Tag Archives: 新“三十六計”之蜜罐誘騙防禦

General Qiao Liang: Confident Cyber Leadership Wins the future “network space war” // 喬亮將軍:充滿信心的網絡領導贏得了未來的“網絡太空戰爭”

General Qiao Liang: Confident Cyber Leadership Wins the future “network space war” //


For nearly half a century, electronic technology and information technology have developed at an impressive speed, and thus have completely changed the style of modern warfare. Although people are accustomed to the sorting of land, sea and air when they talk about the dimensions of war, from the military technical level, the “network warfare” capability of “electronic warfare” and “cyber warfare” has no doubt that it has come to the fore. Become the first combat power. Who can dominate the electronic warfare, who can dominate the battlefield. It is a pity that this conclusion has not yet been universally accepted by the military.

Carving a sword for a sword is a portrayal of the evolution of people’s understanding and the development of things. Today, when this round of military revolution is marked by electronic technology and chip technology, as the technology matures and the potential approaches the limit and comes to an end, the soldiers of most countries have a small tube and a smaller chip. It is possible to change the style of war and not yet fully prepared for the spirit and knowledge. This is an irony for human beings living in the age of information, especially those armed with informatized weapons.

The individual representation of the appearance of the world makes people intuitively divide the whole world into parts to understand and understand. Even though electronic technology and information technology have long integrated the whole world into the grid space and welded into a “domain”, people are still accustomed to split it into different “domain” blocks. For example, many soldiers who are ignorant of traditional thinking take the battle space into five major dimensions: land, sea, air, sky, and electricity, and think that they will fight in these five dimensions. The grid space battlefield, in their view, is only one of them. Even in the concept of joint operations, which attempted to bring the five-dimensional space into one, the space and space warfare is only one of the combat areas and combat styles. It is completely unknown that the world has been “informed.” Such lag thinking can’t keep up with the pace of technological leap: the boat is far from the lake, but the sword sinks to the bottom of the lake. Those who can win and win in the future battlefield must be the army that observes and thinks, operates and controls all battlefields as a whole. Only in this way can we find the key to open the door to victory: who can control the grid space, who can control the battlefield; who can prevail in the space war, who is the winner of the war. This is the general trend that modern warfare can not be reversed today.

Electronic warfare (which has evolved into information warfare or cyberspace warfare today) is a prerequisite for all modern battles, battles and even wars. In contrast, air supremacy, sea power, and even land and power, have handed over the first battle of the future battlefield to the power of the grid. Moreover, the struggle for the right to heaven is itself part of the power of the network. In Deng Shiping’s words, modern warfare, “there is no air superiority, and no one can beat it.” Yes, in the future war, there is no power to make electricity in the net, and nothing can be beaten.

Today, it is proposed to use the “air-sea battle” concept to contain China’s US military. It is a military machine that is almost fully informatized. Therefore, the US military knows that informatization is its strength and its shortcomings. Short and short, whoever has the advantage of space and space warfare, who can restrain the US military. Some people may ask, is it from a military point of view that the space warfare is so important that people think it is more important than firepower? Yes, this is the author’s answer. Because when your opponent has been fully dimensioned, it will either be better than the opponent’s network space warfare, or defeat the war first, and then the firepower war will only destroy the opponents who are still unwilling to admit defeat. The process of physical digestion.

Why is the space warfare so important? In fact, all of our main rivals have their strengths in all-dimensional informationization, and all their shortcomings are over-informatization. The shortcoming of informationization is that there is no chip-free, thus forming chip dependence. The chip makes the weapon platform ammunition stronger, but it is also extremely fragile. An electromagnetic pulse bomb can destroy all electronic components within its explosive coverage. This kind of scene makes the opponent who is armed with the chip to the teeth very scared. For us, what we fear the opponents should be our priority to focus on development.

If you play against a full-dimensional informatization opponent, the opponent is most worried about: one is attacked by the network, and the other is destroyed by the sky-based system. Because this will make the hardware advantages of all weapon platforms meaningless. Although our opponents also have this ability, once both sides use this ability to smash opponents, it means that the two sides will return to World War II. At that time, who has the advantage of population, who has the advantage of resources, who has the advantage of manufacturing, who has the advantage of war.

Seeing this clearly helps us to get rid of some kind of paradox: the more we understand the military system of our opponents, the more we worry about the gap in our military system. The more we recognize the gap, the more we want to learn to catch up with our opponents. The result is what the opponent has, I There is also something to be. In the end, I forced myself to a dead end with the strength of the opponent and the length of the opponent. How can this road lead us to “can fight, win and win”? Ancient and modern Chinese and foreign, whereever wins, all of them are short of my enemy, even if it is hard, it is the longest attack of my enemy. There is a winner who wins the enemy with the enemy. Moreover, winning the war in the future cannot be achieved at all costs. For China, there should be a requirement that is as important as victory. Weapons and equipment development and operational plan development must consider how to reduce costs. Never have anything for the opponent, we must have something. You can’t do it with the Dragon King, and you can’t become a local tyrant. You can’t compare it with the Dragon King. Today, we have some cognitive defects on how to win the overall war of local war under informatization conditions. We always consciously and unconsciously think that playing high-tech wars is a high-cost war, and we always want to compare costs with our competitors. And fight costs.

In fact, we can completely change the way of thinking, that is to take the low-cost route. There are no heavy aircraft carriers, there is no X37, there is no global fast strike system, the opponent does not care. It only cares if you can destroy its satellite system and lick its network system. After all, the tools and means of attacking satellite weapons and electromagnetic pulse bombs are not very expensive and scarce, and their effects will be low-cost and high-yield. We can’t help but fall into the arms race with our opponents because we are worried about the gap between ourselves and our opponents.

The Americans said in the “air-sea battle” concept that “we will drag China into the competition with us in this way, so that the Chinese will put more energy into the production of such missiles such as Dongfeng 21D. Then use a lot of bait and deception to force the Chinese to consume these weapons in a meaningful direction.” In this regard, someone in the country wrote an article reminding us that “we must prevent falling into the trap of the United States.” This is not wrong in itself, but it still belongs to only know one, and I don’t know the other. It is important to know that after such articles come out, it is very likely that our understanding will produce new deviations, because there are “trap traps (ie double traps)” in the above-mentioned American discourse. First, it attempts to lure the Chinese army into the trap of an arms race. If you compete with the US military, you will spend a lot of money and resources to follow the US military and not to surpass; secondly, if you realize that this is a trap and give up the competition, you will immediately fall into another trap: since giving up the arms race Waste martial arts. For China, if we are not willing to compete with our opponents and we are not willing to squander martial arts, what should we do? The conclusion is that we can only go our own way.

To develop our own strengths and develop the things that are most beneficial to me, it is best to use my strength and defeat the enemy. At least it must be my long, the enemy’s long. I can’t do it with my short enemy, and the enemy’s long enemy will not do the same. With the enemy’s long attacking enemy, you will never win.

Take a look at the main design of the “Air-Sea Battle”: the opening is to hit your space-based system, let you blind; then hit the “reconnaissance war”, let you call you; then come to officially start a regular battle with you.

Under such circumstances, what should we do? It is a passive move, the soldiers will block, the water will cover the earth, or will it be my strength, in exchange for low-cost means, in exchange for the opponent’s high-value goal? Of course, the latter. To do this, we must first have three capabilities:

The first is satellite anti-missile capability. This ability will lead to a serious reliance on informatized opponents, making them blind, defamatory, and dumb, so that they can only return to the level of World War II to compete with conventional forces.

The second is the ability to remotely play. You must ensure that you have the ability to sink high-priced targets like aircraft carriers. If such a high-priced target is sunk, it will seriously undermine the confidence of investors around the world against the opponent, so that the capital does not dare to invest in it again, resulting in a serious war financing dilemma for the opponent. This is the national weakness of the opponent’s combat planners who are not aware of it. The confidence of the sinking aircraft carrier in global investors will be a huge blow, which will interrupt the opponent’s global capital chain.

The third is that there must be a network space combat capability. Especially the ability to attack any network system of the opponent. If China and the powerful opponents are really fighting, you must demonstrate your ability and determination to attack and smash all of the grid system from the very beginning. This is a necessary way to contain war by deterrence.

The reason is always easier said than done. How to get the power of the network in the future war, or to offset the advantage of the opponent’s network warfare? It is necessary to make yourself technological progress. But what is more necessary is the progress of thinking. The long history of evolution proves that human beings are not always in a state of thought progress in the coordinate system of time. Degradation will happen from time to time. The degradation of thinking is sad, but consciously pull the pair back to the “old battlefield”, that is, to offset the opponent’s informational combat capability, so that the opponent’s technical advantage is lost, and thus with us to return to a certain historical stage of combat, At that time, it is a feasible idea to give full play to my own advantages.

(The author is a professor at the National Defense University)

Original Mandarin Chinese:



















Original Referring URL: http://www.81.cn/jkhc/2014-12/


How Chinese Cyber Warfare Rejects Foreign Intruders Focuses on National Security // 中國網絡戰如何拒絕外國入侵者關注國家安全

How Chinese Cyber Warfare Rejects Foreign Intruders Focuses on National Security //


In the information age, cybersecurity has taken the lead in national security. The Outline of the National Informatization Development Strategy emphasizes that it should actively adapt to the new changes in the national security situation, new trends in information technology development, and new requirements for strong military objectives, build an information security defense system, and comprehensively improve the ability to win localized information warfare. Cyberspace has become a new field that affects national security, social stability, economic development and cultural communication. Cyberspace security has become an important topic of increasing concern to the international community.

The United States has clearly declared that cyberspace is a new field of operations, and has significantly expanded its network command and combat forces to continue to focus on cyberspace weapons development. Since entering the summer, the US military network exercises have been one after another, and the invisible wars are filled with smoke. At the beginning of March, “Network Storm 5” took the lead in kicking off the drill; in April, “Network Aegis 2016” completed the fifth-generation upgrade; in June, “Network Defense” and “Network Capture” as the core re-installation of the annual joint exercise Debut.

The essence of network security lies in the ability to attack and defend both ends. Currently, static, isolated, passive defenses such as firewalls, intrusion detection technologies, and anti-virus software are difficult to effectively deal with organized high-intensity network attacks. To build a cyberspace security defense line, we need to get rid of the idea of ​​falling behind and win the counterattack on the defensive concept.

New “Thirty-six” mobile target defense

Increase the difficulty of attack by building a dynamic network

Network attacks require a certain amount of time to scan and research the target network, detect and utilize system “vulnerabilities” to achieve intrusion control purposes. In theory, the attacker has unlimited time to start the scanning and detecting work, and always find the weak point of defense, and finally achieve the purpose of the invasion. To this end, the network pioneer USA is committed to planning and deploying security defense transformation work, striving to break through the traditional defense concept and develop revolutionary technology that can “change the rules of the game”. Mobile target defense is one of them.

Mobile target defense is called the new paradigm of cyberspace security defense. The technical strategy is to construct a dynamic network through the processing and control of the protection target itself, increasing randomness and reducing predictability to improve the difficulty of attack. If the static cyberspace is likened to a constant “city defense deployment”, it is difficult to stick to it; and the dynamic network configuration can be called the ever-changing “eight squad”, which is difficult to crack. At present, mobile target defense technology has priority in various US government and military research, covering dynamic platform technology, dynamic operating environment technology, dynamic software and data technology. In August 2012, the US Army awarded Raytheon’s “Deformation Network Facility” project to study the dynamic adjustment and configuration of networks, hosts and applications in case the enemy could not detect and predict, thus preventing, delaying or blocking the network. attack.

As a new idea in the field of cyberspace security, mobile target defense reflects the technological development trend of future network defenses to turn “dead” networks into “live” networks.

The new “Thirty-six” honey cans deceive defense

Reduce cyberattack threats by consuming attacker resources

Conventional network security protection is mainly to defend against cyber attacks from the front. Although the defensive measures have made great progress, they have not changed the basic situation of cyberspace “easy to attack and defend”. In recent years, the development of “Honeypot Deception Defense” has proposed a new concept of “bypass guidance”, which is to reduce the threat of cyber attacks to the real protection target by absorbing network intrusion and consuming the resources of attackers, thereby winning time. Strengthen protection measures to make up for the shortcomings of the traditional cyberspace defense system.

Similar to the intentional setting of false positions on the battlefield, honeypot deception defense is to actively use the computer network with lower security defense level to lure all kinds of network attacks, monitor its attack means and attributes, and set corresponding defenses on the target system that needs to be protected. System to stop similar attacks. Honeypots can be divided into two types, product-type honeypots and research-type honeypots. The main purpose of the former is to “attract firepower” and reduce the pressure of defense. The latter is designed for research and acquisition of attack information. It is an intelligence gathering system that not only needs network attack resistance but also strives to monitor powerfully to capture the attack behavior data to the maximum extent.

In addition to the establishment of a virtual network environment attack and defense laboratory consisting of four sub-networks of gray, yellow, black and green, the US military has also carefully deployed a honeypot decoy system on the Internet. What is certain is that the network defense idea based on deception will be further emphasized, and the technical means to achieve deception will be more and more.

New “Thirty-six Meters” linkage synergy defense

Integrate multiple defense technologies to “reject enemy from outside the country”

At present, most of the security protection devices and defense technologies are “individually fighting”. The data between network protection nodes is difficult to share, and the protection technologies are not related. As a result, the current defense system is isolated and static, which cannot meet the increasingly complex network security situation. need. The original motivation of the US “Einstein Plan” was that all federal agencies had exclusive access to the Internet, making overall security difficult to guarantee. Through the collaborative linkage mechanism, the relatively independent security protection devices and technologies in the network are organically combined to complement each other and cooperate with each other to defend against various attacks. It has become an inevitable choice for the future development of cyberspace security defense.

Collaborative collaborative defense refers to the use of existing security technologies, measures and equipment to organically organize multiple security systems that are separated in time, spatially distributed, and work and interdependent, so that the entire security system can maximize its effectiveness. Vertically, it is the coordinated defense of multiple security technologies, that is, one security technology directly includes or links to another security technology through some communication method. For example, the “deep defense” mechanism adopted by the US Navy network defense system targets the core deployment layer protection measures, including flag-based attack detection, WAN security audit, vulnerability alert, etc., and the attacker must break through multiple defense layers to enter the system. Thereby reducing its attack success rate. When a node in the system is threatened, it can forward the threat information to other nodes in time and take corresponding protective measures to adjust and deploy the protection strategy.

In the past, individual combat operations have been unable to meet the needs of today’s network security defenses, and coordinated collaborative defense will leap into the mainstream of network security. Integrate a variety of defense technologies, establish an organized defense system, and “reject the enemy outside the country” to effectively prevent problems before they occur.

The optimal strategy defense of the new “Thirty-six”

Seeking a balance between cybersecurity risks and investments

The attacks in cyberspace are more and more complicated. The ideal network security protection is to protect all the weak or attack behaviors. However, from the perspective of defense resources limitation, it is obviously unrealistic to pursue absolute security defense. Based on the concept of “moderate security”, the optimal strategy defense is on the horizon.

Optimal policy defense can be understood as seeking a balance between cyber security risks and inputs, and using limited resources to make the most reasonable decision defense. As far as investment is concerned, even the strong United States is trying to build a collective defense system for cyberspace. The United States and Australia cyberspace defense alliance agreement, as well as the Japan-US network defense cooperation joint statement, its “share of results” behind the “cost sharing” shadow. From the perspective of risk, the pursuit of absolute security will adhere to the principle of safety supremacy. When formulating relevant strategic objectives and responding to threats, it is easy to ignore the limited and legitimacy of the resources and means available, and it is difficult to grasp the advance and retreat.

The optimal strategy defense is mainly focused on the “optimal” strategy of game theory, focusing on the research direction of cyberspace security assessment, cost analysis, security defense model construction and evolution. Applying the idea of ​​game theory to cyber attacks and defenses provides a new way to solve the problem of optimal defense decision-making.

The new “Thirty-six” intrusion tolerance defense

Create a “last line of defense” for cyberspace security

The threats to cyberspace are unpredictable, irresistible, and unpredictable. Protection can’t completely avoid system failure or even collapse. Traditional reliability theory and fault-tolerant computing technology are difficult to meet the actual needs, which has to consider more comprehensive and deeper problems than pure protection. In this context, a new generation of intrusion-tolerance defenses has received increasing attention.

Intrusion tolerance is the third-generation network security technology, which belongs to the category of information survival technology and is called the “last line of defense” for cyberspace security defense. Unlike traditional cybersecurity defenses, intrusion-tolerant defenses recognize the existence of vulnerabilities and assume that some of them may be exploited by attackers to attack the system. When the target of protection is attacked or even some parts have been destroyed or manipulated, the target system can “kill the tail” like a gecko to complete the healing and regeneration of the target system.

Intrusion-tolerance technology is no longer based on “defense”, but on how to reduce losses and recover as soon as the system has been damaged. However, intrusion tolerance is an emerging research field. Its cost, cost and benefit will be the next research direction.

Original Mandarin Chinese:


信息時代,網絡安全對國家安全牽一發而動全身。 《國家信息化發展戰略綱要》強調,積極適應國家安全形勢新變化、信息技術發展新趨勢和強軍目標新要求,構建信息安全防禦體系,全面提高打贏信息化局部戰爭能力。網絡空間已經成為影響國家安全、社會穩定、經濟發展和文化傳播的全新領域,網絡空間安全隨之成為國際社會日益關注的重要議題。

美國明確宣稱網絡空間為新的作戰領域,大幅擴編網絡司令部和作戰部隊,持續聚力網絡空間武器研發。進入夏季以來,美軍網絡演習接二連三,隱形戰火硝煙瀰漫。 3月初,“網絡風暴5”率先拉開演練戰幕;4月,“網絡神盾2016”完成第五代升級;6月,“網絡防衛”“網絡奪旗”作為年度聯合演習的核心重裝登場。





移動目標防禦被稱為網絡空間安全防禦新範式,技術策略上通過對防護目標本身的處理和控制,致力於構建一種動態的網絡,增加隨機性、減少可預見性,以提高攻擊難度。若將靜態的網絡空間比喻為一成不變的“城防部署”,勢難固守;而動態的網絡配置堪稱變幻無窮的“八卦陣”,難以破解。目前,移動目標防禦技術在美國政府和軍方各類研究中均享有優先權,涵蓋動態平台技術、動態運行環境技術、動態軟件和數據技術等方面。 2012年8月,美陸軍授予雷神公司“變形網絡設施”項目,主要研究在敵方無法探測和預知的情況下,對網絡、主機和應用程序進行動態調整和配置,從而預防、遲滯或阻止網絡攻擊。


















打造網絡空間安全 “最後一道防線”




Original Referring URL:  http://www.81.cn/jskj/2016-08/11/