Chinese Military: Cyber security is a matter of war. In the information war, cyberspace has become a new dimension of battlefield space // 中國軍隊:網絡安全是戰爭問題。 在信息戰中,網絡空間已成為戰場空間的新維度

Chinese Military: Cyber security is a matter of war. In the information war, cyberspace has become a new dimension of battlefield space //

中國軍隊:網絡安全是戰爭問題。 在信息戰中,網絡空間已成為戰場空間的新維度

 

Author:   來源: 解放軍報 作者: 周鴻禕 張春雨

DTG: 2018年05月22日 16:XX:XX

 ● Promote network security. The integration of military and civilian needs to integrate and optimize the allocation at the national level, and promote the two-way flow of technology, talents and resources.

  ● Whether it is network security analysis, situation research, emergency response, or network protection hardware and software development, a large number of information technology talents are needed.

  

        President Xi profoundly pointed out that there is no national security without cyber security. In the digital age, cyberspace has penetrated into various fields such as politics, economy, military, culture, etc. It has the natural attributes of military and civilian integration, and is an important aspect of the integration and development of military and civilians in the new era. At present, China is marching toward a network power and building a network great wall combining military and civilian integration. It is not only the basic system design for building a network power and information army, but also an important driving force for promoting the deep development of military and civilian integration. Under the new situation, we will actively promote the in-depth development of cyber security, military and civilian integration, and urgently need to break down institutional barriers, structural contradictions, and policy issues, and constantly improve the level of integration and enhance joint protection capabilities.

Cybersecurity is related to the overall security of the country, and it is necessary for the military to walk away from the road of comprehensive integration.

  In the information age, cyberspace security has become a new commanding height of the national strategy. Last year, the “Eternal Blue” ransomware that broke out in the world, the Ukrainian power grid attacked, and the US election “mail door” and other events showed that cyber security concerns national security, social stability and war victory or defeat. The cyber security contest has risen to the national level of confrontation, beyond the scope of the military’s respective management and control, and it is necessary to rely on the integration of the military and the local forces to manage and manage well.

  Cybersecurity is a national interest. As the network’s tentacles extend to economic, social, cultural and other fields, its security will affect economic security, social security, cultural security, and information security. In May 2017, the “Eternal Blue” ransom virus swept through more than 150 countries and regions, including government, banks, communications companies, energy companies and other important departments, and the infrastructure was paralyzed, causing an uproar in the world. Earlier, Saudi Arabia’s infrastructure was attacked by cyber attacks. In just a few minutes, the computer hard drive was destroyed, all data was emptied, and the attacker tried to cause an explosion. If it succeeded, it would undoubtedly have serious consequences.

  Cybersecurity is a matter of war. In the information war, cyberspace has become a new dimension of battlefield space. At present, the United States, the United Kingdom, and Japan have established cyber warfare forces and vigorously developed various cyber weapons. In the Iraq war, the US military first destroyed the five key command and radar facilities of the Iraqi army, and used electronic interference to firmly grasp the information superiority, making the Iraqi army blind and paralyzed, and the defense system quickly paralyzed. With the accelerated evolution of war forms, the competition for information superiority has increasingly become the core content of war wins and losses. As the “main battlefield” of information control, cyberspace has increasingly become the commanding height of war games.

  Cybersecurity is a common practice in the world. At present, many countries in the world regard military and civilian integration as an important way to improve the security of cyberspace. For example, the United States has made cybersecurity the focus of national security. The White House and the Pentagon have designated Boeing and Lockheed Martin as the national network security team, and designated information technology giants such as Microsoft, Intel, Cisco, Apple, and Google for network security. Professional team, designated Symantec, McAfee and other network security protection companies for the network security special team. In Israel, after the retiring of many Israeli cyber security forces, they became the elite of local high-tech enterprises and founded several network security companies. These companies have come back to cooperate with the Israeli army in the field of network security to enhance the security of the military network and promote the development of the entire network space security.

Network security resources are diversified and diverse, requiring military to strengthen top-level design coordination

  Promoting the integration of military and civilian development is a systematic project. It is necessary to use system science, system thinking, and systematic methods to solve problems. At present, China’s various information network systems are developing at a high speed, and network functions of different functions and types are being put into use one after another. The overall framework of the network security protection system is basically established. However, network security resources are widely distributed in the military and local areas. Promoting network security and military-civilian integration, improving synergy protection needs to strengthen top-level design coordination, break down institutional barriers and departmental interests, unify integration and optimize allocation at the national level, and promote technology, talents, resources, etc. Two-way flow conversion of features.

  Establish and improve the leadership system of the network security organization. It is necessary to speed up the establishment of a leading agency for cybersecurity work organizations with Chinese characteristics in order to ensure a clear hierarchy and division of labor. The national cybersecurity leadership agency’s work focuses on strengthening the top-level design and macro-management of cybersecurity military-civilian integration, formulating development strategies and planning plans, fulfilling the overall coordination function in military-civilian integration, and being responsible for domestic cybersecurity defense and emergency response, and combating cybercrime. And cyber terrorism; military cyber security authorities focus on the overall planning and construction of military cybersecurity, integrating the areas of military and civilian integration into the overall development of national cybersecurity, and doing a good job of connecting with national cybersecurity development plans, We will clarify the relevant processes and management methods for military-land coordination, improve the work system for regular military conferences, important situation notifications, and major operational coordination, and form joint prevention, joint management, and joint control of cyberspace security.

  Coordinate the planning standards for military network security construction. With the goal of effectively responding to the current and future cyber offensive and defensive measures, the overall framework of military and civilian cybersecurity construction will be scientifically formulated, the construction model will be classified, the short-term and long-term construction goals will be defined, and the supporting measures for completing the tasks will be determined. The first is to adhere to the standard. Actively promote the unification of technical standards for network security basic products such as autonomously controllable secure operating systems and secure database systems, and achieve full integration of systems at key moments to create a solid and reliable network security defense line. The second is to insist on a unified assessment. Strengthen the assessment of network security construction and technical risk assessment of network security products, clarify the evaluation procedures and links, and adopt scientific and effective evaluation methods to ensure that the network is secure and controllable after it is built.

  Establish a network security military resource sharing mechanism. To realize the sharing of military network security resources, the key is to establish a mechanism for military land demand. The information on military and civilian technical achievements should be released in a timely manner. The real-time table of “the battlefield needs to be lacking” and “market ownership” should be fully shared with the military and land needs, technologies, standards, products and other information resources; accelerate the construction of military information integration and sharing platform, Expand Unicom channels, standardize interoperability standards, and achieve full complementarity and sharing of military and territorial information resources; establish a network security access system, clearly define the scope of confidentiality levels, and the military business authorities and the “Ministry of the Army” enterprises regularly meet, information, and demand docking Collaborate with research and development to prevent civil network security forces from developing technology and losing targets, reducing targets, protecting tactics from losing rivals, and lacking direction; establishing a network threat information exchange mechanism, timely interoperating with domestic and international network security updates and major event notifications, encouraging private Enterprises and governments, the military share real-time network security threat information, improve the professional and real-time response capabilities of research and analysis.

The essence of cybersecurity is the contest of talents.

  The essence of cybersecurity is cyber confrontation, which is essentially the competition of talents. Whether it is network security analysis, planning, situation research, response and disposal, or network protection hardware and software development, a large number of information technology talents are needed. In order to meet the huge demand of military network security talents, it is necessary to firmly establish a joint thinking.

  Jointly train talents. In recent years, important progress has been made in the training of national cyber security personnel. Cyberspace security has been added to the first-level discipline by the Academic Degrees Committee and the Ministry of Education, and nearly 10,000 graduates in the field of cyberspace security each year. However, compared with the demand for building a network strong country and strengthening the army, there is still a big gap, such as a large gap in the talent team, a need to improve the training system, and insufficient reserve of practical talents. We should actively explore the military, local colleges, research institutes and network security enterprises to carry out joint training channels for talents, build a team of teachers, jointly set up experimental sites, and set up a practice base to realize the organic combination of classroom teaching and practical practice, through network security training. Camp, safety operation and maintenance personnel training, etc., to enhance the professional capabilities of network security practitioners, improve the rapid, large-scale, actual combat security operation and maintenance, analysis and response, attack and defense penetration and other network security personnel joint training mechanism.

  Joint use of strength. We should coordinate the use of various forces in the military, strengthen operational coordination, and establish a relatively comprehensive network security joint prevention and control mechanism. On the one hand, give full play to the role of local network security talents, open up the military network security top-level design, core technology research and development, and network security overall construction to meet the needs of military network security for talents; on the other hand, give full play to the military network security needs The role of the booster is to use the military’s advanced network technology to test the security of national critical infrastructure networks such as nuclear power, communications, transportation, and finance, and to verify the effectiveness of the emergency response system.

  Joint research and development technology. Military and civilian collaborative innovation is an important way to achieve breakthroughs in network protection technology innovation. We should focus on the use of military demand for cutting-edge innovation, and focus on breaking key network technologies, promoting the sharing of military and civilians on the basic platform, and vigorously promoting the mutual transformation of military and civilian technologies; encouraging universities, research institutes, military enterprises, and superior private enterprises to strengthen alliances. Focus on military, human, material and financial resources, and focus on key chips, core devices, operating systems, etc.; explore military and civilian integration network security equipment technology innovation model, develop a new generation of firewalls, intrusion detection, information encryption, information hiding, anti-eavesdropping And other protection technologies to jointly foster an ecological chain of autonomous network security industry.

  In addition, due to the comprehensive complexity of network security, military and regional forces are needed to strengthen regulatory and policy guarantees. Formulate a legal system for network security and military-civilian integration, relevant policies to support the integration of cyber security and civil-military, and relevant documents in the field of cybersecurity military-civilian integration key protection, ensure that the measures for network security and military-civilian integration take root, and form a joint support system for military and land.

Original Mandarin Chinese:

要點提示

●推動網絡安全軍民融合,需要在國家層面統一整合、優化配置,促進技術、人才、資源等要素雙向流動轉化。

●無論是網絡安全分析、態勢研判、應急處置,還是網絡防護硬件、軟件的研發,都需要大量的信息科技人才。

習主席深刻指出,沒有網絡安全就沒有國家安全。數字化時代,網絡空間已滲透到政治、經濟、軍事、文化等各個領域,具備軍民一體的天然屬性,是新時代軍民融合發展的重要方面。當前,我國正向網絡強國邁進,打造軍民融合的網絡長城,既是建設網絡強國和信息化軍隊的基本製度設計,也是推動軍民融合深度發展的重要驅動力量。新形勢下,積極推動網絡安全軍民融合深度發展,亟須破解體制性障礙、結構性矛盾、政策性問題,不斷提高融合水平、提升聯合防護能力。

網絡安全事關國家整體安全,需軍地走開全面融合之路

信息化時代,網絡空間安全已經成為國家戰略新的製高點。去年全球爆發的“永恆之藍”勒索病毒、烏克蘭電網遭攻擊、美國大選“郵件門”等事件表明,網絡安全事關國家安全、社會穩定和戰爭勝敗。網絡安全的較量已上升為國家層面的對抗,超出軍地各自管理控制的範疇,需要依靠軍地一體合力集中統管才有可能管得住、管得好。

網絡安全事關國家利益。由於網絡觸角延伸到經濟、社會、文化等各個領域,其安全必將影響到經濟安全、社會安全、文化安全、信息安全等。 2017年5月,“永恆之藍”勒索病毒席捲150多個國家和地區,包括政府、銀行、通信公司、能源企業等重要部門機構基礎設施陷入癱瘓,在全球引起軒然大波。早前,沙特的基礎設施遭網絡攻擊,僅僅數分鐘內,計算機硬盤就被破壞,所有數據被清空,攻擊者還試圖引發爆炸,如果得逞無疑會造成十分嚴重的後果。

網絡安全事關戰爭勝負。信息化戰爭中,網絡空間已成為新維戰場空間。當前,美國、英國、日本等都已建立網絡作戰部隊,並大力研發各種網絡武器。伊拉克戰爭中,美軍首先摧毀了伊軍非常關鍵的5個指揮與雷達設施,並使用電子乾擾等方式牢牢掌握信息優勢,使伊軍又盲又聾,防禦體系迅速癱瘓。隨著戰爭形態的加速演變,信息優勢爭奪日益成為戰爭勝負的核心內容,網絡空間作為信息控制的“主戰場”,日益成為戰爭博弈的製高點。

網絡安全軍民一體是世界普遍做法。當前,世界很多國家都將軍民一體看作是提升網絡空間安全的重要途徑。例如,美國就將網絡安全作為國家安全的重點,白宮和五角大樓指定波音、洛克希德·馬丁等公司為網絡安全國家隊,指定微軟、英特爾、思科、蘋果、谷歌等信息技術巨頭為網絡安全的專業隊,指定賽門鐵克、邁克菲等網絡安全防護企業為網絡安全的特種隊。在以色列,許多以軍網絡安全部隊的軍人退役後,成為地方高科技企業的精英,並創辦多家網絡安全公司。這些公司回過頭來與以軍在網絡安全領域展開全方位合作,提升以軍網絡防護能力的同時,推動整個網絡空間安全的發展。

網絡安全資源分散多元,需軍地強化頂層設計統籌

推動軍民融合發展是一個系統工程,要善於運用系統科學、系統思維、系統方法研究解決問題。目前,我國各類信息網絡系統高速發展,不同功能、類型的網絡安全設施陸續配套投入使用,網絡安全防護系統的總體框架基本建立。但網絡安全資源廣泛分佈於軍隊和地方,推動網絡安全軍民融合,提高協同防護能力需要強化頂層設計統籌,打破體制壁壘和部門利益,在國家層面統一整合、優化配置,促進技術、人才、資源等要素雙向流動轉化。

構建完善網絡安全組織領導體制。應加快建立軍地一體具有中國特色的網絡安全工作組織領導機構,確保層級清晰、分工協作。國家網絡安全領導機構的工作重點是加強網絡安全軍民融合的頂層設計和宏觀管控,制定發展戰略和規劃計劃,履行軍民融合中的統籌協調職能,負責國內網絡安全的防禦與應急反應,打擊網絡犯罪和網絡恐怖主義等;軍隊網絡安全主管機構側重於擬制軍隊網絡安全的整體規劃和建設,將可以實施軍民融合的領域納入國家網絡安全發展全局,做好與國家網絡安全發展規劃的相互銜接,明確軍地協調的相關流程和管理辦法,健全軍地定期會商、重要情況通報、重大行動協同等工作制度,形成網絡空間安全的聯防、聯管、聯控。

統籌軍地網絡安全建設規劃標準。以有效應對當前和未來一段時期網絡攻防手段為目標,科學制定軍民網絡安全建設總體框架,分類確立建設模式,明確近期和長遠建設目標,確定完成任務的配套措施。一是堅持統一標準。積極推動自主可控的安全操作系統、安全數據庫系統等網絡安全基礎產品的技術標準統一,關鍵時刻能實現各系統的全面融合,打造堅固可靠的網絡安全防線。二是堅持統一評估。加強網絡安全建設評估和網絡安全產品的技術風險評估,明確評估程序和環節,採取科學有效的評估方法,確保網絡建成后防得牢、控得住。

建立網絡安全軍地資源共享機制。實現軍地網絡安全資源共享,關鍵是建立軍地需求共提機制。應及時發布軍民兩用技術成果信息,實時對錶“戰場需缺”與“市場所有”,實現軍地雙方需求、技術、標準、產品等信息資源充分共享;加快構建軍地信息融合共享平台,拓展聯通渠道,規範互通標準,實現軍地信息資源充分互補共用;建立網絡安全准入制度,明確劃定保密等級範圍,軍隊業務主管部門與“民參軍”企業定期會商、信息通報、需求對接和協作攻研,防止民用網絡安全力量技術研發丟了目標、少了靶子,防護戰術失去對手、缺乏指向;建立網絡威脅信息互通機制,及時互通國內外網絡安全最新動態和重大事件通報,鼓勵民營企業與政府、軍隊實時共享網絡安全威脅信息,提高研究分析的專業性和實時響應能力。

網絡安全實質是人才的較量,需軍地樹牢聯合思想

網絡安全的本質是網絡對抗,實質是人才的競爭較量。無論是網絡安全分析、規劃、態勢研判、響應和處置,還是網絡防護硬件、軟件的研發,都需要大量的信息科技人才。為滿足軍地網絡安全人才巨大需求,需要牢固樹立聯合思想。

聯合培養人才。近年來,國家網絡安全人才培養取得重要進展,網絡空間安全被國務院學位委員會和教育部增設為一級學科,每年網絡空間安全領域畢業生近萬名。但與打造網絡強國和強軍興軍需求相比還存在較大差距,存在人才隊伍缺口較大、培養體係有待完善、實踐型人才儲備不足等問題。應積極探索軍隊、地方高校、科研院所和網絡安全企業開展人才聯合培養渠道,共建師資隊伍、共搭實驗場所、共設實習基地,實現課堂教學、實習實踐的有機結合,通過網絡安全訓練營、安全運維人才培養等,提升網絡安全從業人員的專業能力,完善快速化、規模化、實戰化的安全運維、分析響應、攻防滲透等網絡安全人才聯合培養機制。

聯合運用力量。應統籌軍地各種力量的運用,加強行動協同,建立較為完善的網絡安全聯防聯控機制。一方面,充分發揮地方網絡安全人才的作用,開放軍隊網絡安全頂層設計、核心技術研發、網絡安全整體建設等領域,以滿足軍隊網絡安全對人才的需求;另一方面,充分發揮軍隊網絡安全需求的助推器作用,利用軍方先進的網絡技術,測試核能、通信、交通、金融等國家關鍵基礎設施網絡的安全性,檢驗應急響應體系的有效性。

聯合研發技術。軍民協同創新是實現網絡防護技術創新突破的重要途徑。應圍繞發揮軍事需求對前沿創新的牽引帶動作用,聚力突破關鍵網絡技術,促進基礎平台軍民共享,大力推動軍民技術相互轉化;鼓勵高校、科研院所、軍工企業和優勢民營企業強強聯合,集中軍地人力、物力和財力,對關鍵芯片、核心器件、操作系統等領域集智攻關;探索軍民融合網絡安全裝備技術創新模式,研發新一代防火牆、入侵檢測、信息加密、信息隱藏、反竊聽等防護技術,共同培育自主化網絡安全產業生態鏈。

此外,由於網絡安全具有綜合性複雜性,還需軍地合力來強化法規政策保障。制定網絡安全軍民融合的法規體系、支撐網絡安全軍民融合的相關政策,以及網絡安全軍民融合重點保障領域的相關文件,確保網絡安全軍民融合的措施落地生根,形成軍地聯合支撐體系。

Leave a Reply

Your email address will not be published. Required fields are marked *