網信息辦公室發布《國家網絡空間安全戰略》,全文如下。

信息技術廣泛應用和網絡空間興起發展,極大促進了經濟社會繁榮進步,同時也帶來了新的安全風險和挑戰。網絡空間安全(以下稱網絡安全)事關人類共同利益,事關世界和平與發展,事關各國國家安全。維護我國網絡安全是協調推進全面建成小康社會、全面深化改革、全面依法治國、全面從嚴治黨戰略佈局的重要舉措,是實現“兩個一百年”奮鬥目標、實現中華民族偉大復興中國夢的重要保障。為貫徹落實習近平主席關於推進全球互聯網治理體系變革的“四項原則”和構建網絡空間命運共同體的“五點主張”,闡明中國關於網絡空間發展和安全的重大立場,指導中國網絡安全工作,維護國家在網絡空間的主權、安全、發展利益,制定本戰略。

一、機遇和挑戰

(一)重大機遇

伴隨信息革命的飛速發展,互聯網、通信網、計算機系統、自動化控制系統、數字設備及其承載的應用、服務和數據等組成的網絡空間,正在全面改變人們的生產生活方式,深刻影響人類社會歷史發展進程。

信息傳播的新渠道。網絡技術的發展,突破了時空限制,拓展了傳播範圍,創新了傳播手段,引發了傳播格局的根本性變革。網絡已成為人們獲取信息、學習交流的新渠道,成為人類知識傳播的新載體。

生產生活的新空間。當今世界,網絡深度融入人們的學習、生活、工作等方方面面,網絡教育、創業、醫療、購物、金融等日益普及,越來越多的人通過網絡交流思想、成就事業、實現夢想。

經濟發展的新引擎。互聯網日益成為創新驅動發展的先導力量,信息技術在國民經濟各行業廣泛應用,推動傳統產業改造升級,催生了新技術、新業態、新產業、新模式,促進了經濟結構調整和經濟發展方式轉變,為經濟社會發展注入了新的動力。

文化繁榮的新載體。網絡促進了文化交流和知識普及,釋放了文化發展活力,推動了文化創新創造,豐富了人們精神文化生活,已經成為傳播文化的新途徑、提供公共文化服務的新手段。網絡文化已成為文化建設的重要組成部分。

社會治理的新平台。網絡在推進國家治理體系和治理能力現代化方面的作用日益凸顯,電子政務應用走向深入,政府信息公開共享,推動了政府決策科學化、民主化、法治化,暢通了公民​​參與社會治理的渠道,成為保障公民知情權、參與權、表達權、監督權的重要途徑。

交流合作的新紐帶。信息化與全球化交織發展,促進了信息、資金、技術、人才等要素的全球流動,增進了不同文明交流融合。網絡讓世界變成了地球村,國際社會越來越成為你中有我、我中有你的命運共同體。

國家主權的新疆域。網絡空間已經成為與陸地、海洋、天空、太空同等重要的人類活動新領域,國家主權拓展延伸到網絡空間,網絡空間主權成為國家主權的重要組成部分。尊重網絡空間主權,維護網絡安全,謀求共治,實現共贏,正在成為國際社會共識。

(二)嚴峻挑戰

網絡安全形勢日益嚴峻,國家政治、經濟、文化、社會、國防安全及公民在網絡空間的合法權益面臨嚴峻風險與挑戰。

網絡滲透危害政治安全。政治穩定是國家發展、人民幸福的基本前提。利用網絡干涉他國內政、攻擊他國政治制度、煽動社會動亂、顛覆他國政權,以及大規模網絡監控、網絡竊密等活動嚴重危害國家政治安全和用戶信息安全。

網絡攻擊威脅經濟安全。網絡和信息系統已經成為關鍵基礎設施乃至整個經濟社會的神經中樞,遭受攻擊破壞、發生重大安全事件,將導致能源、交通、通信、金融等基礎設施癱瘓,造成災難性後果,嚴重危害國家經濟安全和公共利益。

網絡有害信息侵蝕文化安全。網絡上各種思想文化相互激盪、交鋒,優秀傳統文化和主流價值觀面臨衝擊。網絡謠言、頹廢文化和淫穢、暴力、迷信等違背社會主義核心價值觀的有害信息侵蝕青少年身心健康,敗壞社會風氣,誤導價值取向,危害文化安全。網上道德失範、誠信缺失現象頻發,網絡文明程度亟待提高。

網絡恐怖和違法犯罪破壞社會安全。恐怖主義、分裂主義、極端主義等勢力利用網絡煽動、策劃、組織和實施暴力恐怖活動,直接威脅人民生命財產安全、社會秩序。計算機病毒、木馬等在網絡空間傳播蔓延,網絡欺詐、黑客攻擊、侵犯知識產權、濫用個人信息等不法行為大量存在,一些組織肆意竊取用戶信息、交易數據、位置信息以及企業商業秘密,嚴重損害國家、企業和個人利益,影響社會和諧穩定。

網絡空間的國際競爭方興未艾。國際上爭奪和控製網絡空間戰略資源、搶占規則制定權和戰略制高點、謀求戰略主動權的競爭日趨激烈。個別國家強化網絡威懾戰略,加劇網絡空間軍備競賽,世界和平受到新的挑戰。

網絡空間機遇和挑戰並存,機遇大於挑戰。必須堅持積極利用、科學發展、依法管理、確保安全,堅決維護網絡安全,最大限度利用網絡空間發展潛力,更好惠及13億多中國人民,造福全人類,堅定維護世界和平。

二、目標

以總體國家安全觀為指導,貫徹落實創新、協調、綠色、開放、共享的發展理念,增強風險意識和危機意識,統籌國內國際兩個大局,統籌發展安全兩件大事,積極防禦、有效應對,推進網絡空間和平、安全、開放、合作、有序,維護國家主權、安全、發展利益,實現建設網絡強國的戰略目標。

和平:信息技術濫用得到有效遏制,網絡空間軍備競賽等威脅國際和平的活動得到有效控制,網絡空間衝突得到有效防範。

安全:網絡安全風險得到有效控制,國家網絡安全保障體系健全完善,核心技術裝備安全可控,網絡和信息系統運行穩定可靠。網絡安全人才滿足需求,全社會的網絡安全意識、基本防護技能和利用網絡的信心大幅提升。

開放:信息技術標準、政策和市場開放、透明,產品流通和信息傳播更加順暢,數字鴻溝日益彌合。不分大小、強弱、貧富,世界各國特別是發展中國家都能分享發展機遇、共享發展成果、公平參與網絡空間治理。

合作:世界各國在技術交流、打擊網絡恐怖和網絡犯罪等領域的合作更加密切,多邊、民主、透明的國際互聯網治理體系健全完善,以合作共贏為核心的網絡空間命運共同體逐步形成。

有序:公眾在網絡空間的知情權、參與權、表達權、監督權等合法權益得到充分保障,網絡空間個人隱私獲得有效保護,人權受到充分尊重。網絡空間的國內和國際法律體系、標準規範逐步建立,網絡空間實現依法有效治理,網絡環境誠信、文明、健康,信息自由流動與維護國家安全、公共利益實現有機統一。

三、原則

一個安全穩定繁榮的網絡空間,對各國乃至世界都具有重大意義。中國願與各國一道,加強溝通、擴大共識、深化合作,積極推進全球互聯網治理體系變革,共同維護網絡空間和平安全。

(一)尊重維護網絡空間主權

網絡空間主權不容侵犯,尊重各國自主選擇發展道路、網絡管理模式、互聯網公共政策和平等參與國際網絡空間治理的權利。各國主權範圍內的網絡事務由各國人民自己做主,各國有權根據本國國情,借鑒國際經驗,制定有關網絡空間的法律法規,依法採取必要措施,管理本國信息系統及本國疆域上的網絡活動;保護本國信息系統和信息資源免受侵入、干擾、攻擊和破壞,保障公民在網絡空間的合法權益;防範、阻止和懲治危害國家安全和利益的有害信息在本國網絡傳播,維護網絡空間秩序。任何國家都不搞網絡霸權、不搞雙重標準,不利用網絡干涉他國內政,不從事、縱容或支持危害他國國家安全的網絡活動。

(二)和平利用網絡空間

和平利用網絡空間符合人類的共同利益。各國應遵守《聯合國憲章》關於不得使用或威脅使用武力的原則,防止信息技術被用於與維護國際安全與穩定相悖的目的,共同抵製網絡空間軍備競賽、防範網絡空間衝突。堅持相互尊重、平等相待,求同存異、包容互信,尊重彼此在網絡空間的安全利益和重大關切,推動構建和諧網絡世界。反對以國家安全為藉口,利用技術優勢控制他國網絡和信息系統、收集和竊取他國數據,更不能以犧牲別國安全謀求自身所謂絕對安全。

(三)依法治理網絡空間

全面推進網絡空間法治化,堅持依法治網、依法辦網、依法上網,讓互聯網在法治軌道上健康運行。依法構建良好網絡秩序,保護網絡空間信息依法有序自由流動,保護個人隱私,保護知識產權。任何組織和個人在網絡空間享有自由、行使權利的同時,須遵守法律,尊重他人權利,對自己在網絡上的言行負責。

(四)統籌網絡安全與發展

沒有網絡安全就沒有國家安全,沒有信息化就沒有現代化。網絡安全和信息化是一體之兩翼、驅動之雙輪。正確處理髮展和安全的關係,堅持以安全保發展,以發展促安全。安全是發展的前提,任何以犧牲安全為代價的發展都難以持續。發展是安全的基礎,不發展是最大的不安全。沒有信息化發展,網絡安全也沒有保障,已有的安全甚至會喪失。

四、戰略任務

中國的網民數量和網絡規模世界第一,維護好中國網絡安全,不僅是自身需要,對於維護全球網絡安全乃至世界和平都具有重大意義。中國致力於維護國家網絡空間主權、安全、發展利益,推動互聯網造福人類,推動網絡空間和平利用和共同治理。

(一)堅定捍衛網絡空間主權

根據憲法和法律法規管理我國主權範圍內的網絡活動,保護我國信息設施和信息資源安全,採取包括經濟、行政、科技、法律、外交、軍事等一切措施,堅定不移地維護我國網絡空間主權。堅決反對通過網絡顛覆我國國家政權、破壞我國國家主權的一切行為。

(二)堅決維護國家安全

防範、制止和依法懲治任何利用網絡進行叛國、分裂國家、煽動叛亂、顛覆或者煽動顛覆人民民主專政政權的行為;防範、制止和依法懲治利用網絡進行竊取、洩露國家秘密等危害國家安全的行為;防範、制止和依法懲治境外勢力利用網絡進行滲透、破壞、顛覆、分裂活動。

(三)保護關鍵信息基礎設施

國家關鍵信息基礎設施是指關係國家安全、國計民生,一旦數據洩露、遭到破壞或者喪失功能可能嚴重危害國家安全、公共利益的信息設施,包括但不限於提供公共通信、廣播電視傳輸等服務的基礎信息網絡,能源、金融、交通、教育、科研、水利、工業製造、醫療衛生、社會保障、公用事業等領域和國家機關的重要信息系統,重要互聯網應用系統等。採取一切必要措施保護關鍵信息基礎設施及其重要數據不受攻擊破壞。堅持技術和管理並重、保護和震懾並舉,著眼識別、防護、檢測、預警、響應、處置等環節,建立實施關鍵信息基礎設施保護製度,從管理、技術、人才、資金等方面加大投入,依法綜合施策,切實加強關鍵信息基礎設施安全防護。

關鍵信息基礎設施保護是政府、企業和全社會的共同責任,主管、運營單位和組織要按照法律法規、制度標準的要求,採取必要措施保障關鍵信息基礎設施安全,逐步實現先評估後使用。加強關鍵信息基礎設施風險評估。加強黨政機關以及重點領域網站的安全防護,基層黨政機關網站要按集約化模式建設運行和管理。建立政府、行業與企業的網絡安全信息有序共享機制,充分發揮企業在保護關鍵信息基礎設施中的重要作用。

堅持對外開放,立足開放環境下維護網絡安全。建立實施網絡安全審查制度,加強供應鏈安全管理,對黨政機關、重點行業採購使用的重要信息技術產品和服務開展安全審查,提高產品和服務的安全性和可控性,防止產品服務提供者和其他組織利用信息技術優勢實施不正當競爭或損害用戶利益。

(四)加強網絡文化建設

加強網上思想文化陣地建設,大力培育和踐行社會主義核心價值觀,實施網絡內容建設工程,發展積極向上的網絡文化,傳播正能量,凝聚強大精神力量,營造良好網絡氛圍。鼓勵拓展新業務、創作新產品,打造體現時代精神的網絡文化品牌,不斷提高網絡文化產業規模水平。實施中華優秀文化網上傳播工程,積極推動優秀傳統文化和當代文化精品的數字化、網絡化製作和傳播。發揮互聯網傳播平台優勢,推動中外優秀文化交流互鑑,讓各國人民了解中華優秀文化,讓中國人民了解各國優秀文化,共同推動網絡文化繁榮發展,豐富人們精神世界,促進人類文明進步。

加強網絡倫理、網絡文明建設,發揮道德教化引導作用,用人類文明優秀成果滋養網絡空間、修復網絡生態。建設文明誠信的網絡環境,倡導文明辦網、文明上網,形成安全、文明、有序的信息傳播秩序。堅決打擊謠言、淫穢、暴力、迷信、邪教等違法有害信息在網絡空間傳播蔓延。提高青少年網絡文明素養,加強對未成年人上網保護,通過政府、社會組織、社區、學校、家庭等方面的共同努力,為青少年健康成長創造良好的網絡環境。

(五)打擊網絡恐怖和違法犯罪

加強網絡反恐、反間諜、反竊密能力建設,嚴厲打擊網絡恐怖和網絡間諜活動。

堅持綜合治理、源頭控制、依法防範,嚴厲打擊網絡詐騙、網絡盜竊、販槍販毒、侵害公民個人信息、傳播淫穢色情、黑客攻擊、侵犯知識產權等違法犯罪行為。

(六)完善網絡治理體系

堅持依法、公開、透明管網治網,切實做到有法可依、有法必依、執法必嚴、違法必究。健全網絡安全法律法規體系,制定出台網絡安全法、未成年人網絡保護條例等法律法規,明確社會各方面的責任和義務,明確網絡安全管理要求。加快對現行法律的修訂和解釋,使之適用於網絡空間。完善網絡安全相關製度,建立網絡信任體系,提高網絡安全管理的科學化規範化水平。

加快構建法律規範、行政監管、行業自律、技術保障、公眾監督、社會教育相結合的網絡治理體系,推進網絡社會組織管理創新,健全基礎管理、內容管理、行業管理以及網絡違法犯罪防範和打擊等工作聯動機制。加強網絡空間通信秘密、言論自由、商業秘密,以及名譽權、財產權等合法權益的保護。

鼓勵社會組織等參與網絡治理,發展網絡公益事業,加強新型網絡社會組織建設。鼓勵網民舉報網絡違法行為和不良信息。

(七)夯實網絡安全基礎

堅持創新驅動發展,積極創造有利於技術創新的政策環境,統籌資源和力量,以企業為主體,產學研用相結合,協同攻關、以點帶面、整體推進,盡快在核心技術上取得突破。重視軟件安全,加快安全可信產品推廣應用。發展網絡基礎設施,豐富網絡空間信息內容。實施“互聯網+”行動,大力發展網絡經濟。實施國家大數據戰略,建立大數據安全管理制度,支持大數據、雲計算等新一代信息技術創新和應用。優化市場環境,鼓勵網絡安全企業做大做強,為保障國家網絡安全夯實產業基礎。

建立完善國家網絡安全技術支撐體系。加強網絡安全基礎理論和重大問題研究。加強網絡安全標準化和認證認可工作,更多地利用標準規範網絡空間行為。做好等級保護、風險評估、漏洞發現等基礎性工作,完善網絡安全監測預警和網絡安全重大事件應急處置機制。

實施網絡安全人才工程,加強網絡安全學科專業建設,打造一流網絡安全學院和創新園區,形成有利於人才培養和創新創業的生態環境。辦好網絡安全宣傳周活動,大力開展全民網絡安全宣傳教育。推動網絡安全教育進教材、進學校、進課堂,提高網絡媒介素養,增強全社會網絡安全意識和防護技能,提高廣大網民對網絡違法有害信息、網絡欺詐等違法犯罪活動的辨識和抵禦能力。

(八)提升網絡空間防護能力

網絡空間是國家主權的新疆域。建設與我國國際地位相稱、與網絡強國相適應的網絡空間防護力量,大力發展網絡安全防御手段,及時發現和抵禦網絡入侵,鑄造維護國家網絡安全的堅強後盾。

(九)強化網絡空間國際合作

在相互尊重、相互信任的基礎上,加強國際網絡空間對話合作,推動互聯網全球治理體系變革。深化同各國的雙邊、多邊網絡安全對話交流和信息溝通,有效管控分歧,積極參與全球和區域組織網絡安全合作,推動互聯網地址、根域名服務器等基礎資源管理國際化。

支持聯合國發揮主導作用,推動制定各方普遍接受的網絡空間國際規則、網絡空間國際反恐公約,健全打擊網絡犯罪司法協助機制,深化在政策法律、技術創新、標準規範、應急響應、關鍵信息基礎設施保護等領域的國際合作。

加強對發展中國家和落後地區互聯網技術普及和基礎設施建設的支持援助,努力彌合數字鴻溝。推動“一帶一路”建設,提高國際通信互聯互通水平,暢通信息絲綢之路。搭建世界互聯網大會等全球互聯網共享共治平台,共同推動互聯網健康發展。通過積極有效的國際合作,建立多邊、民主、透明的國際互聯網治理體系,共同構建和平、安全、開放、合作、有序的網絡空間。

Original Referring URL: https://military.china.com/important/

 

Chinese Military Analysis of US Navy Cyber Warfare Efforts // 中國對美國海軍網絡戰爭的軍事分析

Chinese Military Analysis of US Navy Cyber Warfare Efforts //

中國對美國海軍網絡戰爭的軍事分析

2011/02/15

US Navy’s 10th Fleet. As the naval task force, the US Fleet cyber command is the Navy’s second-level command, which is part of the Naval Combat Command. Its main task is to guide the cyber operations in defense, and to support the combat troops to carry out deterrence, repel violations, and guarantee. Freedom of movement. Our mission is similar to that of other military cyberspace commanders. It is responsible for carrying out combat operations in the fields of network, password, signal intelligence, information warfare, cyberspace, electronic warfare, and space to support sea and land. Combat power. Naval operations require the integration of traditional combat capabilities, the expansion of new capabilities, and the development of capabilities across networks, signal intelligence systems, and electronic warfare systems to achieve the full development of our cyberspace combat capabilities. Similarly, we are also responsible for organizing and commanding the Navy’s global cryptographic operations, integrating information operations and space operations.

History

The Tenth Fleet was established during the Second World War and developed anti-submarine warfare capabilities primarily in the Atlantic. At that time, we were faced with a hostile threat that greatly exceeded the combat capability of World War I, and its ability to change the situation was very strong. The Tenth Fleet without any warships defeated the German submarines through intelligence fusion, innovative tactics, technology, and processes. Today, the rebuilt Tenth Fleet still adheres to these operational concepts. Together with information warfare experts, intelligence specialists, password and electronic warfare experts, and traditional military experts, we command operations to ensure the flexibility of operations and respond to changing hostile threats. The focus of the fleet cyber command is to enable the navy to quickly respond to cyber threats and maintain information superiority. This framework of action requires us to complete the task of cyber operations defense.

To win in modern warfare, we must have the ability to move freely in the full spectrum electromagnetic space, and its defense range has expanded from ordinary electromagnetic interference to advanced network intrusion and malicious attacks. The function of the fleet cyber command is to analyze this threat, innovate tactics, techniques, and processes to protect the network and ensure freedom of movement.

Naval operations are dynamic, and the naval network also has time and space complexity. The Navy must not only be deployed in various oceans, but also support ground operations in Afghanistan, Iraq and other places. We currently have more than 10,000 naval officers and men involved in these ground operations.

The Fleet Cyber ​​Command is a global command with the ability to maintain network strength and conduct cyber operations worldwide, and to ensure that the operational capabilities of the cyber operations are commanded in a full spectrum electromagnetic space. Since the Commander of the Tenth Fleet is a combat-level commander, our command is also based on the structure of a typical naval mission force. This power structure can assign subordinate missions to regional missions to support specific password requirements. This task force has been designed to take into account the changing intelligence, skills and responsibilities, has the ability to respond quickly to the fleet’s operational missions, and has facilitated local communication and collaboration with the US Cyber ​​Command and the Division. We have been working to develop a robust organizational structure that provides rapid and direct support for a variety of operations.

The Cyber ​​Warfare Command (CTF1010) is responsible for naval cyber operations, and its subordinate units include the Atlantic and Pacific Regional Naval Computer and Telecommunications Ground Master Station (NCTAMS), which provides network guidance, maintenance, and shoreline relay. The Navy Cyber ​​Defense Operations Command (CTF 1020) is responsible for network defense. The unit is responsible for monitoring cyber threats and monitoring network response.

Norfolk’s Naval Information Operations Command (CTF 1030) specializes in naval information operations, with its task force located in San Diego and Whidbey Island. Texas Naval Information Operations Command (CTF 1040), Georgia Naval Information Operations Command (CTF 1050), Maryland Naval Information Operations Command (CTF 1060), Colorado Naval Information Operations Command (CTF 1080 And its subordinate headquarters around the world to coordinate the fleet and theater operations. The password action is the responsibility of the CTF 1000 power structure.

The Hutland Naval Information Operations Center (CTF 1090) is based on our research and development brigade and its main mission is to provide battlefield preparation techniques for supporting fleet and joint operations missions.

The successful completion of the mission must be based on efficient recruitment and training of personnel who must have a keen technical insight and the ability to apply personal skills to fleet defensive operations. I have checked almost all of the combatant commands, and I can assure the committee that the Navy has a group of outstanding combatants who are ready to conduct cyberspace operations. Due to the dynamic nature of the cyberspace space, we must continue to advance the development of combat forces. We have taken the initiative to set up new expert officers including cyber engineers and warrants. The construction of the National Naval Academy cyber curriculum will also provide new opportunities for student education, and these students will become the backbone of the naval cyber operations command.

Task

As the fleet cyber command is maturing, we are also trying to learn to use the technology of the brother service. As the support command of the National Cyber ​​Command, we also contacted personnel from other service departments to establish a defense system to improve resilience and enhance the robustness and adaptability of global cyber defense. If a service department discovers, analyzes, or destroys a threat, the information is quickly distributed to other services, minimizing the damage and achieving a joint response.

In fact, we have already started to act. Since the establishment in January, we have been involved in supporting the National Pacific Command and Pacific Fleet exercises with the National Cyber ​​Command. We enhance shared situational awareness and collaborative surveillance security capabilities by examining cyber operations. We also work with industry, academia, and the Federal Fund Research and Development Center to learn to leverage their knowledge and capabilities. The business sector is driving the development of the cyberspace sector, and we must get their capabilities and financial support.

Inter-domain coordination and interaction are extremely important. Safeguarding system security or network defense work must be coordinated with preventing our system from unintentionally interfering with work. From navigation systems to network access, from the EA-18G Growler electronic warfare aircraft to the shipboard SLQ-32 jammers, the Tenth Fleet quickly integrates with other numbering fleets and regional naval department commanders to meet their mission requirements. The collaboration between the fleet staff is one of the key factors behind the achievements of the Tenth Fleet and one of the reasons for our initial success.

The ability of the staff and commanders at Ft. Meade has improved every month. At present, there are 130 staff officers and commanders in our department, which will increase to about 200 in recent years. This growth rate guarantees that the command will not only increase the number of technical experts, but also increase the number of people with operational experience who can get rid of the numerous challenges related to cyber security.

These challenges include: developing and maintaining the concept of viewing the network as a battle space; providing support across the services to maintain our freedom of movement in the cyberspace; developing cyber operations into a functional area and creating a series of detailed concepts .

As our capabilities continue to grow, we will have better support for fleet and joint exercise capabilities, and through their necessary feedback to improve our combat capabilities in hostile or cyberspace environments. This feedback is very important, and it enables us to assess and improve our capabilities to support freedom of action in the face of stronger threats. These threats will not only affect the Navy or the Department of Defense system, but also civilian users, and they may be sources of non-traditional threats. There is no doubt that the people of non-state entities are also looking for the means and capabilities that affect our networks, so as a country, we must be prepared to deal with these asymmetric challenges and threats.

The US Fleet Cyber ​​Command is also the authoritative operational arm of the Navy in electronic warfare and electromagnetic spectrum operations. By working with other services, we are working hard to develop a comprehensive joint electromagnetic spectrum operational plan. All radio frequency users have proven that it is not enough to defend against dynamic targeted network attacks. We must also have a network protection network in full-dimensional space. ability.

Every day, my staff are working hard to go beyond the traditional field and apply their expertise to the cyberspace field. I am very proud of it. This is the environment we create to nurture and use future domain experts. The Ministry of Defence is not comparable to the industry in terms of monetary subsidies, but we are able to provide our staff with a wider range of education and training opportunities and help them gain leadership experience that is not available elsewhere.

Original Mandarin Chinese:

美國艦隊賽博司令部和美國海軍第十艦隊司令。作為海軍特遣司令部的美國艦隊賽博司令部,是海軍二級司令部,隸屬於海軍作戰司令部,主要任務是指導防禦中的賽博作戰,支援作戰部隊實施威懾、擊退侵犯、保證行動自由。我部任務與其他軍種賽博特遣司令部類似,擔負有在網絡、密碼、信號情報、信息作戰、賽博空間、電子戰以及太空等領域實施作戰行動的獨特任務,以支援海上、陸上作戰力量。海軍作戰需要通過融合傳統作戰能力,拓展新型能力,發展跨越網絡、信號情報系統和電子戰系統的能力,從而實現我部在賽博空間作戰能力方面的全面發展。同樣,我們也擔負有組織指揮海軍全球範圍的密碼作戰,集成信息作戰和太空作戰的任務。

歷史

第十艦隊成立於二戰期間,主要在大西洋發展實施反潛戰能力。那時,我們面臨的是作戰能力大大超越一戰時期的敵對威脅,其改變戰局能力十分強大。沒有任何軍艦的第十艦隊,通過情報融合,創新戰術、技術、流程戰勝了德軍潛艇。如今,重建的第十艦隊仍恪守這些作戰理念。我們與信息戰專家,情報專家,密碼和電子戰專家,以及傳統軍事專家一起,指揮作戰行動,確保作戰行動的靈活性,應對日益變化的敵對威脅。艦隊賽博司令部作戰重點是使海軍具備快速應對網絡威脅能力,保持信息優勢。這一行動框架要求我們要完成網絡作戰防禦的任務。

在現代戰爭中取勝,我們必須要具備在全譜電磁空間內的自由行動能力,其防禦範圍已從普通的電磁干擾擴展到高級的網絡入侵和惡意攻擊。艦隊賽博司令部職能就是分析這種威脅,創新戰術、技術、流程,來防護網絡並保證自由行動能力。

結構

海軍作戰具有動態性,海軍網絡也具有時空複雜性。海軍不僅要配置在各大洋,還要在阿富汗、伊拉克等其它地方支援地面作戰,我們目前有超過1萬名海軍官兵參與這些地面作戰。

艦隊賽博司令部是一個全球性的司令部,具備在世界範圍內保持網絡優勢、實施網絡作戰的能力,並確保在全譜電磁空間指揮賽博作戰行動能力的發揮。由於第十艦隊指揮官是作戰級指揮官,我們司令部也是基於典型海軍任務力量結構而建立的。此力量結構能夠給下級特遣大隊分派地域性任務,為特定密碼需求提供支援。這種特遣部隊編成考慮了多變的情報通報,技術和職責,具備了保障艦隊作戰任務的快速反應能力,並且推動了與美國賽博司令部和軍種賽博部門在局部的交流協作。我們一直在致力於發展一種健壯的組織結構,能夠對各種作戰​​行動提供迅速直接的支援。

網絡戰司令部(CTF1010)負責海軍網絡作戰,其下屬單位包括大西洋和太平洋地區性海軍計算機與遠程通信地面主站(NCTAMS),該主站能夠提供網絡引導、維護和岸艦中繼。海軍賽博防禦作戰司令部(CTF 1020)負責網絡防禦,該單位主要負責監測網絡威脅和監控網絡響應。

諾福克的海軍信息作戰司令部(CTF 1030)專門負責海軍信息作戰,其特遣大隊位於聖地亞哥和惠德貝島。德克薩斯的海軍信息作戰司令部(CTF 1040),喬治亞州的海軍信息作戰司令部(CTF 1050),馬里蘭的海軍信息作戰司令部(CTF 1060),科羅拉多的海軍信息作戰司令部(CTF 1080 )及其覆蓋全球的下屬司令部來負責協同艦隊和戰區作戰。密碼行動由CTF 1000力量結構負責。

休特蘭海軍信息作戰中心(CTF 1090)在我們的研究與開發大隊基礎上建立,其主要任務是為支援艦隊和聯合作戰任務提供戰場準備技術。

外部和內部組織結構圖見下方。

任務的圓滿完成必須要以人員的高效徵募和培訓為基礎,這些人員必須具備敏銳的技術洞察力和將個人技能應用於艦隊網絡防禦行動的能力。我檢查過幾乎所有的作戰司令部,我能夠向委員會保證,海軍擁有一批傑出的作戰人員,他們已經做好準備遂行賽博空間作戰行動。由於賽博空間領域的動態性,我們必須持續推進作戰力量的發展,我們主動設置新的專家官員包括賽博工程師和準尉。國家海軍學院賽博課程的建設也將為學員教育提供新的機遇,這些學員將成為海軍賽博作戰指揮的骨幹力量。

任務

隨著艦隊賽博司令部日趨成熟,我們也在試圖學習利用兄弟軍種的相關技術。作為國家賽博司令部的支援司令部,我們還聯繫了其它軍種部門的人員共同建立深度防禦體系,提高應變能力,增強全球賽博防禦的健壯性和適應性。如果某軍種部門發現、分析、摧毀了某種威脅,該信息將會迅速被分發到其它軍種,使侵入破壞程度最小化並實現聯合響應。

實際上我們已經開始行動了,從一月份成立開始,我們就與國家賽博司令部軍種部門一起,一直在參與支援國家太平洋司令部和太平洋艦隊演習。我們通過考察網絡作戰行動,來增強共享態勢感知能力和協同監督安全能力。我們還與工業界、學術界和聯邦基金研究發展中心開展合作,學習利用他們的知識和能力。商業部門推動著賽博領域的發展,我們必須獲得他們的能力和資金支持。

跨領域間的協調與相互作用是極其重要的。保障系統安全或者網絡防禦工作必須要同阻止我方系統無意干擾工作協調開展。從導航系統到網絡訪問,從EA-18G咆哮者電子戰飛機到艦載SLQ-32干擾機,第十艦隊都迅速集成其它編號艦隊及地區海軍部門指揮官,並滿足其任務需求。艦隊參謀間的協作是第十艦隊成就背後的關鍵因素之一,也是我們取得初始成功的原因之一。

在Ft. Meade的參謀和指揮人員的能力素質每個月都有提高。目前我部指揮參謀人員有130名,在近幾年將會增加到200名左右。這個增長速率保證司令部不僅要增加技術專家型人員,還要增加哪些富有作戰經驗的人員,他們能夠從賽博安全相關的大量挑戰中擺脫出來。

這些挑戰包括:發展與保持將網絡視為一個作戰空間的觀念;跨軍種提供支援,保持我方在賽博空間的行動自由;將賽博作戰發展成一個職能領域,並創建一系列詳實的概念。

隨著我們作戰能力的持續發展,我們將具備更好的支援艦隊和聯合演習能力,並通過他們必要的反饋來提高我們在敵對或對抗賽博環境中的作戰能力。這種反饋是非常重要的,它能夠促使我們評估和改進自身能力,從而支持在面對更強大威脅時的行動自由。這些威脅將來不僅僅會影響海軍或者國防部的系統,也會威脅到平民用戶,並且它們可能是一些非傳統威脅來源。毫無疑問,非國家實體的人員也在尋找影響我們網絡的手段和能力,那麼作為一個國家,我們必須做好準備應對這些非對稱的挑戰與威脅。

美國艦隊賽博司令部也是海軍在電子戰和電磁頻譜作戰方面的權威作戰部門。通過與其它軍種協力合作,我們正在努力製定全面的聯合電磁頻譜作戰計劃,所有的無線電頻率用戶都證明,能夠防禦動態定向的網絡攻擊是不夠的,我們還必須具備在全維空間防護網絡行動的能力。

每天,我部人員都在努力超越傳統領域,並將他們的專業知識應用到賽博領域,我為此深感驕傲。這就是我們為培育和使用將來的領域專家所營造的環境。在金錢補助方面國防部是無法同業界進行比較的,但我們能夠為所屬人員提供更為廣泛的教育和培訓機會,並幫助他們獲得其它地方無法取得的領導經驗。

Original referring 2011 url:  http://www.china.com.cn/military/txt/2011-02

Chinese Military Electromagnetic Spectrum Technology Determines the Future Development of Defeating the US at War

Chinese Military Electromagnetic Spectrum Technology Determines the Future Development of Defeating the US at War

For a long time, in order to solve the A2/AD dilemma and achieve a new offset strategy, the U.S. has launched combat operations such as open space/air-sea warfare, cyber-centric warfare, distributed killing, multi-domain warfare, and mixed warfare. With new ideas, we constantly seek military advantages such as missile offensive and defense, cyber-electromagnetics, and multi-domain space. Today, the electromagnetic spectrum war has become the new darling of leading a new round of military theory and technological innovation. Researching and analyzing the status quo and characteristics of the development of the US military’s electromagnetic spectrum combat has important practical significance for our military’s success in defeating the enemy in the information battlefield.

1  Development of Electromagnetic Spectrum Warfare

In 1956, Admiral Sergei Gorschkov, the former Soviet naval commander, pointed out: “Who controls the electromagnetic spectrum, who will win the next war.” Sixty years later, the electromagnetic spectrum has become one of the key battlefields of modern warfare. In order to compete for the advantages of the electromagnetic spectrum in the battlefield, the US military conducted in-depth explorations from combat theory to equipment technology and developed rapidly.

1.1 Evolution of theory

Electromagnetic spectrum control has a long history. In the early 1970s, Thomas H, chairman of the US Senate Association. Moorer said that the winner of World War III will be a party that can highly control and manage the electromagnetic spectrum. The United States “Old Ravens” Association first proposed the use of electromagnetic control (EMC) as the fourth component of the concept of electronic warfare. In 2009, Strategic Command launched the early concept of electromagnetic spectrum warfare (EMSW), and added tasks such as electromagnetic spectrum management (EMSM), electromagnetic spectrum control (EMSC), and electromagnetic battle control (EMBC) on the basis of electronic warfare [1]. In 2012, the Strategic Command established the Joint Electromagnetic Spectrum Control Center (JEMSCC) to achieve full integration of electronic warfare and electromagnetic spectrum management, and each of the units also established corresponding organizational coordination agencies and detachments [2]. In the same year, the US Navy proposed the concept of Electromagnetic Maneuver Warfare (EMMW) [3], and in March 2015 released the “21st Century Maritime Force Cooperation Strategy,” which outlines the goals, components, technology projects, and implementation paths of the electromagnetic maneuver warfare [4]. In December 2015, Terry Halvorsen, chief information officer of the US Department of Defense, pointed out that the electromagnetic spectrum is expected to be considered as the sixth battlefield following land, sea, air, space, and cyberspace [5]; in the same month, the Center for Strategic and Budgetary Assessments Defining Electromagnetic Waves: Regaining U.S. Dominance in the Electromagnetic Spectrum Field[6] The report proposes the concept of “low-zero-power” electromagnetic spectrum warfare, expounding concept ideas, trend features, capabilities and technical requirements and current obstacles, and presenting views, concepts, Procurement, technical, verification, etc. At the end of November 2016, the 53rd International Conference of the “Old Ravens” Association of the United States took the theme “Global Vision of Electromagnetic Spectrum Operations” as the theme to demonstrate the new concepts and technical achievements of electronic warfare, spectrum sensing and conflict resolution, and explored the electromagnetic spectrum operational environment. Policy regulations, equipment procurement, joint training and combat capabilities, etc. [7]. In January 2017, the new Secretary of Defense Ashton Carter signed the first “Electronic Warfare Strategy” document, officially establishing the electromagnetic spectrum as an independent operational domain and elaborating on how to conduct operations [8].

1.2 Policies and Orders

Strategic policies and military doctrines reflect the development of the US military’s combat theory. From 2006 to 2014, the US Department of Defense updated the “Electromagnetic Spectrum Strategy” to focus on advancing strategic objectives such as development of spectrum equipment, flexibility of spectrum operations, spectrum management, and improvement of policy response capabilities [9]; Strategic Command released in August 2010. Winning the 21st Century Economic and Security Advantage: Strategic Framework for Electromagnetic Spectrum Control, building an electromagnetic spectrum control system architecture from multiple perspectives including objectives, requirements, strategic development, etc. [10]; the Joint Venture Association has promulgated JP6-01 “Joint” in March 2012. “Electromagnetic Spectrum Management Action” joint publication [11], signed in December 2012 CJCSM3320.01C “Chairman’s Handbook of Joint Electromagnetic Spectrum Management Operations in Electromagnetic Operation Environment” [12], issued CJCSI3320.01D “Joint Electromagnetic Spectrum” in January 2013 Operational Instructions [13] and CJCSM 3320.04 “Electronic Warfare Supporting Combined Electromagnetic Spectrum Operations” Manual [14]. In March 2015, the “Electromagnetic Spectrum Operational Joint Concept” document [15] was signed, which systematically stated that the Joint Forces launched electromagnetic spectrum combat operations. Strategic vision, organizational structure and functions, command and management relationships, plan formulation and operational implementation, operational integration and action synergy, and gradually Tactical, technical, and program (TTP) refinement of control, interference cancellation, spectrum management, and electronic warfare reprogramming, etc.; US Army released TRADOC P525-7-16, “The US Army’s Future Modular Force Conceptual Capability in December 2007 Plan 2015-2024 – Electromagnetic Spectrum Operation Manual [16]. Field regulations FM6-02.70 “Army Electromagnetic Spectrum Operations” [17] were issued in May 2010. Field Manual FM3-38 “Network Electromagnetic Actions” was issued in January 2014. [18] Published in December 2015, ATP6-02. 70 “Electromagnetic Spectrum Management Combat Operations Skills” [19], updated in February 2016 AR525-15 “Network Reconfiguration of Electromagnetic Action Software” provisions [20], US Air Force updated 2017 AFI10-703 “electronic warfare integrated reprogramming” instructions [21] Define the concept of electromagnetic spectrum operations under the guidance of joint directives, and elaborate on issues such as organization and responsibilities, operational architecture, plan development and coordination control, task list and decision process, action team and management tools, and DOTMLPF, and promote electromagnetics. The integration of spectrum operations, electronic warfare, and cyberspace warfare. In addition, Kevin D, head of the United States Joint Force Development Department. In October 2016, Scott signed the JDN3-16 “Joint Electromagnetic Spectrum Operation” bulletin[22], standardized terminology and operational framework standards, and made a procedural description of the functional roles, organization, planning, operational implementation, and evaluation. It was awarded the Joint Spectrum Interference Cancellation Program CJCSM3320.02D signed in January and March 2013 by the Joint Committee, CJCSI3320.02F Joint Spectrum Interference Cancellation, and CJCSI3320.02E-1 Joint Spectrum Interference in February 2014. The three major regulations [23][24][25] to eliminate the confidentiality of the program were the important operational support and became the latest guidance for the US military’s electromagnetic spectrum warfare.

1.3 Equipment and Technology

Military technology leads and supports advanced operational concepts. To transform the concept of electromagnetic spectrum warfare from concept to capability, the U.S. military is striving to develop technological innovation and equipment development, and to develop new systems featuring networking, dexterity, multifunction, miniaturization, and adaptability.

On the spectrum management and control system[19][26], the US Department of Defense has developed and deployed the Allied Nations Joint Spectrum Management Planning Tool (CJSMPT) and the Global Electromagnetic Spectrum Information System (GEMSIS) since 2005, followed by the Spectrum XXI and the Modified Spectrum XXIO, Spectrum. Perception Management and Planning System (SSC-SSMPS), Spectrum Situational Sensing System (S2AS), Maritime Electromagnetic Spectrum Operational Action Project (AESOP), Joint Automatic Communication Electronic Action Instruction System (JACS), Host Country Global Online Spectrum Database, etc., with real-time spectrum Measurement and online analysis, spectrum planning and deduction and frequency allocation, electromagnetic interference analysis and conflict elimination, electromagnetic warfare environment modeling simulation, electromagnetic situation sharing and frequency efficiency evaluation, spectrum resource access and database functions and capabilities.

In combat equipment and technology projects [3][26][27], in 2011, the DARPA began to initiate behavioral learning adaptive electronic warfare (BLADE), adaptive radar confrontation (ARC), extreme radio frequency spectrum CommEx, Active Electronic Scan Array (AESA) technology, Near Zero-Power Radio Frequency and Sensor Operation (N-ZERO), under the conditions of the project, through the development of new technologies such as real-time evaluation of countermeasures, autonomous generation of measures, immediate feedback of effects, etc. Unknown waveform and behavioral electromagnetic spectrum threats Real-time tactical confrontation new capabilities; In 2010, the Air Force launched a Cognitive Jammer and HiPERDAC project based on Networked Software Defined Architecture (SDA) and passive RF PRIDE, SWEATER, and CHAMP (Eliminate High-Power Microwave Advanced Missiles) to develop active and passive target threat automatic recognition, real-time assessment and adaptive confrontation technologies and capabilities The US Navy conducts a maritime electronic warfare improvement (SEWIP-Block I/II/III) SLQ-32 shipboard electronic warfare system and ship signalling Equipment (SSEE), electromagnetic command and control (EMC2), integrated mast (InTop) shipborne antenna, next-generation jamming machine (NGJ) and other projects to improve real-time threat assessment and situational awareness, mission program modeling simulation, automatic distribution of electromagnetic spectrum , Combat Operations Analysis and other capabilities; the US Army launched the Electronic Warfare Planning and Management Tool (EWPMT) and Multi-Functional Electronic Warfare (MFEW), Defensive Electronic Assault (DEA) and Silencer Electronics scheduled for September 2016 Warfare and other systems enhance the electronic support for the perception of radio signals and the ability to send electronic signals that interfere with or deceive signals. Earlier this year, the Strategic Command Joint Electronic Warfare Center (JEWC) initiated research on new technologies that provide improved electromagnetic battle management capabilities for electromagnetic spectrum situational awareness and command and control, and plans to implement real-time strategy-based spectrum control and advanced electromagnetic battle sequences (EOB) within five years. ) Characterization and action plan modeling, simulation, analysis, and other capabilities and achieve 7-8 level of technology maturity [28]. Driven by cognitive EW and artificial intelligence technologies, DARPA launched the Radio Frequency Machine Learning System (RFMLS) and Spectrum Joint Challenge Program on August 11, 2017 to develop automatic identification and characterization of target signals from a large number of complex spectrum signals. New technology [29].

2  Joint Electromagnetic Spectrum Theory

The electromagnetic spectrum warfare is the latest theory of information warfare of the US military in the 21st century. As research and understanding continue to deepen, the U.S. military will gradually place new strategic ideas as tactics and tactical measures. In order to unify the battlefield electromagnetic spectrum utilization and control actions, the U.S. military issued a series of directives, regulations, regulations, and other documents to publish a summary of the JDN3-16 “Joint Electromagnetic Spectrum Operation” regulations, and standardized the operational concept, mission category, organization, and combat planning and implementation. Evaluation and so on.

2.1 Basic concepts

Electromagnetic Spectrum Operations (EMSO) is the conceptual starting point for the US military’s electromagnetic spectrum warfare theory. It is based on electronic warfare and spectrum management and is based on joint electromagnetic spectrum operations. The goal is to achieve electromagnetic spectrum advantages in electromagnetic operating environment (EMOE), involving spectrum management operations, joint electromagnetic spectrum operations (JEMSO) and joint electromagnetic spectrum. Management actions and other concepts. According to the US military regulations JP1-02 “Defense Ministry Military Terms Glossary” [30], JP6-01 “Joint Electromagnetic Spectrum Management Action”, JDN3-16 “Joint Electromagnetic Spectrum Operations” and ATP6-02.70 “Electromagnetic Spectrum Management Combat Operations Skills” , United electromagnetic spectrum operations are coordinated military operations carried out by two or more units for use, attacks, protection and management of operational electromagnetic environment. The electromagnetic spectrum management action refers to the interaction between the spectrum management, frequency allocation, host country coordination, policy compliance, and conflict resolution in the entire phase of military operations to jointly promote the planning, management, and implementation of operations within the electromagnetic operations environment. The relationship between various concepts and categories is shown in Figure 1.

Fig. 1 Diagram of related concepts of electromagnetic spectrum operations [19]

2.2 Task Domain Positioning

The U.S. military believes that the joint electromagnetic spectrum combat mission domain is composed of four-dimensional missions of electromagnetic spectrum utilization, management, attack, and protection. Among them, missions include signal intelligence gathering, distribution, and electronic warfare support. Management tasks include electromagnetic spectrum management and electromagnetic battle management. Missions have electronic attacks and navigation warfare, protection tasks have electronic protection and joint spectrum interference cancellation. The operational concept aims to operationally integrate the electromagnetic spectrum operations of the joint forces in the electromagnetic operating environment, establish key priorities, organize action coordination, and eliminate conflicts. Through the full integration of electromagnetic maneuvering schemes, strength and action to strengthen coordination and unification, the electromagnetic spectrum of the battlefield is realized. control. It plays a key role in the formation of joint operational capability in all operational areas, and has a profound impact on the joint forces’ command and control, intelligence, firepower strikes, adjustment and mobility, protection, and maintenance of operational capabilities.

2.3 Organizational Framework

The organization of the joint electromagnetic spectrum operations is responsible for the formulation and publication of policy directives and operational guidelines for commanders and commanders, and for combat planning, operational implementation, coordination of operations, and operational evaluation. The person in charge of electromagnetic spectrum control assigned by the Joint Force Commander shall assume the overall responsibility for the joint electromagnetic spectrum operations. The Joint Electromagnetic Spectrum Operations Unit (JEMSOC) is the chief staff of the Joint Force, and the person in charge of electromagnetic spectrum control assigns a supervisor to direct the command. Each service set up an electromagnetic spectrum operations division, each of which administers an electromagnetic spectrum operational unit, and assumes the functions of integrated network operations, electronic warfare, and spectrum management operations. They are the Army’s electronic warfare officer’s network of electromagnetic action units and the Navy’s maritime operations. The operational center electromagnetic spectrum operational unit, the Air Force air operations center electronic warfare coordination unit, the Marine Corps Combat Development and Integration Command’s cyberspace and electronic warfare coordination unit, and the Multinational Force Joint Staff Operations Department’s contracted electronic warfare coordination unit. The Joint Electromagnetic Spectrum Operational Organization of the Joint Force is shown in Figure 2. The joint electromagnetic spectrum combat unit architecture is shown in Figure 3.

Figure 2 Electromagnetic Spectrum Operational Organization

Figure 3 Joint Electromagnetic Spectrum Operations Unit Architecture

2.4 Combat Planning Process

Joint electromagnetic spectrum combat planning is jointly completed by all levels of joint electromagnetic spectrum combat units. During task analysis, the combat plan development team develops a staff assessment plan to determine the electromagnetic spectrum support degree in the formulation and analysis of the action plan as a strategic basis for achieving the advantages of the electromagnetic spectrum; after the action plan is selected, joint electromagnetics are developed. The spectrum operations appendix describes mission tasks, priorities, policy strategies, process steps, and implementation procedures for the entire operational phase, establishing coordination measures, specific procedures, and engagement rules for the use of electromagnetic battle management and control systems in the joint operations domain; The Ministry submits its own electromagnetic spectrum operations plan and integrates it into this appendix. During the planning and implementation of the plan, the Joint Electromagnetic Spectrum Operations Unit strengthens the electromagnetic spectrum operations plans of each division and participates in the development of various divisions, establishment of priorities, establishment of operational integration and operational coordination, and the creation of an electromagnetic spectrum control plan. Then, the updated electromagnetic spectrum control plan is adjusted to start the joint electromagnetic spectrum combat implementation cycle to generate an electromagnetic spectrum control sequence that guides the use of the electromagnetic spectrum of the joint force. The combat planning process is shown in Figure 4.

Figure 4 Joint Electromagnetic Spectrum Combat Plan Development Process

2.5 Operational methods

The joint electromagnetic spectrum operations implementation process is a continuous cycle of planning, implementation and evaluation. The united electromagnetic spectrum combat unit completes the formulation of the electromagnetic spectrum control plan and the electromagnetic spectrum control sequence, and establishes the combat cycle for combat operations. After the approval of the person in charge of electromagnetic spectrum control, it publishes and organizes the implementation to each branch’s combat unit and unit. The electromagnetic spectrum combat unit fully participates in the key combat flow of the joint force and adjusts the update plan and sequence in time according to the user needs of the subunits and the electromagnetic spectrum of the battlefield during the operation period to ensure that each electromagnetic spectrum control sequence is effectively generated and efficiently Released and executed. The basic processes are: Formulation and release of control plans, update of control plans for each division, preparation of operational plans, generation and distribution of control sequences, execution and adjustment of operational implementation plans and control sequences, and monitoring and guidance of operational processes. The operational implementation cycle is shown in Figure 5.

Figure 5 Joint Electromagnetic Spectrum Operational Implementation Cycle

3  Electromagnetic Spectrum Combat Development Characteristics

New military capabilities cannot be separated from the new system. As an operational concept that responds to new military challenges in the era of information networks, big data, and artificial intelligence, electromagnetic spectrum warfare has become a new direction for the development of the combat effectiveness of the US military. In order to deepen understanding and be efficient and practical, the U.S. military has pushed the new concept to the battlefield from many dimensions, including the development of policy directives, organization and force adjustment, equipment systems and new technology research and development.

3.1 Reinforce basic concepts and theoretical understanding based on policy directives, promote operational concepts and implement operations

Thought leads action. The U.S. military is good at innovative operational concepts and the concept of electromagnetic spectrum warfare is no exception. The first is to focus on clarifying the concept core and uniting the concept. During the early years of the development of the electromagnetic spectrum warfare, new concepts for the new combat domain were always being demonstrated. The military led high-level forums such as the “Old Ravens” and other professional military and military forums to analyze the related theories involved in the concept, exchange technology development and application methods, and promote deeper understanding. At the same time, in the strategic documents and top-level regulations, the relevant old and new policies were gradually sorted out. The links and distinctions between concepts, and the analysis of their categories and task areas, are increasingly contributing to the clear definition of concepts and the formation of theoretical systems. The second is to use operations on the battlefield, and refine the rules step by step. The U.S. military has always attached importance to the concept of combat to the implementation of warfare and technical measures. It took only about three years from the conception of the electromagnetic spectrum to the entry directives and from the joint directive to the arms and military operational manuals and the TTP. The US Army even established a concept blueprint for the use of battlefields before the Joint Staff. Joint operational and operational guidance for systemic operations at the level of the joint level to the unit level.

3.2 Establish an efficient and integrated force structure based on intrinsic power, and strive to use the full cycle of coordination and order in the battlefield

The troops are the carrier of operations. The U.S. military attaches great importance to the optimization and integration of new concept combat forces and existing capabilities. The first is to focus on the overall planning of the capability system. The trajectory of the capabilities of the US military’s electromagnetic spectrum warfare and cyberspace operations is similar. From the Joint Staff Headquarters, the Joint Forces Command to the military arms, set up combat seats and corresponding implementation teams, and establish a full-flow operation mechanism for operational planning, accusation, implementation, and evaluation to form an efficient and smooth capability integration system. The second is to emphasize the coordination and integration of existing institutions and new forces. Through the clarification of the responsibilities and interrelationships of institutions and forces involved in new capabilities in a timely manner, action-oriented operational procedures and implementation procedures are formulated, and even the relevant regulatory templates for coordination activities are promoted to facilitate the whole-system action coordination of electromagnetic spectrum operations and other mission domains. Orderly. The third is relying on actual drills to verify their capabilities in a timely manner. Based on the new concepts of combat and capability goals, the practice of offensive and defensive battles in the field of electromagnetic spectrum is rapidly promoted, and corrections are made during operational trials. The U.S. Army formed an independent electromagnetic spectrum warfare unit of the 1st battlefield network warfare group from February to May last year and plans to participate in an exercise organized by a regional battle commander at the end of the year [31]; the U.S. Air Force is in the “battle shield” exercise. In response to the “Spectrum Interference Elimination Project”, radar EW system evaluation [5] was implemented.

3.3 Promote the pre-research of the new concept equipment system with the support of scientific and technological strength, transform the high technology into the advantage of combat effectiveness

Strong army must have weapon. High-tech equipment is an important way to give birth to newcomer warfare capabilities. The first is to excavate new battlefield changes and assess new demands. The US Department of Defense’s “Electromagnetic Spectrum Strategy” in 2014 pointed out that it is necessary to quantify spectrum requirements and develop the equipment and technologies needed for the electromagnetic environment to enhance real-time spectrum operation and electromagnetic spectrum system real-time identification, prediction and interference cancellation capabilities [9]. From the bottom up to the top, the U.S. military has established a demand collection and integration mechanism for the deployment and deployment of equipment systems and applications. It collects and sorts regularly and conducts special investigations and demonstrations with the aid of the government audit department, Rand Corporation, and a special panel of institutes. The analysis results can be Directly providing decision support for the Ministry of Defense and the Joint Staff Association, it forms an unobstructed demand management evaluation system, and injects activators for the development of electromagnetic spectrum warfare equipment and the development of new combat capabilities. The second is to pay attention to the integration of pre-research technology to equipment system applications. The U.S. military equipment system development will be based on national defense information architecture standards. It will have system processes and capabilities such as simulation modeling, pre-research, technology integration, and application verification. It will focus on the simultaneous improvement of existing models and the development of new research and development of smart technology and equipment systems. “Determining Electromagnetic Waves” pointed out that the important features of the electromagnetic spectrum warfare in the new phase are passive sensor applications and the use of “low-zero-power” capabilities to counteract the enemy’s anti-electromagnetic confrontation, and intelligent technologies and equipment are the future dominant [6]. The pre-research and integration of electromagnetic spectrum warfare technology and equipment will also be able to achieve a more optimal way to upgrade military capabilities to technological capabilities, integrate cutting-edge technologies with mature methods, and integrate specialized systems into integrated platforms, thus achieving a seamless leap in combat effectiveness.

 

Original Mandarin Chinese:

电磁频谱技术决定未来战争赢家 美军发展现状需警惕

 

長期以來,為破解反進入/區域拒止(A2 / AD)困局,達成新的抵消戰略,美軍先後推出空地/空海一體戰,網絡中心戰,分佈式殺傷,多域戰和混合戰爭等作戰新思想,不斷謀求導彈攻防,網絡電磁和多域空間等軍事優勢。如今,電磁頻譜戰成為引領新一輪軍事理論和技術創新的新寵。研究和剖析美軍電磁頻譜作戰發展現狀與特點,對於我軍在信息戰場禦敵制勝具有重要現實意義。

1電磁頻譜戰發展現狀

1956年,前蘇聯海軍司令Sergei Gorschkov上將指出:“誰控制了電磁頻譜,誰將贏得下一場戰爭”。六十年後,電磁頻譜成為現代戰爭的關鍵作戰域之一。為爭奪戰場電磁頻譜優勢,美軍從作戰理論到裝備技術進行深入探索,發展迅猛。

1.1理論發展沿革

電磁頻譜控制由來已久。上世紀70年代初,美參聯會主席Thomas H. Moorer稱,第三次世界大戰的勝利者將是能高度控制和管理電磁頻譜的一方。美國“老鴇鴉”協會最早提出將電磁控制(EMC)作為電子戰概念的第四組成部分。2009年,戰略司令部推出電磁頻譜戰(EMSW)早期概念,在電子戰基礎上增加電磁頻譜管理(EMSM),電磁頻譜控制(EMSC),電磁戰鬥控制(EMBC)等任務內容[1]。2012年,戰略司令部建立聯合電磁頻譜控制中心(JEMSCC),旨在實現電子戰和電磁頻譜管理全面集成,各部隊也分別建立相應的組織協調機構和分隊[2]。美海軍同年提出電磁機動戰(EMMW)概念[3],並在2015年3月發布“21世紀海上力量合作戰略”,概要闡述了電磁機動戰目標,構成,技術項目和實現路徑[4]。2015年12月,美國防部首席信息官TerryHalvorsen指出,電磁頻譜有望被視作繼,海,空,天,賽博空間之後第六作戰域[5];同月,戰略與預算評估中心在“決勝電磁波:重拾美國電磁頻譜領域主宰地位”[6]報告中提出“低 – 零功率“電磁頻譜戰概念,闡述了概念思想,趨勢特點,能力和技術需求及當前障礙並提出視圖,概念,採辦,技術,驗證等方面建議。2016年11月底,美國”老鴇鴉“協會第53屆國際研討會以“電磁頻譜作戰全球視野”為主題,展示電子戰,頻譜感知與衝突消除的新概念與技術成果,探討電磁頻譜作戰環境,政策條令,裝備採辦,聯合訓練與作戰能力等[ 7]。2017年1月新任國防部長Ashton Carter簽署首部“電子戰戰略”文件,正式確立電磁頻譜為獨立作戰域並闡述如何實施作戰[8]。

1.2政策與條令

戰略政策與軍事條令集中體現美軍作戰理論發展。美國防部2006年至2014年多版更新“電磁頻譜戰略”,聚焦推進頻譜裝備發展,頻譜行動靈活性,頻譜管理和政策響應能力提升等戰略目標[ 9];戰略司令部2010年8月發布“贏得21世紀經濟與安全優勢:電磁頻譜控制戰略框架”,從目標,需求,戰略開發等多角度構建電磁頻譜控制體系架構[10];參聯會先後於2012年3月頒布JP6-01“聯合電磁頻譜管理行動”聯合出版物[11],2012年12月簽頒CJCSM3320.01C“電磁作戰環境中聯合電磁頻譜管理行動”主席手冊[12], 2013年1月簽發CJCSI3320.01D“聯合電磁頻譜作戰”指示[13]和CJCSM3320.04“電子戰支援聯合電磁頻譜作戰”手冊[14],2015年3月簽署“電磁頻譜作戰聯合概念”文件[ 15,系統闡明聯合部隊開展電磁頻譜作戰行動的戰略願景,組織機構與職能,指揮與管理關係,計劃制定與作實施,作戰集成與行動協同等內容,並逐步向電磁控制,干擾消除,頻譜管理和電子戰重編程等操作層的戰術,技術與程序(TTP)細化;美陸軍於2007年12月發布TRADOC P525-7-16“美陸軍未來模塊化部隊概念能力計劃2015-2024–電磁頻譜作戰”手冊[16],2010年5月頒布野戰條令FM6-02.70“陸軍電磁頻譜作戰”[17],2014年1月頒布野戰手冊FM3-38“網絡電磁行動”[18],2015年12月發布出版物ATP6-02.70“電磁頻譜管理作戰行動技能”[19],2016年2月更新AR525-15“網絡電磁行動軟件重編程“規定[20],美空軍2017年更新AFI10-703”電子戰集成重編程“指示[21],在聯合條令指導下界定電磁頻譜作戰概念範疇,深度闡述機構與職責,作戰架構,計劃制定與協調控制,任務清單與決策流程,行動分隊與管理工具及DOTMLPF等問題,並促進電磁頻譜作戰,電子戰與網絡空間戰的融合。此外,美聯合部隊開發部主管Kevin D. Scott於2016年10月簽署JDN3-16“聯合電磁頻譜作戰”條令紀要[22],規範了術語和作戰框架標準,對職能角色,組織機構,計劃制定,作戰實施和評估作了程序性描述,它以參聯會2013年1月和3月簽頒的CJCSM3320.02D“聯合頻譜干擾消除程序”,CJCSI3320.02F“聯合頻譜干擾消除”和2014年2月的CJCSI3320.02E-1“聯合頻譜干擾消除程序保密增本”三大條令[23] [24] [25]為重要操作支撐,成為美軍電磁頻譜戰最新指導。

1.3裝備與技術

軍事技術引領和支撐先進作戰理念。為將電磁頻譜戰從概念轉化為能力,美軍極力開展技術創新和裝備研發,發展具有網絡化,靈巧化,多功能,小型化和自適應等特徵的新系統。

在頻譜管控系統上[19] [26],美國防部自2005年開發部署同盟國聯合頻譜管理規劃工具(CJSMPT)與全球電磁頻譜信息系統(GEMSIS),隨後的頻譜XXI與改進型頻譜XXIO,頻譜感知管理與規劃系統(SSC-SSMPS),頻譜態勢感知系統(S2AS),海上電磁頻譜作戰行動項目(伊索),聯合自動通信電子行動指令系統(JACS),東道國全球在線頻譜數據庫等,具備實時頻譜測量與在線分析,頻譜籌劃推演與頻率分配,電磁干擾分析與衝突消除,電磁作戰環境建模仿真,電磁態勢共享與用頻效能評估,頻譜資源接入與數據庫等功能與能力。

在作戰裝備與技術項目上[3] [26] [27],2011年,預先研究計劃局(DARPA)開始啟動行為學習自適應電子戰(刀片),自適應雷達對抗(ARC),極端射頻頻譜條件下通信(CommEx),主動電子掃描陣列(AESA)技術,近零功耗射頻和傳感器運行(N-ZERO)等項目,通過對抗行為實時評估,措施自主生成,效果即時反饋等新技術開發針對未知波形和行為的電磁頻譜威脅實時戰術對抗新能力; 2010年,空軍啟動基於網絡化軟件定義架構(SDA)的認知干擾機與大功率高效射頻數模轉換器(HiPERDAC)項目以及無源射頻識別環境(PRIDE),頻譜戰評估技術工程研究(衫),反電子高功率微波先進導彈(CHAMP)等項目,發展有源和無源目標威脅自動感知識別,實時評估和自適應對抗技術與能力;美海軍開展海上電子戰改進(SEWIP-塊1 / II / III)SLQ-32艦載電子戰系統,艦船信號探裝備(SSEE),電磁指揮與控制(EMC2),集成桅杆(InTop)艦載天線,下一代干擾機(NGJ)等項目,提升實時威脅評估與態勢感知,任務方案建模仿真,電磁頻譜自動分配,作戰行動分析等能力;美陸軍啟動計劃在2016年9月投入使用的電子戰規劃與管理工具(EWPMT)和多功能電子戰(MFEW),防禦性電子攻擊(DEA)和“消音器”電子戰等系統,增強射頻信號感知的電子支援和發送干擾或欺騙信號的電子攻擊能力。今年初,戰略司令部聯合電子戰中心(JEWC)啟動面向電磁頻譜態勢感知與指揮控制提供改進電磁戰鬥管理能力的新技術研究,計劃5年內實現基於策略的實時頻譜管控,先進電磁戰鬥序列(EOB)表徵和行動方案建模仿真分析等能力並達到7-8級技術成熟度[28]。在認知電子戰和人工智能技術推動下,DARPA在2017年8月11日又啟動了射頻機器學習系統(RFM LS)和頻譜聯合挑戰項目,開發從大量複雜頻譜信號中自動區分和表徵目標信號的新技術[29]。

2聯合電磁頻譜作戰理論

電磁頻譜戰是美軍21世紀信息作戰最新理論。隨著研究和認識的不斷深化,美軍逐步將新的戰略思想落地為戰法和戰術措施。為統一戰場電磁頻譜利用與控制行動,美軍綜合一系列指示,條令,規程等文件出版JDN3-16“聯合電磁頻譜作戰”條令紀要,規範了作戰概念,任務範疇,組織機構,作戰籌劃與實施及評估等。

2.1基本概念

電磁頻譜作戰(EMSO)是美軍電磁頻譜戰理論的概念基點。它以電子戰和頻譜管理為基礎,以聯合電磁頻譜作戰為實現方式,目標是在電磁作戰環境(EMOE)中達成電磁頻譜優勢,涉及頻譜管理行動,聯合電磁頻譜作戰(JEMSO)和聯合電磁頻譜管理行動等概念。根據美軍條令JP1-02“國防部軍事術語詞典”[30],JP6-01“聯合電磁頻譜管理行動”,JDN3 -16“聯合電磁頻譜作戰”和ATP6-02.70“電磁頻譜管理作戰行動技能”界定,聯合電磁頻譜作戰是由兩個或兩個以上部隊開展的用於利用,攻擊,防護和管理電磁作戰環境的協同軍事行動。電磁頻譜管理行動是指在軍事行動全階段共同促成計劃,管理和實施電磁作戰環境內作戰行動的頻譜管理,頻率分配,東道國協調,政策遵循,衝突消除等相互聯繫的功能。各概念間關係與範疇如圖1。

圖1電磁頻譜作戰相關概念關係圖[19]圖1電磁頻譜作戰相關概念關係圖[19]

2.2任務域定位

美軍認為,聯合電磁頻譜作戰任務域由電磁頻譜利用,管理,攻擊和防護四維度任務構成,其中,利用任務有信號情報蒐集分發和電子戰支援,管理任務有電磁頻譜管理和電磁戰鬥管理,攻擊任務有電子攻擊和導航戰,防護任務有電子防護和聯合頻譜干擾消除。該作戰概念旨在對電磁作戰環境中的聯合部隊電磁頻譜行動進行作戰集成,確立重點優先事項,組織行動協同和衝突消除,通過充分集成電磁機動方案,力量和行動強化協調統一,實現戰場電磁頻譜控制。它在各作戰域的聯合作戰行動能力形成中扮演著關鍵角色,對聯合部隊的指揮控制,情報,火力打擊,調整與機動,防護,行動能力維持等職能作用發揮產生深刻影響。

2.3組織機構框架

聯合電磁頻譜作戰的組織機構負責為指揮官和司令部制定和發布政策指示與行動指南,進行作戰計劃制定,作戰實施,行動協調和作戰評估。由聯合部隊指揮官指派電磁頻譜控制負責人承擔聯合電磁頻譜作戰總職責。聯合電磁頻譜作戰單元(JEMSOC)是聯合部隊的主要參謀部,由電磁頻譜控制負責人委派一名主管統一指揮。各軍種設立電磁頻譜作戰分部,各下轄一個電磁頻譜作戰分隊,承擔集成網電作戰,電子戰和頻譜管理行動的職能,分別為陸軍的電子戰軍官所轄網絡電磁行動分隊,海軍的海上作戰中心電磁頻譜作戰分隊,空軍的空中作戰中心電子戰協調單元,海軍陸戰隊的戰鬥開發與集成司令部下屬網絡空間與電子戰協調單元,多國部隊聯合參謀部作戰處所屬合同電子戰協調單元。聯合部隊所屬聯合電磁頻譜作戰組織機構如圖2,聯合電磁頻譜作戰單元架構如圖3。

圖2電磁頻譜作戰組織機構圖2電磁頻譜作戰組織機構

圖3聯合電磁頻譜作戰單元架構圖3聯合電磁頻譜作戰單元架構

2.4作戰籌劃流程

聯合電磁頻譜作戰籌劃工作由各級聯合電磁頻譜作戰單元共同完成。在任務分析時,作戰計劃制定隊伍制定一份參謀部評估方案,用於在制定和分析行動方案中確定電磁頻譜支持度,作為達成電磁頻譜優勢的戰略基礎;行動方案選定後,制定聯合電磁頻譜作戰附錄,描述作戰全階段的使命任務,優先事項,政策策略,流程步驟和實施程序,為在聯合作戰域使用電磁戰鬥管控系統建立協調措施,具體程序和交戰規則;同時,聯合部隊各分部報送各自電磁頻譜作戰計劃並集成到該附錄在計劃制定與行動實施期間,聯合電磁頻譜作戰單元加強各分部電磁頻譜作戰計劃並參與各分部需求制定,優先事項確立,作戰集成與行動協同,並生成一份電磁頻譜控制計劃。隨後,調整更新後的電磁頻譜控制計劃啟動聯合電磁頻譜作戰實施週期環,生成指導聯合部隊磁頻譜使用的電磁頻譜控制序列。作戰籌劃流程如圖4。

圖4聯合電磁頻譜作戰計劃制定流程圖4聯合電磁頻譜作戰計劃制定

2.5作戰實施方式

聯合電磁頻譜作戰實施過程是一個計劃,實施和評估的連續循環週期。聯合電磁頻譜作戰單元完成電磁頻譜控制計劃和電磁頻譜控制序列的制定,確立作戰行動的戰鬥週期,經電磁頻譜控制負責人批准,向各分部作戰單元和分隊發布並組織實施。電磁頻譜作戰單元全週期完整參與聯合部隊關鍵戰鬥流程,並根據作戰時段內各分部所屬分隊的用戶需求和戰場電磁頻譜態勢及時調整更新計劃與序列,確保每份電磁頻譜控制序列有效生成,高效下達和執行基本過程為:制定與發布控制計劃,更新各分部控制計劃,準備作戰計劃,生成和分發控制序列,執行和調整作戰實施計劃與控制序列,監測和指導作戰進程,作戰實施週期如圖5。

圖5聯合電磁頻譜作戰實施週期圖5聯合電磁頻譜作戰實施週期

3電磁頻譜作戰發展特點

軍事新能力離不開新體系支撐。作為應對信息網絡,大數據和人工智能時代軍事新挑戰的作戰理念,電磁頻譜戰一經提出就成為美軍戰鬥力發展新方向。為力求深化認識且高效實用,美軍從政策條令建設,組織機構與部隊調整,裝備系統與新技術研發等多個維度將新概念推向戰場。

3.1以政策條令為依據強化基本概念與理論認知,推動作戰理念向執行操作落地

思想引領行動。美軍擅長創新作戰理念,電磁頻譜戰概念也不例外。一是注重釐清概念核心,統一理念認知。電磁頻譜戰發展的早期數年,始終在論證面向新作戰域的新概念。軍方主導“老鴇鴉”等專業性軍地高層論壇,分析概念所涉及的相關理論,交流技術發展和應用方式,推動認識深化,同時,在戰略性文件和頂層條令中,逐步梳理相關聯新舊概念間的聯繫與區別,剖析其範疇與任務域,以此日益促成概念的清晰界定和理論體系成型。二是面向戰場運用操作,逐層細化條令。美軍歷來重視將作戰概念向執行層戰,技術措施細化落地。電磁頻譜戰從概念提出到進入條令和從聯合條令到軍兵種配套行動手冊及戰技術規程(TTP)僅用三年左右的時間,美陸軍甚至在聯合參謀部之前建立戰場運用概念藍圖,形成從聯合層面到分隊層面層層銜接,逐項落的系統性作戰運用與操作指南。

3.2以固有力量為基礎建立高效集成的部隊架構,力求戰場運用全週期協調有序

部隊是行動載體。美軍非常重視新概念作戰力量與現有能力的優化集成。一是注重能力體系整體規劃。美軍電磁頻譜戰與網絡空間作戰的能力發展軌跡相似。從聯合參謀部,聯合部隊司令部到軍兵種部隊,設置作戰席位和相應實施分隊,建立作戰計劃,指控,實施和評估的全流程運行機制,形成高效流暢的能力集成體系。二是重視現有機構與新力量協調互融。通過及時明確新能力所涉及機構與力量的職責和相互關係,制定面向作戰的行動流程和實施程序,甚至規定有關協調活動中的制式模板,促成電磁頻譜作戰與其他任務域的全體系全程行動協同有序。三是依托實戰演練及時驗證能力。基於作戰新概念和能力目標迅速推進電磁頻譜領域戰場攻防研練實踐,在作戰試驗中邊驗證邊修正。美陸軍在去年2至5月成立第1戰場網電戰小組的電磁頻譜戰獨立分並計劃年底參加某一地域戰鬥司令部組織的演習[31];美空軍在“戰鬥護盾”演習中為響應“頻譜干擾消除項目”實施了雷達電子戰系統測評[5]。

3.3以科技實力為支撐推進新概念裝備系統預研,將高新技術向戰鬥力優勢轉化

強軍必需利器。高新技術裝備是催生新生作戰能力的重要途徑。一是善於發掘戰場新變化並評估新需求。美國防部2014年“電磁頻譜戰略”指出,要量化頻譜需求,發展電磁環境所需裝備和技術,增強實時頻譜操作和電磁頻譜系統實時識別,預測及干擾消除等能力[9]。美軍由底至頂建立了面向裝備系統研建與作戰部署應用的需求採集與集成機構,在定期蒐集梳理的同時借助政府審計署,蘭德公司和院所專題小組進行專項調研論證,分析結果可直接為國防部和參聯會提供決策支持,形成了暢通有力的需求管理評估體系,為研建電磁頻譜戰裝備和開發新型戰鬥力注入激活劑。二是注重預研技術向裝備系統集成應用。美軍裝備系統研建都會基於國防信息體系結構標準展開,具備仿真建模,預先研究,技術集成,應用驗證等系統流程和完善能力,注重同步進行原有型號改進和新研智能技術裝備系統開發“決勝電磁波”指出,新階段電磁頻譜戰重要特徵是無源傳感器應用和採用“低 – 零功率”。能力對敵進行反電磁對抗,智能化技術和裝備是未來主導[6]。電磁頻譜戰技術裝備預研與集成也將能夠以更優方式實現軍事問題向技術能力升級,前沿技術與成熟方法互融,專用系統向綜合平台集成,進而完成戰鬥力優勢無縫躍升。

Original Source:

http://mil.news.sina.com.cn/jssd/2018-05-03/

Analysis on the Establishment of the Joint Operation Command System by the PLA 中國軍方聯合作戰指揮中心解放軍建構聯合作戰指揮體制評析國防

Analysis on the Establishment of the Joint Operation Command System by the PLA

中國軍方聯合作戰指揮中心解放軍建構聯合作戰指揮體制評析國防

1 六、解放軍建構聯合作戰指揮體制評析 國防大學政治系馬振坤教授 ■ 習近平在去(2015)年 11 月下旬召開中央軍委改革工作會議, 強調要組建戰區聯合作戰指揮機構和健全軍委聯合作戰指揮 機制,以強化軍隊聯合作戰能力。

■ 改革重點在建立一套能夠上下銜接、起承轉合之聯合作戰指 揮中樞機制,在中央軍委層級是將現有總參謀部改組成為直 屬中央軍委之聯合參謀部,對上能讓軍委主席有效行使最高 軍令指揮權;對下則能夠銜接整合各戰區聯合作戰指揮系統。

■ 解放軍在理順組織結構及權力運作模式後,將在組織編制、 軍種功能、武器裝備以及作戰指揮各個面向趨向成熟,可望 提升其作戰能力。

(一)前言 中共於去(2015)年 11 月下旬召開中央軍委改革工作會議,正式 揭開軍隊組織變革之序幕。中央軍委深化國防和軍隊改革領導小組組 長習近平在會中發表重要講話,直指解放軍「必須在 2020 年前在領 導管理體制、聯合作戰指揮體制改革上取得突破性進展、在優化規模 結構、完善政策制度、推動軍民融合發展等方面改革上取得重要成 果,努力構建能夠打贏信息化戰爭、有效履行使命任務的中國特色現 代軍事力量體系,完善中國特色社會主義軍事制度」。

(二)解放軍作戰指揮體系的變革 在習近平揭櫫的軍隊改革具體內容上,他強調要組建戰區聯合作 戰指揮機構和健全軍委聯合作戰指揮機制。透過中央軍委組織職能調 整之頂層設計,習近平要建構「軍委→戰區→部隊」的作戰指揮體系 以強化軍隊聯合作戰能力。 解放軍原本並無聯合作戰指揮體制,其既有之作戰指揮體制係以 從事境內地面持久作戰為主之設計,具體表徵有二,一是解放軍並無 2 陸軍司令部,但海空軍及二炮部隊則自其組建時即成立軍種司令部; 二是中共將全中國大陸劃為七大軍區,作戰時以軍區為基礎轉換為戰 區,採取誘敵深入之戰略遂行地面持久消耗戰。 解放軍僅有海空二炮司令部卻無陸軍司令部並非獨特設計,而是 歷史發展的結果。中共自 1927 年創立紅軍成為其首支武裝力量,至 1949 年組建海軍和空軍之前,其軍隊皆以地面部隊為主,在國共內 戰期間,為方便作戰指揮,堅持以黨領軍以及強化後勤保障,中共在 軍事領導上,採取總部形式作為其軍隊領導管理和作戰指揮機構。而 中共在建政後仍然延續此總參謀部、總政治部、總後勤部之架構,作 為其軍隊領導體制,即便陸續組建海空軍及二炮部隊,並未改變此架 構,反而是將新組建的軍兵種納入此架構中,成為支援地面部隊作戰 的輔助性軍兵種。 因此中共傳統的四大總部領導機制,係以陸軍為主、海空軍及二 炮部隊為輔、適合從事傳統單一軍種地面作戰的軍隊領導機制。此機 制無法適應現代戰爭係屬遠程投射、立體攻防、不同軍兵種聯合作戰 之特性,共軍內部早有變更之議。尤其近年來中共與周邊國家在陸地 領土主權爭議逐漸經由雙邊協商談判獲得解決、陸地邊界之緊張情勢 明顯降低之際,在東海及南海之島礁領土主權及海域劃界爭端卻日形 嚴重。而對應此等緊張情勢者,是海空二炮等軍兵種而非陸軍,爭端 發生之東海、南海區域,亦非南京、廣州軍區戰備任務指向之處。 若依中央軍委賦予兩大軍區之任務,南京軍區是「主管江蘇、安 徽、浙江、江西、福建、上海五省一市軍事事務的大軍區,主要作戰 使命是保衛南京、上海、杭州、福州等東南沿海發達的特大城市和工 業區的安全」。依此內容視之,南京軍區主要作戰範圍並不包括東海 及釣魚臺。再依共軍廣州軍區之主要任務內容視之,該軍區是解放軍 「主管廣東、廣西、湖北、湖南、海南五省區軍事事務的大軍區,戰 時使命為保衛中國南部,尤其防止越南和東海沿海的攻擊,防衛廣 州、深圳等特大城市。此外,當需要時也負責增援香港和澳門」。同 樣地,廣州軍區防務亦不包括南海諸島礁。 3 除大軍區主要戰略方向係向陸而非向海,大軍區指揮職位的設計 上也是以陸軍為主,七大軍區司令員均由陸軍將領出任,各軍區海空 軍司令員在編制上僅為大軍區之副司令員,故軍區海空軍主要作戰任 務係以支援軍區地面部隊作戰為主,而非遂行境外海空域獨立作戰。 但依據中共公布之「2015 中國的軍事戰略報告書」,共軍要「加 快轉變戰鬥力生成模式,運用信息系統把各種作戰力量、作戰單元、 作戰要素融合集成為整體作戰能力,逐步構建作戰要素無縫鏈接、作 戰平台自主協同的一體化聯合作戰體系」,另要「按照權威、精幹、 靈便、高效的要求,建立健全軍委聯合作戰指揮機構和戰區聯合作戰 指揮體制」。顯見中共領導階層深知既有中央軍委與各總部、軍種司 令部間職能區分,以及大軍區制度等,皆無法因應未來戰爭聯合作戰 型態之需求,因而藉由中央軍委組織調整的時機,對於軍隊領導管理 體制和聯合作戰指揮體制進行一體化設計。 (三)現行聯合作戰指揮機構的組建 依據「意見」,為適應一體化聯合作戰指揮要求,應「建立健全 軍委、戰區兩級聯合作戰指揮體制,構建平戰一體、常態運行、專司 主營、精幹高效的戰略戰役指揮體系」,且要「重新調整劃設戰區」。 在軍隊作戰指揮體系上,則要「按照聯合作戰、聯合指揮的要求,調 整規範軍委聯指、各軍種、戰區聯指和戰區軍種的作戰指揮職能」, 部隊訓練則要求必須「與聯合作戰指揮體制相適應,完善聯合訓練體 制」。 在具體組建聯合作戰指揮機構方面,在中央軍委層級是將現有總 參謀部改組成為直屬中央軍委之聯合參謀部,此新成立之「聯參」只 負責中央軍委之聯合作戰指揮事宜,與過去的「總參」總攬對軍隊的 作戰指揮權和領導管理權有很大的差異。更重要者,新的聯合參謀長 不再擁有過去總參謀長對軍隊之最高軍令權,此最高軍令權在中央軍 委職能調整之後,已回歸到中央軍委主席之手,以落實軍委主席負責 制之精神。此聯合參謀部只是一個直屬中央軍委常態存在之作戰指揮 4 機構,故聯合參謀長不論在平時或戰時,都扮演軍委主席在行使軍隊 作戰指揮最高軍令權之幕僚長,而不再是過去總參謀長名為幕僚長, 實際上卻擁有等同陸軍司令員之權力。 將總參謀部改編成為聯合參謀部在具體實踐上確實可行,因為目 前總參謀部除陸軍出身之總參謀長、副總參謀長外,海、空、二炮皆 有擔任副總參謀長,其實已具備聯合作戰指揮機制之雛型。此海空二 炮擔任副總參謀長之將領在原本制度運作下,即是未來接任海空二炮 司令員之必然人選,其在副總參謀長任內,可獲得與其它軍種副總參 謀長溝通協調之經驗,並可在此過程中了解其它軍種之特性以及在執 行作戰任務時必須考量之諸種條件。當此將領擔任軍種司令員後,在 落實中央軍委「一體化聯合作戰」政策要求下,自當能夠與其它軍種 溝通協調,降低軍種本位主義色彩。 海空二炮將領出任總參副總參謀長始於江澤民在 2004 年將中央 軍委主席職務交棒給胡錦濤時,同步將海空二炮司令員納入中央軍委 成員起。原本海空二炮司令員之級別等同大軍區正職,僅同陸軍之大 軍區司令員。江澤民將其納入中央軍委後,海空二炮司令員級別提 升,但是在司令員以下各階則無變動,尤其各大軍區空軍司令員以及 瀕海大軍區海軍司令員,在級別上仍屬大軍區副職,編制上為軍區副 司令員。為求幹部梯隊之完整性和連續性,並且符合不同軍兵種聯合 作戰之時代發展趨勢,乃在總參謀部原本由陸軍壟斷之副總參謀長職 務,分由陸、海、空軍和二炮之將領分別擔任,以連接海空二炮軍兵 種高階將領在成為軍兵種司令員之前最後階段職務歷練。 除副總參謀長層級外,總參謀部所屬各部例如情報部、作戰部 等,亦早已納入海空二炮各軍兵種幹部擔任高階參謀,各自負擔與本 身軍兵種相關之情報、作戰等參謀業務。換言之,總參謀部在過去十 年來即是以滿足不同軍兵種聯合作戰之需求作為主要發展方向,且實 際上已發展出成熟的聯合作戰指揮參謀機制。因此將總參謀部調整為 聯合參謀部,就實質運作面而言,並非是全盤的改變,反而是將實質 上已初步具備的聯合作戰機制加以制度化與正名化。 5 因此將總參謀部調整為聯合參謀部之重點並不在總參謀長、副總 參謀長等領導層級職務由不同軍種將領擔任,亦不是整合不同軍種作 戰參謀業務,而是建立一套能夠上下銜接、起承轉合之聯合作戰指揮 中樞機制。對上能夠落實中央軍委主席負責制之精神,讓中央軍委主 席得以透過聯合參謀部之機制,有效行使最高軍令指揮權;對下則能 夠銜接整合各戰區聯合作戰指揮系統,讓一體化聯合作戰指揮體制成 為一個「有機的整體」,在作戰指揮上不會出現「斷鏈」甚至「無鏈 結」的情況。 建立聯合作戰指揮機制在大軍區層級,即是取消現有的七大軍 區,另成立東西南北四大戰略方向之戰區,以及保障北京安全之中部 戰區。傳統上,大軍區是中共軍隊體制上的主要建制,自毛澤東時期 強調誘敵深入境內決戰的戰略思維下,大軍區制度即扮演最重要之分 區屯兵固守防衛角色。事實上,大軍區是真正掌握軍隊、集軍隊之軍 令軍政權於一身的體制,舉凡軍隊之建設、教育訓練、乃至作戰指揮 權,皆由大軍區司令員掌握。另外中共政權在國防動員體制和軍地制 度,也都依托在大軍區體制之下,與維護內部安全秩序相關之武警部 隊之建制與指揮,也都在大軍區管轄範圍內。 由於大軍區制度是以屯兵和境內決戰為前提,在體制運作上自然 以陸軍為主,海空軍及二炮僅扮演支援陸軍作戰的角色。隨著中共軍 事現代化成果日顯,海空二炮遠距投射力量不斷強化,共軍向海方向 的活動範圍不斷擴張,軍事戰略思維已改採邊境和境外作戰,不再以 誘敵深入境內決戰為主。而境外作戰自然以能夠從事遠距投射之海空 軍和二炮作戰力量為主,陸軍反而僅能扮演預備隊之角色。因此將以 陸軍為主之大軍區體制改為以不同軍兵種遂行聯合作戰為主之戰區 指揮體制,方能整合不同軍兵種之作戰力量,即時且有效發揮海空二 炮遠距投射火力之優勢。 另外,將大軍區改為戰區,亦可消除原本大軍區司令員壟斷軍隊 領導及指揮權,形同分地割據之軍閥的現象。戰區將僅負責聯合作戰 指揮,戰區司令員僅擁有對其戰區之聯合作戰指揮權,並不擁有對軍 隊之領導管理權。軍隊領導管理權由各軍種司令部掌握,如此可以將 6 軍令權和軍政權在戰區層級完全切割,就不會再出現軍區司令員形同 地方軍閥的權力膨脹問題。

(四)結語 習近平在此次中共中央軍委組織調整中,展現對軍隊完全的領導 權威。誠然外界多認為習近平通過這次軍改刻意打亂軍中既有的權力 結構,清洗原本在軍隊裡根深蒂固的江澤民派系將領,全面掌握軍 權。但是平心而論,從中央軍委公布的「意見」對中央軍委層級、軍 種司令部層級、以及戰區層級的組織調整內容看來,這次的變動若能 落實,的確可以讓解放軍的組織架構及權力運作機制脫胎換骨。解放 軍在理順組織結構及權力運作模式後,將在組織編制、軍種功能、武 器裝備以及作戰指揮各個面向趨向成熟,符合現代化軍隊的標準,而 這也將讓解放軍的作戰能力在可預見的未來呈現出跳躍式之進步。


 

English Translation

Analysis on the Establishment of the Joint Operation Command System by the PLA

China National Defense University

■ Xi Jinping held a meeting to reform the Central Military Commission in late November (2015).

Emphasizing the need to establish a joint combat command organization in the theater and a joint combat command of a sound military commission

Mechanism to strengthen the joint combat capabilities of the military.

■ The focus of the reform is to establish a set of joint operations that can be linked up and down.

The central mechanism, at the Central Military Commission level, is to reorganize the existing general staff into straight the Joint Chief of Staff of the Central Military Commission is able to effectively exercise the highest authority for the chairman of the Central Military Commission Military command structure; to the next can be integrated with all theater joint warfare command systems.

■ After the People’s Liberation Army clarifies its organizational structure and power operation mode, it will organize

The military services, weapons and equipment, as well as operational commanders, tend to be mature.

Improve its combat capabilities.

(I). Introduction

The Chinese Communist Party held a meeting to reform the Central Military Commission in late November (2015).

Reveal the prelude to the reform of the military organization. The Central Military Commission Deepens the Leading Group for National Defense and Army Reform

President Xi Jinping delivered an important speech at the conference, pointing to the People’s Liberation Army “must be in the lead by 2020

Led to breakthroughs in the reform of the management system and joint operations command system, and the optimization of scale major achievements have been made in reforming the structure, improving policies and systems, and promoting the integration of military and civilian development.

As a result, efforts will be made to build Chinese characteristics that can win informatized warfare and effectively fulfill its mission.

On behalf of the military strength system, improve the socialist military system with Chinese characteristics.”

(II) The reform of the PLA command system

In Xi Jinping’s disclosure of the specific contents of the military reform, he emphasized the need to establish a joint cooperation.

The joint command and command mechanism of the war command organization and the sound military commission. Through the Central Military Commission organizational functions

With the entire top-level design, Xi Jinping must build a combat command system of “military committee, theater, and troops”.

In order to strengthen the joint combat capabilities of the military.

The People’s Liberation Army originally did not have a joint operational command system. Its existing operational command system was engaged in the design of long-term operations on the ground in the Mainland, and there are two specific characterizations. One is that the PLA did not the Army Command, but the Hainan Air Force and the Second Artillery Corps established the Service Command since its establishment;

Second, the Chinese Communist Party has designated the entire Chinese mainland as the seven major military regions and converted to combat based on the military region.

District, adopting a strategy to lure the enemy into a long-lasting war of attrition.

The People’s Liberation Army’s only air and sea artillery headquarters but no army headquarters are not uniquely designed, but the result of historical development. The Chinese Communists founded the Red Army as its first armed force since 1927.

Prior to the formation of the Navy and the Air Force in 1949, its troops were mainly based on ground forces within the KMT.

During the war, in order to facilitate combat operations, adhere to the leadership of the party and strengthen logistics support, the Chinese Communist Party

In terms of military leadership, it takes the form of headquarters as its military leadership management and operational command organization. And after the establishment of the government, the Chinese Communist Party continued the structure of the General Staff Headquarters, the General Political Department, and the General Logistics Department.

For its military leadership system, even if the navy, air force, and second artillery units were successively formed, they did not change this plane.

Instead, the newly-formed military units are included in this structure and become support for ground forces operations.

Combines & Auxiliary arms.

Therefore, the four traditional leadership mechanisms of the Chinese Communist Party are based on the Army, the Hainan Air Force and the Second Supplementary to the artillery force, it is suitable for the army leadership mechanism for traditional single-army ground operations. This machine system cannot adapt to modern warfare, long-range projection, three-dimensional offensive and defensive, joint operations of different types of arms

The characteristics of the Communist Army have long been changed. In particular, the CCP and its neighboring countries have been on land in recent years.

Territorial sovereignty disputes are gradually resolved through bilateral negotiation and tension on the land boundary.

At a time of marked decline, disputes over the territorial sovereignty and maritime delimitation of the islands and reefs in the East China Sea and the South China Sea were observed.

serious. The counterparts to these tense situations are the Hainan Second Artillery Corps and not the Army.

The East China Sea and South China Sea areas that occurred were also not directed by the combat readiness tasks of the Nanjing and Guangzhou military regions.

If the tasks assigned to the two military regions are assigned by the Central Military Commission, the Nanjing Military Region is “supervising Jiangsu and An.

Military areas of the five provinces and one city of Anhui, Zhejiang, Jiangxi, Fujian and Shanghai

The mission is to defend the developed mega cities and workers in the southeast coasts of Nanjing, Shanghai, Hangzhou and Fuzhou.

Industry Zone Security”. According to this content, the main battle area of ​​the Nanjing Military Region does not include the East China Sea.

Diaoyutai. According to the main tasks of the Communist Army of the Guangzhou Military Region, the military region is the People’s Liberation Army.

“In charge of military affairs in the five provinces and regions of Guangdong, Guangxi, Hubei, Hunan and Hainan

Mission to defend southern China, in particular to prevent attacks on the coasts of Vietnam and the East China Sea.

State, Shenzhen and other megacities. In addition, it is also responsible for the reinforcement of Hong Kong and Macao when necessary.” with

In the sample plot, the defense of the Guangzhou Military Region does not include the South China Sea Islands.

In addition to the major strategic directions of the military region, the design of command posts in the large military region is directed toward the land instead of to the sea.

The Army is also the main force, and the commanders of the seven military regions are all served by army generals.

The military commander is only the deputy commander of the military area in the preparation, so the main combat operations of the Hainan Air Force in the military region

The Department is mainly to support the ground forces of the military region, instead of independently operating in the offshore airspace.

However, according to the “2015 China Military Strategy Report” announced by the Chinese Communist Party, the Communists must “add

Rapidly change the combat power generation mode and use information systems to put various combat forces and units of combat

Combine operational elements into integrated combat capabilities, and gradually build combat elements to make seamless links.

The integrated joint combat system where the platform is autonomously coordinated with each other” must also be “according to authority, capable, and effortlessly and efficiently required to establish and improve joint operations of the Central Military Commission and joint operations in the theater

Command system.” It is evident that the leadership of the Chinese Communist Party is fully aware of the existence of both the Central Military Commission and headquarters and the Military Services Division.

The division of functions among different ministries, and the military area system, etc., cannot meet the requirements of future warfare joint operations.

The demand of the type, and therefore the time for the adjustment of the Central Military Commission, for the leadership of the military

The system and the joint operational command system are designed in an integrated manner.

(3) Establishment of the current joint operations command organization

According to “opinions,” it is necessary to “establish and improve the

The two-level joint combat command system of the Central Military Commission and the theater establishes an integrated peacetime operation, normal operation, and

Main, lean and effective strategic battle command system, and “re-adjust the planning of the theater.”

In the military operational command system, it is necessary to “adjust the requirements of joint operations and joint efforts to standardize the operational command functions of the Central Military Commission, the Military Services, the Joint League Forces, and the regional military services.”

The training of troops requires that “it must be adapted to the joint combat command system and improve the joint training body system”.

In the specific formation of a joint combat command organization, at the Central Military Commission level will be the existing total the Staff Department was reorganized into a joint staff department directly under the Central Military Commission. This newly established “joint participation” is only

Responsible for the Joint Combat Command of the Central Military Commission, and the “Gan Sen General” of the past there is a big difference between operational command and leadership. More importantly, the new Joint Chief of Staff

No longer has the highest military commander of the general staff in the past. The highest military authority is in the Central Army.

After the adjustment of the committee’s functions, it has returned to the chairman of the Central Military Commission to implement the responsibility of the chairman of the Central Military Commission.

The spirit of the system. This Joint Staff is just a direct command of the Central Military Commission.

Institutions, so the chief of the Joint Chiefs of Staff, both in peacetime and in wartime, plays the role of the chairman of the Central Military Commission in the exercise of the military.

The commander of the highest military command of the combat commander is no longer the chief of general staff of the past.

In fact, it has the same power as the army commander.

The restructuring of the General Staff Headquarters into the Joint Staff Department is indeed feasible in the specific practice because in addition to the chief of the general staff and deputy chief of the general staff of the former general staff of the former general staff, the sea, air, and the second gun are all

As the deputy chief of the general staff, in fact, he already has the prototype of joint operations command mechanism. This sea and air two the commander of the deputy chief of the general staff of the cannon, under the operation of the original system, is to take over the sea and air artillery.

The commander is an inevitably elected candidate who can be obtained as a deputy chief of the general staff and can be used as a deputy general secretary of other services.

Communicate the experience of communication and coordination, and understand the characteristics and the conditions that must be considered when performing combat missions. After this general served as commander of the military,

Implementing the Central Military Commission’s “integrated joint operations” policy requires that it be able to cooperate with other service communicate and coordinate, reducing the service-oriented nature.

The Hainan Second Artillery general served as deputy chief of general staff of the General Staff and began with Jiang Zemin in 2004.

When the chairman of the Central Military Commission delivered the post to Hu Jintao, he simultaneously incorporated the commander of the Hainan Second Artillery into the Central Military Commission.

Members from. The level of the original commander of the Haikong Second Artillery was equal to that of the Great Military Region, which was only equal to that of the Army.

Commander of the Military District. After Jiang Zemin incorporated it in the Central Military Commission, the commander of the Second Air and Sea Artillery ranks but there are no changes in the order of the commander, especially the commanders of the air forces of the major military regions.

The naval commander of the Bohai Sea Military Area Command is still a deputy chief of the military region at the rank, and the military commander is assigned to the military region.

Commander. In order to achieve the integrity and continuity of the cadre echelon, and to meet the requirements of different military units

The trend of development in the era of warfare is that of the deputy chief of the general staff who was originally monopolized by the Army in the General Staff Department.

The service is divided into the positions of generals of land, sea, air force, and second artillery to connect the Hainan Second Artillery Corps.

The high-ranking generals took the final stage of career training before becoming military commanders.

In addition to the rank of deputy chief of the general staff, all departments under the general staff department such as the intelligence department and the warfare department

And so on, they have long been included in the cadres of the sea, air, and the Second Artillery, serving as high-level staff, and their respective burdens.

Armed Forces related intelligence, operations and other staff officers. In other words, the General Staff in the past ten years and in recent years, it is to meet the needs of joint operations of different types of arms as the main direction of development.

At the same time, a mature joint combat command staff mechanism has been developed. So it must  adjust the General Staff to The Joint Staff, in terms of substantive operations, is not a complete change, but instead it will

The joint warfare mechanism that has been initially established has been institutionalized and renamed.

Therefore, the focus of adjusting the General Staff Department to the Joint Staff Department is not the chief of the general staff and vice president.

Chiefs of Staff such as the Chief of Staff are served by generals of different services and are not integrated into different military services.

Instead of consulting staff, establish a set of joint operations command that can be linked up and down, inherited from each other the central mechanism. In order to implement the spirit of the responsibility system of the chairman of the Central Military Commission, the Central Military Commission should be

Can effectively exercise the highest military command authority through the mechanism of the Joint Staff Headquarters; enough to integrate and integrate the joint operations command systems of all theaters and make the integrated joint operations commander

As an “organic whole,” there will be no “broken chain” or even “no chain” in combat command Results”.

The establishment of a joint combat command mechanism at the rank of the military region is to cancel the existing seven major military units.

District, the establishment of a four-strategic direction of the East, West, South and North, and the security of Beijing Theater. Traditionally, the large military area is the main organizational system of the Chinese Communist Army, since Mao Zedong’s time under the strategic thinking of emphasizing the lure of the enemy’s deep defensive battles in the country, the major military region system plays the most important role.

District soldiers stick to the defensive role. In fact, the military area is the army that truly controls the army and sets up the army.

The system of the military regime, which includes the construction of the army, education and training, and even combat command

The power is controlled by the commander of the military area. In addition, the Chinese Communist regime’s national defense mobilization system and military and land system

Degree, also relying on the system of the great military region, and related to the maintenance of the internal security order of the armed police department

The formation and command of the team are also within the jurisdiction of the military area.

Since the military region’s system is based on the premise of setting up troops and a decisive battle in the country, it is natural to operate the system.

Mainly based on the Army, the Hainan Air Force and the Second Artillery only played the role of supporting the Army. With the Chinese Communists the achievements of modernization have become increasingly apparent.

The scope of activities has continued to expand, and military strategic thinking has shifted to border and foreign operations.

Luring the enemy into the depths of the domestic decisive battle. However, it is natural for overseas operations to be able to engage in distant projections.

The Army and the Second Artillery are the main combat forces, but the Army can only play the role of reserve force. So will the army-based major military zone system was changed to a combat zone based on joint operations between different types of military units.

The command system can only integrate the combat forces of different military units, and immediately and efficiently this weapons combination has the advantage of projecting firepower from a distance.

In addition, changing the military area into a theater can also eliminate the original military commander’s monopoly of the military.

Leadership and command rights are similar to the phenomenon of the warlords split by land. The theater will only be responsible for joint operations commanding, the commander of the theater has only joint warfighting command over the theater and does not possess military command.

The leadership of the team. The leadership of the army is controlled by the various service commands so that the military commander and the military regime are completely cut at the theater level, and military commanders will no longer appear.

The issue of the expansion of power of local warlords.

(4) Conclusion

Xi Jinping demonstrated complete leadership over the army during the restructuring of the Central Military Commission of the CPC authority. It is true that the outside world thinks that Xi Jinping deliberately disrupted the existing power in the military through this military reform.

Structure, cleansing Jiang Zemin faction generals deeply rooted in the army and fully grasping the military right. But in all fairness, the “opinions” announced by the Central Military Commission of the Central Military Commission ranks and forces.

The level of organizational adjustment at the command level and the theater level suggests that if this change can implementation can indeed make the PLA’s organizational structure and power operation mechanism reborn.

People’s Liberation Army

After the military has straightened out the organizational structure and power operation mode, it will organize the organization, military services, and military operations.

Equipment and combat operations are oriented toward maturity and meet the standards of modern military forces.

This will also allow the PLA’s combat capabilities to show a leap forward in the foreseeable future.

.

Chairman Xi inspects the CMC’s joint operations command center and has aroused strong reaction in the entire army and the armed police force

Comprehensively improve the ability to prepare for fighting in the new era and provide strategic support for the realization of the Chinese dream

“To realize the party’s goal of strengthening the army in the new era and building the people’s army into a world-class army, we must grasp the key to fighting wars and defeating warlords. We have a major step forward in preparation for war.” On the 3rd, Chairman Xi Jinping inspected the Central Military Commission. The Operation Command Center led a group of CMC members to study the construction of the CMC Central Committee, and talked with the officers and men of the relevant task forces stationed at the Frontier Defense and Coastal Defence, inspected the Djibouti Security Base through the video, listened to the report of the PLA’s military preparation for war preparations, and delivered an important speech. It caused strong repercussions in the entire army and the armed police forces.

The officers and men all said that this inspection fully embodies President Xi’s high attention to the issue of military preparations for fighting warfare. This shows that the new military committee has implemented the spirit of the party’s Nineteenth Congress and promoted the work of the entire military to fight and win. A clear-cut attitude. They said that we must conscientiously study and implement the spirit of the Nineteenth National Congress of the Communist Party of China, adhere to the guidance of the military ideology of Xi Jinping, implement the military strategy under the new situation, strengthen the mission, strengthen reforms and innovations, intensify work implementation, and comprehensively improve preparations for fighting in the new era. The ability to provide strategic support for the realization of the “two hundred years” goal and the Chinese dream of realizing the great rejuvenation of the Chinese nation.

Tighten the string of war preparations and strengthen war preparations.

On the morning of the 3rd, the coldness hit people outside the window, but the joint military command center of the Central Military Commission was warm and strong. President Xi once went to the Central Building of the Central Committee of the Central Committee of the Central Military Commission, and led a group of people in the Central Military Commission to study the construction of the Central Committee of the Central Military Commission.

 

“When Xi Chairman made an inspection, he delivered an important speech and profoundly clarified the strategic significance and practical requirements for comprehensively improving the ability to prepare for fighting in the new era.” Zhou Shangping, deputy director of the Joint Operations Department of the Central Military Commission of the Central Military Commission who inspected the entire process, said, “This is the leader of the party. The commander of our army piloted the People’s Army to implement the party’s strong military objectives in the new era, to build a world-class army, and to send political mobilization and epoch orders to the entire army.”

The military is preparing to fight. The fundamental focus of the people’s army in carrying out missions in the new era is combat effectiveness.

The officers and men of the various theaters, services, and agencies of the Central Military Commission said in their discussions that the officers and men of the entire army must only tighten the war preparedness string, strengthen war preparations for war preparations, and always focus on preparing for battles and continuously improve their ability to win. Situation, control crisis, curb war and win war.

“If you want peace, then you have to prepare for war.” The party’s 19th representative Wang Jinlong served as an instructor. A certain army brigade in the central theater “does a great deal”. In the war years, he played in the name of He Huwei. In the new era, the company has a long history. The brigade is responsible for the mission of the brigade for emergency combat readiness. It always maintains a state of readiness for action on the string. He believes that the state is uneasy and that it will be dangerous to forget. Things in the world are always the same. If you are not ready, the enemy will come. You are ready. The enemy does not dare to come. The dialectic of war and peace tells us that if we can fight, we will not be able to fight unless we are ready to fight.

“We must engrave the word ‘war’ in our hearts and continue to strengthen our sense of responsibility for ‘ready to go on the battlefield’. We will deeply engrave our duty to prepare for war and become a conscious action,” said Cui Jiabin, a brigade commander of the Army Aviation Corps. Once something can be quickly responded, resolutely fulfill the tasks entrusted by the Party Central Committee, the Central Military Commission and President Xi, and resolutely safeguard national sovereignty, security, and development interests.

Pay close attention to actual combat military training and improve the ability to win

Socialism with Chinese characteristics has entered a new era, and national defense and army building have also entered a new era.

The officers and men believe that the new era requires that the military must have new capabilities, but to have new capabilities, it is necessary to take substantive training.

“When Xi inspected the Central Committee of the Central Military Commission, Xi pointed out that we must focus on deepening military training in actual combat, stick to how to train soldiers on how to train, and what to do if we need to fight, and inspire the enthusiasm, initiative, and creativity of the officers and men. The military has risen vigorously in the military training upsurge,” said Liu Rui, the 19th Party Congress representative and head of the Air Force’s aviation regiment. “I’m most impressed by this. The military is only holding on to actual combat military training and improving their ability to win. Only in this way can we shoulder the mission of the mission of the new era given by the party and the people.”

Liu Rui is the first air force of the Air Force to modify the H-6K air force and is an important force in the air force’s long-range offensive operations. At this time after the closing of the 19th National Party Congress, he not only preached the spirit of the Nineteenth Party Congress, but also spent all his time on the training ground. A few days ago, he organized and implemented the largest cross-regional mobile combat training in the team’s history. From dawn to late at night, from combat to ultra-low altitude, from land to sea, all the way to the road, across multiple strange areas. And several airports, lasting more than 9 hours, with a range of nearly 5,000 kilometers…

A synthetic brigade of “Huangcailing Mountain” of the 74th Army Group of the Southern Theater Army is currently training hard soldiers to welcome the coming year-end assessment of the group army. Instructor Chen Yuwen believes that President Xi inspects the Central Military Commission’s Central Committee, sets the baton ready for warfare from the level of the Central Military Commission, and pays close attention to actual combat military training from the level of the chairman of the Central Military Commission. Grassroots officers and soldiers have no reason not to do a good job. We must unify our thoughts and actions to the important instructions of President Xi to prepare for war, and strive to forge an elite force that can be called, come to war, and win in battle.

Adhere to problem-oriented and make preparations for work

The great rejuvenation of the Chinese nation is by no means an easy task. It can be achieved by banging and playing drums. The ambitious goal of building a world-class army is also facing severe challenges.

Li Keliang, political commissar of a central information and communications brigade in the Central Theater, believes that we must strictly follow the requirements of Chairman Xi’s important directives, stick to the problem-oriented approach, grasp the end, and promote implementation of the preparations for combating one practical problem. It is necessary to establish a strict responsibility system, strengthen supervision and accountability, and grasp first-level, first-level and first-level levels, and stringently prepare for war preparations.

“The battlefield is a real contest, and the fight is a hard-fought duel.” The party’s 19th representative and Navy carrier-based fighter pilot Cao Jianjian created 419 days after serious injuries and only after 70 days of go-around, the F-15 fighters succeeded in their operations. The ship’s miracle, “In the past few years, the entire army took the training winds to test the wind and declared war on the “peace and evil” in military training. During the exercises, they dared to expose problems and dare to dissect themselves. They introduced a series of hard measures and effective. Promote the building of the combat effectiveness of the troops.”

After seriously studying Xi’s speech, a brigade commander of the 80th Armed Forces believed that we must follow the example of President Xi’s entrustment to strengthen the sense of crisis, awareness of crisis, and awareness of snoring. We must focus all our efforts on fighting and focus on each other’s work. We must make preparations as soon as possible. Snoring ability to engage in.

Experts and scholars of the Academy of Military Sciences, National Defense University, and National University of Defense Technology, according to the future situation and task, believe that we must use the important instructions given by President Xi’s visit to the joint operations command center of the Central Military Commission as guidelines, and focus on innovating wars and combat planning, closely following the evolution of war formations and combat methods. , Adhering to the combat missions, operational opponents, and operational environment, Daxing’s research on warfare issues.

President Xi’s strong mission, clear preparations for fighting, and inspiring the majority of officers and soldiers of the entire army and armed police forces. The officers and men said that we must firmly establish the only basic standard of combat effectiveness. All our thoughts must be focused and focused on. All tasks should be used to fight hard, and we must successfully accomplish the mission of the new era entrusted by the party and the people!

 

Original Mandarin Chinese:

习主席视察军委联合作战指挥中心在全军和武警部队引起强烈反响

全面提高新时代备战打仗能力,为实现中国梦提供战略支

  实现党在新时代的强军目标、把人民军队全面建成世界一流军队,必须扭住能打仗、打胜仗这个关键,在备战打仗上有一个大的加强。”3日,习近平主席视察军委联合作战指挥中心,带领军委一班人研究军委联指中心建设情况,同驻守边防海防的有关任务部队官兵通话,通过视频察看了驻吉布提保障基地,听取了全军练兵备战工作汇报,并发表重要讲话,在全军和武警部队引起强烈反响。

  官兵们纷纷表示,这次视察充分体现了习主席对军队备战打仗问题的高度重视,表明了新一届军委贯彻落实党的十九大精神、推动全军各项工作向能打仗、打胜仗聚焦的鲜明态度。大家表示,一定要认真学习贯彻党的十九大精神,坚持以习近平强军思想为指导,贯彻新形势下军事战略方针,强化使命担当,强化改革创新,强化工作落实,全面提高新时代备战打仗能力,为实现两个一百年奋斗目标、实现中华民族伟大复兴的中国梦提供战略支撑。

  时刻绷紧战备这根弦,强化备战打仗导向

 

  3日上午,窗外寒气袭人,但军委联合作战指挥中心却暖意浓浓。习主席一身戎装来到军委联指中心大楼,带领军委一班人研究军委联指中心建设情况。

  习主席视察时发表重要讲话,深刻阐明全面提高新时代备战打仗能力的战略意义和实践要求。亲历视察全过程的中央军委联合参谋部作战局副局长周尚平说,这是党的领袖、我军统帅领航人民军队为实现党在新时代的强军目标、全面建成世界一流军队,向全军官兵发出的政治动员和时代号令。

  军队是要准备打仗的,人民军队担负新时代使命任务的根本着力点在于战斗力。

  各战区、各军种、军委机关各部门的官兵们在学习讨论中认为,全军官兵只有时刻绷紧战备这根弦,强化备战打仗导向,始终聚焦备战打仗,不断提升打赢能力,才能有效塑造态势、管控危机、遏制战争、打赢战争。

  如果你想要和平,那就要做好打仗的准备。党的十九大代表王金龙担任指导员的中部战区陆军某旅大功三战争年代打出了赫赫威名,新时期,连队常年担负旅应急战备值班任务,始终保持箭在弦上、引而待发的战备状态。他认为,邦境不安,忘战必危。世界上的事情总是那样,你准备不好,敌人就来了;你准备好了,敌人反而不敢来。战争与和平的辩证法告诉我们,能战方能止战,准备打才可能不必打,越不能打越可能挨打。

  要把字刻在心头,持续强化时准备上战场责任意识,将练兵备战职责深深刻入脑海、成为自觉行动。陆军航空兵某旅旅长崔佳彬说,真正做到一旦有事能快速反应,坚决完成党中央、中央军委和习主席赋予的任务,坚决维护国家主权、安全、发展利益。

  狠抓实战化军事训练,提高打赢本领

  中国特色社会主义进入了新时代,国防和军队建设也进入了新时代。

  官兵们认为,新时代要求军队必须具备新的能力,而要具备新的能力,就必须大抓实战化训练。

  习主席在视察军委联指中心时指出,要着力深化实战化军事训练,坚持仗怎么打兵就怎么练,打仗需要什么就苦练什么,把官兵积极性、主动性、创造性充分激发出来,在全军兴起大抓军事训练热潮。党的十九大代表、空军航空兵某团团长刘锐说,这一点令我印象最为深刻,军队只有狠抓实战化军事训练,提高打赢本领,才能担负起党和人民赋予的新时代使命任务。

  刘锐所在团是空军首支改装轰—6K的航空兵部队,是空军远程进攻作战的重要力量。党的十九大闭幕之后的这一段时间,他除了宣讲党的十九大精神,其他所有时间都铆在训练场。几天前,组织实施了团队历史上最大规模的跨区域机动作战训练,从昼间到后半夜,从战斗起飞到超低空,从陆上到海上,一路走一路打,跨越多个陌生区域和多个机场,持续9个多小时,航程近5000公里……

  南部战区陆军第74团军某合成旅黄草岭功臣目前正在苦练精兵,迎接即将到来的集团军年终考核。指导员陈骁文认为,习主席视察军委联指中心,从军委这一层把备战打仗的指挥棒立起来,从军委主席这一级亮明狠抓实战化军事训练,提高打赢本领的鲜明态度,我们基层官兵没有理由不做好。我们一定要把思想和行动统一到习主席备战打仗的重要指示上来,努力锻造召之即来、来之能战、战之必胜的精兵劲旅。

  坚持问题导向,抓实备战工作

  中华民族伟大复兴绝不是轻轻松松、敲锣打鼓就能实现的,建设世界一流军队的宏伟目标同样面临十分严峻的挑战。

  中部战区某信息通信旅政委李克亮认为,我们要严格按照习主席重要指示要求,坚持问题导向,一抓到底,在解决一个一个实际问题中推动备战工作落实。要建立严格的责任制,强化督导问责,一级抓一级,一级带一级,把备战打仗工作严起来。

  战场是实打实的较量,打仗是硬碰硬的对决。党的十九大代表、海军舰载战斗机飞行员曹先创造了身负重伤419天后、术后复飞仅仅70天,驾驶歼—15战机成功着舰的奇迹,这几年,全军大抓训风演风考风,向军事训练中的和平积弊战,在演习中敢于暴露问题、敢于自我解剖,出台了一系列硬性措施,有效推进部队战斗力建设。

  第80团军某旅官兵在认真学习习主席的讲话后认为,我们一定要按照习主席嘱托,强化忧患意识、危机意识、打仗意识,全部心思向打仗聚焦,各项工作向打仗用劲,尽快把备战打仗能力搞上去。

  结合未来形势任务,军事科学院、国防大学、国防科技大学的专家学者认为,要以习主席视察军委联合作战指挥中心的重要指示为指引,着力创新战争和作战筹划,紧跟战争形态和作战方式演变,紧贴作战任务、作战对手、作战环境,大兴作战问题研究之风。

  习主席强烈的使命担当,鲜明的备战打仗态度,鼓舞着全军和武警部队的广大官兵。官兵们表示,一定要牢固树立战斗力这个唯一的根本的标准,全部心思向打仗聚焦,各项工作向打仗用劲,圆满完成党和人民赋予的新时代使命任务

Reference (1) Www.xinhuanet.com/2017-11/04/c_1121906230.htm

Reference (2) http://military.people.com.cn/n1/2017/1105/c1011-29627206.html

信息安全技術-個人信息安全規範 – China’s “Information Security Technology Personal Information Security Specification” in Four Aspects

信息安全技術-個人信息安全規範 –

China’s “Information Security Technology Personal Information Security Specification” in Four Aspects

On December 11th, 2017, there were two kinds of mobile phone APPs, Baidu and Baidu, which were owned by Baidu. They included “listening phone”, “reading short MMS”, “reading contacts”, etc. involving consumer personal information. In the case of security related rights and refusal to rectify the situation, the Jiangsu Provincial Consumer Protection Committee initiated a consumer civil public interest litigation concerning suspected illegal access to consumer personal information and related issues by Beijing Baidu.com, which was held on January 2 of this year in Nanjing. The Intermediate People’s Court has formally opened the case. On January 6th, with the fermentation of Alipay’s annual billing event, the State Administration of Cybernetics Network Security Coordination Bureau interviewed relevant persons in charge of Alipay (China) Network Technology Co., Ltd. and Sesame Credit Management Co., Ltd. and pointed out that Alipay, The way in which sesame credits collect personal information does not conform to the spirit of the National Standard for Information Security Technology and Personal Information Security. It violates the promise of the Personal Information Protection Initiative that it signed shortly and should strictly follow the Cyber ​​Security Law. The following is called the “net security law” requirements, strengthen the comprehensive investigation of the platform, carry out special rectification, and take effective measures to prevent similar incidents from happening again. Since the official implementation of the “Network Security Law”, the National People’s Congress, Industry and Information Technology, Internet Information, Internet Security, and Consumers’ Association systems have launched a series of special inspections and rectifications of personal information throughout the country. At the same time, they have also strengthened punishments for violations of laws and regulations. The public’s emphasis on the protection of personal information.

  However, because of the principle, fuzziness and fragmentation of legal norms and local regulatory policies, many articles lack detailed rules for landing, which brings great confusion to many network operators’ personal information compliance work. On December 29 last year, the China National Standardization Administration officially issued the “Information Security Technology Personal Information Security Specification” (hereinafter referred to as the “Safety Code”). On January 24, the national standard full-text publication system officially announced the full text of the specification, and It will be implemented on May 1, 2018. The “Safety Code” clarifies the compliance requirements for the collection, preservation, use, and sharing of personal information in the form of national standards, and provides guidelines for network operators to formulate privacy policies and improve internal controls.

  ”Safety Regulations”

  Related legal concepts

  Based on the existing principles and provisions of the “Net Security Law”, the “Safety Regulations” specifies the specific definitions of relevant legal concepts in light of the specific issues that network operators are concerned about in practice.

  First, regarding personal sensitive information, the “Guide to the Protection of Personal Information in Information and Security Technology Public and Commercial Service Information Systems” implemented in 2013 defined personal sensitive information as personal information that would adversely affect the personal information subject after being exposed or modified. At the same time, it is recommended that the specific content of personal sensitive information in various industries be determined based on the willingness of the personal information subject to the service and their respective business characteristics. The “Safety Regulations” further emphasizes in the definition that the disclosure of personal sensitive information, illegal provision or misuse may endanger the safety of people and property, cause personal reputation, physical and mental health damage or discriminatory treatment and other serious consequences, and in Appendix B A specific example of personal sensitive information was drawn up, linking up with the data classification obligations stipulated in Article 21 of the “Network Security Law”.

  Secondly, regarding the collection of personal information, the “Safety Regulations” defines three types of “collection” as the provision of personal information subjects, automatic collection by network operators, and indirect acquisition from third parties. At the same time, exceptions are stipulated and individuals are acquired at terminals. Information not returned to the operator’s server does not belong to “collection.”

  Finally, with respect to the anonymization and de-identification of personal information, the “Safety Code” distinguishes the two. The anonymized information cannot be restored and is no longer part of personal information; de-identification processing guarantees Personal information can’t identify the main body of information without relying on additional information, but it still retains the granularity of the individual and uses pseudonyms, encryption, hash functions, etc. instead of the original personal information. In addition, on August 15 last year, the “Information Security Technology Personal Information De-identification Guide” was released for solicitation of public opinions. The contents involved the process of de-identification and technical applications. Currently, the network operators are implementing the personal information during the review stage. Marking work is worth learning from.

  Collection of personal information

  The “Safety Regulations” stipulates that the collection of personal information should comply with the requirements of legality and minimization. Among them, the requirements for authorization to obtain personal information indirectly and the explicit consent requirements for collecting personal sensitive information are worthy of attention.

  When obtaining personal information indirectly, the company as the recipient is obliged to require the provider to explain the source of the relevant personal information and confirm its legitimacy. At the same time, it should also understand the scope of the personal information subject’s authorization to the provider, including the purpose of use and the individual. Whether the information subject is authorized to consent to the transfer, sharing, public disclosure, etc. If the recipient handles personal information beyond the above-mentioned range, it shall also obtain the explicit consent of the personal information subject within a reasonable time limit. Establishing an authorization consent model for indirect collection of personal information is one of the highlights of the Personal Information Collection section of the “Safety Code”. This model reinforces the review obligation of information receivers and increases the corresponding compliance costs.

  In the collection of personal sensitive information, first of all, the “Safety Code” further requires the express consent of the personal information subject on the basis of the “Net Security Law” to be a voluntary, concrete, clear and clear wish given by the individual on the basis of full knowledge. Representation; Second, if the personal information controller collects personal sensitive information for the core business functions of its products or services, it shall explicitly inform the information subject of the core business functions it provides, the personal sensitive information it needs to collect, and the personal information subject. Three choices of rights; Finally, if personal information controllers collect personal sensitive information for other additional functions, they should clearly inform specific additional functions and the right to choose personal information, but refuse personal sensitive information required for additional functions. It does not mean that the core business functions have stopped providing.

  Sharing of personal information

  When entrusting a third party to process personal information, apart from the fact that the commissioning itself must not exceed the scope of the authorized consent of the personal information subject, the “Safety Code” also stipulates that the personal information controller should carry out personal information security impact assessment and take the responsibility of the contract. Obligation, auditing, etc. supervise the trustee and ensure accurate recording and preservation of the trustee’s handling of personal information.

  With respect to the sharing and transfer of personal information, the “Safety Code” also stipulates the obligations of the personal information controller on the security impact assessment. At the same time, the personal information controller shall notify the personal information subject of the purpose of sharing, transferring the personal information, and the type of the data receiver. In the case of personal sensitive information, the type of sensitive information, the identity of the recipient of the data, and the security capabilities should also be notified, and sharing or transfer may be made only after obtaining the explicit consent of the personal information subject. In addition, personal information controllers need to accurately record and preserve the sharing and transfer of personal information, and bear the legal responsibility for the harm caused by sharing and transferring personal information to the legitimate rights and interests of the information subject. Where changes in the controlling body occur due to mergers and acquisitions, restructuring, etc., they shall individually notify the subject of personal information.

  With regard to the cross-border transmission of personal information, the “Safety Code” requires that personal information controllers should conduct security assessments in accordance with the standards set by the Network Information Office and relevant departments. According to the “Personal Information and Important Data Outbound Security Assessment Methodology (Exposure Draft)” published in April last year, network operators should organize their own data outbound security assessment before leaving the country and be responsible for the results if they contain or accumulate 500,000. If the personal information above the person or the personal information provided by the key information infrastructure is provided to the outside, it shall also be reported to the industry supervisor or the supervisory authority for organizing the safety assessment. The Guidelines for Outbound Security Assessment of Information Security Technology Data (Draft for Solicitation of Comments) (hereinafter referred to as the “Evaluation Guide”) issued by the National Information Security Standardization Technical Committee on August 30 last year are also worthy of attention. The Assessment Guide clearly indicates the data. The use scope and exceptions of outbound security assessments are to refine the types of personal information and important data, increase the disclosure obligation of network operators for personal information, distinguish security self-assessment and assessment processes of competent authorities, and implement personal information for personal information controllers. Cross-border transmission provides a reference.

  Safety management requirements

  Since its implementation, NetEase has given network operators many security protection obligations. One of them is the development of internal security management systems and operational procedures to implement the network security protection responsibilities. Specifically, the “security regulations” include three. Aspects. First, the responsible departments and personnel should be clarified. According to the “Safety Regulations”, personal information controllers that meet certain conditions in terms of business, personnel scale, and personal information processing volume should establish full-time personal information protection managers and work agencies so that The specific implementation of personal information security work prevents personal information from being leaked, damaged or lost. Second, a personnel management and training system should be established. According to the “Safety Regulations”, personal information controllers should sign confidentiality agreements with employees engaged in personal information processing positions and conduct background checks to clarify the safety responsibilities of related positions and the occurrence of security incidents. Penalty mechanism, while conducting regular professional training and assessment, to ensure that relevant employees have the privacy policy and regulatory processes. Third, a personal information security impact assessment and audit system should be developed to assess potential risks and adverse impacts in the processing of personal information, form an assessment report for inspection by relevant parties, and establish an automated auditing system to monitor and record personal information processing activities. Handle the illegal use and abuse of personal information in the audit process in a timely manner.

  Conclusion

  The formal issuance of the “Safety Code” ended the situation in which there were many personal information protection principles and the lack of specific measures since the implementation of the “Net Security Law.” This answer the confusion of the Internet companies, and in the appendix, it is the subject of personal information. The agreed-upon functional interface and privacy policy templates have provided a complete compliance and risk control policy for the provision of network products and services. Although the “Safety Code” number is displayed as a national recommendation, in practice, the review of the privacy policy conducted by the four departments of the Network Information Office, the Ministry of Industry and Information Technology, and the Ministry of Public Security last year was mainly based on the “Safety Regulations” solicitation opinion draft. When the Information Office interviewed Alipay about the annual billing event, it also emphasized the validity of the “Safety Regulations.” These events all reflected the importance of the “Safety Rules” for improving the personal information protection system. The majority of network operators should make efforts to collect, save, use, and share personal information, improve internal management and privacy policy formulation to cope with the rigorous regulatory situation.

Original Mandarin Chinese:

2017年12月11日,就百度旗下“手機百度”、“百度瀏覽器”等兩款手機APP存在“監聽電話”、“讀取短彩信”、“讀取聯繫人”等涉及消費者個人信息安全的相關權限且拒不整改的情形,江蘇省消費者權益保護委員會就北京百度網訊科技有限公司涉嫌違法獲取消費者個人信息及相關問題提起消費民事公益訴訟,今年1月2日,南京市中級人民法院已正式立案。 1月6日,隨著“支付寶年度賬單事件”的發酵,國家網信辦網絡安全協調局約談了支付寶(中國)網絡技術有限公司、芝麻信用管理有限公司的有關負責人並指出,支付寶、芝麻信用收集使用個人信息的方式,不符合《信息安全技術個人信息安全規範》國家標準的精神,違背了其前不久簽署的《個人信息保護倡議》的承諾,應嚴格按照《網絡安全法》(以下稱“《網安法》”)的要求,加強對平台的全面排查,進行專項整頓,切實採取有效措施,防止類似事件再次發生。自《網安法》正式實施以來,人大、工信、網信、網安以及消協系統,在全國各地掀起了一系列個人信息專項檢查、整治行動,處罰違法違規行為的同時,也加強了社會公眾對個人信息保護的重視程度。

然而,由於法律規範及各地監管政策的原則性、模糊化及碎片化,很多條文缺乏落地的細則,這就給很多網絡運營者個人信息合規工作帶來極大的困惑。去年12月29日,中國國家標準化管理委員會正式發布《信息安全技術個人信息安全規範》(以下稱“《安全規範》”),1月24日,國家標準全文公開系統正式對外公佈規範全文,並將於2018年5月1日起實施。 《安全規範》以國家標準的形式,明確了個人信息的收集、保存、使用、共享的合規要求,為網絡運營者制定隱私政策及完善內控提供了指引。

《安全規範》的具體規定

相關法律概念

《安全規範》在《網安法》已有的原則性規定的基礎上針對網絡運營者在實踐中關注的具體問題,明確了相關法律概念的具體定義。

首先,關於個人敏感信息,2013年實施的《信息安全技術公共及商用服務信息系統個人信息保護指南》將個人敏感信息定義為在遭受洩露或修改後會對個人信息主體造成不良影響的個人信息,同時建議各行業個人敏感信息的具體內容根據接受服務的個人信息主體意願和各自業務特點確定。 《安全規範》則在定義中進一步強調了個人敏感信息被洩露、非法提供或濫用可能危害人身、財產安全,致使個人名譽、身心健康受到損害或歧視性待遇等嚴重後果,並在附錄B中給出了個人敏感信息的具體示例,銜接了《網安法》第二十一條規定的數據分類義務。

其次,關於個人信息的收集,《安全規範》將個人信息主體主動提供、網絡運營者自動採集以及從第三方間接獲取等三種方式定義為“收集”,同時規定了例外情形,在終端獲取個人信息但不回傳至運營者服務器的,不屬於“收集”。

最後,關於個人信息的匿名化與去標識化,《安全規範》將兩者區別開來,經匿名化處理後的信息無法復原,也不再屬於個人信息之列;而去標識化處理則保證了個人信息在不借助額外信息的情況下,無法識別信息主體,但依舊保留了個人顆粒度,採用假名、加密、哈希函數等手段替代了原有個人信息的標識。此外,去年8月15日,《信息安全技術個人信息去標識化指南》徵求意見稿發布,內容涉及去標識化的過程及技術應用等,目前已在送審階段,網絡運營者在落實個人信息去標識化工作時值得借鑒。

個人信息的收集

《安全規範》規定個人信息收集應遵循合法性要求和最小化要求,其中,間接獲取個人信息的授權同意要求和收集個人敏感信息的明示同意要求值得關注。

在間接獲取個人信息時,作為接收方的企業有義務要求提供方對相關個人信息的來源進行說明並確認其合法性,同時還應當了解個人信息主體對於提供方的授權範圍,包括使用目的、個人信息主體是否授權同意轉讓、共享、公開披露等內容,若接收方處理個人信息超出上述範圍的,還應在合理期限內另行徵得個人信息主體的明示同意。確立間接收集個人信息的授權同意模式是《安全規範》有關個人信息收集部分的亮點之一,這一模式強化了信息接收方的審查義務,增加了相應的合規成本。

在收集個人敏感信息方面,首先,《安全規範》在《網安法》的基礎上進一步要求個人信息主體的明示同意是其在完全知情的基礎上自願給出的、具體的、清晰明確的願望表示;其次,若個人信息控制者收集個人敏感信息用於其產品或服務的核心業務功能,則應當明確告知信息主體其所提供的核心業務功能、所需收集的個人敏感信息和個人信息主體的選擇權三項內容;最後,若個人信息控制者收集個人敏感信息用於其他附加功能的,則應當明確告知具體的附加功能和個人信息主體的選擇權,但拒絕附加功能所需的個人敏感信息並不意味著核心業務功能的停止提供。

個人信息的分享

在委託第三方處理個人信息時,除委託行為本身不得超出個人信息主體授權同意的範圍之外,《安全規範》還明確規定,個人信息控制者應當開展個人信息安全影響評估,並採取合同約定責任義務、審計等方式對受託者進行監督,保證準確記錄和保存受託者處理個人信息的情況。

關於個人信息的共享與轉讓,《安全規範》同樣規定了個人信息控制者的安全影響評估義務,同時個人信息控制者應當向個人信息主體告知共享、轉讓個人信息的目的、數據接收方類型,涉及個人敏感信息的,還應當告知敏感信息的類型、數據接收方的身份和安全能力等,在事先徵得個人信息主體明示同意後方可共享或轉讓。此外,個人信息控制者需準確記錄和保存個人信息共享和轉讓情況,承擔因共享、轉讓個人信息對信息主體合法權益造成損害的法律責任。因併購、​​重組等發生控制主體變更的,應當單獨向個人信息主體告知有關情況。

關於個人信息的跨境傳輸,《安全規範》要求個人信息控制者應按照網信辦會同相關部門製定的標准進行安全評估。根據去年4月發布的《個人信息和重要數據出境安全評估辦法(徵求意見稿)》,網絡運營者在數據出境前應自行組織數據出境安全評估,並對結果負責,若含有或累計含有50萬人以上個人信息以及由關鍵信息基礎設施對外提供個人信息的,還應報請行業主管或監管部門組織安全評估。去年8月30日由全國信息安全標準化技術委員會公佈的《信息安全技術數據出境安全評估指南(徵求意見稿)》(以下稱“《評估指南》”)同樣值得關注,《評估指南》明示了數據出境安全評估的使用範圍及例外,細化個人信息及重要數據的類型,增加了網絡運營者個人信息出境的告知義務,區分安全自評估與主管部門評估流程,為個人信息控制者俱體落實個人信息跨境傳輸提供了參考依據。

安全管理要求

《網安法》自實施以來,賦予了網絡運營者諸多安全保護義務,其中之一便是製定內部安全管理制度和操作規程,落實網絡安全保護責任,具體到《安全規範》中,主要包括三個方面。第一,應當明確責任部門與人員,根據《安全規範》,在業務、人員規模、個人信息處理量等方面滿足特定條件的個人信息控制者,應設立專職的個人信息保護負責人和工作機構以便個人信息安全工作的具體實施,防止個人信息的洩露、損毀、丟失。第二,應當構建人員管理與培訓制度,根據《安全規範》,個人信息控制者應當與從事個人信息處理崗位的員工簽署保密協議並進行背景審查,明確相關崗位的安全職責和發生安全事件後的處罰機制,同時定期開展專業化培訓和考核,確保相關員工掌握隱私政策和規章流程。第三,應當開展個人信息安全影響評估與審計製度,評估個人信息處理過程中可能產生的風險與不利影響,形成評估報告以供相關方查閱,同時建立自動化審計系統,監測記錄個人信息處理活動,及時處理審計過程中個人信息違規使用、濫用等情況。

結語

《安全規範》的正式發布結束了《網安法》實施以來個人信息保護原則性規定較多而具體措施欠缺的局面,解答了廣大互聯網企業的困惑,其在附錄部分更是製作了個人信息主體授權同意的功能界面和隱私政策的模板,使得網絡產品和服務的提供有了完備的合規和風控政策。雖然《安全規範》編號顯示為國家推薦標準,但在實踐中,去年網信辦、工信部、公安部等四部門開展的隱私政策評審工作主要以《安全規範》徵求意見稿為依據,今年年初網信辦就年度賬單事件約談支付寶時,也再次強調了《安全規範》的準據效力,上述事件均從側面反映了《安全規範》對於完善個人信息保護製度的重要性。廣大網絡運營者應發力個人信息的收集、保存、使用、分享等多個方面,完善內部管理與隱私政策制定,以應對趨於嚴格的監管形勢。

Source:  http://new.qq.com/omn/20180201/20180201B07GLP.htm

Strategic Thinking on Ensuring Ideological & Political Security of Chinese Army // 中國軍媒:確保我軍網上意識形態安全的戰略思考

Strategic Thinking on Ensuring Ideological & Political Security of Chinese Army //

中國軍媒:確保我軍網上意識形態安全的戰略思考

 

Network era, the information exchange to break the official and civil, military and local boundaries, our army should continue to play the advantages of mobilization, open our army ideological work a new situation. The people are the most extensive and powerful forces involved in the ideological struggle. Our army strives for the dominance of the online ideological struggle. It can not rely solely on the power of propagating and defending the departments. We must also make the people’s faction and stir up the people’s war of online ideological struggle. Our army should play a good mobilization advantage, attract the participation of the masses, and guide the direction of public opinion.

The United States “how to influence China’s national strategy and military strategy,” the report said, “the Internet is our main battle with the Chinese Communist Party.” Western military power has long been the online public opinion struggle into the military strategy, is committed to creating a new network of combat forces.

Military Army: Strategic Thinking on Ensuring the Ideological and Political Security of Our Army

The United States since 2003 in the war in Iraq for the first time to implement the strategic psychological warfare, have made a network war theory update and actual inspection of the record; recently, the US Defense Secretary Ashton Carter announced the Department of Defense new network action strategy report, For example, the United States and Russia have been able to use the information warfare forces to form a “civil army”, demonize the “invading country” regime, from the “invading country” internal disintegration of its national will, To achieve their own strategic objectives. At present, the United States with the Internet technology and cultural hegemony to develop Internet rules, selling political system and cultural ideas, leading the direction of ideological struggle; our military in the key information infrastructure construction, network impact in a weak, facing control, Shaped, interpreted, tagged dilemma, cyberspace security coping overall is still hovering at the tactical level non-strategic level. In the era of media, cyberspace has become the second “living space” of mankind. Our army should be in danger and know ourselves, and attach great importance to the study of cyber ideology struggle strategy and compete for the initiative of online ideological struggle.

1, take the initiative to force the Sword, to seize the high ground of ideological struggle

 

The Internet is the main battlefield of ideological struggle. The main battlefield failed to master the initiative, decided in the field of ideology in the passive situation. In recent years, including the United States, including Google, Apple, “the eight King Kong” all-round penetration into the network space in China through the opening of the “back door” for the US government to provide information, and pervasive way to push me Western values; , Support the “elite” voice, so that with the help of the Internet openly for the Western head; continuous technological innovation, by virtue of “shadow Internet” and other means to circumvent me

Network control system to support Hong Kong “accounted for” and other subversive separatist activities; leading issues set for China’s military development has been intensive throw “China’s military threat theory”, “China’s spy activities,” “Sino-US military conflict theory” and “South China Sea navigation freedom” and other issues, from the academic, public opinion on me completely suppressed.

In contrast to our military, there are still used in the theoretical study of fried rice, in the propaganda work instilled the preaching, stereotyped in the discourse system, often in the subject matter when the aphasia, weak and weak in the supervision of the phenomenon, not only cause my mainstream ideology Spread the dilemma, but also for the hostile forces to attack my ideological position left a gap. Network ideological struggle, such as against the current sailing,

In the face of the aggressive challenges of the United States and the West, the attack is more advantageous than the defense. Our army must recognize the seriousness of the threat of online ideology and face the above-mentioned deficiencies. Through the all-round change of the thinking idea and working mode, initiative.

The first stage to try to reverse our army passively cope with the situation, lay the online ideological struggle “fighter war”. China is currently the most important strategic opponents of cyber space in the United States, the United States will undoubtedly be its core technology, hegemony and other positions to prevent clinging, want to catch up with its core technology in the short term is not feasible. Our army should not only have the courage to fight the Sword, but also learn to “dance with the wolf”, on the one hand should focus on the matter, in the face of Western issues when the attack in a timely manner to respond, one said, change the traditional conservative ideology work concept, , To avoid the main network-like attitude, or another way to transfer is not conducive to our military wave of public opinion, beware of the Chinese story was misinterpreted, misreading; on the other hand can identify the opponent’s weaknesses, pain hard, propaganda interpretation of the Western scandal, Democratic system malpractice, judging the plight of capitalist development. Learn from the opponents of the struggle, give full play to the role of capitalist countries, in the foreign media, business operations, cooperation and cultural exchanges in the promotion.

The second stage is based on my main counterattack, lay the ideological struggle of the Internet “position war.” The use of the first stage of the development of technology development opportunities, and vigorously promote technological innovation, can bypass the United States and other Western countries accounted for overwhelming advantages of the technical barriers to achieve such as quantum communications technology monopoly, relying on the new platform to implement the ideological strategy to counter; To maintain national ideological security from the traditional security field to the field of cyberspace extension, and actively establish a network space cooperation with other countries, based on Chinese cultural traditions, value system and military practice, to build beyond the West, in line with China’s actual discourse system for the international community Innovative discourse, for our army modernization, national defense policy and the military system name.

2, to support the legislation, to the superiority of the people to achieve the mainstream ideology of soft conquest

 

Hard power is the fundamental support of soft power, Western ideology has been able to prevail in the world, the key lies in the capitalist countries generally developed economy, people’s living standards are higher, and the key to the upsurge in the Soviet Union is the national economy almost collapse, political Cleaning loss of people, social contradictions continue to intensify. Revolutionary war years, our army suffered inside and outside the attack, but resist the West “peaceful evolution”, the fundamental reason is that when our ideological work to do the “inner saints outside the king.” Reflection of the current, part of the unit and the individual army is not strict, improper words and deeds, misconduct, weakened the army combat effectiveness, discredited the image of the army, for those who have ulterior motives attacked my system, leaving the relationship between the party and the party left a mess, as hostile forces To achieve its political purpose to provide a convenient space.

In addition, the value orientation and behavior of the composition of the officers and men are undergoing profound changes. Once the loss of their trust is caused by the corruption of the military, it is easy to cause the ideal and the landslide, which opens the gap for the infiltration of the West. For a period of time, our army dealing with the behavior of anomorphosis often lost in the wide, lost in the soft, especially Guo Boxiong, Xu Caihou case hit the officers and men “three view”, while the United States to intensify the push of the bourgeoisie to build the military concept, To carry out the deterrence, attack our army unique advantages, which makes our ideological work into a double dilemma. Network era information cohabitation, the face of hostile forces deliberately slander more need “their own hard”.

Our army should play a good way to put forward the traditional advantages of truth, first put the facts, and then tell the truth, to an open and inclusive attitude to the Internet users to monitor the military and the Internet to achieve good interaction, and as a driving force to improve the style Adhere to the line of words and deeds; adhere to the network space management and the reality of space norms both hands, the military’s own problems, neither whitewash short and not allowed to make rumors, eliminate negative thoughts, the root causes of public opinion, to our military good image against Western attack penetration, Enhance the mainstream ideology of inspiration.

3, to network network, to enhance our ideological struggle of the network thinking

 

The development of the Internet has spawned all-round changes in social structure, way of thinking and behavior. In the face of online ideological struggle, our army must accurately grasp the changes in the mechanism of competition. The network originated in the West, grew up in the West, the West not only has a comparative advantage in technology, but also highly compatible with the Internet culture, cloud computing, large data, artificial intelligence and other technologies are the first breakthrough in the West, the network center war and other Internet operations concept by the US military The first proposed, the Internet “rules of conduct” is also dominated by the West, the United States is the world’s major sources of information. And our army in the online ideological struggle is still at a disadvantage, such as can not keep up with the Internet age changes, will fall into a completely passive situation.

At present, our army has a strong desire and motive to make a good “network gateway”, and the problem of planning breakthroughs in online ideological struggle is basically clear, but it still lacks the organic integration of “Internet + ideological struggle” and can not really grasp the struggle The right to speak. In the face of the grim situation of online ideological struggle, our army needs an Internet “brainstorming”, and comprehensively enhance the ability of online ideological security. To break the core technology monopoly as the main focus, breaking the United States to contain my “life door”, the construction of its own information transmission system and network security protection system, and strive to lead the innovation and technology around the world, lay the ideological “backhand” But also the Internet communication requires creative thinking, the first machine awareness, platform operation and action ability, but also to promote the development of the Internet, but also to promote the development of the Internet, The barracks should follow the trend, as soon as possible to develop a variety of network broadcast and other media, try to mainstream cultural communication embedded in creative industries.

4, close the rule of law cage, remove the online ideological position “noise”

 

The development of new media technology to open the “everyone has a microphone,” the law of the times of transmission changes, public opinion, more difficult to control, thinking more and more intense competition, but according to the law of the network network did not follow the footsteps.

The current urgent problem is: the phenomenon of my ideological security is widespread, part of the hostile forces openly clamoring, the Western hostile forces not only in my territory to cultivate “well known” “big V”, the purchase of network water army, organization of cults, Extreme forces and other extreme anti-communist elements into the network of public opinion, resulting in a variety of hazards to national and military security information is full of network information platform.

At present, the army information construction in full swing, our army for the new media management legislation process is lagging behind, the network regulation system is not perfect, the lack of norms of online ideological struggle, part of the behavior of the ideological security is illegal, how to deal with the language is not detailed.

On the one hand, the normal ideological control is often misinterpreted as restricting freedom of speech. Once used by hostile forces, it may cause the military officers and soldiers to fluctuate, leading to further deterioration of the situation. On the other hand, due to the lack of relevant norms, Or even often for a small number of wrong acts “pay”, resulting in ideological murmur is not cleared, over time, the ideological institutions of the credibility of a serious decline in the military and the state may also fall into the “Tacitus trap.”

Online ideological struggle from the value of the political system of confrontation, but may be expressed as “to ideology” of public opinion and popular culture. Information in the cyberspace “fission” propagation. The process does not rule out the ulterior motives of the individual groups add oil and vinegar, fueled. Therefore, to win the ideological struggle on the Internet, our army should maintain the ideological security issues in accordance with the law into a strategic position, consolidate the military environment, improve domestic legislation, and resolutely combat the behavior of moral hazard, and create a good online public opinion ecology.

First, the height of the overall national security to promote the legislative amendment, focusing on the norms of cultural transmission in the field of “rent-seeking” phenomenon, management loopholes, powers and responsibilities unclear, poor supervision and other issues to ensure that the work of law, There must be law.

Second, according to the law, the frequent dissemination of bad information on the implementation of accurate monitoring of the site, according to the law should be ordered to rectify the deadline for the threat of ideological security, the negative information according to the law to remove. Third, strict enforcement of law enforcement, illegal research, to endanger our ideological and ideological security of the implementation of full-time monitoring, the spread of negative public opinion of the organization, individuals and the performance of poor supervision departments, resolutely according to law, Outside the earth, the formation of the rule of law deterrence.

5, pay attention to the integration of military and civilian, launched the ideological struggle of the people of the war

 

Historically, our army in combat and the implementation of military missions before the fighting to mobilize, to boost morale to stimulate morale, while fighting for a wide range of mass support. Whether it is mobilization speech, news propaganda or brief loud fighting slogans, lively forms of literature and art, have played an indelible role, so that our army justice, civilization, the image of mighty people, for our army to integrate military resources, The people’s war laid a good foundation.

Network era, the information exchange to break the official and civil, military and local boundaries, our army should continue to play the advantages of mobilization, open our army ideological work a new situation. The people are the most extensive and powerful forces involved in the ideological struggle. Our army strives for the dominance of the online ideological struggle. It can not rely solely on the power of propagating and defending the departments. We must also make the people’s faction and stir up the people’s war of online ideological struggle. Our army should play a good mobilization advantage, attract the participation of the masses, and guide the direction of public opinion.

At the same time, we should use a good network platform, the use of good hidden in the people of the huge energy, the patriotic enthusiasm of the Internet users to the positive grooming, the formation of the mainstream ideology of the sea, so that our army fortress indestructible, so that hostile forces abroad quit. The integration of military and civilian people can effectively break the problem of insufficient strength of our army in the ideological struggle of the Internet. First of all, lack of platform construction led to the voice of our army can not pass, the situation can not open. In recent years, our army in the dissemination of platform construction is still inadequate. Our military is currently more influential several news sites updated slowly, the news content is still biased towards the traditional propaganda, preaching, the emerging military-related information is also due to the existence of the above problems, so that “lack of capacity” and our army in New media, the use of new platforms often “half a beat”.

We should strengthen cooperation and cooperation with local government media and private media. At the same time, from the media University, well-known enterprises, network celebrities invited experienced people, regular exchange training, absorption of media construction advanced experience, accelerate the improvement of network-related military guidance platform, to create a group of audiences wide visible High-quality brand media. Second, the network crisis on the lack of capacity led to our army often aphasia. At present, the construction of our military space space is limited, staffing is insufficient, leading to information monitoring, filtering capacity is limited, the negative information of the army once fermented for public opinion, relying on the existing technical means and human resources will be difficult to effectively deal with, will make me The military is caught in the unfavorable situation of online ideological struggle.

Therefore, our military should strengthen cooperation with local functional departments to strengthen military and field network engineers to develop information monitoring software and filtering system, so that malicious spread of the rhetoric difficult to spread. At the same time, a wide range of local talent for the use of our military, while absorbing veterans into the local ideological work team, jointly cultivate a group of political excellent, new thinking, technical fine, skilled public opinion analysis, public opinion, network supervision Authoritarian network administrator team, the formation of the people’s war indestructible trend.

Original Mandarin Chinese:

網絡時代,信息交互打破了官方和民間、軍隊和地方的界限 ,我軍應繼續發揮動員優勢,打開我軍意識形態工作新局面。人民群眾是參與意識形態鬥爭最廣泛、最強勁的力量,我軍爭取網上意識形態鬥爭主導權,不能只依靠宣傳保衛部門的力量,還必須做好軍民融合,打響網上意識形態鬥爭的人民戰爭。我軍要發揮好動員優勢,吸引群眾參與,引導輿論走​​向。
美國《如何影響中國的國家戰略和軍事戰略》報告稱,“互聯網是我們與中共交鋒的主戰場”。西方軍事強國早已將網上輿論鬥爭納入軍事戰略,致力於打造網絡新型作戰力量。

軍媒:確保我軍網上意識形態安全的戰略思考

美國自2003年在伊拉克戰爭中首度實施戰略心理戰始,相繼取得了網絡戰理論更新和實戰檢驗的豐碩戰績;近期,美國國防部長阿什頓·卡特公佈了國防部新版網絡行動戰略報告,首次將威懾作為網絡戰略的關鍵部分;在混合戰爭中,美俄軍隊已能熟練運用信息戰力量組建“公民大軍”,妖魔化“侵略國”政權,從“侵略國”內部瓦解其國家意志,實現自身戰略目的。當前,美西方借助網絡技術和文化霸權制定國際互聯網規則,兜售政治制度和文化理念,主導意識形態鬥爭的方向;我軍則在關鍵信息基礎設施建設,網絡影響方面處於弱勢,面臨被把控、被塑造、被闡釋、被標籤化的困境,網絡空間安全應對總體仍盤旋於戰術層面非戰略層面。全媒體時代,網絡空間已成為人類“第二生存空間”,我軍須居安思危、知己知彼,高度重視研究網上意識形態鬥爭應對策略,爭奪網上意識形態鬥爭主動權。

 

1、主動爭鋒亮劍,搶占網上意識形態鬥爭制高點

 

互聯網是意識形態鬥爭主戰場。主戰場上未能掌握主導權,決定了我國在意識形態領域處於被動接招的態勢。近年來,包含谷歌、蘋果在內的美“八大金剛”全方位滲透到我國網絡空間,通過開“後門”為美國政府提供情報,並無孔不入地向我推送西方價值理念;培養“第五縱隊” 、扶植“精英”發聲,使之借助互聯網影響力公然為西方張目;持續技術創新,憑藉“影子互聯網”等手段規避我

網絡防控體系,支持香港“佔中”等顛覆分裂政權活動;主導議題設置,針對中國軍力發展先後密集拋出“中國軍事威脅論”“中國諜報活動猖獗論”“中美軍事衝突論”以及“南海航行自由”等議題,從學術上,輿論上全面對我壓制。

反觀我軍,仍存在在理論研究上習慣炒冷飯、在宣傳工作中灌輸說教、在話語體系上刻板陳舊、在議題應對時屢屢失語、在監管打擊時疲軟乏力等現象,不僅造成我主流意識形態的傳播困境,也為敵對勢力攻擊我意識形態陣地留下缺口。網絡意識形態鬥爭如逆水行舟,不進則退。

面對美西方咄咄逼人的挑戰,進攻比防禦更具優勢,我軍必須認清網上意識形態威脅的嚴峻性,正視上述不足,通過思維理念和工作方式的全方位變革,贏得網絡先機,爭取戰略主動。

第一階段要竭力扭轉我軍被動應付局面,打好網上意識形態鬥爭“殲擊戰”。中國是目前美國在網絡空間最主要的戰略對手,美無疑會對其核心技術、霸權地位等嚴防死守,想要短期內赶超其核心技術並不可行。我軍不僅要勇於爭鋒亮劍,也要學會“與狼共舞”,一方面應著力於就事論事,面對西方議題攻擊時及時回應、有一說一,改變傳統保守的意識形態工作理念,扭轉以遮掩、迴避為主的涉網態度,或另闢蹊徑轉移不利於我軍的輿論潮,謹防中國故事被曲解、誤讀;另一方面可找准對手弱點、打痛打狠,宣傳解讀西方醜聞,揭​​露西方式民主制度弊端,評判資本主義發展困境。借鑒對手鬥爭手法,充分發揮資本主義國家的作用,在境外媒體、商業運作、合作交流中進行文化推廣。

第二階段是以我為主展開反擊,打好網上意識形態鬥爭“陣地戰”。利用第一階段製造的技術發展機遇期,大力推動技術創新,可繞過美國等西方國家佔壓倒性優勢的技術關卡,實現諸如量子通信領域的技術壟斷,依托新平台實施意識形態戰略反擊;把維護國家意識形態安全由傳統安全領域向網絡空間領域延伸,積極與他國建立網絡空間合作關係,立足中國文化傳統、價值體系和軍事實踐,構建超越西方、符合我國實際的話語體系,為國際社會提供創新性話語,為我軍現代化建設、國防政策和各項軍事制度正名。

 

2、力行支撐立言,以人民軍隊優越性實現主流意識形態軟征服

 

硬實力是軟實力的根本支撐,西方意識形態之所以能在全球佔據上風,關鍵在於資本主義國家經濟普遍發達、人民生活水平較高,而蘇東劇變的關鍵則在於國民經濟幾近崩潰、政治清洗喪失民心、社會矛盾不斷激化。革命戰爭年代,我軍遭遇內外夾擊,卻抵禦了西方“和平演變”,根本原因就在於當年我軍的意識形態工作做到了“內聖外王”。反思當前,部分單位和個人治軍不嚴、言行不當、行為不端,削弱了軍隊戰鬥力,抹黑了軍隊形象,為別有用心之人抨擊我制度、離間黨群關係留下了把柄口實,為敵對勢力實現其兵不血刃的政治目的提供了便利空間。

此外,官兵成分結構價值取向和行為方式正在發生深刻改變,一旦因軍內風氣敗壞導致他們信任的喪失,便容易造成理想信念滑坡,等於為西方滲透打開了缺口。相當一段時期內,我軍處置行為失範事件時往往失之於寬、失之於軟,尤其是郭伯雄、徐才厚案件重創官兵“三觀”,同時美西方加緊推送資產階級建軍理念、展示軍事實力進行震懾、攻擊我軍特有優勢,這使我軍意識形態工作陷入雙重困境。網絡時代信息魚龍混雜,面對敵對勢力的蓄意詆毀更需要“自身硬”。

我軍應發揮好擅長擺事實講道理的傳統優勢,先擺好事實,再講清道理,以開放、包容的態度正視網民對軍隊的監督實現與網民的良好性互動,並以此為動力改進作風、規範言行;堅持網絡空間治理與現實空間規範兩手抓,對軍隊自身問題,既不粉飾護短又不允許造謠抹黑,消除負面思潮、輿論產生的根源,以我軍良好的形象抵制西方攻擊滲透,增強主流意識形態感召力。

 

3、以網治網,提升我軍意識形態鬥爭的網絡思維

 

互聯網的發展催生了社會結構、思維方式、行為方式的全方位改變,面對網上意識形態鬥爭,我軍必須準確把握人心爭奪機理的變化。網絡發源於西方、成長於西方,西方不僅在技術上有比較優勢,而且與互聯網文化高度契合,雲計算、大數據、人工智能等技術都由西方率先突破,網絡中心戰等互聯網作戰概念由美軍率先提出,互聯網“行為規則”也由西方主導,美國是全球主要信息源。而我軍在網上意識形態鬥爭中仍處於劣勢,如不能跟上網絡時代變化,將會陷入徹底被動的局面。

當前,我軍對過好“網絡關”的願望和動機日趨強烈,籌劃網上意識形態鬥爭須重點突破的問題也基本清晰,但仍缺乏“互聯網+意識形態鬥爭”的有機融合,難以真正掌握鬥爭話語權、主動權。面對網上意識形態鬥爭的嚴峻態勢,我軍需要一場互聯網“頭腦風暴”,全面提升網上意識形態安全應對能力。要以打破核心技術壟斷為主要著力點,突破美國遏制我的“命門”,建設自有信息傳輸系統和網絡安全防護系統等,爭取以創新技術領跑全球,打好意識形態“反手仗”,以創新驅動取代亦步亦趨,以技高一籌破除西方霸權;要增強我軍網上意識形態工作創意思維,我軍一向強調穩紮穩打、步步為營,然而互聯網傳播要求創意思維、先機意識、平台運作和行動能力,軍營應緊跟潮流,盡快發展網絡直播等多種傳播媒介,嘗試將主流文化傳播嵌入創意產業。

 

4、關緊法治籠子,清除網上意識形態陣地“雜音”

 

新媒體技術的發展開啟了“人人都有麥克風”的時代傳播規律發生變化,輿情監管難度加大,思維爭鋒愈加激烈,但依法管網治網的腳步卻未跟緊。

當前一個緊迫的問題就是:危害我意識形態安全的現象普遍存在,部分敵對勢力公然叫囂,西方敵對勢力不僅在我境內大力栽培“公知”“大V”,收買網絡水軍,組織邪教、民運宗教極端勢力等極端反共分子進入網絡輿論場,致使各種危害國家和軍隊安全的信息大量充斥於網絡信息平台。

當前,軍隊信息化建設如火如荼,我軍針對新媒體管理的立法進程卻相對滯後,涉網法規制度不健全,網上意識形態鬥爭缺乏規範,對部分危害意識形態安全的行為是否違法、如何處理語焉不詳。

一方面,正常的意識形態管控往往被曲解為限制言論自由,一旦為敵對勢力所利用則可能引起我軍官兵思想波動,導致事態進一步惡化;另一方面,由於缺乏相關規範,對涉事個人群體的處理往往不了了之,甚至經常為少數錯誤行徑“買單”,致使意識形態雜音得不到清除,久而久之,意識形態工作機構公信力嚴重下降,軍隊和國家也可能陷入“塔西佗陷阱”。

網上意識形態鬥爭起於價值理念、政治制度的對抗,卻可能表現為“去意識形態化”的公共輿情和大眾文化。信息在網絡空間內“裂變式”傳播。過程中不排除別有用心的個人群體添油加醋、推波助瀾。因此,打贏網上意識形態鬥爭,我軍應把依法維護意識形態安全問題擺到戰略位置,整肅涉軍網絡環境,完善國內立法,堅決打擊危害意識形態安全的行為,創造良好網上輿論生態。

一是站在總體國家安全的高度推動立法修法,重點規範文化傳播領域目前存在的“尋租”現象、管理漏洞、權責分割不清、監管不力等問題,確保各項工作有法可依、有法必依。

二是依法監管,對經常散播不良信息的網站實施精準監測,依法責令限時整改,對於涉嫌威脅意識形態安全的負面信息依法屏蔽刪除。三是執法從嚴、違法必究,對危害我軍意識形態安全的信息實行全維全時監測,對惡意散佈負面輿論的組織、個人和履行監管職責不力的部門,堅決依法處理,不留法外之地,形成法治震懾。

 

5、注重軍民融合,打響網上意識形態鬥爭的人民戰爭

 

歷史上,我軍在作戰和執行軍事任務前都要進行戰鬥動員,以鼓舞士氣激發鬥志,同時爭取廣泛的群眾支持。不論是動員講話、新聞宣傳還是簡短響亮的戰斗口號、生動活潑的文藝形式,都發揮了不可磨滅的作用,使我軍正義、文明、威武的形象深入人心,為我軍整合軍地資源、發動人民戰爭奠定了良好基礎。

網絡時代,信息交互打破了官方和民間、軍隊和地方的界限,我軍應繼續發揮動員優勢,打開我軍意識形態工作新局面。人民群眾是參與意識形態鬥爭最廣泛、最強勁的力量,我軍爭取網上意識形態鬥爭主導權,不能只依靠宣傳保衛部門的力量,還必須做好軍民融合,打響網上意識形態鬥爭的人民戰爭。我軍要發揮好動員優勢,吸引群眾參與,引導輿論走​​向。

同時,要運用好網絡平台,運用好潛藏於民的巨大能量,把網民愛國熱情向正面疏導,在民間形成主流意識形態汪洋大海,使我軍內部堡壘堅不可摧,使境外敵對勢力知難而退。軍民融合還能有效破解我軍在網上意識形態鬥爭中力量陣地不足的問題。首先,平台建設不足導致我軍聲音傳不出、局面打不開。近年來,我軍在傳播平台建設上仍存在不足。我軍目前較有影響力的幾家新聞網站更新緩慢,新聞內容依然偏向傳統的宣傳、說教,新興的涉軍微信公眾號也因存在上述問題,以致“吸粉”能力不足,並且我軍在新媒體、新平台的使用方面常常“慢半拍”。

應加強與地方官媒、民營媒體的交流合作,合作建設。同時,從傳媒大學、知名企業、網絡名人中邀請經驗豐富的人士,定期組織交流培訓,吸收媒介建設先進經驗,加速改進網絡涉軍輿論引導平台,爭取打造一批受眾廣泛可看性強、可信度高的品牌媒體。其次,網絡危機對能力不足導致我軍屢屢失語。目前,我軍網絡空間力量建設有限、人員配備不足,導致信息監測、過濾能力受限,涉軍負面信息一旦發酵為輿情,單靠現有的技術手段和人力資源將難以有效處理,將使我軍陷入網上意識形態鬥爭的不利境地。

因此,我軍應加強與地方職能部門合作,加強軍地網絡工程師合作研發信息監測軟件和過濾系統,使惡意散佈的不實言論難以擴散。同時,一面廣泛吸收地方人才為我軍所用,一面吸納退役軍人進入地方意識形態工作隊伍,聯合培養一批政治過硬、思維過新、技術過精,能熟練進行輿情分析、輿論引導、網絡監管的專製網絡管理員隊伍,形成人民戰爭堅不可摧之勢。

Author: 作者:王明哲 軍事科學院軍隊政治工作研究中心

Chinese Internet Security Report 2017 (a) // 中華人民共和國2017年上半年互聯網安全報告

Chinese Internet Security Report 2017 (a) //

中華人民共和國2017年上半年互聯網安全報告

1 Internet security situation is grim, to develop network security is imperative

At the same time, the Internet security has become more and more important. In 2014, the central network security and information leading group was formally established, Xi Jinping personally as head of the country and the government’s attention to the degree of network security is evident. In the central network security and information leading group at the first meeting, Xi Jinping first proposed “network power” strategy, “no network security is no national security”, network security is a relationship between national security and sovereignty, social stability, national culture The important issue of inheritance and development. Its importance, with the pace of global information to accelerate and become more and more significant. “Home is the door”, security issues without delay.

In China, the network has entered the tens of thousands of households, the number of Internet users in the world, China has become a network power. The Internet has been deeply involved in all aspects of people’s lives. According to a survey on the information of the public, students and white-collar groups of Internet usage has been close to 100%, more than Jiucheng college students and white-collar groups the most important information access channel for the Internet. Internet users on the Internet to conduct the main news, learning, real-time communication, social networking and all kinds of leisure and entertainment. In the era of universal networking, Internet users how to ensure network security? How does an enterprise network effectively defend against cyber attacks? These have become important issues that countries, governments and the security industry are facing and need to address as soon as possible.

From the domestic “dark cloud Ⅲ” virus, to sweeping the global “WannaCry” extortion virus, and then to “Petya” malignant devastating virus, all that the current network security situation is grim, corporate security vulnerable, vigorously develop the network Security is imperative.

2 to strengthen the network security construction, lack of talent need to improve the current situation

Although China has become a big country network, but there is distance from the network power. Trojans and botnets, mobile Internet malicious programs, denial of service attacks, security vulnerabilities, phishing, web tampering and other network security incidents have occurred, the basic network equipment, domain name systems, industrial Internet and other basic infrastructure and critical infrastructure is still facing Greater security risks, strengthen the network security construction is imminent.

At the same time, the shortage of network security personnel in China is in urgent need of improvement. As a network power, China in addition to research and development of computer equipment to enhance the speed of network transmission, but also should step up the cultivation of computer information security personnel, so that China from the network power into a network power, which is to enhance China’s information security important basis.

Network security has risen to the national strategy, the state is also vigorously invested to promote the construction of network security. But do a good job of network security is not an organization, a department of things, but the need for the participation of the whole society. From the city of Wuhan issued “on the support of national network security personnel and innovation base development policy measures” invested 4.5 billion construction funds, to June 1, 2017 formally implemented the “People’s Republic of China Network Security Law”, are for network security Healthy, steady development and make efforts. We also call for the social responsibility as a safe enterprise, institutions, individuals actively into the network security building, for the country, the national network security protection contribute a force.

3 Tencent to promote the establishment of China’s first strongest Internet security matrix

Tencent security has 17 years of capacity accumulation and 800 million users of large data operating experience, is China’s leading Internet security products, security services provider. In the spirit of “open, joint, shared” concept, will accumulate years of ability and data sharing to partners, is committed to the Internet security and open platform construction, enhance the security of the Internet security industry chain, enhance user safety awareness, and jointly promote China’s Internet security Environmental construction.

At present, Tencent has promoted the establishment of China’s first Internet security matrix, covering the basic security of the laboratory matrix, security product matrix, security, large data platform matrix, and Internet security open platform matrix, committed to China’s Internet security new ecological construction, open core competencies And data for China’s Internet security and ecological construction unremitting efforts.

First, the overall status of network security scan

1.1 affect the world’s six major network security incidents, the cumulative impact of the world

1.1.1 WikiLeaks CIA top secret file leak event

March 7, 2017, WiKiLeaks announced thousands of documents and revealed the CIA on the hacker hacking technology, Mobile phones and smart TVs, but also can invade attacks on Windows, Mac and Linux operating systems, and even control smart cars to launch assassination activities. Outside the name of the leak event named Vault 7, Vault 7 published confidential documents recorded by the United States Central Intelligence Agency (CIA) conducted by the global hacker attacks.

Vault7 contains 8761 confidential documents and documents, which documents the CIA for Android and Apple smart phones developed by the intrusion crack technology details, some of which can also get the complete control of the target device. WikiLeaks founder A Sangqi said the document shows the “CIA network attack the overall ability”, and WikiLeaks in the release of these documents claimed that “CIA network armory has been out of control.”

1.1.2 Shadow Broker Public NSA (US National Security Agency) Hacker Arsenal

On April 14, 2017, Shadow Brokers published a large number of very destructive hacking tools used by the Equation Group in the NSA (National Security Agency) on steemit.com, including You can remotely break the global about 70% of the Windows machine vulnerability exploit tools. Anyone can use NSA’s hacker weapons to attack someone else’s computer. Among them, there are ten tools most likely to affect Windows personal users, including eternal blue, eternal king, eternal romance, eternal collaboration, emerald fiber, eccentric hamster, Eskimo volume, elegant scholar, eclipse wings and respect review. Hackers do not need any operation, as long as the network can invade the computer, like shock waves, Sasser and other famous worms can instantly blood wash the Internet.

1.1.3 “WannaCry” extortion virus broke out in the world on May 12th

May 12, 2017, “WannaCry” (want to cry) bitbell blackmail virus in the global outbreak, the event affected more than 150 countries and regions, more than 10 million organizations and institutions and more than 30 million Internet users, the total loss Up to more than 500 billion yuan. Including hospitals, educational institutions and government departments, without exception, suffered an attack. Blackmail virus worms in conjunction with the way the spread of the attack is a large-scale outbreak of the important reasons.

User’s most obvious symptoms after poisoning is the computer desktop background is modified, many files are encrypted lock, the virus pops up prompted the user to the relevant bit coin address transfer $ 300 in order to unlock the file. At present, security companies have found ways to restore encrypted files.

1.1.4 FireBall Fireball virus infected more than 250 million computers

June 1, 2017, foreign security agency Check Point reported that the outbreak of a “FireBall” virus abroad, and claimed that more than 250 million computers worldwide are infected, the most affected countries are India (10.1%) and Brazil (9.6%). The United States has 5.5 million computers in the move, accounting for 2.2%. In the infected business network, India and Brazil accounted for 43% and 38% respectively, compared with 10.7% in the US.

This malware will force the browser home page to its own website and search engine, and redirect the search results to Google or Yahoo. These forged search engines track user data and secretly collect user information. The author of this virus for the production of China’s Rafotech company, the company’s Web site has been unable to visit.

1.1.5 “dark cloud” series virus upgrade to “dark cloud III” again struck

June 9, 2017, Tencent computer housekeeper detected, as early as 2015 was first discovered and intercepted killing the “dark cloud” virus resurgence, upgrade to “dark cloud Ⅲ”, through the download station large-scale transmission, at the same time through Infected disk MBR boot boot, the number of infected users has reached millions.

After the upgrade of the “dark cloud Ⅲ” will be the main code stored in the cloud, real-time dynamic updates, and its function is currently downloaded to promote malicious Trojans, lock the browser home page, tampering to promote navigation page id. Once the user in the move, the computer will become a “broiler” to form a “botnet”, and the use of DDoS attacks built on a cloud service provider platform chess class site, resulting in the site access becomes abnormal card slow.

1.1.6 new round of extortion virus “Petya” struck, more destructive

June 27, 2017, a new round of extortion virus “Petya” attacked a number of countries in Europe, including Ukraine, Russia, India, Spain, France, Britain, Denmark and other countries have been attacked, the governments of these countries, Banks, enterprises, power systems, communications systems and airports are affected by different procedures.

This virus is more destructive than “WannaCry”, the virus on the computer’s hard disk MFT encryption, and modify the MBR, so that the operating system can not enter. According to the relevant analysis, said the information on the boot interface even if the information provided to the hackers is no way to decrypt, therefore, had to doubt the “Petya” the real purpose of the virus. “Petya” is more like a purposeful attack, the target can not repair the devastating attack, rather than extortion for the purpose.

1.2 “People’s Republic of China Network Security Law” formally implemented

June 1, China’s first comprehensive standard of cyberspace security management of the basic law – “People’s Republic of China Network Security Law,” the formal implementation of a total of seven chapters seventy-nine, the content is very rich, with six outstanding highlights. One is clear the principle of cyberspace sovereignty; the second is clear the network products and service providers of security obligations; third is clear the network operator’s security obligations; four is to further improve the personal information protection rules; five is the establishment of the key Information infrastructure security protection system; six is ​​to establish a key information infrastructure important data cross-border transmission rules.

At the same time the new law also pointed out that should take a variety of ways to train network security personnel, and promote network security personnel exchanges. The implementation of the new law marks the network security of China from the law, cyber space management, network information dissemination order norms, cybercrime punishment and so forth will open a new page, to protect China’s network security, safeguarding the overall security of the country has far-reaching and significant The meaning of.

1.3 The size of Internet users in China is equivalent to the total population of Europe, the safety gap of up to 95%

1.3.1 Chinese Internet users reached 731 million, equivalent to the total population of Europe

As of December 2016, the scale of Internet users in China reached 731 million, the penetration rate reached 53.2%, more than the global average of 3.1 percentage points, more than the Asian average of 7.6 percentage points. A total of 42.99 million new Internet users, the growth rate of 6.2%. The size of Chinese Internet users has been equivalent to the total population of Europe.

1.3.2 mobile users continue to grow, the proportion of mobile phone users accounted for 95.1%

As of December 2016, China’s mobile phone users reached 695 million scale, the growth rate of more than 10% for three consecutive years. Desktop computers, notebook computers are using the decline in the number of mobile phones continue to squeeze the use of other personal Internet devices.

1.3.3 security talent gap is huge, up to 95%

Although the number of Internet users in China has been ranked first in the world, but China’s information security industry in the very few people, security personnel and its lack. According to relevant information, in recent years, China’s education and training of information security professionals only 3 million people, and the total demand for network security personnel is more than 700,000 people, the gap up to 95%. 710 million Internet users in China network security issues, has become the industry and the country to solve the problem.

Beijing Institute of Electronic Science and Technology, vice president of the Ministry of Education of Higher Education Information Teaching Committee of the Secretary-General Fenghua pointed out that the current important information systems and information infrastructure in China need all kinds of network information security personnel will be 15,000 per year The rate of increase, by 2020 the relevant talent needs will grow to 1.4 million. But at present, only 126 colleges and universities in China have set up 143 network security related professionals, accounting for only 10% of the 1200 science and engineering institutions.

Analysis on the situation of network virus threat in the first half of 2017

2.1 Tencent security anti-virus laboratory PC-side virus interception over 1 billion, the chain by 30%

2.1.1 Trojan horse intercepts an average of nearly 170 million times per month

In the first half of 2017, Tencent security anti-virus laboratory statistics show that PC-side total has blocked the virus 1 billion times, the overall number of viruses compared to the second half of 2016 Tencent security anti-virus laboratory to intercept the number of viruses increased by 30% Interception Trojan virus nearly 170 million times. April, June to intercept the peak of the virus, interceptions are 180 million times.

2017 Q2 quarter compared to 2016 Q2 quarter, Tencent security anti-virus laboratory virus blocking an increase of 23.7%. From 2014 to 2017 Q2 season, the amount of virus blocking the number of malicious programs increased year by year.

2.1.2 PC users in Guangdong, the highest number of poisoning, poisoning peak for the morning 9-11 points

2.1.2.1 found a total of 230 million times in the first half of the user machine Trojan virus 

The first half of 2017 Tencent security anti-virus laboratory found a total of 230 million times the user machine Trojan virus, compared to the second half of 2016 down 0.5%, an average of 38.8 million poisoning machines per month for virus killing. 2017 Q2 quarter compared to Q1 quarter, a slight increase in the number of poisoning machines.

In the second quarter of 2017, the number of users in the second quarter of 2016 increased by 3% compared with the same period in the second quarter of 2016. From 2015 to 2017 Q2 season, the number of poisoning machine growth trend is obvious, was increasing year by year state.

2.1.2.2 PC end user poisoning peak for the morning 9:00 to 11:00

According to statistics, the peak time of daily poisoning for the morning 10 am – 11 am, in line with business and ordinary users 9 am – 11 am to open the computer processing work of the law. This time the user poisoning virus type is more use of e-mail, sharing, etc. spread Office document macro virus, indicating that the office security situation is still grim.

2.1.2.3 PC end poisoning user provinces up to Guangdong, which ranks first in Shenzhen

According to Tencent security anti-virus laboratory to monitor the number of poisoning PC statistics, from the urban distribution point of view, the Internet is more developed city users poisoning situation is heavy, the country ranked the first city to intercept the virus in Shenzhen City, accounting for 3.76% , The second for the Chengdu City, accounting for 3.57% of all interceptions, the third for the Guangzhou City, accounting for 3.39% of all interceptions.

From the provincial geographical distribution, the largest number of PC poisoning in Guangdong Province, accounting for 13.29% of the total intercept, the second in Jiangsu Province, accounting for 7.75% of all interceptions, the third in Shandong Province, accounting for all Intercept the amount of 7.12%.

2.1.3 The largest virus category accounted for 53.8% of the Trojan virus, blackmail virus added 13.39%

2.1.3.1 PC-side of the first major virus is still Trojans, PE-infected virus type, but the spread of large

According to Tencent security anti-virus laboratory 2017 Q2 season to obtain the virus sample analysis, from the virus type, Trojans accounted for 53.80% of the total number, is still the first major virus. Adware class (adware, forced installation, user privacy, spam, etc.) for the second largest virus category, accounting for 39.02% of the total number. Backdoor category for the third largest virus category, accounting for 5.13% of the total number. Compared to the 2017 Q1 quarter, the virus type did not change much.

The number of virus samples from the top of the division, ranked first and second is still the Trojans and Adware class, but ranked third in the PE infection, accounting for 25.07% of the total number.

There are not many types of infectious samples, which is difficult to produce infectious virus, hackers and other programmers need to master the technology, high cost, long development time and other factors. At the same time, the transmission of infectious virus is very large, the survival time is relatively long, therefore, less species of PE infection type in the sample transmission level accounted for a certain proportion, which is due to infection with a wide range of viruses, Fast propagation characteristics.

2.1.3.2 extortion virus sample number Q2 added 13.39%, the first is not WannaCry

The extortion of the virus is the purpose of extortion money for the purpose of making the Trojan horse infected computer user system specified data files are malicious encryption, resulting in user data loss. At present, most of the domestic extortion of the virus by the need to pay the rupiah to be able to decrypt. As the bit currency completely anonymous circulation, the current technical means can not track behind the extortion behind the virus operator, which also makes the extortion virus from 2013 after the explosive growth.

The amount of extortion

According to Tencent security anti-virus laboratory to detect the extortion virus, 2017 in the first half of the total has been found in the number of extortion virus samples in about 300 million, the average monthly detection of the number of extortion virus nearly 500,000, Q2 quarterly extortion virus samples The number increased by 13.39% over Q1 quarter. May, June to intercept the peak of the virus, respectively, 57 million, 530,000.

Extortion virus type

According to the relevant data analysis shows that the May 12 outbreak of the WannaCry extortion virus is the most active in this quarter, the greatest impact on the virus. The virus and other viruses in the way of transmission is significantly different, due to the use of the windows system vulnerabilities, making the virus can spread around the world, as the quarter of the hot safety events. On June 27, a new type of extortion virus called Petya began spreading around the world, and its extortion was similar to WannaCry, but more destructive, directly encrypting the MFT of the user’s hard drive and modifying the MBR, causing the user to fail to windows system.

Although the impact of the virus is large, but from the sample size point of view, the largest or with the spread of infection PolyRansom virus. This virus will be infected, encrypted users of the file to extortion, but because there is no use like WannaCry virus key encryption, but the use of a simple encryption algorithm, and the algorithm is reversible, anti-virus software can help users to restore files, So although the number of samples in the first, but the impact is not great. This type of extortion virus accounted for 78.84% of all extortion virus, we can see the spread of infectious virus strong.

From the sample size point of view, in addition to infectious extortion virus, the first is Blocker, accounting for 36.82% of all extortion virus, the second category is Zerber, accounting for 23.63% of all extortion virus, the third category Is the most affected this quarter, WannaCry extortion virus, accounting for all extortion virus 12.06%. WannaCry virus volume quickly rose to the third position, because the means of communication using the spread of vulnerability.

The current extortion virus mainly uses the following kinds of transmission:

Document infection spread

File infection is the use of infectious virus transmission characteristics, such as PolyRansom virus is the use of infectious virus characteristics, encrypted users all the documents and then pop-up information. Because the PE class file is infected with the ability to infect other files, so if the file is carried by the user (U disk, network upload, etc.) to run on other computers, it will make the computer’s files are all infected with encryption.

Site hanging horse spread

Web site is through the site or the site server to obtain some or all of the authority, in the web page file to insert a malicious code, these malicious code, including IE and other browser vulnerabilities use code. When a user accesses a linked page, a malicious code is executed if the system does not update the exploit patch used in the malicious code.

The virus can also use known software vulnerabilities to attack, such as the use of Flash, PDF software vulnerabilities, to the site with malicious code to add the file, the user with a loopholes in the software to open the file will be executed after the malicious code, download virus.

Using system vulnerabilities

May outbreak of WannaCry is the use of Windows system vulnerabilities to spread, the use of system vulnerabilities is characterized by passive poisoning, that is, users do not have to visit a malicious site, not open the unknown file will be poisoned. This virus will scan with the network vulnerabilities in other PC host, as long as the host is not marked with a patch, it will be attacked.

Tencent anti-virus laboratory to remind you, timely updates third-party software patches, timely update the operating system patches to prevent known vulnerabilities attack.

Mail attachment spread

The extortion virus that spreads through e-mail attachments usually disguises documents that users need to view, such as credit card spending lists, product orders, and so on. The attachment will hide the malicious code, when the user opens the malicious code will begin to perform, release the virus. This type of camouflage virus is usually sent to enterprises, universities, hospitals and other units, these units in the computer usually save the more important documents, once malicious encryption, the possibility of payment of ransom far more than ordinary individual users.

Network share file spread

Some small-scale spread of extortion virus will be spread through the way the file spread, the virus will upload the virus to the network sharing space, cloud disk, QQ group, BBS forums and other places to share the way to send a specific crowd to trick the download and install The

Tencent anti-virus laboratory to remind users to download the software go to the official formal channel download and install, do not download the unknown program, such as the need to use the unknown source of the program can be installed in advance Tencent computer housekeeper for security scanning.

2.2 mobile side killing a total of 693 million Android virus, mobile phone users over 100 million

2.2.1 mobile side of the virus package growth trend slowed down, but the total is still 899 million

In the first half of 2017, Tencent mobile phone housekeeper intercepted Android new virus package totaled 8990000, compared with 2016 in the first half of a small decline, but the total is still very large.

2.2.2 Guangdong mobile users poisoning the most, the number of mobile phone users decreased by 45.67%

2.2.2.1 Tencent mobile phone housekeeper in the first half were killing Android virus 693 million times

In the case of a large number of virus infection users in the case, the first half of 2017 Tencent mobile phone housekeeper killing the virus has reached 693 million times, an increase of 124.24%, the total number of more than double the first half of 2016 more than doubled. Malicious programs and Trojans to reduce the cost of production, virus transmission channel diversification is an important factor in this phenomenon.

In addition to June, the first half of 2017 killing more than 100 million times a month, of which the number of mosquitoes in January up to 136 million times, almost the first half of 2014, 140 million in the killing of the same level.

2.2.2.2 2017 in the first half of the number of mobile phone users over 100 million 

In the first half of 2017, the number of virus infected users was 109 million, down 45.67% year on year, compared with 2015, the first half of 2016 compared to all declined.

January 2017 single month infected users reached 21.66 million, the highest for the first half, then the number of infected users began to slow down.

2.2.2.3 the number of mobile users poisoning Guangdong ranks first

In the infected mobile phone users geographical distribution, Guangdong ranked first, accounting for up to 11.41%.

2.2.3 hooliganism and resources accounted for more than 80%, two-dimensional code is most easy to poison

2.2.3.1 mobile-side virus in the hooliganism and tariff consumption accounted for more than 80%

In the first half of 2017, the proportion of mobile phone viruses, rogue behavior and tariff consumption accounted for the highest, to 44.59% and 44.44% ratio of one or two. Ranked third of the same access to privacy accounted for 5.85%, lodging fraud, malicious deductions, remote control, system damage and malicious spread accounted for 1.94%, 1.55%, 0.80%, 0.74% and 0.08%.

Hooliganism refers to the malicious behavior of a virus that has a rogue attribute. Such as the recent WannaCry virus and once again concerned about the mobile phone lock screen Serbia virus with rogue behavior. This type of virus through the forum paste it and other means to spread, the drug will usually use plug-in, free, brush drill, red envelopes and other words on the Trojan virus packaging, induction users download and install. After the installation of the virus will be forced to lock the phone screen, forcing the victim had to contact the drug maker in order to make the equipment back to normal.

Whether the computer or mobile phone, with rogue behavior of the extortion virus to the user losses are difficult to estimate, if accidentally poisoning, not only will cause property damage, will also lead to loss of important information, so users should be careful to guard.

Tariff is also a common type of mobile phone virus, such a virus usually in the user without the knowledge or unauthorized circumstances, by sending text messages, frequent connections to the network, etc., resulting in user tariff losses. Part of the malicious promotion of the virus to help third-party advertisers to increase traffic for the purpose of the user to download and install the virus, access to mobile portal privileges, the implementation of the download malicious advertising software. These software will continue to push a variety of pop advertising, affecting the user’s mobile phone experience, and even those who will disclose user privacy information, stolen online banking accounts, resulting in serious personal and property safety.

Infected with the world’s ultra-36 million Andrews device malicious ad click software “Judy” is a tariff consumption of mobile phone viruses. The malware is hidden in a Korean tour. After completing the download and install, the infected device will send the information to the target page and automatically download the malicious code in the background and access the advertising link, theft of user traffic, to the user Consumption.

2.2.3.2 two-dimensional code, software bundles are the main source of mobile virus source

Mobile virus channel sources are mainly seven categories, namely, two-dimensional code, software bundles, electronic market, network disk communication, mobile phone resource station, ROM built-in and mobile forum. The diversification and diversification of the entrance of the virus channel also further increases the risk and risk of the user’s exposure.

In the first half of 2017, two-dimensional code became the source of mainstream virus channels, accounting for up to 20.80%. Two-dimensional code in the various areas of the popularity of more and more users to develop a habit of sweeping the random, the drug maker also increased for the two-dimensional code channel virus package delivery ratio. Part of the virus is embedded in the two-dimensional code, as long as swept away will automatically download the malicious virus, ranging from mobile phone poisoning, while the personal privacy information is caused by leakage, resulting in property losses.

Third, anti-harassment fraud effect is remarkable, but the user loss situation is grim

3.1 the first half of the number of spam messages over 566 million, illegal loans over 50%

3.1.1 In the first half of 2017, the total number of spam messages continued to grow close to 600 million

Low spread costs and the existence of a huge chain of interests, resulting in spam messages have been difficult to be effectively remediation, the number of users is also increasing the number of reports. In the first half of 2017, Tencent mobile phone housekeeper received a total of 586 million copies of spam messages reported by users, an increase of 40.69%, more than 2 times in the first half of 2014.

3.1.2 users to report spam messages up to the provinces of Guangdong, the largest city for Shenzhen

In the geographical distribution of spam messages, the top three provinces that reported spam messages were Guangdong, Jiangsu and Shandong, accounting for 12.91%, 6.98% and 5.70% respectively. In addition, Henan, Zhejiang, Sichuan, Hebei, Beijing, Hunan and Shanghai also ranked the top ten. These provinces or municipalities are generally distributed in the eastern coastal and central regions, and densely populated and economically developed are their greatest common ground, which creates favorable conditions for fraudulent bulk spam messages and profiteering.

City, the first half of 2017 users in Shenzhen reported a total of 23.34 million spam messages (accounting for 3.98%), Chengdu, Guangzhou and Suzhou, two to four, the number of spam messages are 10 million level.

3.1.3 2017 first half of the common types of fraud SMS

Although the overall amount of fraud SMS reported a downward trend, but its means of diversification and secrecy makes the dangers of fraud has always been high. According to Tencent mobile phone housekeeper to monitor the 28.57 million fraud messages show that illegal loans, online shopping, viral Web site, malicious Web site and pseudo-base station is the highest proportion of several fraudulent SMS type.

One of the illegal loan fraud messages a dominant, accounting for more than 50%. In the modern “room full of things” and rely on home buyers to seek a sense of security in the context of the community, the loan to buy a house has become a major social needs. Liar also keep up with this social pain points, a large number of illegal loans to send text messages, to profit.

3.2 harassing telephone users labeled up to 235 million times, down 27.12%

3.2.1 2017 users in the first half of the total number of harassment calls 235 million times down 27.12%

After the first half of 2015, after the explosive growth in the first half of 2015, the number of harassing telephone marks began to decline year by year in the first half of 2016, and the total number of harassing telephone marks in the first half of 2017 was 235 million, down from the first half of 2016 %.

3.2.2 In the first half of 2017, more than 50% of harassing calls were sounded

User-tagged harassing phone types are divided into five categories. Among them, the sound ranked first, accounting for more than 50%. This kind of harassing phone will not cause serious harm to the user, but will still affect the use of mobile phones, interference users. Phishing calls accounted for 15.14%, ranked second, in addition to advertising sales, real estate intermediary and insurance management also occupy a certain percentage.

3.2.3 harassing telephone calls for the highest proportion of verification code

According to Tencent mobile phone housekeeper users take the initiative to report the harassment of telephone malicious clues show that asking for verification code, fake leadership, transfer, online shopping and offense is the most common keywords. Which requires the highest proportion of verification code, nearly 24.74% of the harassing phone, the liar will be through various means to ask for verification code, and verification code as an important private information, once leaked, it is easy to cause property damage.

3.2.4 fraud telephone mark down 59.68% year on year, Beijing up

In the user has been marked 235 million harassing phone, scams like telephone ratio is far less than loud, but its substantial harm caused by the largest. Based on Tencent mobile phone housekeeper user fraud phone tag data show that in the first half of 2017 defraud telephone mark down 59.68%, a total of 35.59 million.

These frauds are targeted at the target area is more clear to the eastern coastal economically developed areas and inland central provinces. On the urban side, Beijing is the largest number of cities with the largest number of fraudulent calls, up to 1.826 million. Shenzhen and Guangzhou, respectively, to 141.8 million and 1.257 million mark the number followed. Shanghai, Xi’an, Changsha, Chengdu, Hangzhou, Chongqing and Wuhan are ranked fourth to ten.

3.3 malicious Web site to intercept up to 47.8 billion, pornographic fraud head of the site

3.3.1 The number of malicious web sites detected in the first half of 2017 exceeded 1.83 billion

In the first half of 2017, Tencent security in the PC and mobile side detected a total of more than 183 million malicious web site, the overall trend of rising volatility. Which in June detected 35.75 million malicious Web site, the highest for the first half, the lowest in April, the number of 25.53 million detection.

3.3.2 Pornography The website is still the main means of committing malicious web sites

In the effective detection of malicious Web site at the same time, the first half of 2017 Tencent security in the PC and mobile side to intercept malicious sites up to 47.8 billion times, equivalent to 265 million times a day intercept. This huge data also further illustrates the grim situation of Internet security.

In Tencent’s securely intercepted malicious Web site, pornographic websites, gambling sites, information scams, malicious files, fake ads and phishing scams are the most widely distributed six categories of malicious Web sites. Which accounted for half of the site of pornography, accounting for 51.98%, pornographic fraud sites will be embedded fraudulent advertising or trick users to pay online. Malicious Web site will also be embedded in the fraud message to spread, to increase the confusion, so users see the text in the URL, should consciously raise vigilance, remember not to click.

3.4 iOS harassment and fraud phone calls fell by about 35%, calendar ads into new harassment

3.4.1 iOS harassment calls and phishing calls appear more substantial decline

In September 2016, Tencent mobile phone housekeeper and Apple introduced a new version of iOS10, the first increase in interception harassment and fraud phone features, effectively alleviate the troubled iPhone users troubled phone problems. Data show that the first half of 2017 iOS users were marked a total of 14.492 million harassing telephone, fraud, telephone 2.196 million times.

From the overall trend point of view, the first half of the iOS harassment phone signs showed a downward trend in the number of signs in January the highest number of 3.195 million times, only 2.0 million in April, the first half of the lowest peak. In contrast, the overall trend of fraudulent phone is more stable. From the above data can be seen, the first half of 2017 harassing telephone and phishing calls have emerged a more substantial decline, which is inseparable from the relevant departments, mobile operators and mobile phone users to work together.

3-4 calendar ads into the third largest harassment of Apple phones

Spam, harassing the phone, calendar advertising has become the main source of iPhone users harassment. Among them, the calendar advertising harassment problem is increasingly serious. 61.1% of users have experienced calendar ads, including gambling ads, real estate advertising, taxi software advertising top three.

3.5 Tencent Kirin system to combat pseudo-base station protection 150 million people

3.5.1 Tencent Kirin system to intercept 230 million fraud messages to protect 150 million people

In the first half of 2017, Tencent Kirin pseudo-base station real-time positioning system for the national users to intercept 230 million pseudo-base station fraud messages, the total impact of the number of 150 million people.

3.5.2 pseudo-base station regional characteristics: Sichuan, Shaanxi, Hubei, Hubei and Hubei provinces up

From the geographical point of view, Tencent Kirin for Sichuan, Shaanxi, Beijing, Hubei, Hunan users to intercept the largest number of fraudulent SMS, the five provincial administrative departments to intercept the number of fraud messages more than 50% of the total.

From the city point of view, the number of intercepting the number of fraud messages Top 10 cities such as Beijing, Chengdu, Xi’an, etc. are almost capital cities or economically developed cities, due to densely populated, urban residents income is higher, by pseudo-base station fraud gang included in the key attack Object.

3.5.3 pseudo-base station crime time characteristics: the most frequent working hours

From the time of committing the crime point of view, pseudo-base station fraud messages sent between 9 am to 19 pm, which in 10 am to 12 pm, 15 pm to 18 pm for the two peaks. It is easy to see that the peak of fraudulent SMS coincides with the daily working hours.

3.5.4 Content characteristics: Industrial and Commercial Bank of China, China Mobile most “lying gun”

Pseudo-base station SMS type, the points exchange, account abnormalities and bank credit card mention category accounted for close to 90%. These three categories often associated with operators, banks, often points to clear, credit card to mention the amount, account real name, abnormal and other reasons to fraud.

Tencent Kirin intercepted pseudo-base station counterfeit port, counterfeit industrial and commercial bank fraud SMS up to (up to 52%), Top 5 counterfeit port in addition to middle peasants construction of four major banks, as well as operators China Mobile. It is not difficult to see that these “lying gun” business because the user community is huge, business mode, short message is particularly important, so become a pseudo-base station fraud group to simulate the main object to send.

Fake base station SMS reach the user’s operator distribution, China Mobile accounted for 74%, followed by China Telecom (16%), China Unicom (10%).

Fourth, the first half of 2017 safety personnel development progress and results

4.1 “Network Security Law” to promote the comprehensive training of talent

June 1, 2017 from the implementation of the “Internet Security Law” for the first time in the form of legal provisions of the network space security field of personnel requirements, not only reflects the country’s attention to the network of talent, but also for the State Council and the local network The rules of safety personnel training provide the highest level of legal basis.

“Network Security Law” provides that: state support enterprises and institutions of higher learning, vocational schools and other education and training institutions to carry out network security-related education and training, to take a variety of ways to train network security personnel, and promote network security personnel exchanges. Network security personnel not only include technical talent, but also management talent. The current network security is not only the technical contest, it is the idea, the rules of the contest, familiar with international rules, power relations network security personnel in the future of cyberspace competition can play a greater role. Therefore, the training of network security personnel not only to cultivate traditional talents, but also based on the domestic, look at the world, cultivate a comprehensive understanding of network diplomacy talent.

At the same time, the provisions of the provisions of the “network of security personnel exchanges”, reflects the training mechanism for China’s open innovation and innovative ideas. Talent training is inseparable from the advanced countries of academic research and technical exchanges, the business organizations should attract foreign high-end technical personnel, while speeding up the training of our top talent.

4.2 security personnel training “Tencent mode”: to create talent closed-loop

As an advocate of Internet security open platform, Tencent has been “network security” as an important part of the enterprise design and strategic project. In the process of continuous attention and support of safe personnel selection and training, Tencent has gradually recruited a set of safety personnel selection system in the aspects of campus recruitment, social recruitment, promotion of internal talents, salary and welfare, etc .; at the same time, Security events and promote personnel training program, Tencent has gradually formed a mature, perfect, and for social reference to the safety of personnel training system.

Tencent in 2017, the parties launched the Tencent Information Security Competition (TCTF), through the internationalization of the system to explore talent, through high-quality counseling mechanism and professional mentor team training personnel and through the construction of enterprises and universities bridge transport personnel. At the same time, Tencent through the creation of “Hundred Talents Program” to build the Internet security personnel training closed-loop, through the TCTF contest layers of competition examinations, selected the most potential of 100 security personnel, and through continuous follow-up training to build the Internet security complex, Leading talent.

Tencent hopes to TCTF as a professional security personnel training platform between enterprises and universities to build a bridge between the formation of selection, training, transportation in one of the closed-loop talent for the Chinese new forces to provide a multi-dimensional growth environment, and further promote the development of China’s network security The

4.3 Tencent security joint laboratory set up the first anniversary: ​​escort six key areas of the Internet

July 2016, Tencent security integration of its laboratory resources, the establishment of the first domestic Internet laboratory matrix – Tencent security joint laboratory, which covers Cohen Laboratory, basaltic laboratory, Zhan Lu laboratory, cloud tripod laboratory, Anti-virus laboratory, anti-fraud laboratory, mobile security laboratory, including seven laboratories. Laboratory focus on security technology research and security attack and defense system structures, security and security coverage covers the connection, systems, applications, information, equipment and cloud, touch the six key areas of the Internet.

2016, Tencent security joint laboratory for Google, Microsoft, Apple, adobe and other international manufacturers to dig a total of 269 loopholes, ranking first in the country. In addition, by virtue of “the world’s first long-range non-physical contact with the invasion of Tesla car” research results, Tencent security joint laboratory Cohen laboratory selected “Tesla security researcher Hall of Fame”, and Tesla CEO Maske’s personal thanks The

In the field of anti-fraud in the country concerned, the anti-fraud laboratory in Tencent Security Joint Laboratory has formed a set of new standards for anti-fraud evaluation based on AI innovation + ability and openness in the field of anti-fraud research. Stop mode. In the AI ​​innovation and the ability to open the two-wheel drive, the laboratory has launched Hawkeye anti-telephone fraud system, Kirin pseudo-base station real-time positioning system, God anti-phishing system, God investigation funds flow control system, God sheep intelligence analysis platform Five systems, and through the Tencent cloud SaaS services open to the need for government units, enterprises, etc., to help users prevent Internet fraud.

Five, safe hot event inventory

5.1 outbreak of Serbian virus and virus outbreak

5.1.1 WannaCry extortion virus broke out globally on 12 May

Event Background:

On May 12th, WannaCry (wanna cry) bitbell blackmail virus broke out on a global scale. According to Tencent security anti-virus laboratory security researchers found that the extortion event compared with the past, the biggest difference is that the extortion virus combined with the way worms to spread. Due to the leak in the NSA file, WannaCry spread vulnerability code is called “EternalBlue”, so some reports that the attack is “eternal blue”.

Virus Detailed Explanation:

The outbreak of blackmail virus in the past two years is largely related to the increasing perfection of encryption algorithms. The continuous updating of cryptography and algorithms ensures the security of data transmission and preservation in our daily network. Unfortunately, the author of the extortion virus also used this feature, so that although we know the Trojan algorithm, but do not know the author to use the key, there is no way to restore the file is maliciously encrypted.

Encryption algorithms are usually divided into symmetric encryption algorithm and asymmetric encryption algorithm two categories. These two types of algorithms are used in the blackmail virus.

The encryption and decryption of the symmetric encryption algorithm uses exactly the same key, which is characterized by a faster operation, but when using such an algorithm alone, the key must be exchanged with the server using a method that is recorded in the process And the risk of leakage. The symmetric encryption algorithms commonly used for blackmail viruses include AES and RC4.

Asymmetric encryption algorithm is also known as public key encryption algorithm, which can use the public key to encrypt the information, and only the owner of the private key can be decrypted, so as long as the public key and save the private key, you can guarantee The encrypted data is not cracked. The asymmetric encryption algorithm is usually slower than symmetric encryption. The asymmetric encryption algorithms commonly used by blackmail viruses include RSA algorithms and ECC algorithms.

Usually, the blackmail virus will combine these two categories of encryption algorithms, both can quickly complete the entire computer a large number of documents encryption, but also to ensure that the author’s private key is not leaked.

5.1.2 new round of extortion virus “Petya” struck, more destructive

Event Background: 

June 27 A new round of extortion virus Petya attacked several European countries. This virus is more damaging than WannaCry. The virus encrypts the computer’s hard disk MFT and modifies the MBR so that the operating system can not enter. Compared to the previous, Petya more like a purpose of the attack, rather than a simple extortion. Tencent Hubble analysis system has been able to identify the virus and determine the high risk, the use of Tencent computer housekeeper can kill the virus.

Virus Detailed Explanation:

Petya Serbia virus virus poisoning will scan the network after the machine, through the eternal blue loopholes since the spread, to achieve the purpose of rapid propagation. Foreign security researchers believe that Petya extortion virus variants will be spread through the mailbox attachment, using the vulnerability to carry the DOC document to attack. After poisoning, the virus will modify the system MBR boot sector, when the computer restart, the virus code in the Windows operating system before taking over the computer, the implementation of encryption and other malicious operations. After the computer restarts, it will display a disguised interface, this interface is actually a virus display, the interface is suspected of being a disk scan, in fact, the disk data encryption operation.

5.1.3 Laurent virus Tencent security response program

For the outbreak of extortion virus, Tencent security emergency response program, for the advance prevention, in the virus cleanup and after the file recovery three cases, to the majority of users to deal with recommendations:

Pre-prevention

1. Use the computer housekeeper’s extortion virus immune tools, automated installation system patches and port shielding, or manually download and install.

2. Back up the data, install the security software, turn on the protection.

a) the relevant important documents using offline backup (that is, the use of U disk, etc.), such as backup;

b) the use of some computers with the system restore function, without attack before setting the system restore point, after the attack can restore the system, defense file encryption;

c) install Tencent computer housekeeper, open real-time protection, to avoid attack;

d) the use of computer housekeeper’s document guardian of the file backup, protection.

3. To establish an inactivated domain name for immunization.

According to the existing sample analysis, there is a trigger mechanism for extortion software, if you can successfully access the specified link, the computer will be in the extortion of the virus directly after the exit, it will not file encryption.

a) Ordinary users can be connected to the site, to ensure access to the site, you can avoid the attack to avoid being encrypted (only known to extortion virus);

b) enterprise users can build Web Server through the intranet, and then through the way DNS DNS domain name resolution to Web Server IP way to achieve immunity; through the domain name of the visit can also monitor the situation of intranet virus infection.

Things in the virus clean up

1. Unplug the cable and other ways to isolate the computer has been attacked to avoid infection with other machines.

2. Use the computer steward’s antivirus function to directly check out the blackmail software, scan clean up directly (isolated machines can be downloaded through the U disk, etc. to install the offline package).

3. Back up the relevant data directly after the system reload.

After the file is restored

1. Blackmail software with the ability to restore part of the encrypted file, you can directly through the extrapolated software to restore part of the file; or directly click on the blackmail interface, “Decrypt” pop-up recovery window to restore the list of files.

2. You can use third-party data recovery tool to try data recovery, cloud users can contact Tencent security cloud tripod laboratory to help deal with.

5.2 DDOS attacks continue, dark clouds variants frequently struck

Event Background:

June 9, a 2017 years since the largest DDoS network attack activities swept the country, Tencent security cloud tripod laboratory released traceability analysis report, through the attack source machine analysis, engineers found in the machine dark cloud Ⅲ variants. Through the flow, memory DUMP data and other content analysis, Tencent cloud tripod laboratory to determine the large-scale DDoS attacks by the “dark cloud” hacker gang initiated. After the upgrade, “Dark Cloud III” will be the main code stored in the cloud, real-time dynamic updates.

Virus Detailed Explanation:

“Dark cloud” series Trojan from the beginning of 2015 by Tencent anti-virus laboratory for the first time to capture and killing, has been more than two years. In the past two years, the Trojan constantly updated iteration, continue to fight against the upgrade.

From the beginning of April this year, the Trojans comeback again, the outbreak of the outbreak of the dark horse than the previous version of the more obvious promotion features, so we named it dark clouds Ⅲ. Dark clouds Ⅲ compared with the previous version has the following characteristics and differences:

First, more subtle, dark cloud Ⅲ is still no file without a registry, compared with the dark cloud II, cancel the number of kernel hooks, cancel the object hijacking, become more hidden, even professionals, it is difficult to find traces The

Second, the compatibility, because the Trojan mainly through the hook disk drive StartIO to achieve the protection and protection of the virus MBR, such a hook is located in the bottom of the kernel, different types of brand hard drive need hook point is not the same, this version of the Trojan increased More judgment code, able to infect the vast majority of the market and hard disk.

Third, targeted against security software, security vendors, “first aid kit” type of tool to do a special confrontation, through the device name of the way to try to prevent the pit of some tools to load the run.

5.3 in the first half of the focus of fraud cases inventory

5.3.1 Xu Yuyu telegraphic case

August 2016, just by the Nanjing University of Posts and Telecommunications Xu Yuyu, received a fraudulent phone, the other scholarship in the name of cheating Xu Yuyu University of the cost of 9900 yuan. After the report of Xu Yuyu emotional abnormalities, leading to sudden cardiac death, unfortunately died, triggering social concern about the unprecedented fraud. The case was publicly declared on July 19, 2017, the principal Chen Wenhui was sentenced to life imprisonment, confiscation of all personal property. The other six defendants were sentenced to 15 to 3 years imprisonment and fined. This verdict, to the community to pass the court in accordance with the law severely punished the telecommunications network fraud crime clear attitude.

Proposed: Xu Yuyu tragedy enough to cause public vigilance. Internet era, each person’s information flow are online through different channels of circulation, to the lawless elements can take advantage of the machine. Faced with such an environment, we should be on the strange phone and SMS alert. Even if the other can speak personal accurate information, can not be trusted, any event needs to be verified by reliable channels to protect their own security.

5.3.2 Henan large telecommunications fraud: lied to sell college entrance examination answers cheat nearly 100 million students

June 2017, Henan HebiCity police cracked the big telecommunications fraud, arrested two suspects, seized more than 70 copies of bank cards. These suspects under the guise of selling college entrance examination questions answer the way, through the network of college entrance examination candidates to implement fraud. According to the police preliminary investigation, fraud victims accumulated more than 3,500 people, involving more than 3 million yuan.

Prevention recommendations: the annual admission of college entrance examination, college entrance examination fraud is a high period of time. Candidates and parents need to beware of all the so-called “internal indicators”, false check the site, false search results such as college entrance examination in the name of all kinds of fraud means, do not have luck, deceived.

5.3.3 Wuhan female teachers suffered a series of telecommunications fraud 7 months to cheat 2.53 million

Wuhan, a secondary school teacher Chen, master’s degree, 2017 May to the police alarm fraud. It is understood that in November 2016, Chen received a strange call, said its social security card was stolen brush, and directly to the phone to the “Hunan Provincial Public Security Department.” Answer the phone “police” said Ms. Chen involved a fraudulent money laundering case, as “washing charges”, Ms. Chen half a year to the other side of the transfer of 2.53 million, the debt owed more than 300 million. The case is still in the investigation.

Precautionary advice: people need to be alert to unfamiliar calls and text messages. When receiving a suspected fraud or SMS, pay attention to verify the identity of the other party, especially the other party to the designated account remittance, do not easily remittance, should be the first time to inform the family to discuss or consult the public security organs; The public security department can not provide a security account, but will not guide you transfer, set a password.

Six, security experts advice

In the computer use, set the security factor high password. Using a password that is not easily guessed by violent attacks is an effective way to improve your security. Violent attack is an attacker using an automated system to guess the password. Avoid using words that can be found in the dictionary, do not use pure digital passwords; use special characters and spaces, and use uppercase and lowercase letters. This password is harder to crack than use your mother’s name or birthday as a password. In addition, the password length for each additional one, the combination of the composition of the password characters will increase in multiple, so the long password will be more secure.

Regularly upgrade the software, update the security patch. In many cases, it is important to patch the system before installing and deploying the production application software. The final security patch must be installed on the PC’s system. If not for a long time without a security upgrade, may lead to the computer is very easy to become an unethical hacker attack target. Therefore, do not install the software on a computer that does not have a security patch update for a long time.

Protect your data by backing up important documents. Back up your data, which is one of the important ways you can protect yourself from minimizing the loss in the face of a disaster. If the amount of data is huge, the data can be saved to the hard disk. But more convenient way, you can use Tencent computer steward class of security software, at any time to automatically restore the data to the local, you can also store to the cloud, maximize the data to ensure security.

Do not easily trust the external network, open network risk is huge. In an open wireless network, such as in a wireless network with a coffee shop, the network risk will multiply, this concept is very important. This does not mean that in some untrusted external network can not use the wireless network, but to always keep the security and caution of security. The key is that the user must be through their own systems to ensure safety, do not believe that the external network and its own private network as safe.

Improve the unfamiliar telephone, SMS alertness, do not believe in which the content. Fraudulent forms of SMS diversification, a variety of new SMS Trojans flooding through the temptation of the SMS comes with the virus link to pay the class, privacy stealth virus rapid growth. For the “college entrance examination”, “school notice”, “test report card”, “household registration management”, “mobile phone real name system”, “video video” and “traffic violation” and other text messages embedded in the URL link should be vigilant, Do not click anywhere. For unfamiliar calls, SMS should be vigilant and wary, do not believe what the other side of the content, if necessary, to verify their identity information.

Protect personal privacy information, do not easily disclose personal information to others. Personal account, password, ID card information and other key personal privacy information, it is absolutely free to any unfamiliar SMS, the phone revealed. Receive a strange message, the phone asked personal privacy, be sure to be vigilant. When publishing a message on a social platform, beware of important privacy information in the form of photos, screenshots, etc. Do not arbitrarily discard tickets, tickets or courier documents containing personal information to prevent personal information from being stolen.

Mobile phone users should develop good habits to use security software to protect the safety of mobile phones. Mobile phone users can download and install such as Tencent mobile phone housekeeper a class of mobile phone security software, regular mobile phone physical examination and virus killing, and timely update the virus database. For the latest popular and difficult to remove the virus or vulnerability, you can download the killing tool in time to kill or repair. At the same time open Tencent mobile phone housekeeper harassment intercept function, which can effectively intercept fraud phone, SMS, enhance mobile phone security.

Original Mandarin Chinese:

1 互联网安全形势严峻,大力发展网络安全防护势在必行

在互联网高速发展,已经成为社会发展动力的同时,互联网安全也变得越来越重要。2014年,中央网络安全与信息化领导小组正式成立,习近平亲自担任组长,国家和政府对网络安全的重视程度可见一斑。在中央网络安全和信息化领导小组第一次会议上,习近平首次提出“网络强国”战略,“没有网络安全就没有国家安全”,网络安全是一个关系国家安全和主权、社会的稳定、民族文化的继承和发扬的重要问题。其重要性,正随着全球信息化步伐的加快而变到越来越显著。“家门就是国门”,安全问题刻不容缓。

在中国,网络已走入千家万户,网民数量世界第一,我国已成为网络大国。互联网已经深度介入民众生活的方方面面。根据一份关于民众信息的调查报告显示,大学生和白领群体的互联网使用率已经接近100%,九成以上大学生和白领群体最主要的信息获取渠道为互联网。网民在互联网上进行的行为主要有获取新闻资讯、学习工作、即时沟通、网络社交及各类休闲娱乐。在全民联网的时代,网民的网络安全如何保证?企业网络在面对网络攻击时如何进行有效的防御?这些都已经成为国家、政府和安全行业正在面临和需要尽快解决的重要问题。

从国内的“暗云Ⅲ”病毒,到席卷全球的“WannaCry”敲诈勒索病毒,再到“Petya”恶性破坏性病毒,无一不说明目前的网络安全形势严峻,企业安全防护脆弱,大力发展网络安全防护势在必行。

2大力加强网络安全建设,人才匮乏现状急需改善

我国虽然已成网络大国,但离网络强国还有距离。木马和僵尸网络、移动互联网恶意程序、拒绝服务攻击、安全漏洞、网页钓鱼、网页篡改等网络安全事件多有发生,基础网络设备、域名系统、工业互联网等我国基础网络和关键基础设施依然面临着较大的安全风险,加强网络安全建设迫在眉睫。

同时,我国网络安全人才匮乏的现状急需改善。作为一个网络大国,中国除研究开发计算机设备,提升网络传输速度以外,还应加紧计算机信息安全人才的培育工作,让中国从网络大国变为网络强国,这是提升我国信息安全保障的重要基础。

网络安全已经上升至国家战略,国家也在大力投入、推动网络安全建设。但做好网络安全工作不是某个机构、某个部门的事,而是需要全社会的参与。从武汉市地方出台《关于支持国家网络安全人才与创新基地发展的政策措施》投入45亿建设资金,到2017年6月1日正式施行的《中华人民共和国网络安全法》,都是为了网络安全健康、稳健的发展而做出的努力。我们也呼吁作为有社会责任的安全企业、机构、个人积极投入到网络安全建设中来,为国家、国民的网络安全防护贡献一份力量。

3腾讯推动建立中国首个最强互联网安全矩阵

腾讯安全拥有17年能力积累及8亿用户海量大数据运营经验,是中国最为领先的互联网安全产品、安全服务提供者。本着“开放、联合、共享”的理念,将多年积累的能力和数据共享给合作伙伴,致力于互联网安全开放平台建设,提升互联网安全产业链安全能力,提升用户安全意识,共同推进中国互联网安全环境的建设。

目前,腾讯已推动建立中国首个互联网安全矩阵,涵盖基础安全的实验室矩阵、安全产品矩阵、安全大数据平台矩阵,以及互联网安全开放平台矩阵,致力于中国互联网安全新生态建设,开放核心能力和数据,为中国互联网安全生态建设不懈努力。

一、网络安全整体现状扫描

1.1 影响全球的六大网络安全事件,累计影响遍及全球

1.1.1维基解密CIA绝密文件泄露事件

2017年3月7日,维基解密(WiKiLeaks)公布了数千份文档并揭秘了美国中央情报局关于黑客入侵技术的最高机密,根据泄密文档中记录的内容,该组织不仅能够入侵iPhone手机、Android手机和智能电视,而且还可以入侵攻击Windows、Mac和Linux操作系统,甚至可以控制智能汽车发起暗杀活动。外界将此次泄漏事件取名为Vault 7,Vault 7公布的机密文件记录的是美国中央情报局(CIA)所进行的全球性黑客攻击活动。

Vault7包含8761份机密文档及文件,这些文件记录了CIA针对Android以及苹果智能手机所研发的入侵破解技术细节,其中有些技术还可以拿到目标设备的完整控制权。维基解密创始人阿桑奇表示,文件显示出“CIA网络攻击的整体能力”,而维基解密在发布这些文件时声称“CIA的网络军械库已失控”。

1.1.2影子经纪人公开NSA(美国国家安全局)黑客武器库

2017年4月14日,影子经纪人(Shadow Brokers)在steemit.com上公开了一大批NSA(美国国家安全局)“方程式组织” (Equation Group)使用的极具破坏力的黑客工具,其中包括可以远程攻破全球约70%Windows机器的漏洞利用工具。任何人都可以使用NSA的黑客武器攻击别人电脑。其中,有十款工具最容易影响Windows个人用户,包括永恒之蓝、永恒王者、永恒浪漫、永恒协作、翡翠纤维、古怪地鼠、爱斯基摩卷、文雅学者、日食之翼和尊重审查。黑客无需任何操作,只要联网就可以入侵电脑,就像冲击波、震荡波等著名蠕虫一样可以瞬间血洗互联网。

1.1.3 “WannaCry”敲诈勒索病毒5月12日在全球爆发

2017年5月12日,“WannaCry”(想哭)比特币勒索病毒在全球范围内爆发,本次事件波及150多个国家和地区、10多万的组织和机构以及30多万网民,损失总计高达500多亿人民币。包括医院、教育机构以及政府部门,都无一例外的遭受到了攻击。勒索病毒结合蠕虫的方式进行传播,是此次攻击事件大规模爆发的重要原因。

用户中毒后最明显的症状就是电脑桌面背景被修改,许多文件被加密锁死,病毒弹出提示,要求用户向相关比特币地址转账300美元以便解锁文件。目前安全公司已经找到恢复加密文件的相关办法。

1.1.4 FireBall火球病毒感染超过2.5亿电脑

2017年6月1日,国外安全机构Check Point发报告称在国外爆发了“FireBall”病毒,并声称全球有超过2.5亿台电脑受到感染,其中受影响最大的国家分别是印度(10.1%)和巴西(9.6%)。美国有550万台电脑中招,占2.2%。受感染的企业网络中,印度和巴西分别占到43%和38%,美国则为10.7%。

此恶意软件强行将浏览器主页改为自家网站和搜索引擎,并将搜索结果重定向到谷歌或雅虎。这些伪造的搜索引擎跟踪用户数据,暗中搜集用户信息。而制作此病毒的作者为中国的Rafotech公司,目前该公司网站已无法访问。

1.1.5“暗云”系列病毒升级为“暗云III”再度来袭

2017年6月9日,腾讯电脑管家检测到,早在2015年就被首次发现并拦截查杀的“暗云”病毒死灰复燃,升级为“暗云Ⅲ”,通过下载站大规模传播,同时通过感染磁盘MBR实现开机启动,感染用户数量已达数百万。

升级过后的“暗云Ⅲ”将主要代码存储在云端,可实时动态更新,其功能目前主要有下载推广恶意木马、锁定浏览器主页、篡改推广导航页id等。用户一旦中招,电脑便会沦为“肉鸡”形成“僵尸网络”,并利用DDoS攻击影响搭建在某云服务商平台上的棋牌类网站,导致该网站访问变得异常卡慢。

1.1.6新一轮勒索病毒“Petya”来袭,更具破坏性

2017年6月27日,新一轮勒索病毒“Petya”袭击了欧洲多个国家,包括乌克兰、俄罗斯、印度、西班牙、法国、英国、丹麦等国在内都遭受了攻击,这些国家的政府、银行、企业、电力系统、通讯系统及机场等都受到了不同程序的影响。

此病毒相比“WannaCry”更具破坏性,病毒对电脑的硬盘MFT进行了加密,并修改了MBR,让操作系统无法进入。而根据相关的分析表示,开机界面上留下来的信息即使提供给黑客也是没有办法进行解密的,因此,不得不怀疑此次“Petya”病毒的真正目的。“Petya”更像是在做有目的性的攻击,对目标进行无法修复的破坏性攻击,而并非以敲诈勒索为目的。

1.2《中华人民共和国网络安全法》正式施行

6月1日,我国第一部全面规范网络空间安全管理的基础性法律——《中华人民共和国网络安全法》正式施行,共有七章七十九条,内容十分丰富,具有六大突出亮点。一是明确了网络空间主权的原则;二是明确了网络产品和服务提供者的安全义务;三是明确了网络运营者的安全义务;四是进一步完善了个人信息保护规则;五是建立了关键信息基础设施安全保护制度;六是确立了关键信息基础设施重要数据跨境传输的规则。

同时新法还指出应采取多种方式培养网络安全人才,促进网络安全人才交流。新法的施行标志着我国网络安全从此有法可依,网络空间治理、网络信息传播秩序规范、网络犯罪惩治等即将翻开崭新的一页,对保障我国网络安全、维护国家总体安全具有深远而重大的意义。

1.3中国网民规模相当于欧洲人口总量,安全人才缺口高达95%

1.3.1中国网民规模达7.31亿,相当于欧洲人口总量

截至2016年12月,我国网民规模达7.31亿,普及率达到53.2%,超过全球平均水平3.1个百分点,超过亚洲平均水平7.6个百分点。全年共计新增网民4299万人,增长率为6.2%。中国网民规模已经相当于欧洲人口总量。

1.3.2移动端网民规模持续增长,手机网民占比达95.1%

截至2016年12月,我国手机网民规模达6.95亿,增长率连续三年超过10%。台式电脑、笔记本电脑的使用率均出现下降,手机不断挤占其他个人上网设备的使用。

1.3.3安全人才缺口巨大,高达95%

虽然我国网民数量已居全球首位,但我国从事信息安全行业的人非常少,安全人才及其匮乏。据相关资料显示,近年我国高校教育培养的信息安全专业人才仅3万余人,而网络安全人才总需求量则超过70万人,缺口高达95%。7.1亿中国网民的网络安全问题,已成为行业乃至国家亟待解决的问题。

北京电子科技学院副院长、教育部高等学校信息安全专业教学指导委员会秘书长封化民指出,当前中国重要行业信息系统和信息基础设施需要各类网络信息安全人才还将以每年1.5万人的速度递增,到2020年相关人才需求将增长到140万。但是目前,我国只有126所高校设立了143个网络安全相关专业,仅占1200所理工院校的10%。

二、2017上半年网络病毒威胁形势分析

2.1腾讯安全反病毒实验室PC端病毒拦截超10亿,环比增30%

2.1.1 木马病毒拦截量平均每月近1.7亿次

2017年上半年腾讯安全反病毒实验室统计数据显示,PC端总计已拦截病毒10亿次,病毒总体数量相比2016年下半年腾讯安全反病毒实验室拦截的病毒数增长30%;平均每月拦截木马病毒近1.7亿次。4月、6月为拦截病毒的高峰,拦截量均为1.8亿次。

2017年Q2季度相较于2016年Q2季度,腾讯安全反病毒实验室病毒拦截量同比增长了23.7%。从2014年到2017年Q2季度病毒拦截量来看,恶意程序数量逐年攀升。

2.1.2 PC端广东用户中毒最多,中毒高峰期为上午9-11点

2.1.2.1 上半年共发现2.3亿次用户机器中木马病毒 

2017年上半年腾讯安全反病毒实验室共发现2.3亿次用户机器中木马病毒,相比2016年下半年下降0.5%,平均每月为3,880万中毒机器进行病毒查杀。2017年Q2季度相比Q1季度中毒机器数略有增长。

2017年Q2季度相较于2016年Q2季度报毒用户量同比增长3%。从2015年到2017年Q2季度中毒机器数增长趋势明显,呈逐年递增状态。

2.1.2.2 PC端用户中毒高峰期为上午9点到11点

根据统计,每天中毒高峰时间为上午10点-上午11点,符合企业及普通用户上午9点-上午11点开启电脑处理工作的规律。这段时间用户中毒的病毒类型较多为利用邮件、共享等方式传播的Office文档类宏病毒,说明企业办公安全防护形势依旧严峻。

2.1.2.3 PC端中毒用户省份最多为广东,其中深圳市居首

根据腾讯安全反病毒实验室监测到的中毒PC数量统计,从城市分布来看,互联网较为发达的城市用户中毒情况较重,全国拦截病毒排名第一城市为深圳市,占全部拦截量的3.76%,第二名为成都市,占全部拦截量的3.57%,第三名为广州市,占全部拦截量的3.39%。

从省级地域分布来看,全国PC中毒数量最多的是广东省,占全部拦截量的13.29%,第二名为江苏省,占全部拦截量的7.75%,第三名为山东省,占全部拦截量的7.12%。

2.1.3第一大病毒种类为占比53.8%的木马病毒,勒索病毒新增13.39%

2.1.3.1 PC端第一大种类病毒依然是木马,PE感染型病毒种类少但传播性大

根据腾讯安全反病毒实验室2017年Q2季度获取到的病毒样本分析,从病毒种类上,木马类占总体数量的53.80%,依然是第一大种类病毒。Adware类(广告软件、强制安装、收集用户隐私、弹垃圾信息等)为第二大病毒类,占总体数量的39.02%。后门类为第三大病毒类,占总体数量的5.13%。相比2017年Q1季度,病毒种类并没有太大变化。

从病毒样本的数量上来划分,排在第一位和第二位的仍然是木马类和Adware类,但排在第三位的变成了PE感染型,占总体数量的25.07%。

感染型样本的种类并不多,这与感染型病毒制作难度大、黑客等编程人员需要掌握的技术多、成本高、开发时间久等因素有关。同时,感染型病毒的传播性很大,存活时间相对也比较久,因此,种类少的PE感染型种类在样本传播量级上占了一定的比例,这也是由于感染型病毒具有大范围感染、快速传播的特性。

2.1.3.2敲诈勒索病毒样本数量Q2新增13.39%,第一并不是WannaCry

敲诈勒索病毒是以敲诈勒索钱财为目的,使得感染该木马的计算机用户系统中的指定数据文件被恶意加密,造成用户数据丢失。目前,由国外传进国内的敲诈勒索病毒大多需要支付比特币赎金才能进行解密。由于比特币完全匿名流通,目前技术手段无法追踪敲诈勒索病毒背后的幕后操纵者,这也使得敲诈勒索病毒从2013年后呈现爆发式增长。

敲诈勒索病毒查杀量

根据腾讯安全反病毒实验室检测到的敲诈勒索病毒显示,2017上半年总计已发现敲诈勒索病毒样本数量在300万左右,平均每月检测到敲诈勒索病毒数量近50万个,Q2季度勒索病毒样本数量较Q1季度新增13.39%。5月、6月为拦截病毒的高峰,分别为57万个、53万个。

敲诈勒索病毒种类

根据相关数据分析显示,5月12日爆发的WannaCry敲诈勒索病毒是本季度最活跃、影响最大的病毒。该病毒与其他病毒在传播方式上有显著差异,由于使用了windows系统漏洞,使得该病毒能够在全球范围内传播,成为本季度的热点安全事件。在6月27号一种名为Petya的新型勒索病毒开始在世界各地传播,其敲诈手段与WannaCry相似,但更具有破坏性,直接加密了用户硬盘的MFT并修改了MBR,导致用户无法进入到windows系统。

以上病毒影响虽大,但从样本量上来看,最大的还是带有感染传播方式的PolyRansom病毒。此病毒会感染、加密用户的文件进行敲诈,但由于并没有使用像WannaCry病毒之类的密钥加密方式,而是使用了简单的加密算法,并且算法可逆,杀毒软件可以帮助用户正常恢复文件,因此虽然在样本量上排名第一,但影响并不是很大。此类敲诈病毒占了所有敲诈类病毒的78.84%,由此可见感染型病毒的传播能力之强。

从样本量上来看,除感染型敲诈病毒外,排在第一的是Blocker,占全部敲诈类病毒的36.82%,第二大类是Zerber,占全部敲诈类病毒的23.63%,第三大类才是本季度影响最大的WannaCry敲诈病毒,占全部敲诈类病毒的12.06%。WannaCry病毒量之所以快速上升到了第三的位置,是因为传播手段使用了漏洞传播。

目前的敲诈勒索病毒主要采用以下几种传播方式:

文件感染传播

文件感染传播是利用感染型病毒的特点进行传播,如PolyRansom病毒就是利用感染型病毒的特点,加密用户所有文档后再弹出勒索信息。由于PE类文件被感染后具有了感染其他文件的能力,因此如果此文件被用户携带(U盘、网络上传等)到其他电脑上后运行,就会使得该电脑的文件也被全部感染加密。

网站挂马传播

网站挂马通过是在获取网站或者网站服务器的部分或全部权限后,在网页文件中插入一段恶意代码,这些恶意代码主要包括IE等浏览器漏洞利用代码。用户访问被挂马的页面时,如果系统没有更新恶意代码中利用的漏洞补丁,则会执行恶意代码。

该类病毒也可以利用已知的软件漏洞进行攻击,例如利用Flash、PDF软件漏洞,向网站中加入带有恶意代码的文件,用户使用带有漏洞的软件打开文件后便会执行恶意代码,下载病毒。

利用系统漏洞传播

5月爆发的WannaCry就是利用Windows系统漏洞进行传播,利用系统漏洞传播的特点是被动式中毒,即用户没有去访问恶意站点,没有打开未知文件也会中毒。此种病毒会扫描同网络中存在漏洞的其他PC主机,只要主机没有打上补丁,就会被攻击。

腾讯反病毒实验室提醒大家,及时更新第三方软件补丁,及时更新操作系统补丁,以防被已知漏洞攻击。

邮件附件传播

通过邮件附件进行传播的敲诈勒索病毒通常会伪装成用户需要查看的文档,如信用卡消费清单、产品订单等。附件中会隐藏恶意代码,当用户打开后恶意代码便会开始执行,释放病毒。这类伪装病毒通常会批量发送给企业、高校、医院机构等单位,这些单位中的电脑中通常保存较重要的文件,一旦被恶意加密,支付赎金的可能性远远超过普通个人用户。

网络共享文件传播

一些小范围传播的敲诈勒索病毒会通过共享文件的方式进行传播,病毒作者会将病毒上传到网络共享空间、云盘、QQ群、BBS论坛等地方,以分享的方式发送给特定人群诱骗下载安装。

腾讯反病毒实验室提醒用户,下载软件请到官方正规渠道下载安装,切勿下载未知程序,如需要使用未知来源的程序,可提前安装腾讯电脑管家进行安全扫描。

2.2 移动端共查杀Android病毒6.93亿次,手机染毒用户数超1亿

2.2.1移动端病毒包增长趋势减缓,但总数仍有899万

2017年上半年腾讯手机管家截获Android新增病毒包总数达899万,相较2016年上半年有小幅度下降,但总数仍十分巨大。

2.2.2 移动端广东用户中毒最多,染毒手机用户数同比减少45.67%

2.2.2.1上半年腾讯手机管家共查杀Android病毒6.93亿次

在病毒感染用户数大幅下降的情况下,2017年上半年腾讯手机管家查杀病毒次数却达到6.93亿次,同比增长124.24%,总数是2016年上半年的一倍有余。恶意程序和木马病毒的制作成本降低、病毒传播渠道多样化是造成这一现象的重要因素。

除6月以外,2017年上半年每月查杀病毒次数均超过1亿次,其中1月份查杀次数更高达1.36亿次,几乎与2014年上半年1.4亿的查杀次数持平。

2.2.2.2 2017年上半年染毒手机用户数超1亿 

2017年上半年病毒感染用户数为1.09亿,同比减少45.67%,与2015年、2016年上半年相比皆有所下降。

2017年1月单月感染用户数达到2166万,为上半年最高纪录,此后感染用户数开始缓慢下降。

2.2.2.3 移动端中毒用户数量广东居首

在感染手机病毒的用户地域分布方面,广东排名第一,占比高达11.41%。

2.2.3流氓行为和资源占比超80%,二维码最易中毒

2.2.3.1移动端病毒中流氓行为和资费消耗占比超80%

2017年上半年手机病毒类型比例中,流氓行为和资费消耗占比最高,以44.59%和44.44%的比例分列一、二位。排名第三的隐私获取同样占据了5.85%,诱骗欺诈、恶意扣费、远程控制、系统破坏和恶意传播占比分别为1.94%、1.55%、0.80%、0.74%和0.08%。

流氓行为是指病毒私自执行具有流氓属性的恶意行为。如近期因WannaCry病毒而再次引起关注的手机锁屏勒索病毒就带有流氓行为。这类病毒主要通过论坛贴吧等途径进行扩散,制毒者通常会利用外挂、免费、刷钻、红包等字眼对木马病毒进行包装,诱导用户下载安装。病毒完成安装后就会强制锁定手机屏幕,迫使受害者不得不联系制毒者付款,才能使设备恢复正常。

不管是电脑还是手机,带有流氓行为的勒索病毒给用户带来的损失都是难以估量的,如果不慎中毒,不仅会造成财产损失,还将导致重要资料丢失,因此用户应谨慎防范。

资费消耗也是常见的手机病毒类型,此类病毒通常在用户不知情或未授权的情况下,通过发送短信、频繁连接网络等方式,导致用户资费损失。部分恶意推广病毒以帮助第三方广告商提高点击量为目的,通过诱导用户下载安装病毒,获取手机Root权限,执行下载恶意广告软件。这些软件会不断推送各种弹窗广告,影响用户手机体验,更甚者还会泄露用户隐私信息、盗走网银账户等,造成严重的人身及财产安全。

感染了全球超3600万安卓设备的恶意广告点击软件“Judy”就属于资费消耗类手机病毒。该恶意软件暗藏于一款韩国手游中,在完成下载安装后,会将感染设备的信息发送到目标页面,并在后台自动下载恶意代码并访问广告链接,盗刷用户流量,给用户造成资费消耗。

2.2.3.2 二维码、软件捆绑是移动病毒主要渠道来源

手机病毒渠道来源主要有七大类,分别是二维码、软件捆绑、电子市场、网盘传播、手机资源站、ROM内置和手机论坛。病毒渠道入口的分散化与多元化,也进一步增加了用户染毒的几率与风险。

2017年上半年,二维码成为了主流病毒渠道来源,占比高达20.80%。二维码在各大领域的普及让越来越多的用户养成了随手扫码的习惯,制毒者也因此加大针对二维码渠道的病毒包投放比例。部分被嵌入病毒的二维码,只要一扫就会自动下载恶意病毒,轻则造成手机中毒,重则导致个人隐私信息泄露,造成财产损失等。

三、反骚扰诈骗效果显著,但用户损失形势严峻

3.1上半年垃圾短信数超5.86亿条,非法贷款类超50%

3.1.1 2017年上半年垃圾短信持续增长 总数接近6亿

较低的传播成本及其背后存在的巨大利益链,导致垃圾短信一直难以得到有效整治,用户举报数也是有增无减。2017年上半年,腾讯手机管家共收到用户举报垃圾短信数5.86亿条,同比增长40.69%,是2014年上半年的2倍有余。

3.1.2用户举报垃圾短信最多的省份为广东,最多的城市为深圳

在垃圾短信的地域省份分布方面,用户举报垃圾短信最多的前三省份分别为广东、江苏和山东,占比分别为12.91%、6.98%和5.70%。此外河南、浙江、四川、河北、北京、湖南和上海同样位列前十。这些省份或直辖市普遍分布在东部沿海和中部地区,人口密集和经济发达是它们最大的共同点,这也为诈骗分子批量发送垃圾短信并牟取利益创造了有利条件。

城市方面,2017年上半年深圳用户共举报垃圾短信2334万条(占比3.98%),成都、广州和苏州分列二至四位,垃圾短信举报数均为千万级别。

3.1.3 2017年上半年常见的诈骗短信类型

虽然诈骗短信举报量整体呈现下降趋势,但其手段的多样化和隐秘性却让诈骗短信的危害性始终高居不下。据腾讯手机管家监测到的2857万条诈骗短信显示,非法贷款、网购、病毒网址、恶意网址和伪基站是占比最高的几大诈骗短信类型。

其中非法贷款类诈骗短信一家独大,占比超过50%。在现代人“有房万事足”和依靠买房寻求安全感的社会大背景下,贷款买房成为了一大社会需求。骗子也紧跟这一社会痛点,大量发送非法贷款短信,借此牟利。

3.2骚扰电话用户标记量达2.35亿次,同比下降27.12%

3.2.1 2017年上半年用户共标记骚扰电话2.35亿次 同比下降27.12%

在经历了2015年上半年的爆发式增长后,2016年上半年开始,骚扰电话标记数呈现逐年下降趋势,2017年上半年骚扰电话标记总数为2.35亿次,相较2016年上半年同比下降27.12%。

3.2.2 2017年上半年骚扰电话超过50%为响一声

用户标记的骚扰电话类型主要分为5大类。其中,响一声排名第一,占比超过50%。这类骚扰电话虽然不会对用户造成实质性危害,但仍会影响手机使用,干扰用户。诈骗电话占比15.14%,排名第二,此外广告推销、房产中介和保险理财等也占据了一定比例。

3.2.3 骚扰电话中索要验证码占比最高

据腾讯手机管家用户主动上报的骚扰电话恶意线索情况显示,索要验证码、假冒领导、转账、网购和犯法是最常见的关键词。其中索要验证码占比最高,将近24.74%的骚扰电话中,骗子会通过各种手段索要验证码,而验证码作为重要的隐私信息,一旦泄露,很容易会造成财产损失。

3.2.4 诈骗电话标记数同比下降59.68%,北京最多

在用户已标记的2.35亿次骚扰电话中,诈骗类电话占比虽远不及响一声多,但其造成的实质性危害却最大。基于腾讯手机管家用户诈骗电话标记相关数据显示,2017年上半年诈骗电话标记数同比下降59.68%,总数为3559万。

这些诈骗电话针对的目标地域较为明确,以东部沿海经济发达地区与内陆中心省份为主。城市方面,北京是诈骗电话标记数最多的城市,总数达182.6万。深圳和广州分别以141.8万和125.7万的标记数紧随其后。上海、西安、长沙、成都、杭州、重庆和武汉则分列第四至十位。

3.3 恶意网址拦截次数高达478亿,色情欺诈网站居首

3.3.1 2017年上半年检出恶意网址数量超1.83亿

2017年上半年,腾讯安全在PC和移动端共计检测出恶意网址数量超过1.83亿,整体呈现波动上升趋势。其中6月份检测出3575万个恶意网址,为上半年最高纪录,4月份则最低,检测数量为2553万。

3.3.2色情欺诈网站仍是恶意网址主要作案手段

在有效检测恶意网址的同时,2017年上半年腾讯安全在PC和移动端共拦截恶意网址高达478亿次,相当于每天拦截2.65亿次。这一庞大数据也进一步说明了互联网安全的严峻形势。

在腾讯安全拦截的恶意网址中,色情欺诈网站、博彩网站、信息诈骗、恶意文件、虚假广告和钓鱼欺诈网站是传播最广泛的六大类恶意网址。其中色情欺诈网站占据半壁江山,占比为51.98%,色情欺诈网站会内嵌欺诈广告或诱骗用户进行在线支付。恶意网址也会内嵌在诈骗短信中进行传播,以增加迷惑性,因此用户在看到短信中的网址时,应自觉提高警惕性,切记不要随便点击。

3.4 iOS骚扰及诈骗电话降幅约35%,日历广告成新的骚扰

3.4.1 iOS骚扰电话和诈骗电话出现较大幅度下降

2016年9月,腾讯手机管家携手苹果公司推出iOS10全新版本,首次增加拦截骚扰和诈骗电话功能,有效缓解了iOS用户倍受困扰的骚扰电话难题。数据显示,2017年上半年iOS用户共标记骚扰电话1449.2万次,诈骗电话219.6万次。

从整体趋势上看,上半年iOS骚扰电话标记数呈现波动下降趋势,1月标记数最高,为319.5万次,4月则只有202万次,为上半年最低峰。相较而言,诈骗电话整体趋势则更加稳定。从以上各项数据可以看出,2017年上半年骚扰电话和诈骗电话都出现了较大幅度的下降,这离不开相关部门、手机运营商和手机用户的共同努力。

3.4.2日历广告成苹果手机的第三大骚扰

垃圾信息、骚扰电话、日历广告逐渐成为iPhone用户的主要骚扰源头。其中,日历广告骚扰问题日益严重。61.1%的用户遭遇过日历广告,其中博彩广告、房地产广告、打车软件广告居前三。

3.5 腾讯麒麟系统打击伪基站保护1.5亿人次

3.5.1腾讯麒麟系统共拦截2.3亿条诈骗短信,保护1.5亿人次

2017年上半年度,腾讯麒麟伪基站实时定位系统为全国用户拦截2.3亿条伪基站诈骗短信,总计影响人数达1.5亿人次。

3.5.2伪基站地域特征:川陕京鄂湘五省最多

从地域上看,腾讯麒麟为四川、陕西、北京、湖北、湖南用户拦截的诈骗短信数量最多,这5个省级行政区拦截的诈骗短信数量超过全国总量50%以上。

从城市来看,拦截诈骗短信数量Top 10的城市如北京、成都、西安等几乎均为省会城市或经济较发达城市,由于人口密集、城市居民收入较高,被伪基站诈骗团伙列入重点攻击对象。

3.5.3 伪基站作案时间特征:工作时间最频繁

从作案时间来看,伪基站诈骗短信发送之间集中在上午9时至下午19时,其中又以上午10时至12时、下午15时至18时为两个高峰。不难看出,诈骗短信高峰期与每日工作时段相合。

3.5.4内容特征:工商银行、中国移动最“躺枪”

伪基站短信类型中,积分兑换、账户异常和银行信用卡提额类则占比接近90%。这三类常与运营商、银行有关,常以积分到期清零、信用卡提额、账户实名、异常等理由进行诈骗。

腾讯麒麟拦截的伪基站仿冒端口中,仿冒工商银行的诈骗短信最多(高达52%),Top 5仿冒端口除中农工建四大银行,还有运营商中国移动。不难看出,这些“躺枪”的企业是因为用户群体巨大,业务模式中短信息又尤为重要,所以成为伪基站诈骗团伙主要模拟的发送对象。

伪基站短信触达用户的运营商分布中,中国移动占比74%,位居其后是中国电信(16%)、中国联通(10%)。

四、2017年上半年安全人才建设进展及成果

4.1《网络安全法》促进对人才的综合性培养

2017年6月1日起施行的《网络安全法》首次以法律条款的形式对网络空间安全领域的人才问题进行规定,不仅体现出国家对网络人才的重视,更是为国务院以及各地方出台网络安全人才培养的细则提供了最高位阶的法律依据。

《网络安全法》规定:国家支持企业和高等学校、职业学校等教育培训机构开展网络安全相关教育与培训,采取多种方式培养网络安全人才,促进网络安全人才交流。网络安全人才不仅包括技术人才,也包括管理人才。当前网络安全不仅是技术的较量,更是理念、规则的较量,熟悉国际规则、大国关系的网络安全人才在未来的网络空间竞争中能够发挥更大的作用。因此,网络安全人才的培养不仅要培养传统型人才,更要立足国内,放眼全球,培养懂得网络外交的综合性人才。

同时,条款中规定的“网络安全人才的交流”,体现了我国对于人才培养机制的开放创新理念。人才的培养离不开与先进国家的学术研讨和技术交流,各企业机构应当吸引国外的高端技术人才,同时加快我国顶尖人才的培养。

4.2 安全人才培养“腾讯模式”:打造人才闭环

作为互联网安全开放平台的倡导者,腾讯一直将“网络安全”当作企业顶层设计的重要组成部分和战略性工程。在持续关注和支持安全人才选拔和培养的过程中,腾讯目前已经逐渐在校园招聘、社会招聘、内部人才的培训晋升、薪酬福利等方面摸索出一套安全人才选拔制度;同时,通过持续打造顶级安全赛事和推动人才培养计划,腾讯已经逐渐形成一套成熟、完善,并可供社会借鉴的安全人才培养体系。

腾讯在2017年联合各方发起了腾讯信息安全争霸赛(TCTF),通过国际化的赛制发掘人才、通过优质辅导机制和专业的导师队伍培养人才以及通过搭建企业与高校的桥梁输送人才。同时,腾讯通过打造“百人计划”,构建互联网安全人才培养的闭环,通过TCTF大赛的层层比赛考试,选拔出最具潜力的百名安全人才,并通过后续持续培养,打造互联网安全领域复合型、领军型人才。

腾讯希望以TCTF作为专业安全人才培养平台在企业与高校间搭建起桥梁,形成集选拔、培养、输送于一体的人才闭环,为中国安全新生力量提供多维的成长环境,进一步推动我国网络安全事业发展。

4.3腾讯安全联合实验室成立一周年:护航六大互联网关键领域

2016年7月,腾讯安全整合旗下实验室资源,成立国内首个互联网实验室矩阵——腾讯安全联合实验室,旗下涵盖包括科恩实验室、玄武实验室、湛泸实验室、云鼎实验室、反病毒实验室、反诈骗实验室、移动安全实验室在内的七大实验室。实验室专注安全技术研究及安全攻防体系搭建,安全防范和保障范围覆盖了连接、系统、应用、信息、设备及云,触达六大互联网关键领域。

2016年,腾讯安全联合实验室为谷歌、微软、苹果、adobe等国际厂商共计挖掘269个漏洞,位居国内第一。另外,凭借“全球首次远程无物理接触方式入侵特斯拉汽车”研究成果,腾讯安全联合实验室科恩实验室入选“特斯拉安全研究员名人堂”,并获特斯拉CEO马斯克的亲笔致谢。

在举国关注的反诈骗领域,腾讯安全联合实验室中的反诈骗实验室基于多年来在反诈骗领域的深耕研究,已经形成一整套基于AI创新+能力开放的反欺诈评价新标准,形成有效的止损模式。在AI创新和能力开放的双轮驱动下,实验室目前已推出鹰眼反电话诈骗系统、麒麟伪基站实时定位系统、神荼反钓鱼系统、神侦资金流查控系统、神羊情报分析平台五大系统,并通过腾讯云的SaaS服务开放给有需要的政府单位、企业等,帮助用户防范互联网诈骗。

五、安全热点事件盘点

5.1 勒索病毒集中爆发及病毒详解

5.1.1 WannaCry敲诈勒索病毒5月12日在全球爆发

事件背景:

5月12日,WannaCry(想哭)比特币勒索病毒让在全球范围内爆发。据腾讯安全反病毒实验室安全研究人员分析发现,此次勒索事件与以往相比最大的区别在于,勒索病毒结合了蠕虫的方式进行传播。由于在NSA泄漏的文件中,WannaCry传播方式的漏洞利用代码被称为“EternalBlue”,所以也有的报道称此次攻击为“永恒之蓝”。

病毒详解:

勒索病毒近两年的爆发,很大程度上与加密算法的日益完善有关。密码学及算法的不断更新保证了我们日常网络中数据传输和保存的安全性。遗憾的是,勒索病毒的作者也利用了这个特性,使得我们虽然知道了木马的算法,但由于不知道作者使用的密钥,也就没有办法恢复被恶意加密的文件。

加密算法通常分为对称加密算法和非对称加密算法两大类。这两类算法在勒索病毒中都被使用过。

对称加密算法的加密和解密使用的是完全相同的密钥,特点是运算速度较快,但是单独使用此类算法时,密钥必须使用某种方法与服务器进行交换,在这个过程中存在被记录和泄漏的风险。勒索病毒常用的对称加密算法包括AES算法和RC4算法。

非对称加密算法也被称为公钥加密算法,它可以使用公开的密钥对信息进行加密,而只有私钥的所有者才可以解密,因此只要分发公钥并保存好私钥,就可以保证加密后的数据不被破解。与对称加密相比,非对称加密算法的运算速度通常较慢。勒索病毒常用的非对称加密算法包括RSA算法和ECC算法。

通常,勒索病毒会将这两大类加密算法结合起来使用,既可以迅速完成对整个电脑大量文件的加密,又能保证作者手中的私钥不被泄漏。

5.1.2 新一轮勒索病毒“Petya”来袭,更具破坏性

事件背景: 

6月27日新一轮勒索病毒Petya袭击了欧洲多个国家。此病毒相比WannaCry更具破坏性。病毒对电脑的硬盘MFT进行了加密,并修改了MBR,让操作系统无法进入。相比此前,Petya更像是有目的性的攻击,而并非简单的敲诈勒索。腾讯哈勃分析系统已经能够识别此病毒并判定为高度风险,利用腾讯电脑管家可查杀该病毒。

病毒详解:

Petya勒索病毒变种中毒后会扫描内网的机器,通过永恒之蓝漏洞自传播,达到快速传播的目的。有国外安全研究人员认为,Petya勒索病毒变种会通过邮箱附件传播,利用携带漏洞的DOC文档进行攻击。中毒后,病毒会修改系统的MBR引导扇区,当电脑重启时,病毒代码会在Windows操作系统之前接管电脑,执行加密等恶意操作。电脑重启后,会显示一个伪装的界面,此界面实际上是病毒显示的,界面上假称正在进行磁盘扫描,实际上正在对磁盘数据进行加密操作。

5.1.3勒索病毒腾讯安全应对方案

针对勒索病毒集中爆发,腾讯安全紧急发布应对方案,针对事前防范、事中病毒清理和事后文件恢复三种情形,向广大用户提出处理建议:

事前预防

1.利用电脑管家的勒索病毒免疫工具,自动化安装系统补丁和端口屏蔽,或手动下载、安装。

2.备份数据,安装安全软件,开启防护。

a)对相关重要文件采用离线备份(即使用U盘等方式)等方式进行备份;

b)利用部分电脑带有的系统还原功能,在未遭受攻击之前设置系统还原点,遭受攻击之后可以还原系统,防御文件加密;

c)安装腾讯电脑管家,开启实时防护,避免遭受攻击;

d)采用电脑管家的文档守护者进行文件的备份、防护。

3.建立灭活域名实现免疫。

根据对已有样本分析,勒索软件存在触发机制,如果可以成功访问指定链接,电脑便会在中了勒索病毒后直接退出,便不会进行文件加密。

a)普通用户在可以联网状态下,保证对该网址的可访问,则可以避免在遭受攻击后避免被加密(仅限于已知勒索病毒);

b)企业用户可以通过在内网搭建Web Server,然后通过内网DNS的方式将域名解析到Web Server IP的方式来实现免疫;通过该域名的访问情况也可以监控内网病毒感染的情况。

事中病毒清理

1.拔掉网线等方式隔离已遭受攻击电脑,避免感染其他机器。

2.利用电脑管家的杀毒功能直接查杀勒索软件,直接进行扫描清理(已隔离的机器可以通过U盘等方式下载离线包安装)。

3.备份相关数据后直接进行系统重装。

事后文件恢复

1.勒索软件带有恢复部分加密文件的功能,可以直接通过勒索软件恢复部分文件;或直接点击勒索软件界面上的”Decrypt”可弹出恢复窗口,恢复列表中文件。

2.可以使用第三方数据恢复工具尝试数据恢复,云上用户可直接联系腾讯安全云鼎实验室协助处理。

5.2 DDOS攻击不断,暗云变种频繁来袭

事件背景:

6月9日,一场2017年以来最大规模的DDoS网络攻击活动席卷全国,腾讯安全云鼎实验室发布溯源分析报告,通过对攻击源机器进行分析,工程师在机器中发现暗云Ⅲ的变种。通过对流量、内存DUMP数据等内容进行分析,腾讯云鼎实验室确定本次超大规模DDoS攻击由“暗云”黑客团伙发起。升级过后的“暗云III”将主要代码存储在云端,可实时动态更新。

病毒详解:

“暗云”系列木马自2015年初被腾讯反病毒实验室首次捕获并查杀,至今已有两年多。在这两年多时间里,该木马不断更新迭代,持续对抗升级。

从今年4月开始,该木马卷土重来,再次爆发,本次爆发的暗云木马相比之前的版本有比较明显的晋级特征,因此我们将其命名为暗云Ⅲ。暗云Ⅲ与之前版本相比有以下特点和区别:

第一、更加隐蔽,暗云Ⅲ依旧是无文件无注册表,与暗云Ⅱ相比,取消了多个内核钩子,取消了对象劫持,变得更加隐蔽,即使专业人员,也难以发现其踪迹。

第二、兼容性,由于该木马主要通过挂钩磁盘驱动器的StartIO来实现隐藏和保护病毒MBR,此类钩子位于内核很底层,不同类型、品牌的硬盘所需要的 hook点不一样,此版本木马增加了更多判断代码,能够感染市面上的绝大多数系统和硬盘。

第三、针对性对抗安全软件,对安全厂商的“急救箱”类工具做专门对抗,通过设备名占坑的方式试图阻止某些工具的加载运行。

5.3上半年重点诈骗类案件盘点

5.3.1 8.19徐玉玉电信诈骗案宣判

2016年8月,刚刚被南京邮电大学的徐玉玉,接到了一通诈骗电话,对方以奖学金的名义,骗走徐玉玉上大学的费用9900元。报案后的徐玉玉情绪异常,导致心源性猝死,不幸离世,引发社会对电信诈骗的空前关注。此案于2017年7月19日公开宣判,主犯陈文辉被判处无期徒刑,没收个人全部财产。其他六名被告人被判15年到3年不等的有期徒刑并处罚金。这一判决,向社会传递了法院依法从严惩处电信网络诈骗犯罪的鲜明态度。

防范建议:徐玉玉的惨剧足够引起公众的警惕。互联网时代,每个人的信息流转都在线上通过不同的渠道流转,给了不法分子可乘之机。面对如此环境,我们更应该对陌生电话和短信保持警觉。哪怕对方能说出个人精确的信息,都不能亲信,任何事件都需要经由可靠渠道多方验证,以保护自身安全。

5.3.2河南特大电信诈骗案:谎称卖高考答案骗近百考生300万元

2017年6月,河南鹤壁市警方破获了这起特大电信诈骗案,抓获犯罪嫌疑人两人,缴获作案用银行卡70余张。这些犯罪嫌疑人假借售卖高考试题答案的方式,通过网络对高考考生实施诈骗。据警方初步调查,诈骗受害人累计超过3500余人,涉案金额超过300万元。

防范建议:每年高考录取期间,都是高考诈骗案件高发的时间段。考生和家长需要谨防一切所谓“内部指标”、虚假查分网址、虚假查询录取结果等以高考招生为名的各种诈骗手段,切勿抱有侥幸心理,上当受骗。

5.3.3武汉女教师遭遇连环电信诈骗 7个月被骗253万

武汉某中学教师陈女士,名校硕士学历,2017年5月向警方报警遭遇诈骗。据了解,2016年11月,陈老师接到一陌生来电,称其社保卡被盗刷,并直接将电话转至“湖南省公安厅”。接电话的“民警“称陈女士牵涉到一桩诈骗洗钱案,为“洗刷罪名”,陈女士半年时间累计向对方转账253万,为此欠下债务达300多万。目前案件仍在侦办中。

防范建议:民众需要警惕陌生电话和短信。当接到疑似诈骗电话或短信时,要注意核实对方身份,尤其是对方要求向指定账户汇款时,不要轻易汇款,应第一时间告知家属商量解决或咨询公安机关;。公安部门不可能提供安全账户,更不会指导您转账、设密码。

六、安全防范专家建议

在电脑使用中,设置安全系数高的密码。使用不会被暴力攻击轻易猜到的密码,是提高安全性的有效办法。暴力攻击是攻击者使用自动化系统来猜测密码。避免使用从字典中能找到的单词,不要使用纯数字密码;使用包含特殊字符和空格,同时使用大小写字母,这种密码破解起来比使用母亲的名字或生日作为密码要困难的多。另外,密码长度每增加一位,密码字符构成的组合就会成倍数增加,因此长密码会更加安全。

定期升级软件,更新安全补丁。很多情况下,在安装部署生产性应用软件之前,对系统进行补丁测试工作是至关重要的,最终安全补丁必须安装到个人电脑的系统中。如果很长时间没有进行安全升级,可能会导致计算机非常容易成为不道德黑客的攻击目标。因此,不要把软件安装在长期没有进行安全补丁更新的计算机上。

通过备份重要文档,保护你的数据安全。备份你的数据,这是你可以保护自己在面对灾难的时候把损失降到最低的重要方法之一。如果数据量巨大,日常可以将数据保存至硬盘上。但更便捷的方式,可以利用腾讯电脑管家一类的安全防护软件,随时将数据自动化备份至本地,也可以存储至云端,最大化保证了数据安全。

不要轻易信任外部网络,开放性网络风险巨大。在一个开放的无线网络中,例如在具有无线网络的咖啡店中,网络风险会成倍增长,这个理念是非常重要的。这并非意味着在一些非信任的外部网络中不能使用无线网络,而是要时刻保持对用网安全的谨慎和警惕。关键是,用户必须通过自己的系统来确保安全,不要相信外部网络和自己的私有网络一样安全。

提高对陌生电话、短信的警惕性,勿轻信其中内容。诈骗短信形式多样化,各种新型短信木马泛滥使得通过诱惑性的短信自带病毒链接的支付类、隐私窃取类病毒迅速增长。对于“高考查分”、“开学通知”、“考试成绩单”、“户籍管理”、“手机实名制”、“录像视频”和“交通违章”等短信中内嵌的网址链接,应时刻提高警惕,切勿随意点击。对于陌生电话、短信应该提高警惕性和戒心,不要轻信对方所说的任何内容,必要时要对其身份信息进行核实。

保护个人隐私信息,不轻易向他人透露个人信息。个人账号、密码、身份证信息等属于关键个人隐私信息,因此绝对不能随意在任何陌生短信、电话进行透露。收到陌生短信、电话询问个人隐私时,请务必提高警惕。在社交平台发布消息时,谨防通过照片、截图等形式泄露重要隐私信息。不随意丢弃含有个人信息的机票、车票或快递单据,以防个人信息被窃取。

手机用户应养成使用安全软件来保护手机安全的良好习惯。手机用户可下载安装如腾讯手机管家一类的手机安全软件,定期给手机进行体检和病毒查杀,并及时更新病毒库。针对最新流行且难以清除的病毒或者漏洞,可下载专杀工具及时查杀或修复。同时开启腾讯手机管家骚扰拦截功能,可有效拦截诈骗电话、短信,提升手机安全。

Referring URL:

https://guanjia.qq.com/news/n1/2039.html

Comparative Analysis of Military Command Structures : China. DPRK, Russia, US // 中,美,苏,俄罗斯,朝鲜武装力量指挥体系

Comparative Analysis of Military Command Structures :China. DPRK, Russia, US //

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

 

China ‘s Armed Forces Command System

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

Overview of China ‘s Armed Forces

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

 

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

 

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

Description: blue font for the deputy military units. Xinjiang Military Region is the only deputy deputy military district, under the Lanzhou Military Region.

American military command system

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

US military command system description
  

The president of the United States is the commander in chief of the armed forces and the supreme commander of the armed forces. The president, through the Ministry of Defense leadership and command of the army, emergency can be leapfrog command. The strategic nuclear forces are controlled by the president at all times.
  

The National Security Council is the supreme defense decision-making advisory body. Its legal members include the President, Vice President, Secretary of State, Defense Minister. The Chairman of the Joint Chiefs of Staff is the statutory military adviser to the National Security Council. The Director of the CIA is the National Security Council’s statutory intelligence adviser. The daily work of the National Security Council is the responsibility of the President’s National Security Adviser (Consultant).
  

The Ministry of Defense is the supreme military organ that leads and directs the US Armed Forces, is responsible for the defense policy, the formulation and implementation of the plan, and the management of the defense affairs, and through the joint meeting of the Chief of Staff to carry out operational command. It consists of the Ministry of Defense headquarters system, the military system and operational command system composed of three parts.
  

Department of Defense Department of the system is mainly responsible for the policy, finance, military and other military affairs, as well as the coordination between the military. Under the policy, procurement and technical, personnel and combat readiness, auditing and finance, directing communication control and intelligence, legislation, logistics affairs, intelligence supervision, administration, public affairs, supervision, combat test and evaluation departments, respectively, by the Deputy Defense Minister , Assistant defense minister, director, director or department head and other supervisors.
  

The military system consists of the Ministry of War, the Air Force Department and the Department of the Navy three military (military department). The military departments are responsible for the administration of the service, education and training, weapons and equipment development and procurement and logistical support and other duties, and the responsibility to warfare to the joint operations headquarters to provide combat troops and the corresponding service and logistical support, but no combat Command. The military minister is a civilian officer, under which he is the chief of staff (Navy for the combat minister). The chief of staff (naval combat minister) is the highest military officer of the service.
  

The operational command system refers to the Joint Chiefs of Staff and the Joint Command and Special Command affiliated to it. The Joint Chiefs of Staff is both the President, the Minister of Defense, the Military Advisory Body of the National Security Council, and the Military Commander of the President and the Minister of Defense to issue operational orders to the Joint Command and Special Command. In a sense, the Department of Defense is the military and government departments of the President, and the Joint Chiefs of Staff is the President’s military order.

The former Soviet Union military command system

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

Russian military command system

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

North Korea ‘s Military Command System

China, the United States, the Soviet Union, Russia, North Korea armed forces command system

Original Mandarin Chinese:

中国武装力量指挥体系

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

中国武装力量总览

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

 

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

 

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

说明:兰色字体为副大军区单位。新疆军区是唯一一个副大军区编制,隶属兰州军区。

美国军事指挥体系

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

美国军事指挥系统说明
  

美国总统是武装部队总司令,全军最高统帅。总统通过国防部领导和指挥全军,紧急情况下可越级指挥。战略核力量不论何时都由总统指挥控制。
  

国家安全委员会是最高防务决策咨询机构。其法定成员包括总统、副总统、国务卿、国防部长。参谋长联席会议主席是国家安全委员会法定军事顾问,中央情报局局长是国家安全委员会法定情报顾问。国家安全委员会日常工作由总统国家安全事务助理(顾问)负责。
  

国防部是总统领导与指挥美国武装力量的最高军事机关,负责防务政策、计划的制定和实施,以及国防事务管理,并通过参谋长联席会议对全军实施作战指挥。它由国防部本部系统、军事部系统和作战指挥系统三部分组成。
  

国防部本部系统主要负责政策、财政、军务等全军性事务,以及各军事部间的协调。下设政策、采购与技术、人事与战备、审计与财务、指挥通信控制与情报、立法、后勤事务、情报监督、行政管理、公共事务、监察、作战试验与评估等部门,分别由副国防部长、助理国防部长、主任、局长或部门长等主管。
  

军事部系统包括陆军部、空军部和海军部3个军事部(军种部)。各军事部负责本军种的行政管理、教育训练、武器装备研制和采购及后勤保障等事务,并有责任在战时向各联合作战司令部提供作战部队及相应的勤务和后勤支援,但无作战指挥权。军事部长为文官,在其下设军种参谋长(海军为作战部长)。军种参谋长(海军作战部长)是本军种最高军事长官。
  

作战指挥系统指参谋长联席会议及隶属于它的各联合司令部、特种司令部。参谋长联席会议既是总统、国防部长、国家安全委员会的军事咨询机构,也是总统和国防部长向联合司令部和特种司令部发布作战命令的军事指挥机关。从某种意义上讲,国防部是总统的军政部门,而参谋长联席会议是总统的军令部门。

前苏联军事指挥体系

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

俄罗斯军事指挥体系

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

朝鲜军事指挥体系

中,美,苏,俄罗斯,朝鲜武装力量指挥体系

中國政府要求公開評論保護中國關鍵基礎設施 // Chinese Government Requests Public Comment on Securing China Critical Infrastructure

中國政府要求公開評論保護中國關鍵基礎設施

Chinese Government Requests Public Comment on Securing China Critical Infrastructure

Notice of the National Internet Information Office on the Public Opinion on the Protection of Key Information Infrastructure Security Regulations (Draft for Soliciting Opinions)

    In order to ensure the security of key information infrastructure, according to the “Internet Security Law of the People’s Republic of China”, we will draft the “Key Information Infrastructure Safety Protection Regulations (draft)” with the relevant departments. The relevant units and people of all walks of life may submit their views by August 10, 2017 by:

First, by mail to the views sent to: Xicheng District, Beijing Chegongzhuang Street on the 11th National Internet Information Office Network Security Coordination Bureau, Zip code 100044, and in the envelope marked “comments”.

Second, by e-mail to: security@cac.gov.cn.

 

Annex: Key information infrastructure security regulations (draft)

 

National Internet Information Office

 July 10, 2017

Key information infrastructure security regulations

(Draft)

Chapter 1 General Provisions

    Article 1 These Regulations are enacted in accordance with the Network Security Law of the People’s Republic of China in order to ensure the safety of key information infrastructures.

Article 2 These Regulations shall apply to the planning, construction, operation, maintenance and use of key information infrastructures within the territory of the People’s Republic of China and the protection of key information infrastructures.

Article 3 The key information infrastructure security protection adhere to the top design, overall protection, coordination, division of labor is responsible for the principle, give full play to the role of the main operation, the active participation of all parties to jointly protect the key information infrastructure security.

Article 4 The competent department of national industry or the supervisory department shall be responsible for guiding and supervising the protection of key information infrastructure in the industry and in the field in accordance with the division of responsibilities stipulated by the State Council.

State network letter department is responsible for coordinating the key information infrastructure security protection and related supervision and management work. The State Council public security, national security, state secrecy administration, national password management and other departments within their respective responsibilities are responsible for the relevant network security protection and supervision and management work.

The relevant departments of the local people’s governments at or above the county level shall carry out the key information infrastructure safety protection work in accordance with the relevant provisions of the State.

Article 5 The operator of the key information infrastructure (hereinafter referred to as the operator) shall bear the responsibility for the security of the key information infrastructure of the unit, perform the obligation of network security protection, accept the government and social supervision, and bear social responsibility.

The country encourages network operators outside key information infrastructures to participate voluntarily in critical information infrastructure protection systems.

Article 6 Key information infrastructure In the network security level protection system, based on the implementation of key protection.

Article 7 Any person or organization who discovers the safety of the infrastructure of the critical information infrastructure shall have the right to report to the department of the letter, telecommunications, public security and industry supervisors or supervisors.

The department that receives the report shall handle it in a timely manner and if it does not belong to the duties of the department, it shall promptly transfer the department to be handled.

The relevant departments shall keep the relevant information of the whistleblower and protect the legitimate rights and interests of the whistleblower.

 

Chapter II Support and Safeguard

    Article 8 The State shall take measures to monitor, defend and dispose of network security risks and threats arising from the territory of the People ‘s Republic of China, protect the critical information infrastructure from attack, intrusion, interference and destruction, and punish the criminal activities of the Internet according to law.

Article 9 The State shall formulate policies such as industry, finance, taxation, finance and personnel, support the innovation of key information infrastructure related technologies, products and services, promote safe and reliable network products and services, train and select network security personnel, and improve key information The level of safety of the infrastructure.

Article 10 The State shall establish and improve the network security standard system and use standard guidance to standardize the work of key information infrastructure security protection.

Article 11 The people ‘s governments at or above the municipal level shall incorporate the key information infrastructure security protection into the overall planning of the economic and social development of the district, increase the investment and carry out the evaluation and evaluation of the work performance.

Article 12 The State encourages government departments, operators, scientific research institutions, network security services, industry organizations, network products and service providers to carry out key information infrastructure security cooperation.

Article 13 The competent department of industry or the supervisory department of the State shall set up or clarify the institutions and personnel who are responsible for the protection of key information infrastructure in the industry and in this field, and compile and organize the implementation of the industry, the network security planning in the field, and establish a sound work Funding protection mechanism and supervise the implementation.

Article 14 Energy, telecommunications, transportation and other industries shall provide key support and support for power supply, network communication, transportation and other aspects of emergency management and network function restoration of key information infrastructure network security incidents.

Article 15 Public security organs and other departments shall, according to law, investigate and punish illegal and criminal activities against and use key information infrastructures.

Article 16 Any individual or organization shall not engage in any of the following activities and actions that endanger the critical information infrastructure:

(I) attacks, intrusion, interference, and destruction of critical information infrastructures;

(B) illegally obtaining, selling or unauthorized access to information such as technical information that may be used exclusively for the safety of critical information infrastructures;

(Iii) unauthorized penetration of critical information infrastructures, aggressive scanning detection;

(D) knowing that others are engaged in activities that endanger the security of key information infrastructure and still provide assistance such as Internet access, server hosting, network storage, communication transmission, advertising promotion, payment settlement and so on;

(E) other activities and actions that endanger the critical information infrastructure.

Article 17 The State shall safeguard the network security based on the open environment and actively carry out international exchanges and cooperation in the field of key information infrastructure security.

 

Chapter 3 Key Information Infrastructure Scope

    Article 18 The network facilities and information systems operated and managed by the following units shall be included in the scope of protection of key information infrastructures in the event of damage, loss of function or data leakage, which may seriously endanger the national security, the people’s livelihood and the public interest.

(A) government agencies and energy, finance, transportation, water conservancy, health care, education, social security, environmental protection, public utilities and other sectors of the unit;

(B) telecommunications networks, radio and television networks, the Internet and other information networks, and provide cloud computing, large data and other large public information network services units;

(3) scientific research and production units in the fields of national defense science and technology, large-scale equipment, chemical industry, food and medicine industry;

(4) news units such as radio stations, television stations and news malls;

(5) other key units.

Article 19 The State Network Letter Department shall, in conjunction with the competent departments of telecommunications under the State Council and the public security departments, formulate guidelines for the identification of key information infrastructure.

National industry supervisors or regulators organize identification of the industry and key information infrastructures in the field in accordance with the key information infrastructure identification guidelines and submit the identification results according to the procedures.

Key information infrastructure identification process, should give full play to the role of experts, improve the identification of key information infrastructure identification accuracy, rationality and scientific.

Article 20 If a major change in the key information infrastructure or key information infrastructure has occurred, the operator shall promptly report the relevant situation to the national competent or supervisory department.

The national industry supervisor or the supervisory department shall promptly carry out the identification and adjustment according to the situation reported by the operator and submit the adjustment according to the procedure.

 

Chapter IV Operator Safety Protection

    Article 21 The construction of a key information infrastructure shall ensure that it has the performance of supporting the stable and continuous operation of the business and ensures that the safety and technical measures are synchronized, synchronized and synchronized.

Article 22 The principal responsible person of the operator is the first person responsible for the safety protection work of the key information infrastructure of the unit. It is responsible for establishing and perfecting the network security responsibility system and organizing the implementation, and is fully responsible for the security protection of the key information infrastructure of the unit.

Article 23 The operator shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations to protect the critical information infrastructure from interference, damage or unauthorized access to prevent the leakage or theft of the network data:

(1) to formulate internal safety management systems and operating procedures, strict identity authentication and rights management;

(B) to take technical measures to prevent computer viruses and network attacks, network intrusion and other hazards to network security behavior;

(3) to take technical measures to monitor and record the operation status of the network and the network security incident, and keep the relevant network log in accordance with the regulations for not less than six months;

(D) to take data classification, important data backup and encryption authentication and other measures.

Article 24 In addition to Article 23 of these Regulations, the operator shall perform the following safety and protection obligations in accordance with the requirements of national laws and regulations and the mandatory requirements of the relevant national standards:

(A) set up a dedicated network security management and network security management, and the person in charge and key positions for security background review;

(2) regularly carry out network security education, technical training and skills assessment for employees;

(C) of the important systems and databases for disaster recovery, in time for system vulnerabilities and other security risks to take remedial measures;

(D) the development of network security incident contingency plans and regular exercise;

(5) other obligations stipulated by laws and administrative regulations.

Article 25 The person in charge of network security management of the operator shall perform the following duties:

(1) to formulate network security rules and regulations, operational procedures and supervise the implementation;

(2) organizing the skills assessment of key positions;

(3) to formulate and implement the network safety education and training program of the unit;

(4) to organize network security checks and emergency drills to deal with the handling of network security incidents;

(5) to report to the relevant departments of the country on network security important matters, events.

Article twenty-sixth operators of network security key positions of professional and technical personnel to implement the system of certificates.

The specific provisions of the promulgation of posts by the State Council human resources and social security departments in conjunction with the State Network letter and other departments to develop.

Article 27 Operators shall organize the training of network safety education for employees. Each year, the training time shall not be less than one working day, and the number of professional and technical personnel in key positions shall not be less than 3 working days per year.

Article 28 The operator shall establish and improve the safety assessment and evaluation system for the key information infrastructure, and carry out the safety inspection and evaluation when the key information infrastructure is on or after the major changes.

The operator shall, at its own expense, entrust the network security service organization to carry out at least one annual inspection and evaluation of the safety and possible risk of the key information infrastructure, rectify the problems found in time and report the relevant situation to the national industry supervisor or the supervisory department The

Article 29 Personal information and important data collected and produced by the operator in the operation of the People’s Republic of China shall be stored in the territory. For business needs, it is necessary to provide overseas, should be in accordance with personal information and important data outbound security assessment methods to assess; laws, administrative regulations otherwise provided, in accordance with its provisions.

 

Chapter 5 Product and Service Security

    Article 30 The key equipment and network security special products purchased and used by the operators shall comply with the requirements of laws and administrative regulations and the mandatory requirements of relevant national standards.

Article 31 Where an operator purchases a network product and service that may affect the security of the State, it shall, through the network security review, sign a security confidentiality agreement with the provider in accordance with the requirements of the safety inspection method of the network product and service.

Article 32 Operators shall carry out safety testing on the system, software, and donated network products that have been developed for outsourcing.

Article 33 Where an operator finds that there is a risk of security defects or loopholes in the use of the network products and services, it shall promptly take measures to eliminate the risks and involve significant risks in reporting to the relevant departments.

Article 34 The operation and maintenance of key information infrastructures shall be implemented in the territory. Due to business needs, do need to remote maintenance, should be reported to the national industry executives or regulatory authorities and the State Council public security departments.

Article 35 Institutions that carry out safety assessment and evaluation, publish security threats such as system vulnerabilities, computer viruses, and network attacks for key information infrastructures, provide services such as cloud computing and information technology outsourcing, shall meet the relevant requirements.

The specific requirements by the State Network letter department in conjunction with the relevant departments of the State Council to develop.

 

Chapter 6 Monitoring, Early Warning, Emergency Handling and Testing

    Article 36 The national network communication department shall co-ordinate the establishment of the key information infrastructure network security monitoring and early warning system and the information communication system, organize and guide the relevant agencies to carry out the network security information summary, analyze and judge the report, and publish the network security monitoring and early warning information according to the regulations The

Article 37 The competent department of industry or the supervisory department of the State shall establish and improve the network security monitoring and early warning and information reporting system of the key information infrastructure in this industry, and keep abreast of the industry, the operation status of the key information infrastructure in the field and the security risks, Inform the operator about safety risks and related work information.

The national industry supervisor or the supervisory department shall organize the judgment of the safety monitoring information, and if it is necessary to take immediate preventive measures, it shall promptly issue the early warning information and emergency preventive measures to the relevant operators and, in accordance with the requirements of the national network security incident contingency plan, Relevant departments report.

Article 38 The national network communication department shall coordinate the relevant departments, operators and relevant research institutions and network security service agencies to establish a network information sharing mechanism for key information infrastructure and promote the sharing of network security information.

Article 39 In accordance with the requirements of the national network security incident contingency plan , the State Network shall, in accordance with the requirements of the national network security incident contingency plan, coordinate the relevant departments to establish and perfect the key information infrastructure network security emergency coordination mechanism, strengthen the network security emergency power construction, and coordinate the relevant departments to organize cross- Regional network security emergency drills.

National industry supervisors or regulators should organize the development of the industry, the field of network security incident contingency plans, and regularly organize exercises to enhance the network security incident response and disaster recovery capabilities. After major network security incidents or early warning information received by the network letter department, should immediately start the contingency plan to respond, and timely report on the situation.

Article 40 The competent department of national industry or the regulatory department shall regularly organize the inspection and inspection of the safety risks of the industry and the key information infrastructure in the field and the performance of the operators’ performance of safety protection, and propose measures to improve the supervision and supervision of the operators in time The problems found in the assessment.

State network letter department co-ordinate the relevant departments to carry out the spot checks to prevent cross-testing and evaluation.

Article 41 The relevant departments shall organize the assessment and evaluation of the key information infrastructure safety, and shall adhere to the principle of objectivity, impartiality, efficiency and transparency, adopt a scientific evaluation and evaluation method, standardize the inspection and evaluation process and control the risk of testing and evaluation.

Operators should be carried out by the relevant departments to implement the assessment and assessment to the assessment of the problems found in time for rectification.

Article 42 The relevant departments may organize the following measures to carry out the safety inspection and evaluation of key information infrastructure:

(1) requiring the relevant personnel of the operator to make a statement on the examination and evaluation;

(B) access to, retrieval, reproduction and safety protection related documents, records;

(C) to view the network security management system development, implementation and network security technical measures planning, construction, operation;

(4) to use the testing tools or commissioned by the network security services for technical testing;

(5) other necessary means agreed by the operator.

Article 43 The information obtained by the relevant departments and the network security service organizations in the assessment of key information infrastructure safety inspection and evaluation can only be used for the maintenance of network security and shall not be used for other purposes.

Article 44 The relevant departments shall organize the assessment of the security of the key information infrastructure, and shall not charge the units to be tested and tested, and shall not require the persons to be tested and appraised to purchase the designated brand or the products and services of the designated production and sales units.

 

Chapter VII Legal Liability

    Article 45 An operator shall fail to perform the provisions of Article 20, Paragraph 1, Article 21, Article 23, Article 24, Article 26, Article 27, and Article 2 Article 18, Article 30, Article 32, Article 33, Article 34 of the network security protection obligations, by the relevant authorities in accordance with their duties ordered to correct, give a warning; refused to correct or Resulting in damage to the network security and other consequences, at a fine of more than 100,000 yuan a million yuan, the person in charge directly responsible for more than 10,000 yuan more than 100,000 yuan fine.

Article 46 Where an operator violates the provisions of Article 29 of these Regulations, he or she shall, in accordance with his / her duties, make corrections, give a warning, confiscate the illegal income, And shall be ordered to suspend the relevant business, suspend business for rectification, close the website, revoke the relevant business license; the person directly in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan The

Article 47 Where an operator violates the provisions of Article 31 of these Regulations and uses the network products or services that have not passed the security examination or security examination, the relevant competent department of the State shall order it to cease to use and double the purchase amount More than ten times the fine; the person in charge directly responsible and other directly responsible persons at a fine of not less than 10,000 yuan but not more than 100,000 yuan.

Article 48 Where an individual violates the provisions of Article 16 of these Regulations and does not constitute a crime, the public security organ shall confiscate the illegal gains and shall be detained for less than five days and shall be fined not less than 50,000 yuan but not more than 500,000 yuan; Shall be imposed a fine of not less than 100,000 yuan but not more than one million yuan; if the case constitutes a crime, the criminal responsibility shall be investigated according to law.

If the unit has any of the acts mentioned in the preceding paragraph, the public security organ shall confiscate the illegal gains and impose a fine of not less than 100,000 yuan but not more than one million yuan and impose penalties on the directly responsible person in charge and other directly responsible persons in accordance with the provisions of the preceding paragraph.

Violation of the provisions of Article XVI of the Ordinance, the criminal punishment of personnel, life shall not be engaged in key information infrastructure security management and network operations key positions in the work.

Article 49 Where the operator of a key information infrastructure of a state organ fails to perform the obligations of the network security protection provided for in these Regulations, the superior organ or the relevant organ shall order it to make corrections; and the person directly in charge and other directly responsible persons shall be punished according to law.

Article 50 Where any of the following departments and their staff members commits any of the following acts, the directly responsible person in charge and other directly responsible persons shall be punished according to law; if a crime is constituted, criminal responsibility shall be investigated according to law:

(A) in the work of the use of authority to obtain, accept bribes;

(B) neglect of duty, abuse of authority;

(Iii) unauthorized disclosure of relevant information, information and data files of key information infrastructures;

(4) other acts that violate statutory duties.

 Article 51 Where a major cyber security incident occurs in a critical information infrastructure, the responsibility for the investigation shall be identified, and the responsibility for the relevant network security service and relevant departments shall be identified in addition to the investigation of the responsibility of the operating unit and the investigation , For dereliction of duty, dereliction of duty and other violations, shall be held accountable.

Article 52 If the organs, organizations and individuals engaged in attack, intrusion, interference, or damage to the key information infrastructure of the People’s Republic of China cause serious consequences, they shall be investigated for legal responsibility according to law; the public security department of the State Council and the State security organ And the relevant departments and may decide to impose a frozen property or other necessary sanctions on the institution, organization or individual.

 

Chapter VIII Supplementary Provisions

    Article 53 The security protection of key information infrastructures involved in the storage and handling of information concerning state secrets shall also be subject to the provisions of confidentiality laws and administrative regulations.

Critical information infrastructure in the use and management of passwords, should also comply with the password laws and administrative regulations.

 Article 54 The security protection of military key information infrastructures shall be separately stipulated by the Central Military Commission.

Article 55 These Regulations shall enter into force on the date of ****.

Original Mandarin Chinese:

關鍵信息基礎設施安全保護條例
(徵求意見稿)

第一章 總則
第一條 為了保障關鍵信息基礎設施安全,根據《中華人民共和國網絡安全法》,制定本條例。
第二條 在中華人民共和國境內規劃、建設、運營、維護、使用關鍵信息基礎設施,以及開展關鍵信息基礎設施的安全保護,適用本條例。
第三條 關鍵信息基礎設施安全保護堅持頂層設計、整體防護,統籌協調、分工負責的原則,充分發揮運營主體作用,社會各方積極參與,共同保護關鍵信息基礎設施安全。
第四條 國家行業主管或監管部門按照國務院規定的職責分工,負責指導和監督本行業、本領域的關鍵信息基礎設施安全保護工作。
國家網信部門負責統籌協調關鍵信息基礎設施安全保護工作和相關監督管理工作。國務院公安、國家安全、國家保密行政管理、國家密碼管理等部門在各自職責範圍內負責相關網絡安全保護和監督管理工作。
縣級以上地方人民政府有關部門按照國家有關規定開展關鍵信息基礎設施安全保護工作。
第五條 關鍵信息基礎設施的運營者(以下稱運營者)對本單位關鍵信息基礎設施安全負主體責任,履行網絡安全保護義務,接受政府和社會監督,承擔社會責任。
國家鼓勵關鍵信息基礎設施以外的網絡運營者自願參與關鍵信息基礎設施保護體系。
第六條 關鍵信息基礎設施在網絡安全等級保護製度基礎上,實行重點保護。
第七條 任何個人和組織發現危害關鍵信息基礎設施安全的行為,有權向網信、電信、公安等部門以及行業主管或監管部門舉報。
收到舉報的部門應當及時依法作出處理;不屬於本部門職責的,應當及時移送有權處理的部門。
有關部門應當對舉報人的相關信息予以保密,保護舉報人的合法權益。

第二章 支持與保障
第八條 國家採取措施,監測、防禦、處置來源於中華人民共和國境內外的網絡安全風險和威脅,保護關鍵信息基礎設施免受攻擊、侵入、干擾和破壞,依法懲治網絡違法犯罪活動。
第九條國家製定產業、財稅、金融、人才等政策,支持關鍵信息基礎設施安全相關的技術、產品、服務創新,推廣安全可信的網絡產品和服務,培養和選拔網絡安全人才,提高關鍵信息基礎設施的安全水平。
第十條 國家建立和完善網絡安全標準體系,利用標準指導、規範關鍵信息基礎設施安全保護工作。
第十一條 地市級以上人民政府應當將關鍵信息基礎設施安全保護工作納入地區經濟社會發展總體規劃,加大投入,開展工作績效考核評價。
第十二條 國家鼓勵政府部門、運營者、科研機構、網絡安全服務機構、行業組織、網絡產品和服務提供者開展關鍵信息基礎設施安全合作。
第十三條國家行業主管或監管部門應當設立或明確專門負責本行業、本領域關鍵信息基礎設施安全保護工作的機構和人員,編制並組織實施本行業、本領域的網絡安全規劃,建立健全工作經費保障機制並督促落實。
第十四條 能源、電信、交通等行業應當為關鍵信息基礎設施網絡安全事件應急處置與網絡功能恢復提供電力供應、網絡通信、交通運輸等方面的重點保障和支持。
第十五條 公安機關等部門依法偵查打擊針對和利用關鍵信息基礎設施實施的違法犯罪活動。
第十六條 任何個人和組織不得從事下列危害關鍵信息基礎設施的活動和行為:
(一)攻擊、侵入、干擾、破壞關鍵信息基礎設施;
(二)非法獲取、出售或者未經授權向他人提供可能被專門用於危害關鍵信息基礎設施安全的技術資料等信息;
(三)未經授權對關鍵信息基礎設施開展滲透性、攻擊性掃描探測;
(四)明知他人從事危害關鍵信息基礎設施安全的活動,仍然為其提供互聯網接入、服務器託管、網絡存儲、通訊傳輸、廣告推廣、支付結算等幫助;
(五)其他危害關鍵信息基礎設施的活動和行為。
第十七條 國家立足開放環境維護網絡安全,積極開展關鍵信息基礎設施安全領域的國際交流與合作。

第三章 關鍵信息基礎設施範圍
第十八條 下列單位運行、管理的網絡設施和信息系統,一旦遭到破壞、喪失功能或者數據洩露,可能嚴重危害國家安全、國計民生、公共利益的,應當納入關鍵信息基礎設施保護範圍:
(一)政府機關和能源、金融、交通、水利、衛生醫療、教育、社保、環境保護、公用事業等行業領域的單位;
(二)電信網、廣播電視網、互聯網等信息網絡,以及提供雲計算、大數據和其他大型公共信息網絡服務的單位;
(三)國防科工、大型裝備、化工、食品藥品等行業領域科研生產單位;
(四)廣播電台、電視台、通訊社等新聞單位;
(五)其他重點單位。
第十九條 國家網信部門會同國務院電信主管部門、公安部門等部門製定關鍵信息基礎設施識別指南。
國家行業主管或監管部門按照關鍵信息基礎設施識別指南,組織識別本行業、本領域的關鍵信息基礎設施,並按程序報送識別結果。
關鍵信息基礎設施識別認定過程中,應當充分發揮有關專家作用,提高關鍵信息基礎設施識別認定的準確性、合理性和科學性。
第二十條 新建、停運關鍵信息基礎設施,或關鍵信息基礎設施發生重大變化的,運營者應當及時將相關情況報告國家行業主管或監管部門。
國家行業主管或監管部門應當根據運營者報告的情況及時進行識別調整,並按程序報送調整情況。

第四章 運營者安全保護
第二十一條 建設關鍵信息基礎設施應當確保其具有支持業務穩定、持續運行的性能,並保證安全技術措施同步規劃、同步建設、同步使用。
第二十二條 運營者主要負責人是本單位關鍵信息基礎設施安全保護工作第一責任人,負責建立健全網絡安全責任制並組織落實,對本單位關鍵信息基礎設施安全保護工作全面負責。
第二十三條 運營者應當按照網絡安全等級保護製度的要求,履行下列安全保護義務,保障關鍵信息基礎設施免受干擾、破壞或者未經授權的訪問,防止網絡數據洩漏或者被竊取、篡改:
(一)制定內部安全管理制度和操作規程,嚴格身份認證和權限管理;
(二)採取技術措施,防範計算機病毒和網絡攻擊、網絡侵入等危害網絡安全行為;
(三)採取技術措施,監測、記錄網絡運行狀態、網絡安全事件,並按照規定留存相關的網絡日誌不少於六個月;
(四)採取數據分類、重要數據備份和加密認證等措施。
第二十四條 除本條例第二十三條外,運營者還應當按照國家法律法規的規定和相關國家標準的強制性要求,履行下列安全保護義務:
(一)設置專門網絡安全管理機構和網絡安全管理負責人,並對該負責人和關鍵崗位人員進行安全背景審查;
(二)定期對從業人員進行網絡安全教育、技術培訓和技能考核;
(三)對重要係統和數據庫進行容災備份,及時對系統漏洞等安全風險採取補救措施;
(四)制定網絡安全事件應急預案並定期進行演練;
(五)法律、行政法規規定的其他義務。
第二十五條 運營者網絡安全管理負責人履行下列職責:
(一) 組織製定網絡安全規章制度、操作規程並監督執行;
(二)組織對關鍵崗位人員的技能考核;
(三)組織製定並實施本單位網絡安全教育和培訓計劃;
(四)組織開展網絡安全檢查和應急演練,應對處置網絡安全事件;
(五)按規定向國家有關部門報告網絡安全重要事項、事件。
第二十六條 運營者網絡安全關鍵崗位專業技術人員實行執證上崗制度。
執證上崗具體規定由國務院人力資源社會保障部門會同國家網信部門等部門製定。
第二十七條 運營者應當組織從業人員網絡安全教育培訓,每人每年教育培訓時長不得少於1個工作日,關鍵崗位專業技術人員每人每年教育培訓時長不得少於3個工作日。
第二十八條 運營者應當建立健全關鍵信息基礎設施安全檢測評估制度,關鍵信息基礎設施上線運行前或者發生重大變化時應當進行安全檢測評估。
運營者應當自行或委託網絡安全服務機構對關鍵信息基礎設施的安全性和可能存在的風險隱患每年至少進行一次檢測評估,對發現的問題及時進行整改,並將有關情況報國家行業主管或監管部門。
第二十九條 運營者在中華人民共和國境內運營中收集和產生的個人信息和重要數據應當在境內存儲。因業務需要,確需向境外提供的,應當按照個人信息和重要數據出境安全評估辦法進行評估;法律、行政法規另有規定的,依照其規定。

第五章 產品和服務安全
第三十條 運營者採購、使用的網絡關鍵設備、網絡安全專用產品,應當符合法律、行政法規的規定和相關國家標準的強制性要求。
第三十一條 運營者採購網絡產品和服務,可能影響國家安全的,應當按照網絡產品和服務安全審查辦法的要求,通過網絡安全審查,並與提供者簽訂安全保密協議。
第三十二條 運營者應當對外包開發的系統、軟件,接受捐贈的網絡產品,在其上線應用前進行安全檢測。
第三十三條 運營者發現使用的網絡產品、服務存在安全缺陷、漏洞等風險的,應當及時採取措施消除風險隱患,涉及重大風險的應當按規定向有關部門報告。
第三十四條 關鍵信息基礎設施的運行維護應當在境內實施。因業務需要,確需進行境外遠程維護的,應事先報國家行業主管或監管部門和國務院公安部門。
第三十五條 面向關鍵信息基礎設施開展安全檢測評估,發布系統漏洞、計算機病毒、網絡攻擊等安全威脅信息,提供雲計算、信息技術外包等服務的機構,應當符合有關要求。
具體要求由國家網信部門會同國務院有關部門製定。

第六章 監測預警、應急處置和檢測評估
第三十六條國家網信部門統籌建立關鍵信息基礎設施網絡安全監測預警體系和信息通報製度,組織指導有關機構開展網絡安全信息匯總、分析研判和通報工作,按照規定統一發佈網絡安全監測預警信息。
第三十七條國家行業主管或監管部門應當建立健全本行業、本領域的關鍵信息基礎設施網絡安全監測預警和信息通報製度,及時掌握本行業、本領域關鍵信息基礎設施運行狀況和安全風險,向有關運營者通報安全風險和相關工作信息。
國家行業主管或監管部門應當組織對安全監測信息進行研判,認為需要立即採取防範應對措施的,應當及時向有關運營者發布預警信息和應急防範措施建議,並按照國家網絡安全事件應急預案的要求向有關部門報告。
第三十八條 國家網信部門統籌協調有關部門、運營者以及有關研究機構、網絡安全服務機構建立關鍵信息基礎設施網絡安全信息共享機制,促進網絡安全信息共享。
第三十九條國家網信部門按照國家網絡安全事件應急預案的要求,統籌有關部門建立健全關鍵信息基礎設施網絡安全應急協作機制,加強網絡安全應急力量建設,指導協調有關部門組織跨行業、跨地域網絡安全應急演練。
國家行業主管或監管部門應當組織製定本行業、本領域的網絡安全事件應急預案,並定期組織演練,提升網絡安全事件應對和災難恢復能力。發生重大網絡安全事件或接到網信部門的預警信息後,應立即啟動應急預案組織應對,並及時報告有關情況。
第四十條國家行業主管或監管部門應當定期組織對本行業、本領域關鍵信息基礎設施的安全風險以及運營者履行安全保護義務的情況進行抽查檢測,提出改進措施,指導、督促運營者及時整改檢測評估中發現的問題。
國家網信部門統籌協調有關部門開展的抽查檢測工作,避免交叉重複檢測評估。
第四十一條 有關部門組織開展關鍵信息基礎設施安全檢測評估,應堅持客觀公正、高效透明的原則,採取科學的檢測評估方法,規範檢測評估流程,控制檢測評估風險。
運營者應當對有關部門依法實施的檢測評估予以配合,對檢測評估發現的問題及時進行整改。
第四十二條 有關部門組織開展關鍵信息基礎設施安全檢測評估,可採取下列措施:
(一)要求運營者相關人員就檢測評估事項作出說明;
(二)查閱、調取、複製與安全保護有關的文檔、記錄;
(三)查看網絡安全管理制度製訂、落實情況以及網絡安全技術措施規劃、建設、運行情況;
(四)利用檢測工具或委託網絡安全服務機構進行技術檢測;
(五)經運營者同意的其他必要方式。
第四十三條 有關部門以及網絡安全服務機構在關鍵信息基礎設施安全檢測評估中獲取的信息,只能用於維護網絡安全的需要,不得用於其他用途。
第四十四條 有關部門組織開展關鍵信息基礎設施安全檢測評估,不得向被檢測評估單位收取費用,不得要求被檢測評估單位購買指定品牌或者指定生產、銷售單位的產品和服務。

第七章 法律責任
第四十五條運營者不履行本條例第二十條第一款、第二十一條、第二十三條、第二十四條、第二十六條、第二十七條、第二十八條、第三十條、第三十二條、第三十三條、第三十四條規定的網絡安全保護義務的,由有關主管部門依據職責責令改正,給予警告;拒不改正或者導致危害網絡安全等後果的,處十萬元以上一百萬元以下罰款,對直接負責的主管人員處一萬元以上十萬元以下罰款。
第四十六條運營者違反本條例第二十九條規定,在境外存儲網絡數據,或者向境外提供網絡數據的,由國家有關主管部門依據職責責令改正,給予警告,沒收違法所得,處五萬元以上五十萬元以下罰款,並可以責令暫停相關業務、停業整頓、關閉網站、吊銷相關業務許可證;對直接負責的主管人員和其他直接責任人員處一萬元以上十萬元以下罰款。
第四十七條運營者違反本條例第三十一條規定,使用未經安全審查或安全審查未通過的網絡產品或者服務的,由國家有關主管部門依據職責責令停止使用,處採購金額一倍以上十倍以下罰款;對直接負責的主管人員和其他直接責任人員處一萬元以上十萬元以下罰款。
第四十八條個人違反本條例第十六條規定,尚不構成犯罪的,由公安機關沒收違法所得,處五日以下拘留,可以並處五萬元以上五十萬元以下罰款;情節較重的,處五日以上十五日以下拘留,可以並處十萬元以上一百萬元以下罰款;構成犯罪的,依法追究刑事責任。
單位有前款行為的,由公安機關沒收違法所得,處十萬元以上一百萬元以下罰款,並對直接負責的主管人員和其他直接責任人員依照前款規定處罰。
違反本條例第十六條規定,受到刑事處罰的人員,終身不得從事關鍵信息基礎設施安全管理和網絡運營關鍵崗位的工作。
第四十九條 國家機關關鍵信息基礎設施的運營者不履行本條例規定的網絡安全保護義務的,由其上級機關或者有關機關責令改正;對直接負責的主管人員和其他直接負責人員依法給予處分。
第五十條 有關部門及其工作人員有下列行為之一的,對直接負責的主管人員和其他直接責任人員依法給予處分;構成犯罪的,依法追究刑事責任:
(一)在工作中利用職權索取、收受賄賂;
(二)玩忽職守、濫用職權;
(三)擅自洩露關鍵信息基礎設施有關信息、資料及數據文件;
(四)其他違反法定職責的行為。
第五十一條關鍵信息基礎設施發生重大網絡安全事件,經調查確定為責任事故的,除應當查明運營單位責任並依法予以追究外,還應查明相關網絡安全服務機構及有關部門的責任,對有失職、瀆職及其他違法行為的,依法追究責任。
第五十二條境外的機構、組織、個人從事攻擊、侵入、干擾、破壞等危害中華人民共和國的關鍵信息基礎設施的活動,造成嚴重後果的,依法追究法律責任;國務院公安部門、國家安全機關和有關部門並可以決定對該機構、組織、個人採取凍結財產或者其他必要的製裁措施。

第八章 附則
第五十三條 存儲、處理涉及國家秘密信息的關鍵信息基礎設施的安全保護,還應當遵守保密法律、行政法規的規定。
關鍵信息基礎設施中的密碼使用和管理,還應當遵守密碼法律、行政法規的規定。
第五十四條 軍事關鍵信息基礎設施的安全保護,由中央軍事委員會另行規定。
第五十五條 本條例自****年**月**日起施行。

Referring URL:

http://www.cac.gov.cn/2017-07/11/c_1121294220.htm