Chinese Military Intent to Defeat US Military Cyber Forces Using the “Thirty-Six” Strategy of Cyber Warfare //
中國軍事意圖利用“三十六”網絡戰策略擊敗美國軍事網絡部隊
■ cyberspace is easy to attack and defend, traditional passive defense is difficult to effectively deal with organized high-intensity attacks
■ Improve network security, the defense side can not rely solely on the technology game, but also need to win the counterattack on the concept
The new “Thirty-six” of network security
■Chen Sen
Fisher
News reason
In the information age, cybersecurity has taken the lead in national security. The Outline of the National Informatization Development Strategy emphasizes that it should actively adapt to the new changes in the national security situation, new trends in information technology development, and new requirements for strong military objectives, build an information security defense system, and comprehensively improve the ability to win localized information warfare. Cyberspace has become a new field that affects national security, social stability, economic development and cultural communication. Cyberspace security has become an important topic of increasing concern to the international community.
The United States has clearly declared that cyberspace is a new field of operations, and has significantly expanded its network command and combat forces to continue to focus on cyberspace weapons development. Since entering the summer, the US military network exercises have been one after another, and the invisible wars are filled with smoke. At the beginning of March, “Network Storm 5” took the lead in kicking off the drill; in April, “Network Aegis 2016” completed the fifth-generation upgrade; in June, “Network Defense” and “Network Capture” as the core re-installation of the annual joint exercise Debut.
The essence of network security lies in the ability to attack and defend both ends. Currently, static, isolated, passive defenses such as firewalls, intrusion detection technologies, and anti-virus software are difficult to effectively deal with organized high-intensity network attacks. To build a cyberspace security defense line, we need to get rid of the idea of falling behind and win the counterattack on the defensive concept.
New “Thirty-six” mobile target defense
Increase the difficulty of attack by building a dynamic network
Network attacks require a certain amount of time to scan and research the target network, detect and utilize system “vulnerabilities” to achieve intrusion control purposes. In theory, the attacker has unlimited time to start the scanning and detecting work, and always find the weak point of defense, and finally achieve the purpose of the invasion. To this end, the network pioneer USA is committed to planning and deploying security defense transformation work, striving to break through the traditional defense concept and develop revolutionary technology that can “change the rules of the game”. Mobile target defense is one of them.
Mobile target defense is called the new paradigm of cyberspace security defense. The technical strategy is to construct a dynamic network through the processing and control of the protection target itself, increasing randomness and reducing predictability to improve the difficulty of attack. If the static cyberspace is likened to a constant “city defense deployment”, it is difficult to stick to it; and the dynamic network configuration can be called the ever-changing “eight squad”, which is difficult to crack. At present, mobile target defense technology has priority in various US government and military research, covering dynamic platform technology, dynamic operating environment technology, dynamic software and data technology. In August 2012, the US Army awarded Raytheon’s “Deformation Network Facility” project to study the dynamic adjustment and configuration of networks, hosts and applications in case the enemy could not detect and predict, thus preventing, delaying or blocking the network. attack.
As a new idea in the field of cyberspace security, mobile target defense reflects the technological development trend of future network defenses to turn “dead” networks into “live” networks.
The new “Thirty-six” honey cans deceive defense
Reduce cyberattack threats by consuming attacker resources
Conventional network security protection is mainly to defend against cyber attacks from the front. Although the defensive measures have made great progress, they have not changed the basic situation of cyberspace “easy to attack and defend”. In recent years, the development of “Honeypot Deception Defense” has proposed a new concept of “bypass guidance”, which is to reduce the threat of cyber attacks to the real protection target by absorbing network intrusion and consuming the resources of attackers, thereby winning time. Strengthen protection measures to make up for the shortcomings of the traditional cyberspace defense system.
Similar to the intentional setting of false positions on the battlefield, honeypot deception defense is to actively use the computer network with lower security defense level to lure all kinds of network attacks, monitor its attack means and attributes, and set corresponding defenses on the target system that needs to be protected. System to stop similar attacks. Honeypots can be divided into two types, product-type honeypots and research-type honeypots. The main purpose of the former is to “attract firepower” and reduce the pressure of defense. The latter is designed for research and acquisition of attack information. It is an intelligence gathering system that not only needs network attack resistance but also strives to monitor powerfully to capture the attack behavior data to the maximum extent.
In addition to the establishment of a virtual network environment attack and defense laboratory consisting of four sub-networks of gray, yellow, black and green, the US military has also carefully deployed a honeypot decoy system on the Internet. What is certain is that the network defense idea based on deception will be further emphasized, and the technical means to achieve deception will be more and more.
New “Thirty-six Meters” linkage synergy defense
Integrate multiple defense technologies to “reject enemy from outside the country”
At present, most of the security protection devices and defense technologies are “individually fighting”. The data between network protection nodes is difficult to share, and the protection technologies are not related. As a result, the current defense system is isolated and static, which cannot meet the increasingly complex network security situation. need. The original motivation of the US “Einstein Plan” was that all federal agencies had exclusive access to the Internet, making overall security difficult to guarantee. Through the collaborative linkage mechanism, the relatively independent security protection devices and technologies in the network are organically combined to complement each other and cooperate with each other to defend against various attacks. It has become an inevitable choice for the future development of cyberspace security defense.
Collaborative collaborative defense refers to the use of existing security technologies, measures and equipment to organically organize multiple security systems that are separated in time, spatially distributed, and work and interdependent, so that the entire security system can maximize its effectiveness. Vertically, it is the coordinated defense of multiple security technologies, that is, one security technology directly includes or links to another security technology through some communication method. For example, the “deep defense” mechanism adopted by the US Navy network defense system targets the core deployment layer protection measures, including flag-based attack detection, WAN security audit, vulnerability alert, etc., and the attacker must break through multiple defense layers to enter the system. Thereby reducing its attack success rate. When a node in the system is threatened, it can forward the threat information to other nodes in time and take corresponding protective measures to adjust and deploy the protection strategy.
In the past, individual combat operations have been unable to meet the needs of today’s network security defenses, and coordinated collaborative defense will leap into the mainstream of network security. Integrate a variety of defense technologies, establish an organized defense system, and “reject the enemy outside the country” to effectively prevent problems before they occur.
The optimal strategy defense of the new “Thirty-six”
Seeking a balance between cybersecurity risks and investments
The attacks in cyberspace are more and more complicated. The ideal network security protection is to protect all the weak or attack behaviors. However, from the perspective of defense resources limitation, it is obviously unrealistic to pursue absolute security defense. Based on the concept of “moderate security”, the optimal strategy defense is on the horizon.
Optimal policy defense can be understood as seeking a balance between cyber security risks and inputs, and using limited resources to make the most reasonable decision defense. As far as investment is concerned, even the strong United States is trying to build a collective defense system for cyberspace. The United States and Australia cyberspace defense alliance agreement, as well as the Japan-US network defense cooperation joint statement, its “share of results” behind the “cost sharing” shadow. From the perspective of risk, the pursuit of absolute security will adhere to the principle of safety supremacy. When formulating relevant strategic objectives and responding to threats, it is easy to ignore the limited and legitimacy of the resources and means available, and it is difficult to grasp the advance and retreat.
The optimal strategy defense is mainly focused on the “optimal” strategy of game theory, focusing on the research direction of cyberspace security assessment, cost analysis, security defense model construction and evolution. Applying the idea of game theory to cyber attacks and defenses provides a new way to solve the problem of optimal defense decision-making.
The new “Thirty-six” intrusion tolerance defense
Create a “last line of defense” for cyberspace security
The threats to cyberspace are unpredictable, irresistible, and unpredictable. Protection can’t completely avoid system failure or even collapse. Traditional reliability theory and fault-tolerant computing technology are difficult to meet the actual needs, which has to consider more comprehensive and deeper problems than pure protection. In this context, a new generation of intrusion-tolerance defenses has received increasing attention.
Intrusion tolerance is the third-generation network security technology, which belongs to the category of information survival technology and is called the “last line of defense” for cyberspace security defense. Unlike traditional cybersecurity defenses, intrusion-tolerant defenses recognize the existence of vulnerabilities and assume that some of them may be exploited by attackers to attack the system. When the target of protection is attacked or even some parts have been destroyed or manipulated, the target system can “kill the tail” like a gecko to complete the healing and regeneration of the target system.
Intrusion-tolerance technology is no longer based on “defense”, but on how to reduce losses and recover as soon as the system has been damaged. However, intrusion tolerance is an emerging research field. Its cost, cost and benefit will be the next research direction.
Related Links–
Network attack and defense
“Shenzhen”: the pioneer of network physics warfare
In August 2010, Iran built the Bushehr nuclear power plant with the help of Russia. However, the nuclear power plant, which was scheduled to be put into operation in October of that year, was postponed several times. A year later, according to media reports, it was caused by a computer network virus attack of unknown source. More than 30,000 computers were “in the middle”. Thousands of centrifuges in Natans were scrapped. The newly capped Bushehr nuclear power plant had to be taken out. Nuclear fuel was delayed and the Iranian nuclear development plan was forced to shelve. This virus, later named “Shenzhen”, pioneered the control and destruction of entities through the network.
“Flame”: the most powerful spy in history
Network intelligence activities are the most active part of the cyberspace strategy game and security struggle. In 2012, a large amount of data from the Iranian oil sector was stolen and cleared, making it impossible for oil production and exports to function properly. In order to avoid continuing to create hazards, Iran was urgently disconnected from the network of the oil facilities on the Halk Island near the Gulf. After a large-scale investigation, a new virus emerged, which later appeared in the “flame” virus in Israel, Palestine and other Middle Eastern countries. The “Flame” virus combines the three characteristics of worms, backdoors and Trojans. It combines the interception of screen images, recording audio dialogues, intercepting keyboard input, and stealing Bluetooth devices. It has become a new type of electronic company that steals secret information from other countries. spy”.
“Shut”: System breaks
In 2007, in order to kill the Syrian nuclear program in the bud, 18 F-16 fighters of the 69th Fighter Squadron of the Israeli Air Force quietly broke through the advanced Russian “Dor”-M1 air defense deployed by Syria on the Syrian-Israeli border. The system carried out precise bombing of a nuclear facility about 100 kilometers west of the Syrian-Israeli border and about 400 kilometers northeast of Damascus, and returned safely from the original road.
According to the disclosure, the “Orchard Action” has made the US “Shuter” attack system shine. “Shut” invaded by remote radio, 瘫痪 radar, radio communication system, is the “behind the scenes” to make the Syrian air defense system in a state of failure. As a new type of network power attack system for networked weapon platforms and networked information systems, “Shut” represents the development trend of military technology and combat methods, and is bound to bring a new war landscape.
“Shadow Network”: Invisible Internet
The complicated situation of ideological struggle caused by the Internet has created an alternative channel for information penetration and “colonization” of thought. In the “Jasmine Revolution” in North Africa and the “Arab Spring” in the Middle East, there are “shadow networks”.
A ghost-like “shadow network” can bypass the traditionally regulated Internet, form an invisible and independent wireless local area network, realize mutual information communication, and access the Internet at any time as needed, and access the network resources “unrestricted”. The New York Times disclosed that the US State Department and the Pentagon have invested heavily in building an independent system in Afghanistan and using a launch tower located in the military camp to transmit signals to protect them from Taliban militants. Subsequently, an “invisible communication system” was established in Iran, Syria and Libya to help local anti-government organizations to communicate with each other or with the outside world.
“X Plan”: To control the network battlefield
Foreign media revealed that the Pentagon is building a 22nd century war plan, the “X Plan.” The “X Plan” is dedicated to building an advanced global computer map. With this “network map” that can be continuously updated and updated, the US military can easily lock the target and make it embarrassing. “If this plan is completed, the US military will be able to control the network battlefield as it controls the traditional battlefield.”
It is not difficult to foresee that after the deployment of the “X Plan”, it is definitely not just “get rid of the constraints of the keyboard”, but also enables situational awareness and cyber attacks on a global scale.
Original Mandarin Chinese
■網絡空間易攻難守,傳統的被動式防禦難以有效應對有組織的高強度攻擊
■提高網絡安全性,防禦一端不能只靠技術博弈,還需打贏理念上的反擊戰
網絡安全之新“三十六計”
■陳 森
點擊進入下一頁
費雪 繪
新聞緣由
信息時代,網絡安全對國家安全牽一發而動全身。 《國家信息化發展戰略綱要》強調,積極適應國家安全形勢新變化、信息技術發展新趨勢和強軍目標新要求,構建信息安全防禦體系,全面提高打贏信息化局部戰爭能力。網絡空間已經成為影響國家安全、社會穩定、經濟發展和文化傳播的全新領域,網絡空間安全隨之成為國際社會日益關注的重要議題。
美國明確宣稱網絡空間為新的作戰領域,大幅擴編網絡司令部和作戰部隊,持續聚力網絡空間武器研發。進入夏季以來,美軍網絡演習接二連三,隱形戰火硝煙瀰漫。 3月初,“網絡風暴5”率先拉開演練戰幕;4月,“網絡神盾2016”完成第五代升級;6月,“網絡防衛”“網絡奪旗”作為年度聯合演習的核心重裝登場。
網絡安全的本質在於攻防兩端能力較量,目前依賴防火牆、入侵檢測技術和反病毒軟件等靜態的、孤立的、被動式防禦難以有效應對有組織的高強度網絡攻擊。構築網絡空間安全防線,需要革除落伍思想,打贏防禦理念上的反擊戰。
新“三十六計”之移動目標防禦
通過構建動態網絡增加攻擊難度
網絡攻擊行動均需要一定的時間用於掃描和研究目標網絡,探測並利用系統“漏洞”,達到入侵控制目的。從理論上說,攻擊者有無限的時間展開掃描探測工作,總能找到防禦薄弱點,最終達成入侵目的。為此,網絡先行者美國致力於籌劃和部署安全防禦轉型工作,力求突破傳統防禦理念,發展能“改變遊戲規則”的革命性技術,移動目標防禦即是其中之一。
移動目標防禦被稱為網絡空間安全防禦新範式,技術策略上通過對防護目標本身的處理和控制,致力於構建一種動態的網絡,增加隨機性、減少可預見性,以提高攻擊難度。若將靜態的網絡空間比喻為一成不變的“城防部署”,勢難固守;而動態的網絡配置堪稱變幻無窮的“八卦陣”,難以破解。目前,移動目標防禦技術在美國政府和軍方各類研究中均享有優先權,涵蓋動態平台技術、動態運行環境技術、動態軟件和數據技術等方面。 2012年8月,美陸軍授予雷神公司“變形網絡設施”項目,主要研究在敵方無法探測和預知的情況下,對網絡、主機和應用程序進行動態調整和配置,從而預防、遲滯或阻止網絡攻擊。
作為網絡空間安全領域的新思路,移動目標防禦反映了未來網絡防禦將“死”網絡變成“活”網絡的技術發展趨勢。
新“三十六計”之蜜罐誘騙防禦
通過消耗攻擊者的資源減少網絡攻擊威脅
常規的網絡安全防護主要是從正面抵禦網絡攻擊,雖然防禦措施取得了長足進步,但仍未能改變網絡空間“易攻難守”的基本局面。近年來發展的“蜜罐誘騙防禦”則提出了一個“旁路引導”的新理念,即通過吸納網絡入侵和消耗攻擊者的資源來減少網絡攻擊對真正要防護目標的威脅,進而贏得時間以增強防護措施,彌補傳統網絡空間防禦體系的不足。
與戰場上有意設置假陣地相仿,蜜罐誘騙防禦是主動利用安全防禦層級較低的計算機網絡,引誘各類網絡攻擊,監測其攻擊手段和屬性,在真正需要做防護的目標系統上設置相應防禦體系,以阻止類似攻擊。蜜罐可分為兩種類型,即產品型蜜罐和研究型蜜罐。前者主要目的是“吸引火力”,減輕防禦壓力,後者則為研究和獲取攻擊信息而設計,堪稱情報蒐集系統,不僅需要網絡耐攻擊而且力求監視能力強大,以最大限度捕獲攻擊行為數據。
美軍除了建立由灰網、黃網、黑網、綠網4個子網絡組成的虛擬網絡環境攻防實驗室外,還在國際互聯網上精心部署有蜜罐誘騙系統。可以肯定的是,基於誘騙的網絡防禦思想將被進一步重視,實現誘騙的技術途徑也將會越來越多。
新“三十六計”之聯動協同防禦
整合多種防禦技術“拒敵於國門之外”
目前的安全防護設備和防禦技術大都是“各自為戰”,網絡防護節點間的數據難共享,防護技術不關聯,導致目前的防禦體係是孤立和靜態的,已不能滿足日趨複雜的網絡安全形勢需要。美國“愛因斯坦計劃”最初的動因就在於各聯邦機構獨享互聯網出口,使得整體安全性難以保障。通過協同聯動機制把網絡中相對獨立的安全防護設備和技術有機組合起來,取長補短,互相配合,共同抵禦各種攻擊,已成為未來網絡空間安全防禦發展的必然選擇。
聯動協同防禦是指利用現有安全技術、措施和設備,將時間上分離、空間上分佈而工作上又相互依賴的多個安全系統有機組織起來,從而使整個安全系統能夠最大程度地發揮效能。縱向上,是多個安全技術的聯動協同防禦,即一種安全技術直接包含或是通過某種通信方式鏈接另一種安全技術。如美國海軍網絡防禦體係採用的“縱深防禦”機制,針對核心部署層層防護措施,包括基於標誌的攻擊檢測、廣域網安全審計、脆弱性警報等,攻擊方須突破多個防禦層才能進入系統,從而降低其攻擊成功率。當系統中某節點受到威脅時,能夠及時將威脅信息轉發給其他節點並採取相應防護措施,進行一體化調整和部署防護策略。
昔日的單兵作戰已不能適應當今網絡安全防禦的需要,聯動協同防禦將躍升為網絡安全領域的主流。整合多種防禦技術,建立有組織性的防禦體系,“拒敵於國門之外”才能有效防患於未然。
新“三十六計”之最優策略防禦
在網絡安全風險和投入之間尋求一種均衡
網絡空間的攻擊越來越複雜,理想的網絡安全防護當然是對所有的弱項或攻擊行為都做出對應的防護,但是從防禦資源限制等情況考慮,追求絕對安全的防禦顯然是不現實的。基於“適度安全”的理念,最優策略防禦呼之欲出。
最優策略防禦可以理解為在網絡安全風險和投入之間尋求一種均衡,利用有限的資源做出最合理決策的防禦。就投入而言,即便是實力雄厚的美國,也是盡量打造網絡空間集體防禦體系。美國與澳大利亞網絡空間防禦同盟協定,以及日美網絡防禦合作聯合聲明,其“成果共享”背後亦有“成本分攤”的影子。從風險角度看,對絕對安全的追求將會秉持安全至上原則,在製定相關戰略目標和對威脅作出反應時,易忽視所擁有資源和手段的有限性、合法性,難以掌握進退。
最優策略防禦主要圍繞博弈論的策略“最優”而展開,集中在網絡空間安全測評、代價分析、安全防禦模型構建與演化等研究方向上。將博弈論的思想應用到網絡攻擊和防禦中,為解決最優防禦決策等難題研究提供了一種新思路。
新“三十六計”之入侵容忍防禦
打造網絡空間安全 “最後一道防線”
網絡空間面臨的威脅很多是不可預見、無法抗拒和防不勝防的,防護再好也不能完全避免系統失效甚至崩潰的發生。傳統的可靠性理論和容錯計算技術難以滿足實際需要,這就不得不思考比單純防護更全面、更深層次的問題。在此背景下,新一代入侵容忍防禦愈發受到重視。
入侵容忍是第三代網絡安全技術,隸屬於信息生存技術的範疇,被稱作是網絡空間安全防禦“最後一道防線”。與傳統網絡安全防禦思路不同,入侵容忍防禦承認脆弱點的存在,並假定其中某些脆弱點可能會被攻擊者利用而使系統遭到攻擊。防護目標在受到攻擊甚至某些部分已被破壞或被操控時,防護目標系統可以像壁虎一樣“斷尾求生”,完成目標系統的癒合和再生。
入侵容忍技術不再以“防”為主,而是重在系統已遭破壞的情況下如何減少損失,盡快恢復。但入侵容忍畢竟是一個新興研究領域,其成本、代價、效益等將是下一步的研究方向。
相關鏈接——
各顯其能的網絡攻防戰
“震網”:網絡物理戰先驅
點擊進入下一頁
2010年8月,伊朗在俄羅斯幫助下建成布什爾核電站,但這座計劃於當年10月正式發電運轉的核電站,卻多次推遲運行。一年後,據媒體揭秘,是因為遭到來源不明的計算機網絡病毒攻擊,超過3萬台電腦“中招”,位於納坦斯的千台離心機報廢,剛封頂的布什爾核電站不得不取出核燃料並延期啟動,伊朗核發展計劃則被迫擱置。這種後來被冠名為“震網”的病毒,開創了通過網絡控制並摧毀實體的先河。
“火焰”:史上最強大間諜
點擊進入下一頁
網絡情報活動,是網絡空間戰略博弈和安全斗爭最活躍的部分。 2012年,伊朗石油部門大量數據失竊並遭到清除,致使其無法正常進行石油生產和出口。為避免繼續製造危害,伊朗被迫切斷了海灣附近哈爾克島石油設施的網絡連接。大規模的調查後,一種新的病毒浮出水面,即後來又現身於以色列、巴勒斯坦等中東國家的“火焰”病毒。 “火焰”病毒兼具蠕蟲、後門和木馬三重特點,集截取屏幕畫面、記錄音頻對話、截獲鍵盤輸入、偷開藍牙設備等多種數據盜竊功能於一身,成為專門竊取他國機密情報的新型“電子間諜”。
“舒特”:體系破擊露鋒芒
點擊進入下一頁
2007年,為將敘利亞核計劃扼殺於萌芽之中,以色列空軍第69戰鬥機中隊的18架F-16戰機,悄無聲息地突破敘利亞在敘以邊境部署的先進俄製“道爾”-M1防空系統,對敘以邊境以西約100千米、大馬士革東北部約400千米的一處核設施實施精確轟炸,並從原路安全返回。
據披露,讓“果園行動”大放異彩的是美軍“舒特”攻擊系統。 “舒特”通過遠程無線電入侵,癱瘓雷達、無線電通信系統,是使敘防空系統處於失效狀態的“幕後真兇”。作為針對組網武器平台及網絡化信息系統的新型網電攻擊系統,“舒特”代表著軍事技術和作戰方式的發展趨勢,勢必將帶來全新戰爭景觀。
“影子網絡”:隱形國際互聯網
點擊進入下一頁
國際互聯網導致意識形態鬥爭的複雜局面,造成了信息滲透、思想“殖民”的另類通道。在北非“茉莉花革命”和中東“阿拉伯之春”中,均有“影子網絡”踪跡。
像幽靈一樣的“影子網絡”可繞過傳統監管的互聯網,形成隱形和獨立的無線局域網,實現相互間信息溝通,一旦需要又可隨時接入國際互聯網,“不受限制”地訪問網絡資源。 《紐約時報》披露稱,美國國務院和五角大樓斥巨資在阿富汗建造了獨立的系統,並利用設在軍營內的發射塔傳遞信號,以免遭塔利班武裝分子破壞。隨後在伊朗、敘利亞和利比亞設立“隱形通訊系統”,幫助當地反政府組織相互聯繫或與外界溝通。
“X計劃”:欲掌控網絡戰場
點擊進入下一頁
外媒披露,五角大樓正在打造一項22世紀的戰爭計劃,即“X計劃”。 “X計劃”致力於建立先進的全球計算機分佈圖,有了這張能夠不斷升級更新的“網絡地圖”,美軍就可以輕易鎖定目標令其癱瘓。 “如果完成了這個計劃,美軍將能夠像控制傳統戰場那樣控製網絡戰場。”
不難預見,“X計劃”部署後,絕對不只是“擺脫鍵盤的束縛”,更可以實現在全球範圍內進行態勢感知和網絡攻擊。
Original Referring URL: http://www.chinanews.com/mil/2016/08-11/
