Chinese Military Cyber Warfare Capacity Building Achieving Situational Awareness in Cyberspace // 中國軍事網絡戰能力建設在網絡空間實現態勢感知

Chinese Military Cyber Warfare Capacity Building Achieving Situational Awareness in Cyberspace //



Cyberspace has become a new territory alongside land, sea, air and space, and it is also the most extensive territory. Since the birth of the computer, computer and network-based information systems have gradually developed, and the software and resources on it have been continuously enriched, eventually forming a network space.

With the continuous development of the US military’s weapons and equipment and combat theory, the “cyberspace warfare” began to move from reality to reality. Compared with the traditional “platform center warfare”, the role of the command and control system “combat multiplier” in “cyberspace warfare” will be more prominent, and the impact on combat will be even greater. In the future modern war, in cyberspace Command and control should have its own characteristics and concerns.

In theory, cyberspace is synonymous with the digital society of all available electronic information and networks. The United States “National Security Presidential Decree No. 45 and General Homeland Security Order No. 23” defines cyberspace as: information technology infrastructure and interdependent networks, including the Internet, telecommunications networks, computer systems, and processors in key industries. And the controller, usually also includes the information virtual environment and the interaction between people.

Cyberspace has four elements: communication devices and lines; computers; software; data communication and resource sharing. Communication equipment and lines: It is one of the infrastructures of network space, including routing/switching equipment, wired/wireless communication equipment, cables, and so on. Computer: One of the infrastructures of cyberspace with computing, storage, and data processing capabilities. Software: It is the core supporting part of cyberspace, and software systems running various functions in communication devices and computers. Data communication and resource sharing: It is the basic capability of cyberspace, providing the required information for users at all levels.

Commanding operations in the vast new territory of cyberspace will inevitably require the linkage of multiple arms and services. First, it should have security protection capabilities, provide multiple levels of security, and secondly must master the battlefield situation. In addition, it must have resource scheduling capabilities, etc. Provide support for integrated joint operations.

Security protection refers to the protection of data in the hardware, software and systems of network systems by using various technologies and management measures so that they are not damaged, falsified or leaked due to accidental or malicious reasons, so that the system can continue Reliable and normal operation, network services are not interrupted.

In the cyberspace command operation, the whole process of generating, storing, transmitting and using all kinds of allegations is faced with one or the other security threats. The traditional form of conflict has been extended to cyberspace.

Security protection technology and attack technology have been developing together. The contest between “spear” and “shield” has existed since ancient times. Although the US military has consistently expressed its position through various channels, it claims that the “core of the US military’s cyberspace operations is to defend against cyberattacks, and defensive capabilities are the basis of all other combat capabilities.” However, a little analysis shows that the US military must achieve this in cyberspace. The goal is to combine attack and defense, build a network deterrent system, and consolidate its own “networking rights” in the military. US Deputy Defense Secretary Lynn has made it clear that the US will retain the right to respond to serious cyber attacks and will make a commensurate and legitimate military response at the time and place we choose. Former Defense Secretary Panetta has pointed out: “Now we live in a completely different world and face the cyberspace attack that can be compared with Pearl Harbor.” “We must be prepared to deal with it. In cyberspace, we have to Have a good network attack and network defense capabilities.” These speeches fully demonstrate that the US military pays attention to the deterrent effect of cyberspace, emphasizes the combination of attack and defense in cyberspace, and takes the initiative to launch cyberattacks when necessary. Its military goal is not only to ensure its own network security, but to discourage by improving its cyber attack capabilities. And deterrence all cyberattacks that are not conducive to oneself, to achieve its absolute freedom, absolute superiority and absolute security in cyberspace.

In the cyberspace, the offensive and defensive drills between the state and the country have never stopped. In July 2008, Russia used a covert injection of attack software to launch a comprehensive cyberattack against Georgia, causing the network to collapse. In December 2011, Iran declared that its “electronic warfare force” used a “hacker hijacking” method to cause an American RQ-170 stealth drone to leave the route and land in Iran. The “super flame” virus discovered in May 2012 spread widely in the Middle East, hiding in the computer and stealing data. In March 2014, the official website of the Russian president suffered a cyber attack. From the previous cyberattacks, the cyber attack is as good as the fire of conventional weapons. The security of cyberspace is the security of the country, and cyberspace has become a space in the field of national sovereignty.

Security protection in cyberspace should employ multiple levels of security mechanisms. At the national strategic level, it is a national-level network security protection; in key areas, there are network security protections in the military, government, and economic fields; in large enterprises, there are network security protections of state-owned and private enterprises and institutions; There are network security protections for individuals and families. Among them, the national level of security protection mainly includes border network security and backbone network security; enterprise-level (and military) security protection mainly includes border network security and intranet security; personal computer security protection mainly includes computer terminal security, terminal software security and terminal Data Security. At different levels of security, the content of protected information varies from national strategic planning to development routes to personal privacy and bank passwords. The leakage of information will undoubtedly have a blow and negative impact on the survival and development of the country, enterprises and individuals, and even undermine the security and stability of the country.

Situational awareness is the perception, understanding and prediction of environmental factors under certain time and space conditions. In 1988, Endsley divided situational awareness into three levels of information processing: perception, understanding, and prediction. In 1999, TimBass first proposed the concept of network situational awareness, and pointed out that “convergence-based network situational awareness” will become the development direction of network management.

“Know yourself and know each other, there is no war.” In the new battle space of cyberspace, how can we be confidant and know each other? It is necessary to grasp the situation of the battlefield and have the ability to sense the situation, that is, to acquire, understand and present the key factors that can cause changes in the state of the enemy and the enemy, and to predict the future development trend.

The battlefield situation in cyberspace has the characteristics of wide coverage, huge amount of information, and extremely complicated conditions. For all levels of commanders, they hope to clearly understand and master the current cyberspace operations from the situation map, so that they can make decisions quickly and issue correct command orders.

To gain insight into the state and situation of cyberspace battlefield development, it must have the ability to collect, transmit, store, monitor, analyze, and present state data. In the key position of the network space, the detection points are laid, the network running status is detected, and the state data is collected. Based on various state data, network posture, security situation, spectrum situation, etc. are formed. Then, it is transmitted to the node with data analysis and processing capability through various communication means to analyze the situation data, including situational integration, situation assessment and situation prediction. The results of the analysis and processing are transmitted to the command posts at all levels, and the battlefield situation is presented to the commanders at all levels in a layered, multi-dimensional, on-demand manner. The basic process of situational awareness is consistent with the traditional approach, but each process is different.

The battlefield situation of cyberspace should be layered, global, and partial, which puts higher demands on the situation. With the continuous development of rendering technology, simple planar situational maps can no longer meet the operational needs, especially in the cyberspace combat environment, the demand for stereoscopic and multidimensional situations is prominent. Even if you are in the command post, the commander should be able to understand the battlefield situation and face the real opponent through the situation map. In the American war movie, you can often see the stereoscopic, touchable electronic sandbox, and the multi-dimensional display of the real-time battlefield situation enables the commanding function to make quick and accurate decisions and improve command and control capabilities. The battlefield environment of cyberspace is extremely complex, network environment, equipment operation, software operation… Many places need to have clear and intuitive display. In order to improve the user experience and shorten the decision time, the cyberspace situation should have multi-dimensional dynamic characteristics, and can support multi-screen display, multi-screen linkage and so on. From the top-level situation map, you can understand the whole picture of the war. From the local situation map, you can understand the status of the combat units at all levels. The commanders at different levels can view different situation maps as needed based on their own authority.

As a new type of combat space, cyberspace has objective differences with traditional physical space, and there are special requirements for command and control of cyberspace. However, cyberspace command and control still faces many other problems, such as how to integrate cyberspace command and control with traditional physical space command and control systems, and how to conduct cyberspace command and control effectiveness evaluation.

Original Mandarin Chinese:









在網絡空間中,國家與國家之間的攻防演練也從來沒有停止過。 2008年7月,俄羅斯利用攻擊軟件的隱蔽注入,對格魯吉亞實施了全面的網絡攻擊,導致網絡癱瘓。 2011年12月,伊朗宣稱其“電子戰部隊”用“黑客劫持”的方法使得美國的一架RQ-170隱形無人機脫離航線,降落在伊朗境內。 2012年5月被發現的“超級火焰”病毒在中東大範圍傳播,在計算機內隱蔽駐留、竊取數據。 2014年3月,俄羅斯總統官網遭遇網絡攻擊。從歷次的網絡攻擊事件來看,網絡攻擊效果不亞於常規武器的火力打擊。網絡空間的安全,就是國家的安全,網絡空間已成為國家主權領域空間。


態勢感知是在一定的時間和空間條件下,對環境因素的感知、理解以及對其發展趨勢的預測。 1988年,Endsley把態勢感知分為感知、理解和預測三個層次的信息處理。 1999年,TimBass首次提出了網絡態勢感知的概念,並且指出,“基於融合的網絡態勢感知”必將成為網絡管理的發展方向。






Referring url:



Leave a Reply

Your email address will not be published. Required fields are marked *