Tag Archives: #China #Cyber #Warfare #Information #Dominance

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

Table of Contents

    Chapter 1 General Provisions

Chapter 2 Network Security Support and Promotion

Chapter 3 Network Operation Safety

Section 1 General Provisions

SECTION 2: Operational safety of key information infrastructures

Chapter 4 Network Information Security

Chapter 5 Monitoring Early Warning and Emergency Handling

Chapter VI Legal Liability

Chapter VII Supplementary Provisions

Chapter 1 General Provisions

The first order to protect network security , safeguard cyberspace sovereignty and national security , public interests , protection of citizens , legal persons and other organizations , to promote the healthy development of economic and social information , this law is enacted .

Article in the territory of People’s Republic of China construction , operation , maintenance and use of the network , as well as supervision and management of network security , this Law shall apply .

Third countries adhere to both network security and information technology development , follow the active use , scientific development , according to management , to ensure the safety policy , promote the network infrastructure construction and interoperability , to encourage innovation and application of network technology , to support the development of network security personnel , Establish and improve the network security system , improve network security protection .

Article 4 The State shall formulate and continuously improve the network security strategy , clearly define the basic requirements and main objectives of the network security , and put forward the network security policies , tasks and measures in the key areas .

Article 5 The State shall take measures to monitor , defend and dispose of network security risks and threats arising from the territory of the People’s Republic of China , protect the critical information infrastructure from attack , intrusion , interference and destruction , punish the network for criminal activities and maintain the network Space security and order .

Article 6 The State shall promote the network behavior of honesty and trustworthiness , health and civilization , promote the dissemination of socialist core values , and take measures to raise the awareness and level of cybersecurity in the whole society and form a favorable environment for the whole society to participate in promoting network security .

Article VII countries active in cyberspace governance , network technology research and standards development , the fight against international exchange and cooperation network and other crimes , to promote the building of peace , security , open , cooperative cyberspace , multilateral , democratic , transparent network Governance system .

Article VIII of the National Network Information Department is responsible for co-ordination network security and related supervision and administration . State Council department in charge of telecommunications , public security departments and other relevant authorities in accordance with this Law and other relevant laws , administrative regulations , responsible for network security and supervision and administration within their respective areas of responsibility .

Local people’s governments above the county level of network security and regulatory functions , determined in accordance with relevant state regulations .

Article IX network and service operators to carry out business activities , must abide by laws , administrative regulations , respect social ethics , abide by business ethics , honesty and credit , fulfill the obligation to protect network security , and accept the supervision of government and society , social responsibility .

Article X build , operate or provide network services through a network , it should be in accordance with laws , regulations and national standards and administrative regulations of mandatory requirements , technical measures and other necessary measures , to ensure network security , stable operation , to effectively deal with network security incidents , Prevent cyber criminal activities , maintain the integrity of network data , confidentiality and usability .

Article XI  network-related industry organizations accordance with the constitution , strengthen self-discipline , to develop guidelines for network security behavior , guide members to strengthen network security , increase network security levels , and promote the healthy development of the industry .

Article XII of  the State protection of citizens , legal persons and other organizations the right to use the network in accordance with law , the promotion of universal access network , improve network service levels , and provide safe , convenient network services , to protect the free flow of network information according to law and orderly .

Any person and organization using the network should abide by the constitutional law , abide by the public order , respect social morality , not endanger the network security , shall not use the network to endanger national security , honor and interests , incite subversion of state power , overthrow the socialist system , incitement to split the country , The destruction of national unity , the promotion of terrorism , extremism , the promotion of national hatred , ethnic discrimination , the dissemination of violence , obscene pornography , fabricating and disseminating false information to disrupt economic order and social order , and infringe upon the reputation , privacy , intellectual property and other legitimate rights and interests of others And other activities .

Article XIII  countries to support research and development is conducive to healthy growth of minors networking products and services , punishing minors using the Internet to endanger physical and mental health activities according to law , to provide security for minors , healthy network environment .

Article 14  Any individual or organization shall have the right to report to the network , telecommunications , public security and other departments that are harmful to the safety of the Internet . The department that receives the report shall handle it in a timely manner and if it does not belong to the duties of the department , it shall promptly transfer the department to be handled .

The relevant departments shall keep the relevant information of the whistleblower and protect the legitimate rights and interests of the whistleblower .

Chapter 2 Network Security Support and Promotion

Article 15 The  State shall establish and improve the network security standard system . The department in charge of standardization of the State Council and other relevant departments under the State Council shall, in accordance with their respective duties , organize and formulate and revise the national standards and industry standards for network security management and network products , services and operation safety .

National support enterprises , research institutions , colleges and universities , network-related industry organizations to participate in network security national standards , industry standards .

Article 16 The   State Council and the people’s governments of provinces , autonomous regions and municipalities directly under the Central Government shall make overall plans , increase investment , support key network security technology industries and projects , support the research and development and application of network security technology , promote safe and reliable network products and services , Protection of network technology intellectual property rights , support enterprises , research institutions and colleges and universities to participate in national network security technology innovation projects .

Article 17 The   State shall promote the construction of a social security service system for network security and encourage the relevant enterprises and institutions to carry out safety services such as network security certification , testing and risk assessment .

Article 18 The   State encourages the development of network data security protection and utilization technology to promote the opening of public data resources and promote technological innovation and economic and social development .

State support innovative network security management , the use of new network technologies , enhance network security level .

Article XIX   governments at all levels and relevant departments should organize regular network security education , and guidance , and urge the relevant units to do network safety publicity and education work .

The mass media should be targeted to the community for network security publicity and education .

Article 20 The  State shall support enterprises and institutions of higher education , vocational schools and other educational and training institutions to carry out network safety-related education and training , and adopt a variety of ways to train network security personnel and promote the exchange of network security personnel .

Chapter 3 Network Operation Safety

Section 1 General Provisions

Article 21 The  State shall implement a system of network security protection . Network operators should be in accordance with the requirements of the network security level protection system , perform the following security obligations , to protect networks from interference , damage or unauthorized access , preventing data leakage or stolen , tampered with :

( 1 ) to formulate internal safety management systems and operating procedures , to determine the network security responsible person , the implementation of network security protection responsibility ;

( 2 ) to take precautions against computer viruses and network attacks , network intrusion and other hazards of network security behavior of technical measures ;

( 3 ) to take technical measures to monitor and record the operation status of the network and the network security incident , and to keep the relevant network log in accordance with the regulations for not less than six months ;

( D ) to take data classification , important data backup and encryption and other measures ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 22 The  network products and services shall conform to the mandatory requirements of the relevant national standards . Network products , service providers may not set up malicious programs ; found their network products , services, security defects , loopholes and other risks , should immediately take remedial measures , in accordance with the provisions of the timely notification of the user and report to the relevant authorities .

The providers of network products and services shall provide continuous maintenance of their products and services ; they shall not terminate the provision of safety maintenance within the time limit prescribed by the parties or the parties .

Network products , services with the collection of user information function , the provider should be clear to the user and obtain consent ; involving the user’s personal information , but also should comply with this law and the relevant laws and administrative regulations on personal information protection requirements .

Article 23 The  network of key equipment and network security specific products should be in accordance with national standards of mandatory requirements , qualified by the agency safety certification or qualified safety testing to meet the requirements after , before they sell or provide . The State Network letter department in conjunction with the relevant departments of the State Council to develop and publish network key equipment and network security products directory , and promote safety certification and safety testing results mutual recognition , to avoid duplication of certification , testing .

Article 24 The  network operator shall handle the services such as network access , domain name registration service , fixed telephone and mobile telephone , or provide services such as information release and instant messaging , and enter into an agreement with the user or confirm the service when , should be required to provide true user identity information . If the user does not provide the true identity information , the network operator shall not provide the relevant service .

National implementation trusted identity network strategy , to support research and development of safe , convenient electronic authentication technology , to promote mutual recognition between different electronic authentication .

Article 25  network operators shall develop network security emergency response plan , timely disposal system vulnerabilities , computer viruses , network attacks , security risks and other network intrusions ; in the event of the occurrence of the harm network security , immediately launched the emergency plan , take the appropriate remedial measures , and report to the relevant authorities in accordance with the provisions .

Article 26   to carry out certification of network security , detection , risk assessment and other activities , released to the public system vulnerabilities , computer viruses , network attacks , network intrusions and other network information security , should comply with the relevant provisions of the State .

Article 27   No individual or organization may not engage in illegal intrusion into networks of others , interfere with the normal function of the network of others , active network data theft and other hazards network security ; not provide specifically for the network in the invasion , interfere with the normal function of the network and protective measures , theft Network data and other activities that endanger the network security activities , tools ; knowing that others engaged in activities that endanger network security , not to provide technical support , advertising , payment and settlement help .

Article 28 The   network operators shall provide technical support and assistance to the public security organs and the state security organs to safeguard the national security and the investigation of crimes according to law .

Article 29 The   State supports between network operators to collect information on network security , analysis , reporting and emergency response and other aspects of cooperation , to improve the security capabilities of network operators .

Relevant industry organizations to establish and improve network security norms and mechanisms for cooperation in this sector , to strengthen the analysis and evaluation of network security risks , regularly risk warning to the members , to support , to assist members to deal with network security risks .

Article 30   Network and Information Department and relevant information acquired in the performance of network security protection responsibilities , only for the need to maintain network security , shall not be used for other purposes .

SECTION 2: Operational safety of key information infrastructures

Article 31 The   state public communication and information services , energy , transportation , water conservancy , finance , public services , e-government and other important industries and fields , as well as other once destroyed , the loss of functionality or data leakage , could seriously endanger national security , people’s livelihood , the critical information infrastructure of public interest , on the basis of network security protection system on , special protection . The specific scope and safety protection of key information infrastructure shall be formulated by the State Council .

The country encourages network operators outside key information infrastructures to participate voluntarily in critical information infrastructure protection systems .

Article 32  in accordance with the division of duties prescribed by the State Council , responsible for the protection of critical information infrastructure security departments are working to formulate and implement the industry , the art of critical information infrastructure security planning , guidance and supervision of the safe operation of critical information infrastructure protection Work .

Article 33 The   construction of the critical information infrastructure to support business should ensure it has a stable , continuous operation performance , and technical measures to ensure the safety synchronized planning , simultaneous construction , simultaneous use .

Article 34   In addition to the provisions of Article 21 of this Law , critical information infrastructure operators shall perform the following security obligations :

( A ) set up a special safety management and safety management agency in charge of people , and the negative security background screening of responsibility and the key staff positions ;

( 2 ) regularly carry out network security education , technical training and skills assessment for employees ;

( Iii ) disaster recovery of critical systems and databases ;

( D ) the development of network security incident contingency plans , and regular exercise ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 35 Where  a operator of a key information infrastructure purchases a network of products and services that may affect the safety of the State , it shall pass the national security review organized by the State Network Department in conjunction with the relevant departments of the State Council .

Article 36 of   the critical information infrastructure of network operators purchasing products and services , shall sign a confidentiality agreement with the security provider in accordance with the provisions , clear security and confidentiality obligations and responsibilities .

Article 37  Personal information and important data collected and produced by operators of key information infrastructure operators in the territory of the People’s Republic of China shall be stored in the territory . Due to business needs , do need to provide to the outside , should be in accordance with the State Network letter department in conjunction with the relevant departments of the State Council to develop a safety assessment ; laws and administrative regulations otherwise provided , in accordance with its provisions .

Article 38   critical information infrastructure operator shall himself or entrust their network security services and the possible risk of network security test and evaluation carried out at least once a year , and will assess the situation and improve the detection measures submitted to the responsible Key information Infrastructure Security protection work .

Article 39 The   State Network Letters shall coordinate the relevant departments to take the following measures for the protection of key information infrastructures :

( A ) the security risk of critical information infrastructure will be random testing , suggest improvements , can be entrusted network security services when necessary for the existence of network security risk assessment to detect ;

( 2 ) to organize the operators of key information infrastructures on a regular basis to conduct network security emergency drills to improve the level and coordination capability of responding to network security incidents ;

( 3 ) to promote the sharing of network security information between the relevant departments and operators of key information infrastructures and relevant research institutions and network security services ;

( Four ) emergency response network security incidents and recovery network functions, etc. , to provide technical support and assistance .

Chapter 4 Network Information Security

Article 40  network operators should collect information on its users strictly confidential , and establish and improve the user information protection system .

Article 41 Where a  network operator collects or uses personal information , it shall follow the principles of lawfulness , reason and necessity , publicly collect and use the rules , expressly collect and use the purpose , manner and scope of the information and agree with the collectors .

Services unrelated to the personal information of the network operator shall not collect its offer , shall not violate laws , administrative regulations and bilateral agreements to collect , use of personal information , and shall be in accordance with laws , administrative regulations and the agreement with the user , process save Of personal information .

Article 42   network operators shall not be disclosed , tampering , destruction of personal information it collects ; without the consent of the collectors , may not provide personal information to others . However , except that processing does not recognize a particular person and can not be recovered .

The network operator shall take technical measures and other necessary measures to ensure that the personal information collected by it is safe to prevent leakage , damage and loss of information . Or may occur in the event of leakage of personal information , damage , time lost the case , it should take immediate remedial measures , in accordance with the provisions promptly inform the user to the relevant competent authorities report .

Article 43   personal discovery network operators violate laws , administrative regulations or bilateral agreements to collect , use their personal information , the right to require network operators to delete their personal information ; find network operators to collect , store their personal The information is wrong , the right to require the network operator to be corrected . The network operator should take action to remove or correct it .

Article 44   No individual or organization may steal or acquire personal information in any other illegal manner and may not illegally sell or illegally provide personal information to others .

Article 45 The   departments and their staff members with network security supervision and administration according to law , must be aware of personal information in carrying out their duties , privacy and trade secrets strictly confidential , shall not disclose , sell or illegally available to others .

Article 46   No individual or organization shall be responsible for the use of network behavior , not set up to commit fraud , to teach criminal methods , production or sale of prohibited items , sites illegal and criminal activities of controlled items, etc. , communication groups , should not be used Internet publishing involves the implementation of fraud , the production or sale of prohibited items , control of goods and other criminal activities of the information .

Article 47   network operators should strengthen the management of information published by its users , we found that laws , administrative regulations prohibit the release or transfer of information , should immediately stop the transmission of the information , to take measures to eliminate the disposal, etc. , to prevent the diffusion of information , save The relevant records and report to the relevant authorities .

Article 48  electronic information sent by any individual and organization , application software provided , shall set up a malicious program , shall not contain laws , administrative regulations prohibit the release or transfer of information .

Send electronic information service providers and application software download service provider , shall perform the safety management obligations , know that the user is under the aforesaid acts , it should stop providing services , to take measures to eliminate the disposal, etc. , keep the relevant records , and the relevant authorities Report .

Article 49 The  network operators shall establish information such as complaints and reporting systems for network information security , announce complaints and report methods, and promptly accept and handle complaints and reports on the security of network information .

Supervision and inspection network operators to network and Information Department and relevant departments according to law , shall cooperate .

Article 50   National Grid and other departments concerned to fulfill the letter of network information security supervision and administration according to law , found legal , information and administrative regulations prohibit the release or transfer , should be required to stop the transmission network operator , to take measures to eliminate the disposal, etc. , keep the relevant records ; the above information comes from outside the People’s Republic of China , it shall notify the relevant agencies to take technical measures and other necessary measures to interrupt transmission .

Chapter 5 Monitoring Early Warning and Emergency Handling

Article 51 The   State shall establish a network security monitoring and early warning and information communication system . The national network letter department should coordinate the relevant departments to strengthen the network security information collection , analysis and notification work , in accordance with the provisions of unified release of network security monitoring and early warning information .

Article 52   is responsible for critical information infrastructure security affairs , shall establish and improve the industry , network security monitoring and early warning and communications systems in the art , and network security monitoring and early warning information submitted in accordance with the provisions .

Article 53   National Grid and Information Department to coordinate relevant departments to establish and improve network security risk assessment and emergency response mechanisms , the development of network security emergency response plan , and regular exercise .

Responsible for key information infrastructure security work departments should develop the industry , the field of network security incident contingency plans , and regularly organize exercises .

Network security emergency response plan should be in accordance with the degree of harm after the incident , the network security incidents were graded sphere of influence and other factors , and provides the appropriate emergency measures .

Article 54   of network security event that occurs when the risk increases , the provincial people’s governments shall, in accordance with statutory authorities and procedures , and the characteristics of the network security risks and possible harm , take the following measures :

( A ) asked the relevant authorities , institutions and personnel timely collection , reporting information , strengthening the monitoring of network security risks ;

( Two ) organizational departments , agencies and professionals , network security risk assessment information for analysis , predicting the likelihood of events , the scope and extent of harm ;

( C ) to the community release network security risk early warning , release to avoid , reduce the harm measures .

Article 55   of network security incidents , should immediately start emergency response plan network security , network security incident investigation and assessment , require network operators to take technical measures and other necessary measures , to eliminate safety hazards , prevent harm to expand , and in a timely manner Publish public-related warning messages to the community .

Article 56  above the provincial level people’s governments in the implementation of network safety supervision and management responsibilities , found that there is a big security risk or network security incidents , be in accordance with the authority and procedures of the legal representative of the network operator’s Person or main person in charge . The network operator shall take measures as required and carry out rectification and rectification to eliminate the hidden danger .

Article 57  because of network security incidents , the occurrence of unexpected events or production safety accidents , should be in accordance with the ” Emergency Response Law of People’s Republic of China “, ” Production Safety Law of People’s Republic of China ,” the relevant laws and so on , disposal and administrative regulations The

Article 58 for the maintenance of national security and public order , require major emergency incidents disposal of social security , the State Council decision or approval , can take temporary measures such as limiting network traffic in a particular area .

Chapter VI Legal Liability

Article 59 Where the   network operator fails to perform the obligations of the network security protection stipulated in Article 21 and Article 25 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refusing to correct or cause harm to the network security and other consequences of , at 100,000 yuan fine of $ 10,000 or more , the person directly responsible for the 50,000 yuan fine of $ 5,000 or more .

If the operator of the key information infrastructure fails to perform the obligations of the network security protection as prescribed in Article 33 , Article 34 , Article 36 and Article 38 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refuse to correct or cause harm network security consequences , at 1,000,000 yuan fine of $ 100,000 or more , the person directly responsible for at 100,000 yuan fine of $ 10,000 or more .

Article 60   in violation of the first paragraph of Article 22 of this Law , (2) and the first paragraph Article 48 , any of the following acts , ordered by the competent department of corrections , give a warning ; refuse to correct Or cause harm to the network security and other consequences , at 50,000 yuan to more than 500,000 yuan fine , the person in charge directly responsible for more than 10,000 yuan more than 100,000 yuan fine :

( A ) set up malicious programs ;

( Two ) of their products , security flaws services , risk exposure and other remedial measures are not taken immediately , or failing to promptly inform the user of the report to the relevant authorities ;

( 3 ) to terminate the security of its products and services .

Article 61   network operators who violate the provisions of Article 24 first paragraph , did not require users to provide real identity information , or provide related services for the user does not provide real identity information , by the competent authorities ordered to make corrections ; or refuse to correct the circumstances are serious , at five hundred thousand fine of $ 50,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , directly responsible for The person in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 62  in violation of Article 26 of this Law , to carry out certification of network security , detection , risk assessment and other activities , or to the public distribution system vulnerability , computer viruses , network attacks , network intrusions and other network security information , by the relevant the competent department shall order correction , given a warning ; refuse to correct or circumstances are serious , at 100,000 yuan fine of $ 10,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoked or related business license revoke the business license , the persons in charge and other directly responsible personnel directly responsible for 50,000 yuan fine of $ 5,000 or more .

Article 63   violation of Article 27 of this Law , engaged in activities that endanger network security , or to provide dedicated program to endanger network security activities , tools , technical support, or to endanger the security of network activity for others , advertising , payment settlement and other help , not constitute a crime , the public security authorities confiscate the illegal income , 5 days detention , can fine of over 50,000 yuan to 500,000 yuan fine ; the circumstances are serious , at least five days 15 days of detention , and may impose a fine of not less than 100,000 yuan but not more than one million yuan .

Units with the conduct of , the public security authorities confiscate the illegal income , at a fine of one million yuan more than 100,000 yuan , and directly in charge and other directly responsible personnel shall be punished in accordance with the preceding paragraph .

Violation of Article 27 of this Law , subject to administrative penalties for public security personnel , shall not engage in network security management and network operators work in key positions within five years ; people subject to criminal punishment , he may not engage in key positions in operations and network security management network Work .

Article 64 A  provider of a network operator , a network product or service shall , in violation of the provisions of Article 22 , paragraph 3 , and Article 41 to Article 43 of this Law , violate the right of the personal information to be protected according to law , ordered to make corrections by the competent authorities , can be a warning or a fine according to the seriousness single office , confiscate the illegal income , illegal income more than doubled a fine of ten times , there is no illegal income , at a fine of one million yuan , directly responsible Supervisors and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan ; if the circumstances are serious , they may order to suspend the relevant business , suspend business for rectification , close the website , revoke the relevant business license or revoke the business license .

Violation of the provisions of Article 44 of this Law , theft or other illegal means to obtain , illegally sell or illegally provide personal information to others , does not constitute a crime , the public security organs confiscated the illegal income , and more than double the illegal income ten times If there is no illegal income , a fine of not more than one million yuan shall be imposed .

Article 65 of the   critical information infrastructure of operators in violation of the provisions of Article 35 of this Law , used without safety review or not to review the security of the network through a product or service , by the competent authorities ordered to stop using , at the purchase amount More than ten times the fine ; the person directly in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 66   critical information infrastructure operators in violation of the provisions of Article 37 of this Law , outside the network data storage , or network data provided to the outside , ordered to make corrections by the competent authorities , be given a warning , confiscate the illegal income , of fifty yuan fine of $ 50,000 or more , and may be ordered to suspend the business , ordered to stop , to close the site , revoke the relevant business license or revoke the business license ; in charge and other directly responsible personnel directly responsible yuan and not Fine of not more than 100,000 yuan .

Article 67   in violation of the provisions of Article 46 of this Law , the website set up for the implementation of criminal activities , distribution group , or use the Internet release of information related to the implementation of criminal activities , does not constitute a crime , the public security organs 5 days detention , can impose a fine of 100,000 yuan ; the circumstances are serious , at least five days custody for 15 days or less , you can fine of over 50,000 yuan to 500,000 yuan fine . Close the website for the implementation of criminal activities , communication groups .

If the unit has the preceding paragraph , the public security organ shall be fined not less than 100,000 yuan but not more than 500,000 yuan , and shall be punished in accordance with the provisions of the preceding paragraph for the person directly in charge and other directly responsible persons .

Article 68  network operators in violation of the provisions of Article 47 of this Law , legal , administrative regulations prohibit the release or transfer of information transmission is not stopped , to take measures to eliminate the disposal, etc. , keep the relevant records , ordered by the competent department of corrections , given a warning , confiscation of illegal gains ; refuse to correct or circumstances are serious , at 500,000 yuan more than 100,000 yuan , and can be ordered to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , A fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed on the person directly in charge and other directly responsible persons .

Electronic messaging services provider , application software download service providers , non-compliance and safety management obligations specified in the second paragraph of Article 48 of this Law , in accordance with the preceding paragraph shall be punished .

Article 69   network operators in violation of the provisions of this Act , any of the following acts , by the competent authorities shall order rectification ; refuse to correct or circumstances are serious , at 500,000 Yuan more than 50,000 yuan , directly responsible for the charge and other directly responsible personnel , at one million yuan to 100,000 yuan fine :

( A ) not in accordance with the requirements of the relevant departments of the law , administrative regulations prohibit the release or the information’s transmission , taken to stop transmission , disposal measures to eliminate such ;

( 2 ) refusing or hindering the supervision and inspection carried out by the relevant departments according to law ;

( 3 ) refusing to provide technical support and assistance to the public security organs and the state security organs .

Article 70  issued or transmitted in Article 12 (2) and other laws , administrative regulations prohibit the release or transfer of information , in accordance with relevant laws , penalties and administrative regulations .

Article 71   of this Law prescribed offenses , in accordance with relevant laws , administrative regulations credited to the credit files , and to be publicized .

Article 72 Where  an operator of a government organ of a state organ fails to perform its obligations under the provisions of this Law , it shall be ordered by its superior organ or the relevant organ to make corrections , and the directly responsible person in charge and other directly responsible persons shall be punished according to law .

Article 73  Network and Information Department and relevant departments in violation of the provisions of Article 30 of this Law , the information acquired in the performance of network security protection responsibilities for other purposes , given to the persons in charge and other directly responsible personnel directly responsible according to law Punish .

The network department and the relevant departments of the staff neglected duty , abuse of power , favoritism , does not constitute a crime , according to the law to give punishment .

Article 74 Whoever , in violation of the   provisions of this Law , causes damage to others , shall bear civil liability according to law .

Violation of the provisions of this Law , constitute a violation of public security management behavior , according to the law to give security management punishment ; constitute a crime , shall be held criminally responsible .

Article 75   The organs , organizations and individuals engaged in activities , such as attack , intrusion , interference or destruction , which violate the key information infrastructure of the People’s Republic of China , cause serious consequences, and shall hold legal liabilities according to law ; the public security departments and relevant departments of the State Council the institution may decide , organize , to freeze property or other necessary personal sanctions .

Chapter VII Supplementary Provisions

Article 76   The meaning of the following terms in this Law :

( A ) network , refers to a computer or other information terminals and associated equipment consisting of the information collected in accordance with certain rules and procedures , storage , transmission , switching , the system processing .

( Two ) network security , refers to taking the necessary measures , to prevent attacks on the network , intrusion , interference , destruction and illegal use and accidents , the network is in a state of stable and reliable operation , integrity, and protect network data , privacy , The ability to be available .

( C ) network operators , refers to the network of owners , managers and network service providers .

( D ) network data , refers to the network through the collection , storage , transmission , processing and production of various electronic data .

( Five ) personal information , refer to various identification information can be used alone or in combination with other natural personal identity information electronically recorded or otherwise , including but not limited to a natural person’s name , date of birth , ID number , personal biometric information , Address , telephone number and so on .

Article 77 The   storage , processing network information involving state secrets operational security , in addition shall comply with this Act , shall also comply with privacy laws , administrative regulations .

Article 78   security protection of military networks , otherwise provided by the Central Military Commission .

Article 79   of this Law since 2017  6 June 1 from the date of implementation .

Original mandarin Chinese:

目    录

    第一章  总    则

第二章  网络安全支持与促进

第三章  网络运行安全

第一节  一般规定

第二节  关键信息基础设施的运行安全

第四章  网络信息安全

第五章  监测预警与应急处置

第六章  法律责任

第七章  附    则

第一章  总    则

第一条  为了保障网络安全,维护网络空间主权和国家安全、社会公共利益,保护公民、法人和其他组织的合法权益,促进经济社会信息化健康发展,制定本法。

第二条  在中华人民共和国境内建设、运营、维护和使用网络,以及网络安全的监督管理,适用本法。

第三条  国家坚持网络安全与信息化发展并重,遵循积极利用、科学发展、依法管理、确保安全的方针,推进网络基础设施建设和互联互通,鼓励网络技术创新和应用,支持培养网络安全人才,建立健全网络安全保障体系,提高网络安全保护能力。

第四条  国家制定并不断完善网络安全战略,明确保障网络安全的基本要求和主要目标,提出重点领域的网络安全政策、工作任务和措施。

第五条  国家采取措施,监测、防御、处置来源于中华人民共和国境内外的网络安全风险和威胁,保护关键信息基础设施免受攻击、侵入、干扰和破坏,依法惩治网络违法犯罪活动,维护网络空间安全和秩序。

第六条  国家倡导诚实守信、健康文明的网络行为,推动传播社会主义核心价值观,采取措施提高全社会的网络安全意识和水平,形成全社会共同参与促进网络安全的良好环境。

第七条  国家积极开展网络空间治理、网络技术研发和标准制定、打击网络违法犯罪等方面的国际交流与合作,推动构建和平、安全、开放、合作的网络空间,建立多边、民主、透明的网络治理体系。

第八条  国家网信部门负责统筹协调网络安全工作和相关监督管理工作。国务院电信主管部门、公安部门和其他有关机关依照本法和有关法律、行政法规的规定,在各自职责范围内负责网络安全保护和监督管理工作。


第九条  网络运营者开展经营和服务活动,必须遵守法律、行政法规,尊重社会公德,遵守商业道德,诚实信用,履行网络安全保护义务,接受政府和社会的监督,承担社会责任。

第十条  建设、运营网络或者通过网络提供服务,应当依照法律、行政法规的规定和国家标准的强制性要求,采取技术措施和其他必要措施,保障网络安全、稳定运行,有效应对网络安全事件,防范网络违法犯罪活动,维护网络数据的完整性、保密性和可用性。

第十一条  网络相关行业组织按照章程,加强行业自律,制定网络安全行为规范,指导会员加强网络安全保护,提高网络安全保护水平,促进行业健康发展。

第十二条  国家保护公民、法人和其他组织依法使用网络的权利,促进网络接入普及,提升网络服务水平,为社会提供安全、便利的网络服务,保障网络信息依法有序自由流动。


第十三条  国家支持研究开发有利于未成年人健康成长的网络产品和服务,依法惩治利用网络从事危害未成年人身心健康的活动,为未成年人提供安全、健康的网络环境。

第十四条  任何个人和组织有权对危害网络安全的行为向网信、电信、公安等部门举报。收到举报的部门应当及时依法作出处理;不属于本部门职责的,应当及时移送有权处理的部门。


第二章  网络安全支持与促进

第十五条  国家建立和完善网络安全标准体系。国务院标准化行政主管部门和国务院其他有关部门根据各自的职责,组织制定并适时修订有关网络安全管理以及网络产品、服务和运行安全的国家标准、行业标准。


第十六条  国务院和省、自治区、直辖市人民政府应当统筹规划,加大投入,扶持重点网络安全技术产业和项目,支持网络安全技术的研究开发和应用,推广安全可信的网络产品和服务,保护网络技术知识产权,支持企业、研究机构和高等学校等参与国家网络安全技术创新项目。

第十七条  国家推进网络安全社会化服务体系建设,鼓励有关企业、机构开展网络安全认证、检测和风险评估等安全服务。

第十八条  国家鼓励开发网络数据安全保护和利用技术,促进公共数据资源开放,推动技术创新和经济社会发展。


第十九条  各级人民政府及其有关部门应当组织开展经常性的网络安全宣传教育,并指导、督促有关单位做好网络安全宣传教育工作。


第二十条  国家支持企业和高等学校、职业学校等教育培训机构开展网络安全相关教育与培训,采取多种方式培养网络安全人才,促进网络安全人才交流。

第三章  网络运行安全

第一节 一般规定

第二十一条  国家实行网络安全等级保护制度。网络运营者应当按照网络安全等级保护制度的要求,履行下列安全保护义务,保障网络免受干扰、破坏或者未经授权的访问,防止网络数据泄露或者被窃取、篡改:






第二十二条  网络产品、服务应当符合相关国家标准的强制性要求。网络产品、服务的提供者不得设置恶意程序;发现其网络产品、服务存在安全缺陷、漏洞等风险时,应当立即采取补救措施,按照规定及时告知用户并向有关主管部门报告。



第二十三条  网络关键设备和网络安全专用产品应当按照相关国家标准的强制性要求,由具备资格的机构安全认证合格或者安全检测符合要求后,方可销售或者提供。国家网信部门会同国务院有关部门制定、公布网络关键设备和网络安全专用产品目录,并推动安全认证和安全检测结果互认,避免重复认证、检测。

第二十四条  网络运营者为用户办理网络接入、域名注册服务,办理固定电话、移动电话等入网手续,或者为用户提供信息发布、即时通讯等服务,在与用户签订协议或者确认提供服务时,应当要求用户提供真实身份信息。用户不提供真实身份信息的,网络运营者不得为其提供相关服务。


第二十五条  网络运营者应当制定网络安全事件应急预案,及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风险;在发生危害网络安全的事件时,立即启动应急预案,采取相应的补救措施,并按照规定向有关主管部门报告。

第二十六条  开展网络安全认证、检测、风险评估等活动,向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息,应当遵守国家有关规定。

第二十七条  任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动;不得提供专门用于从事侵入网络、干扰网络正常功能及防护措施、窃取网络数据等危害网络安全活动的程序、工具;明知他人从事危害网络安全的活动的,不得为其提供技术支持、广告推广、支付结算等帮助。

第二十八条  网络运营者应当为公安机关、国家安全机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助。

第二十九条  国家支持网络运营者之间在网络安全信息收集、分析、通报和应急处置等方面进行合作,提高网络运营者的安全保障能力。


第三十条  网信部门和有关部门在履行网络安全保护职责中获取的信息,只能用于维护网络安全的需要,不得用于其他用途。

第二节 关键信息基础设施的运行安全

第三十一条  国家对公共通信和信息服务、能源、交通、水利、金融、公共服务、电子政务等重要行业和领域,以及其他一旦遭到破坏、丧失功能或者数据泄露,可能严重危害国家安全、国计民生、公共利益的关键信息基础设施,在网络安全等级保护制度的基础上,实行重点保护。关键信息基础设施的具体范围和安全保护办法由国务院制定。


第三十二条  按照国务院规定的职责分工,负责关键信息基础设施安全保护工作的部门分别编制并组织实施本行业、本领域的关键信息基础设施安全规划,指导和监督关键信息基础设施运行安全保护工作。

第三十三条  建设关键信息基础设施应当确保其具有支持业务稳定、持续运行的性能,并保证安全技术措施同步规划、同步建设、同步使用。

第三十四条  除本法第二十一条的规定外,关键信息基础设施的运营者还应当履行下列安全保护义务:






第三十五条  关键信息基础设施的运营者采购网络产品和服务,可能影响国家安全的,应当通过国家网信部门会同国务院有关部门组织的国家安全审查。

第三十六条  关键信息基础设施的运营者采购网络产品和服务,应当按照规定与提供者签订安全保密协议,明确安全和保密义务与责任。

第三十七条  关键信息基础设施的运营者在中华人民共和国境内运营中收集和产生的个人信息和重要数据应当在境内存储。因业务需要,确需向境外提供的,应当按照国家网信部门会同国务院有关部门制定的办法进行安全评估;法律、行政法规另有规定的,依照其规定。

第三十八条  关键信息基础设施的运营者应当自行或者委托网络安全服务机构对其网络的安全性和可能存在的风险每年至少进行一次检测评估,并将检测评估情况和改进措施报送相关负责关键信息基础设施安全保护工作的部门。

第三十九条  国家网信部门应当统筹协调有关部门对关键信息基础设施的安全保护采取下列措施:





第四章  网络信息安全

第四十条  网络运营者应当对其收集的用户信息严格保密,并建立健全用户信息保护制度。

第四十一条  网络运营者收集、使用个人信息,应当遵循合法、正当、必要的原则,公开收集、使用规则,明示收集、使用信息的目的、方式和范围,并经被收集者同意。


第四十二条  网络运营者不得泄露、篡改、毁损其收集的个人信息;未经被收集者同意,不得向他人提供个人信息。但是,经过处理无法识别特定个人且不能复原的除外。


第四十三条  个人发现网络运营者违反法律、行政法规的规定或者双方的约定收集、使用其个人信息的,有权要求网络运营者删除其个人信息;发现网络运营者收集、存储的其个人信息有错误的,有权要求网络运营者予以更正。网络运营者应当采取措施予以删除或者更正。

第四十四条  任何个人和组织不得窃取或者以其他非法方式获取个人信息,不得非法出售或者非法向他人提供个人信息。

第四十五条  依法负有网络安全监督管理职责的部门及其工作人员,必须对在履行职责中知悉的个人信息、隐私和商业秘密严格保密,不得泄露、出售或者非法向他人提供。

第四十六条  任何个人和组织应当对其使用网络的行为负责,不得设立用于实施诈骗,传授犯罪方法,制作或者销售违禁物品、管制物品等违法犯罪活动的网站、通讯群组,不得利用网络发布涉及实施诈骗,制作或者销售违禁物品、管制物品以及其他违法犯罪活动的信息。

第四十七条  网络运营者应当加强对其用户发布的信息的管理,发现法律、行政法规禁止发布或者传输的信息的,应当立即停止传输该信息,采取消除等处置措施,防止信息扩散,保存有关记录,并向有关主管部门报告。

第四十八条  任何个人和组织发送的电子信息、提供的应用软件,不得设置恶意程序,不得含有法律、行政法规禁止发布或者传输的信息。


第四十九条  网络运营者应当建立网络信息安全投诉、举报制度,公布投诉、举报方式等信息,及时受理并处理有关网络信息安全的投诉和举报。


第五十条  国家网信部门和有关部门依法履行网络信息安全监督管理职责,发现法律、行政法规禁止发布或者传输的信息的,应当要求网络运营者停止传输,采取消除等处置措施,保存有关记录;对来源于中华人民共和国境外的上述信息,应当通知有关机构采取技术措施和其他必要措施阻断传播。

第五章  监测预警与应急处置

第五十一条  国家建立网络安全监测预警和信息通报制度。国家网信部门应当统筹协调有关部门加强网络安全信息收集、分析和通报工作,按照规定统一发布网络安全监测预警信息。

第五十二条  负责关键信息基础设施安全保护工作的部门,应当建立健全本行业、本领域的网络安全监测预警和信息通报制度,并按照规定报送网络安全监测预警信息。

第五十三条  国家网信部门协调有关部门建立健全网络安全风险评估和应急工作机制,制定网络安全事件应急预案,并定期组织演练。



第五十四条  网络安全事件发生的风险增大时,省级以上人民政府有关部门应当按照规定的权限和程序,并根据网络安全风险的特点和可能造成的危害,采取下列措施:




第五十五条  发生网络安全事件,应当立即启动网络安全事件应急预案,对网络安全事件进行调查和评估,要求网络运营者采取技术措施和其他必要措施,消除安全隐患,防止危害扩大,并及时向社会发布与公众有关的警示信息。

第五十六条  省级以上人民政府有关部门在履行网络安全监督管理职责中,发现网络存在较大安全风险或者发生安全事件的,可以按照规定的权限和程序对该网络的运营者的法定代表人或者主要负责人进行约谈。网络运营者应当按照要求采取措施,进行整改,消除隐患。

第五十七条  因网络安全事件,发生突发事件或者生产安全事故的,应当依照《中华人民共和国突发事件应对法》、《中华人民共和国安全生产法》等有关法律、行政法规的规定处置。

第五十八条 因维护国家安全和社会公共秩序,处置重大突发社会安全事件的需要,经国务院决定或者批准,可以在特定区域对网络通信采取限制等临时措施。

第六章  法律责任

第五十九条  网络运营者不履行本法第二十一条、第二十五条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处一万元以上十万元以下罚款,对直接负责的主管人员处五千元以上五万元以下罚款。


第六十条  违反本法第二十二条第一款、第二款和第四十八条第一款规定,有下列行为之一的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处五万元以上五十万元以下罚款,对直接负责的主管人员处一万元以上十万元以下罚款:




第六十一条  网络运营者违反本法第二十四条第一款规定,未要求用户提供真实身份信息,或者对不提供真实身份信息的用户提供相关服务的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十二条  违反本法第二十六条规定,开展网络安全认证、检测、风险评估等活动,或者向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息的,由有关主管部门责令改正,给予警告;拒不改正或者情节严重的,处一万元以上十万元以下罚款,并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处五千元以上五万元以下罚款。

第六十三条  违反本法第二十七条规定,从事危害网络安全的活动,或者提供专门用于从事危害网络安全活动的程序、工具,或者为他人从事危害网络安全的活动提供技术支持、广告推广、支付结算等帮助,尚不构成犯罪的,由公安机关没收违法所得,处五日以下拘留,可以并处五万元以上五十万元以下罚款;情节较重的,处五日以上十五日以下拘留,可以并处十万元以上一百万元以下罚款。



第六十四条  网络运营者、网络产品或者服务的提供者违反本法第二十二条第三款、第四十一条至第四十三条规定,侵害个人信息依法得到保护的权利的,由有关主管部门责令改正,可以根据情节单处或者并处警告、没收违法所得、处违法所得一倍以上十倍以下罚款,没有违法所得的,处一百万元以下罚款,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款;情节严重的,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照。


第六十五条  关键信息基础设施的运营者违反本法第三十五条规定,使用未经安全审查或者安全审查未通过的网络产品或者服务的,由有关主管部门责令停止使用,处采购金额一倍以上十倍以下罚款;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十六条  关键信息基础设施的运营者违反本法第三十七条规定,在境外存储网络数据,或者向境外提供网络数据的,由有关主管部门责令改正,给予警告,没收违法所得,处五万元以上五十万元以下罚款,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十七条  违反本法第四十六条规定,设立用于实施违法犯罪活动的网站、通讯群组,或者利用网络发布涉及实施违法犯罪活动的信息,尚不构成犯罪的,由公安机关处五日以下拘留,可以并处一万元以上十万元以下罚款;情节较重的,处五日以上十五日以下拘留,可以并处五万元以上五十万元以下罚款。关闭用于实施违法犯罪活动的网站、通讯群组。


第六十八条  网络运营者违反本法第四十七条规定,对法律、行政法规禁止发布或者传输的信息未停止传输、采取消除等处置措施、保存有关记录的,由有关主管部门责令改正,给予警告,没收违法所得;拒不改正或者情节严重的,处十万元以上五十万元以下罚款,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。


第六十九条  网络运营者违反本法规定,有下列行为之一的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,对直接负责的主管人员和其他直接责任人员,处一万元以上十万元以下罚款:




第七十条  发布或者传输本法第十二条第二款和其他法律、行政法规禁止发布或者传输的信息的,依照有关法律、行政法规的规定处罚。

第七十一条  有本法规定的违法行为的,依照有关法律、行政法规的规定记入信用档案,并予以公示。

第七十二条  国家机关政务网络的运营者不履行本法规定的网络安全保护义务的,由其上级机关或者有关机关责令改正;对直接负责的主管人员和其他直接责任人员依法给予处分。

第七十三条  网信部门和有关部门违反本法第三十条规定,将在履行网络安全保护职责中获取的信息用于其他用途的,对直接负责的主管人员和其他直接责任人员依法给予处分。


第七十四条  违反本法规定,给他人造成损害的,依法承担民事责任。


第七十五条  境外的机构、组织、个人从事攻击、侵入、干扰、破坏等危害中华人民共和国的关键信息基础设施的活动,造成严重后果的,依法追究法律责任;国务院公安部门和有关部门并可以决定对该机构、组织、个人采取冻结财产或者其他必要的制裁措施。

第七章  附    则

第七十六条  本法下列用语的含义:






第七十七条  存储、处理涉及国家秘密信息的网络的运行安全保护,除应当遵守本法外,还应当遵守保密法律、行政法规的规定。

第七十八条  军事网络的安全保护,由中央军事委员会另行规定。

第七十九条  本法自2017年6月1日起施行。

Communist Party of China referring URL:



China’s Blurred War: Trends of Future Battlefields // 中國模糊戰爭:未來戰場的發展趨勢

China’s Blurred War: Trends of Future Battlefields //


With the continuous development of information technology, changing the form, nature and scale of war, so that the combat style, combat methods, combat environment, combat conditions and other elements have been a lot of changes in the past, the future battlefield becomes more blurred, Can be summarized as the following:

War scale and level ambiguity

War in size and level, can be divided into strategies, campaigns and tactics, in the past, the difference between the three very obvious. From the three interrelationships, the strategy decides the battle, the battle determines the tactics, and the tactics reacts to the battle, the battle reacts to the strategy, which is the inherent law of the existence of the war itself. With the development of information technology, the development of high-tech war as information war, although not fundamentally change the strategic, campaign, tactical and counter-role of this dialectical relationship, but it makes the strategy, battle, tactical action scale increasingly blurred. This is because, under the conditions of information under the conditions of local war, the size and use of troops, weapons, limited duration of war, political prominence, war and strategy, battle, tactics combined very closely, tend to one. Information weapons and weapons to combat high precision, powerful, long range, with all-weather, all-weather combination of peaceful reconnaissance and combat integration capabilities for the rapid realization of the purpose of war to provide an effective means, sometimes do not use large forces can Reach the strategy, the battle target. Any combat unit, and even the individual combat operations, can get a strong information and fire support. Under their influence, tactical combat can directly achieve strategic objectives, strategic command can be involved in the tactical level is no longer a dream at any time. Thus, in the past through the local small victory gradually integrated into a strategic victory of the operational theory of the impact of the strategy, campaign, tactical three combat levels between the increasingly blurred.

With the extensive use of precision strike weapons, stealth weapons, unmanned aerial vehicles, and thus through the first and second fire assault can be reached a battle or strategic objectives. In the Gulf War, the multinational force first through a large-scale strategic air raids, and then through the ground operations of the various forces reached a war purpose; US invasion of Panama, through the use of the Army to implement the five-way center of the campaign to achieve the desired purpose; In the war in Afghanistan, the US military, through the air strike and the special forces to achieve the purpose of the war; the Iraq war, the US military in the air against the cover, the US Army division through tactical action reached a war purpose. The scale of operation and the ambiguity of the level are the reflection of the essential characteristics of information warfare. In the information war, the hostile parties for the rapid completion of the established strategic objectives, will be extraordinary use of combat power, to maximize the advanced technical weapons and elite troops, and strive to destroy each other in a short time the command and control system to win the battlefield The advantage of making information right. This feature of the information warfare, so that the battle of combat and strategic purposes there is no obvious distinction between the scale of operations there is no clear battle battle difference. A battle may determine the outcome of the war, a battle may also achieve the purpose of war, thus greatly improving the strategic role of the battle battle. Especially the various precision guidance weapons, ballistic missile defense system, reconnaissance surveillance system, stealth weapon, C4ISR system and other information weapons and the extensive use of rapid reaction forces, special forces, strategic reserve and other frequently into the battlefield, making the definition of combat scale fuzzy More prominent.

Therefore, in the future information operations, the two sides will fight with the uncertainty of the scale of operations, to take over-the-line precision strike, non-programmatic “acupuncture” and structural damage and other tactics, against each other’s battlefield awareness system and information systems Quickly achieve the purpose of fighting. In this way, the special operations forces on the battlefield may be able to show their talents, that is, before the war secretly penetrate the enemy, direct attack and paralyze the enemy command and control system, so that the enemy lost control of its combat forces, and thus into the chaos of command, The Although the scale of the operation of the smaller, but for the outcome of the war can play a very important role.

Weapon equipment and functional blur

Technical decision tactics, also determines the army’s system and the composition of military and arms. For example, the emergence of weapons and equipment such as artillery, chemical weapons and radio telegraphy, laid the material foundation for the emergence of new arms such as artillery, chemical warfare, and communications. In terms of military services, due to the emergence of the aircraft, and then produced the Air Force; ship advent, gave birth to the Navy. Industrial era, the requirements of the division of labor, so refined and produced more and more professional, reflected in the composition of the army, is the division of arms and branches more and more fine; information age, requires the overall combat, the professional Close cooperation, and take the road of integrated and integrated operations. Reflected in the composition of the military trend, is the integration of combat systems. For example, many of the future weapons and equipment system will form an independent combat unit, both to complete the army requirements of the combat mission, but also to achieve the Air Force’s operational requirements, but also to achieve the purpose of naval combat. In other words, when the future combat aircraft’s infinite capacity to extend, and beyond the atmosphere combat; Army bid farewell to the “ground crawling” to achieve global arrival, global operations; the Navy to the sea to land, to the air combat capability transformation, Battle will inevitably lead to integrated forces. Integrated combat troops, generally composed of armored forces, artillery, mechanized infantry, missiles, attack and transport helicopters, naval vessels and other components, can independently combat, will realize the professional army to the professional army transition.

Future integration forces will be the main performance, will break the traditional land, sea, air, days and other military system, in accordance with the requirements of system integration, the establishment of “super-integrated” integrated combat forces. The future of information warfare is a highly integrated joint operations, the use of traditional forces of the implementation of joint operations, it is difficult to adapt to this highly integrated joint operations needs. To this end, the future composition of the military organization, will break the traditional land, sea, air, days and other military system, in accordance with the reconnaissance surveillance, command and control, precision strike and support to protect the four operational functions, built four subsystems, namely: Subsystems, command and control subsystems, precision strike and combat subsystems, and support assurance subsystems. The functions of these four subsystems are closely linked and organically linked to form an interdependent large integrated joint combat system. The army constructed in accordance with this idea will fundamentally abandon the pattern of military construction in the industrial age, eliminate the disadvantages of playing the military expertise and pursuing the interests of a single service, so that the combat forces form a “systematic system” or “system integration” Give full play to the overall power, the implementation of the true sense of “super-joint” integrated joint operations.


Military combat operations and the preparation of fuzzy war

Military combat forces have different targets and perform different combat missions. World War II, combat forces mainly infantry-based, basically infantry and infantry confrontation; the Second World War, due to the development of weapons and equipment, aircraft, tanks, cannons for war, arms and arms between the combat The task has a distinct distinction, usually performing a different combat mission. However, under the conditions of information in the local war, due to the development of weapons and equipment to the direction of multi-functional integration, the establishment of the army, not only the arms, as well as various services. Combat forces can perform both ground combat missions, but also the implementation of the fight against air and sea objectives and tasks, so that the boundaries between the military operations will be difficult to distinguish. For example: destroy the enemy tank weapons, may have been the Army’s tanks or anti-tank weapons, it may be the Air Force aircraft or naval submarines launched “smart” missiles. The US military plans to form four integrated forces: an integrated ground force composed of armored forces, artillery, flying warriors, attack and transport helicopters: air-to-air mechanized units with “flying tanks”; air force mixed knits composed of multiple models and A “joint task force” consisting of various military units. The Russian army intends to form a “multi-purpose mobile force”, an “aerospace force” composed of ground, air and space forces, and a “non-nuclear strategic deterrent force” composed of non-strategic nuclear forces.

In the future of localized information warfare, weapons and equipment to the multi-functional, integrated direction, the development of the trend of the trend of mixing, miniaturization. Combat, the arms and arms around the established operational objectives, each other, integrated into the organic whole. On the battlefield, the arms and services will be in the land, sea, air, days, electricity and other multi-dimensional areas, around the purpose of a unified combat, both in the activities of space is relatively independent, but also in the combat operations on a high degree of integration, making different arms and arms The task line becomes more vague.

War motives and ambiguity

The motive of the traditional war is generally the political struggle to cover up the economic interests of the dispute. In the information age, the economic interests of the dispute will continue to lead to the root causes of the war, but in addition, due to the international and domestic political forces between the various contacts increased, closely linked, which will inevitably lead to various countries, And the conflicts between the societies caused by political, diplomatic and spiritual factors have increased, so that the contradictions between religions and nationalities have increased, so that violence can be smuggled and drug trafficking and terrorist activities are internationalized. These contradictions and conflicts are not only the direct cause of the “sub-war operations”, but also one of the causes of the war. The direct cause of the Gulf War in 1991 was the convening of the United Nations Security Council immediately after Iraq’s invasion of Kuwait on 2 August 1990, the adoption of resolution 660, condemning Iraq’s invasion of Kuwait, and demanding that Iraq be unconditionally withdrawn from its forces. The United States for the protection of Western oil sources and in order to establish a new order in line with the interests of the world’s new order, take the lead in the implementation of economic sanctions against Iraq, followed by the United States led the multinational force to implement the UN Security Council resolution in the name of the troops to the Gulf. Through 42 days of war, the US military reached the purpose of the war. The war in Iraq, the United States to Iraq has a weapons of mass destruction on the grounds, without the authorization of the United Nations launched an injustice war. Throughout the war, the focus of US military operations against Saddam Hussein and a handful of Iraqi high-level leaders, and to find weapons of mass destruction and launched the attack. Although the war has overthrew the Saddam regime, the United States still has not found strong evidence that Iraq has such banned weapons. In this war military purpose, the United States is also to test the new operational theory.

In recent years, the US military vigorously advocated military reform. The theory of the war in Iraq is the theory of “cyber-centric warfare” and uses the new theory of “shock and deterrence” put forward in 1996: emphasizing the use of violent firepower, shocking against opponents, regardless of frontier and depth, The enemy to combat, the use of advanced precision guidance technology, against each other’s goals when one side of the pursuit of both sides less casualties; air and ground operations at the same time, the purpose is to destroy each other’s will, so that its regime collapse, so as to achieve war and subdue The purpose of the soldiers. In the Iraq war, the US military did not carry out large-scale strategic bombing, but the use of high-tech and special forces tactics to combat, which is one of the main achievements of US military reform.

War attack and defense blur

The process of attack and defense in the past is very clear, the attacking party usually in accordance with the offensive preparation, breakthrough, shock, deep combat and other step by step attack procedures, defense side in accordance with the defense preparation, fire against the preparation, anti-impact, deep combat and other sub-combat operations Attack and defense both sides of the various stages of combat orderly. The development of high-tech weapons and equipment and information technology, the new military revolution will change the future combat procedures, combat operations will break through the fixed battlefield and position constraints in the entire operational space at all levels, all directions, all aspects of the same time. In this way, the front and rear lines in the past are blurred, the relatively stable front and fixed battlefields no longer exist, the line of offensive action and defensive action because the battlefield’s high mobility and uncertainty also become blurred and influence World military force balance. Offensive and defensive both offensive and defensive combat, especially offensive and defensive information war will become the focus of future combat art, so that every war has attack in the defense, anti-attack.

Attack and defense operations will be in the land, sea, air, days, electricity and outer space and front and depth, front and wing side, front and rear at the same time, the battlefield frequent mobility, line combat style has not adapted to the conditions of local war development Need to, instead of non-line operations, the formation of a “island-based combat base”, front and rear of the line, the enemy and the two sides of the front becomes blurred, the battlefield of the flow of non-linear or non-state state of the multi-dimensional battlefield.

Measure the outcome of the war with the standard fuzzy

In the past, the criteria for measuring the outcome of a war usually refer to how many troops are wiped out, how many weapons are seized, how many cities and territories are occupied, but in the case of local warfare, the criteria for measuring the outcome of a war are not just that. Under the conditions of information, local warfare, political purpose and war are closely integrated, war attempts often not through the invasion of each other’s territory, wiped out the enemy or the enemy completely surrendered, so as not to lead the world public opinion and the people’s strong opposition, resulting in political Passive.

One of the hallmarks of information warfare is that it minimizes casualties, in particular, collateral damage, and often uses precision-guided weapons to strike precisely, to avoid heavy assault, face-to-face fights, and fight against Libya “Surgical” operations, the implementation of air long-range maneuvers, to achieve the purpose of war; also the implementation of missiles, thousands of miles away siege warfare, but also to achieve the purpose of local war; also like the Gulf War, do not occupy its territory, Do not kill their soldiers a soldier, not seized its weapons, ammunition, the implementation of large-scale air strikes, weakened its military facilities, destroyed its regime.

The war army is blurred with the people

In previous wars, the links between the army and the society were relatively “loose” due to restrictions on information infrastructure and technology; pure war weapons and equipment also led to military organizations that were completely independent of the people. Information age, information has become a link between the military and the people, this combination, with the social and military information degree of development, integration will also continue to improve. This makes society and ordinary people no longer a spectator of war, and even not only in support and subordinate status, but with the army, from the back of the war to the front desk.

As people see, on the one hand, the purpose of modern warfare is no longer simply pursuing siege and the greatest annihilation of enemy forces, the target is no longer confined to the enemy’s heavy military and military facilities, but includes Corresponding to the survival and operation of the infrastructure, such as: financial networks, power grids, transport networks, administrative networks, communications networks. On the other hand, the war has a tendency to “civilians”. For example, information makes the “non-state” has the ability to confront national power. Any “non-state subject”, as long as there is a certain technical and information equipment, you can attack the vital goal of a country, its harm is sometimes no less than a traditional sense of the war. Such as Al Qaeda attacks on the United States launched the 9.11 attack, that is the case. Although the composition of the information warfare forces, although still have traces of the war in the past war, but in the form of form and combat quality, due to more information to join the content, in particular, more to join the information of the whole society Warfare ability, so no doubt to determine the specific role of information warfare when the thinking tends to blur, but for combat decision-making and command to bring greater difficulties. With the in-depth development of information technology, the degree of social information will be greatly improved. In this case the information war, it is more prominent military and civilian compatibility characteristics. Especially in the information warfare, many high-tech work, alone, the strength of the army is difficult to complete independently, but also the need for the whole social forces of collaboration, which makes the information warfare combat power, more into the national factors.

Combat both forces with contrast and blur

In the past, the strength of the war between the two sides, usually the number of military personnel, the number of weapons to measure the number of weapons to determine the strength of the advantages of planning and combat operations. But in the information under the conditions of local war, concentrated forces of content and methods have changed. The strength of the comparison is not only the number of considerations, but also mainly consider the quality, in particular, to consider the concentration of firepower and information, a variety of long-range strike weapons do not need to focus on deployment, you can focus on the implementation of the target surprise. To make the concentration of fire after the effective role, but also must focus on a lot of information, otherwise they can not capture, track and destroy the target. The most important weapon in military forces will no longer be a high-performance fighter, bomber, tank, warships, but a huge flood of data from the information system. Invisible information and knowledge, like armored masters, play a huge role in combat and are increasingly becoming the most important combat and power multiplier. Computing power, communication ability, reconnaissance ability, processing ability, decision-making ability, computer simulation ability, network warfare and other information and knowledge factors will become a key factor in measuring military power.

The contrast of military forces is increasingly dependent on the invisible and difficult potential of the intelligence and structural forces of the information weapons system. Therefore, in the past according to the number of combatants and tanks, aircraft, artillery, warships and other weapons and equipment performance, quantity and other static indicators to assess the strength of military strength is clearly challenged. Because of the intelligence of the information weapon system, the structural force has great potential for dynamic. The strength of the Gulf War contrast and the outcome of the war can explain this problem. Before the war, Iraq and the multinational force compared to 1.6: 1, but the result of the war is the Iraqi army casualties for the multinational force 100 times. Obviously, if not a large number of multinational force weapons system to play a multiplier combat potential, there will be no such a war situation. It can be seen that the principle of force assessment of the number of static quantities will be replaced by a new force theory.

Battlefield information is true and false

Because of the development of information technology, and widely used in future war, so that a large amount of modern war information, processing information has been very difficult. Such as: the US Strategic Air Force Command, an average of more than 815,000 per month to deal with military information, almost 26,500 copies per day. In the Gulf War, the multinational force in the 42 days of combat, dealing with up to millions of military information. Only the US Army logistics will handle 10,700 copies of military information every day. After the military, weapons and equipment and the battlefield are digitized, the military information highway will cover the entire combat space, the information is true and false, there are new and old, heavy and light, there is real, there are thick and so on, information Like the tide to the red and blue both sides of the command came. In such a fast-paced, fighter fleeting, information massive battlefield environment, to the red and blue commander of a brief decision-making time, forcing both commanders in the complex battlefield information forging discrimination, analysis and judgment, quick decision-making , Through the phenomenon to seize the essence, improve the command ability.

Battlefield space and scope is blurred

Battlefield is the enemy of the two sides of the interaction between combat forces and combat forces and firepower to kill the maximum distance. In the past war, due to the level of weapons and equipment constraints, cold weapons era battlefield space, basically confined to the war between the two sides of the visual distance; hot weapons and mechanized war era, battlefield space by the firearms and the two sides of the maneuverability And the battlefield space is expanding, and from a single land battlefield, to the development of the marine battlefield and air battlefield; combat distance from the visual distance to the development of remote and ultra-long-range , The depth and dimension of the battlefield continue to expand. After entering the information warfare, with the development of military weapons and equipment and structure changes, modern warfare space from the traditional land, sea and air to space, computer space, especially information, psychology, electromagnetic, cognitive and other virtual space expansion , In addition to the range of modern weapons and equipment and a substantial increase in mobility, the future battlefield in front and rear become increasingly blurred, in addition to the solid space in the solid before and after the exception, in the dynamic action space has no difference. Fighting may start from the front, it may start from the depth. Especially the establishment of digital forces, so that the army choose the way of combat operations, with greater freedom and flexibility. At the same time, but also to accurately determine the other side of the operational space and the exact location of the space, increasing the complexity. First, information weapons greatly improve the military’s ability to war, so that the military battlefield combat more flexible way. Second, information weapons greatly enhance the military’s full-time, all-round rapid mobility, so that information warfare warfare areas to expand.

Military aerospace capacity and long-range air transport capacity, the extensive use of armed helicopters, to achieve long-range rapid maneuver provides a good material basis. Future information warfare, or in three-dimensional space or in four-dimensional space, generally difficult to accurately grasp. And only when the other side of the combat operations to a certain size, it is possible to make a relatively accurate judgments, which to some extent increased the difficulty of command and control. The ambiguity of combat space is also manifested in the fuzzy scope of combat operations. As the future of information operations will break through the frontier to the depth of the gradual advance of the pattern, in a multi-dimensional space within the full range, full depth of the war, so that the scope of combat operations increased, combat space has become elusive. The uncertainty of the scale of combat operations in the information warfare determines the diversity of combat space. This also makes it possible to judge the space of the other combat operations, become blurred, and show the characteristics of difficult to predict and control.

Combat methods and methods are blurred

Advanced information technology, not only to achieve the real-time reconnaissance intelligence and digital battlefield, greatly improving the combat effectiveness of the army, more importantly, there have been many new means of warfare: such as information warfare momentum and power to make enemies Information deterrence; to disperse, conceal and open the information channel of the information shielding; on the enemy battlefield awareness system and information system implementation of information attacks; through the information system hidden false information fraud and information cut, computer virus attacks , Special operations, psychological warfare, non-contact operations, non-fatal attacks, structural damage warfare, these combat methods used in information warfare, completely changed the past offensive and defensive procedures clear and coherent characteristics, so that the use of combat means Order, combat form of non-model and other characteristics of more and more prominent, and then led to the information warfare, the use of the enemy means of warfare, timing and methods, become more difficult to guess. In the process of the combination of fuzzy, that is, in the course of the war, due to the enemy due to the appropriate choice of means of attack, and flexible combination, so that the enemy can not determine what the other side will take the means of combat, can not effectively take the appropriate protective measures. In the use of the timing of the fuzzy, that is, according to the intention of war and combat purposes, for different stages of combat and different areas of combat, to take different means of attack, reduce the enemy resistance will make it in trouble. In the fight against the ambiguity of the target, that is, the use of information warfare means of diversification, for the needs of information operations, both sound East West, but also the East and East, the flexibility to combat the enemy command center, communication center or radar station, air defense system , Logistical support systems and other key nodes, so that the enemy is difficult to use the means of my war to make accurate predictions.

Original Mandarin Chinese:




























由於信息技術的發展,並廣泛運用於未來戰爭,使現代戰爭信息量很大,處理信息已經十分困難。如:美國戰略空軍司令部,平均每月要處理軍事信息815000多份,差不多每天處理26500份。在海灣戰爭中,多國部隊在42 天作戰中,處理軍事信息多達數百萬份。僅美國陸軍後勤每天就要處理軍事信息10700份。在軍隊、武器裝備和戰場都實現數字化以後,軍事信息高速公路將覆蓋整個作戰空間,這些信息有真有假、有新有舊、有重有輕、有虛有實、有粗有細等,信息像潮水般地向紅藍雙方指揮所湧來。在這樣快節奏、戰機稍縱即逝、信息海量戰場環境中,給紅藍雙方指揮員短暫決策處理時間,逼著雙方指揮員在錯綜複雜的戰場信息中鍛鍊辨別力、分析判斷力、快速決策力,透過現象抓住本質,提高指揮能力。






Original Source: https://read01.com/j7m0M8.html


中國優先發展網絡戰略信息化戰 // China to give priority to the development of network strategy & information warfare

中國優先發展網絡戰略信息化戰 //

China to give priority to the development of network strategy & information warfare

Cyberspace has become the national comprehensive security of the door. Network warfare reality, the network battlefield globalization, network confrontation normalization, the network attack heart white hot, the network to build the army of the general trend, no one can block. Give priority to the development of network strategy, and actively seize the commanding heights of network strategy, for my army building is of great significance.

  The main features of network strategy

Network strategic strength refers to the ability to achieve the desired results through cyberspace. From the current development and possible future trends, mainly with the following characteristics.

Composed of multiple. In recent years, the major network events in the world have shown that the strategic power of the military network is the main force of cyberspace competition. The strategic power of the government departments and the private sector is an important part of the cyberspace competition. The “cyber warrior” An important addition.

Strong professionalism. Network strategy strength has a strong latent and difficult to predict, and the speed of light, instantaneous effect, monitoring and early warning is difficult; once the action is effective, damage effect superimposed magnification or non-linear step, with a typical “butterfly effect.” In 2010, the “shock net” virus attacked the centrifuges of the Iranian Bushehr nuclear power plant and the Natanz uranium enrichment plant, resulting in nearly a thousand centrifuge scrapped, forcing Iran’s nuclear capacity building to delay 2 to 3 years, opened the network attack soft means Destroy the national hard facilities.

Destructive. The strategic power of the network is no less than the weapons of mass destruction. Russia and Georgia in 2008, “the five-day war”, the Russian military to Georgia’s television media, government websites and transportation systems as the goal, to carry out a comprehensive “bee group” type of network paralysis attacks, leading to grid government agencies operating chaos, Logistics and communication system collapse, much-needed war materials can not be delivered in a timely manner, the potential of the war has been seriously weakened, a direct impact on the grid of social order, operational command and troop scheduling. The Russian military doctrine has identified cybercrime as a weapon of mass destruction and has retained the right to use weapons of mass destruction or nuclear weapons to counterattack.

Advanced technology and phase. Network strategy strength development speed, replacement fast, technical materialization for the equipment cycle is short. At present, the speed of the microprocessor doubles every 18 months, the backbone bandwidth doubled every six months, a variety of new electronic information equipment after another, all kinds of application software dizzying. Cyber ​​space confrontation is the field of information in the field of offensive and defensive struggle, the use of network strategy forces in the confrontation of the phase with grams, constantly renovated. The development of the firewall and the information monitoring technology makes the software of the anti-wall software upgrade continuously. The development of the firewall and the information monitoring technology has led to the development of the firewall. , Can be described as “a foot high, magic high ten feet.”

  The Developing Trend of Network Strategic

From the subordinate force to the development of key forces. In the past, the network strategic power is mainly for other forces to provide information security, in a subordinate position; with the development of network information technology, network system control of other rights, network strategic forces from subordinate status to the dominant position to accelerate into, to maintain the country The key to safety. There is no network security there is no sovereign security, “no net” to become a new law of war, the world’s major countries around the network space development rights, dominance and control of a new round of competition, especially the United States and Russia adhere to the practice In the use and continue to develop.

From the maintenance of force to the development of specialized forces. In the past, the network strategy is mainly to maintain the network information system and all kinds of network transmission system, network attack and defense attributes are not clear. At present, all areas of the network space in depth, the world’s major countries are hard to build cyberspace offensive and defensive capabilities, the main military power of the network strategy has become a network of reconnaissance, network attacks, network defense and other clear division of labor, professional regular military forces. The United States has so far built the world’s most complete and powerful network of the army, and held a series of “network storm” series of exercises. The new “cyberspace strategy” in the United States, the first public to cyberspace combat as one of the tactical options for future military conflict, clearly proposed to improve the US military in the cyberspace of deterrence and offensive capability. In order to adapt to the new strategy, the US Department of Defense proposed 2018 to build a offensive and defensive, flexible form, with full combat capability of the network forces construction goals.

From the military to the integration of military and civilian development. The development of the strategic power of the military network started relatively late compared with the civil field, and because of the confidentiality of military confrontation and the specificity of the operational objectives, it is often developed independently. With the development of network technology, the military’s own network strategic strength is difficult to meet the needs of diversified tasks, we must learn from local folk technical means, integrate local network resources, realize the integration of military and civilian development. Network space capacity building on the talent, intelligence, experience and other software environment is extremely high, coupled with the local convergence of a wealth of network resources, military and civilian forces to promote the development of cyberspace capabilities become the strong tone of the times.

From a single model to the “network integration” development. At present, the network includes both the computer IP system network and the non-computer IP system network including a large number of complex early warning detection network, satellite communication network and tactical data link. The traditional single network confrontation model is difficult to meet the challenge of cyberspace. With the development of information technology, especially the Internet of Things technology, the relationship between the network and the power of the battlefield network more and more closely, which for the “network integration” in the technical means to provide the possibility. The use of electronic warfare and network warfare means, for different systems around the open bow, broken chain broken network, to achieve complementary advantages, system damage, as the latest guidance on the construction of network space. Data show that the US military typical network of integrated attack equipment “Shu special” system has been from the “Shu-1” to the current development of “Shu-5”. According to reports, “Shute” system through the enemy radar antenna, microwave relay station, network processing nodes to invade the enemy air defense network system, real-time monitoring of enemy radar detection results, even as a system administrator to take over the enemy network, Control of the sensor.

From non-state actors to state actors. At present, the network attack has developed from a single hacker behavior for the national, political, military confrontation, the attack object has been developed from the personal website to the country, the army’s important information system, attack “unit” has grown from stand-alone to tens of thousands Hundreds of thousands of terminals, and can instantly release the amazing attack energy. Although many of the intentions of malicious acts of non-State actors are non-state, the consequences are national, whether they are espionage, political opinions, or personal discontent, or terrorist activities , Have a direct impact on social stability, disrupt the economic order, endanger the stability of state power. Once the relevant reaction is made, the subject of the act must be the state and the army, and not the non-state actors themselves.

  The Construction of Network Strategic Strength

Strengthen strategic planning. Cyberspace competition is the first strategic battle of the contest. From the national level, the network strategy of the power of the main function is to reduce the risk of cyberspace, maintaining the normal operation of the country. We must understand the extreme importance and realistic urgency of cyberspace security from the perspective of national security, raise the focus of cyberspace capacity building to the strategic level, and try to reduce the national cyberspace security while trying to solve the problem of how to make good use of cyberspace Risk, so that cyberspace security has become an important support for national prosperity and security. From the military level, the network strategy is mainly to seize the system of network power. We must expand the military vision, the cyberspace as an important area of ​​action, to seize the system as the core, change the military ideas and ideas, adjust the structure and composition of armed forces, the development of weapons and equipment and take a new tactics.

Speed ​​up the construction of the power system. Maintain cyberspace security in the final analysis depends on the strength. We must base ourselves on the characteristics and laws of cyberspace capacity building, focus on the core elements of network capability system and the overall layout of network strategy, and systematically design the system structure which conforms to the law and characteristics of cyberspace confrontation in our country, and perfect the system of leadership and command Functional tasks, straighten out the relationship between command and management. We should take the network strategic power as an important new combat force, from the organization construction, personnel training, equipment development, elements of training and other aspects, to take extraordinary measures to give priority construction, focus on protection. To normalize the national network of offensive and defensive exercises, test theory, tactics, equipment and technology effectiveness, and comprehensively enhance the comprehensive prevention of cyberspace capabilities.

Promote technological innovation. The essence of cyberspace confrontation is the competition of core technology, and it is necessary to accelerate the independent innovation of network information technology. To improve the ability of independent innovation as a strategic basis to the national innovation system as the basic support, focus on breaking the forefront of network development technology and international competitiveness of the key core technology, advanced deployment and focus on the development of information technology and information industry. To speed up the process of localization of key core technologies, strengthen the construction of safety testing and active early warning means, and gradually improve the equipment system of cyberspace in China, and comprehensively improve our network space capability. To follow the basic laws of cyberspace confrontation, in accordance with the “asymmetric checks and balances” strategy, increase the quantum technology, Internet of things and cloud computing and other new technology research and development efforts to create unique combat capability, master the initiative of cyberspace security development The

Promote the integration of military and civilian development. The integration of the military space ability of military and civilian development is not only the overall situation of national security and development strategy, the overall planning of national defense and economic and social development, but also the objective fact that cyberspace security can not be avoided. We must actively promote the deep integration of military and civilian development, to promote China’s network space capacity supporting the construction. It is necessary to formulate top-level planning in the form of policies and regulations, clarify the objectives, methods, organizational division and basic requirements of the deepening development of cyberspace in the form of policies and regulations, and make the integration of military and civilian development into law enforcement and organizational behavior; To establish a sound military coordination, demand docking, resource sharing mechanism, through a unified leadership management organization and coordination of military needs and major work, to achieve risk sharing, sharing of resources and common development of the new situation. We should pay attention to the distinction between the boundaries of military and civilian integration, clear the concept of development-oriented people and the main battle concept of the army, and actively explore the military and the people, the advantages of complementary channels.

Original Mandarin Chinese:



















Source URL:


Full Text of China’s National Cyberspace Security Strategy // 國家網絡空間安全戰略全文

Full Text of China’s National Cyberspace Security Strategy


Beijing,People’s Republic of China

27 DEC 2017

December 27, approved by the Central Network Security and Information Technology Leading Group, the National Internet Information Office released the “national cyberspace security strategy”, the full text is as follows.

The extensive application of information technology and the rise and development of cyberspace have greatly promoted the economic and social prosperity and progress, but also brought new security risks and challenges. Cyberspace security (hereinafter referred to as cybersecurity) concerns the common interests of mankind, related to world peace and development, and national security. Safeguarding China’s network security is an important measure to coordinate and promote the comprehensive construction of a well-off society, comprehensively deepen reform, comprehensively administer the country according to law, and strictly pursue the strategic layout of the party, and realize the goal of “two hundred years” and realize the great rejuvenation of the Chinese nation An important guarantee. In order to implement the “four principles” of promoting the transformation of the global Internet governance system and the “five-point proposition” to build the cyberspace destiny community, we have clarified China’s important position on cyberspace development and security, guided China’s network security work, The state in the cyberspace of sovereignty, security, development interests, the development of this strategy.

First, opportunities and challenges

(A) a major opportunity

With the rapid development of information revolution, Internet, communication network, computer system, automation control system, digital equipment and its application, service and data, such as the network space, is a comprehensive change in people’s production and lifestyle, profound impact on human society Development process.

New channels for information dissemination. The development of network technology, breaking the time and space constraints, expanding the scope of communication, innovative means of communication, triggering a fundamental change in the pattern of communication. The network has become a new channel for people to access information and learn to communicate, and become a new carrier of human knowledge transmission.

Production and life of the new space. In today’s world, the depth of the network into people’s learning, life, work and other aspects of online education, entrepreneurship, health care, shopping, finance and other increasingly popular, more and more people through the network exchange ideas, achievements and dreams.

The new engine of economic development. The Internet is becoming the leading force of innovation-driven development. Information technology is widely used in all sectors of the national economy. It has promoted the upgrading of traditional industries, promoted new technologies, new forms, new industries and new models, promoted the adjustment of economic structure and economic development , For economic and social development has injected new impetus.

Cultural prosperity of the new carrier. The network promotes the cultural exchange and the popularization of knowledge, the release of cultural development vitality, the promotion of cultural innovation creation, the enrichment of people’s spiritual and cultural life, has become a new way to spread culture, provide a new means of public cultural services. Network culture has become an important part of cultural construction.

A new platform for social governance. The role of the network in advancing the national governance system and the modernization of the governance capability has become increasingly prominent. The application of e-government has been deepened, and the government information has been shared and publicized. The government has made scientific decision-making, democratization and rule of law, and has smoothed the channels of citizens’ participation in social governance. An important way to protect citizens’ right to know, to participate, to express and to supervise.

Exchange and cooperation of the new link. The development of information and globalization has promoted the global flow of information, capital, technology, talent and other elements, and promoted the integration of different civilizations. Network to the world into a global village, the international community more and more you have me, I have your fate in the community.

National sovereignty of the new territory. Cyber ​​space has become an important part of human activity with land, sea, sky and space. National sovereignty extension extends to cyberspace, and cyberspace sovereignty becomes an important part of national sovereignty. Respect for cyberspace sovereignty, safeguard network security, seek co-governance, achieve win-win situation, is becoming the international community consensus.

(B) severe challenges

The security situation of the network is becoming more and more serious, the national politics, economy, culture, society, national defense security and the legitimate rights and interests of citizens in cyberspace are facing severe risks and challenges.

Network penetration threatens political security. Political stability is the basic prerequisite for national development and people’s happiness. The use of the network to interfere in the internal affairs of other countries, to attack other countries political system, incite social unrest, subversion of other countries, as well as large-scale network monitoring, network theft and other activities seriously endanger the national political security and user information security.

Network attacks threaten economic security. Network and information systems have become the key infrastructure and the entire economic and social center of the nerve, suffered damage, a major security incident, will lead to energy, transportation, communications, financial and other infrastructure paralysis, resulting in catastrophic consequences, seriously endangering national economic security And public interest.

Network Harmful Information Erosion Cultural Security. Various ideological and cultural networks on the network agitation, confrontation, excellent traditional culture and mainstream values ​​facing the impact. Network rumors, decadent culture and obscenity, violence, superstition and other harmful information contrary to the socialist core values ​​erode the physical and mental health of young people, corrupt the social atmosphere, misleading the value orientation, endangering cultural security. Online moral anomie, the phenomenon of lack of integrity frequent, the degree of network civilization need to be improved.

Network terror and criminals undermine social security. Terrorism, separatism, extremism and other forces to use the network to incite, plan, organize and implement violent terrorist activities, a direct threat to people’s lives and property security, social order. Computer viruses, Trojans and other cyberspace spread spread, cyber-fraud, hacking, infringement of intellectual property rights, abuse of personal information and other illegal acts exist, some organizations want to steal user information, transaction data, location information and business secrets, serious damage to the country , Business and personal interests, affecting social harmony and stability.

The international competition in cyberspace is in the ascendant. International competition and control of cyberspace strategic resources, to seize the right to formulate rules and strategic high ground, to seek strategic competition in the increasingly fierce. Individual countries to strengthen the network deterrence strategy, intensify the cyberspace arms race, world peace by new challenges.

Cyberspace opportunities and challenges coexist, opportunities are greater than challenges. We must insist on active use, scientific development, management according to law, ensure safety, resolutely safeguard network security, make maximum use of cyberspace development potential, and benefit more than 1.3 billion Chinese people for the benefit of all mankind and firm maintenance of world peace.

Second, the goal

With the overall national security concept as the guide, implement the innovation, coordination, green, open and shared development concept, enhance the sense of risk and crisis awareness, the overall situation of domestic and international, overall development of security two major events, active defense, effective response, Promote network space peace, security, openness, cooperation and orderly, safeguard national sovereignty, security, development interests, and realize the strategic goal of building a network power.

Peace: the abuse of information technology has been effectively curbed, cyberspace arms race and other activities threatening international peace have been effectively controlled, cyberspace conflict has been effectively prevented.

Security: network security risks are effectively controlled, the national network security system is sound and perfect, the core technology and equipment are safe and controllable, and the network and information system are stable and reliable. Network security personnel to meet the needs of the whole society of network security awareness, basic protection skills and the use of network confidence greatly improved.

Open: Information technology standards, policies and markets open, transparent, product circulation and information dissemination more smoothly, the digital divide is increasingly bridging. Regardless of size, strength, rich and poor, countries around the world, especially developing countries can share development opportunities, share the fruits of development, fair participation in cyberspace governance.

Cooperation: the world in the technical exchanges, the fight against cyber terrorist and cyber crime and other areas of cooperation more closely, multilateral, democratic and transparent Internet governance system sound and perfect, win-win cooperation as the core of the network space fate community gradually formed.

Order: public interest in the cyberspace, participation, expression, supervision and other legitimate rights and interests are fully protected, cyberspace personal privacy is effectively protected, human rights are fully respected. The network environment of the domestic and international legal system, the standard norms gradually established, the network space to achieve effective management according to law, network environment integrity, civilization, health, freedom of information flow and safeguard national security, public interests to achieve organic unity.

Third, the principle

A safe, stable and prosperous cyberspace is of great significance to all countries and the world. China is willing to work with all countries to strengthen communication, expand consensus, deepen cooperation, and actively promote the global Internet governance system changes, and jointly safeguard the peace and security of cyberspace.

(A) respect for the maintenance of cyberspace sovereignty

Cyberspace sovereignty is inviolable, respect for the independent choice of development path, network management model, Internet public policy and equal participation in international network space management rights. The network affairs within the sovereign scope of each country are made by the people of each country, and each country has the right to take the necessary measures to manage the network activities of its own information system and its own territory according to its own national conditions and draw lessons from international experience, formulate laws and regulations on cyberspace, National information systems and information resources from intrusion, interference, attack and destruction, to protect the legitimate rights and interests of citizens in cyberspace; to prevent, prevent and punish harmful information harmful to national security and interests in the national network to disseminate and maintain cyberspace order. Any country does not engage in network hegemony, do not engage in double standards, do not use the network to interfere in the internal affairs of other countries, do not engage in, condone or support national activities against national security.

(B) the peaceful use of cyberspace

Peaceful use of cyberspace is in the common interest of mankind. States should abide by the principles of the Charter of the United Nations concerning the non-use or threat of use of force and prevent the use of information technology in the context of the maintenance of international security and stability, to boycott cyberspace arms races and prevent cyberspace conflicts. Adhere to mutual respect, equal treatment, seeking common ground while reserving differences, tolerance and mutual trust, respect for each other in cyberspace security interests and major concerns, to promote the construction of a harmonious network world. Against the use of national security as an excuse to use technological advantages to control other countries network and information systems, to collect and steal other countries data, but can not sacrifice the security of other countries to seek their own so-called absolute security.

(C) to manage cyberspace according to law

Comprehensively promote the legalization of cyberspace, adhere to the rule of law network, according to the law network, according to the Internet, so that the Internet in the rule of law on the healthy operation of the track. According to the law to build a good network order, the protection of cyber space information according to the law of free flow, protection of personal privacy, protection of intellectual property rights. Any organization and individual in the cyberspace to enjoy freedom, exercise the rights at the same time, to comply with the law, respect for the rights of others, their own words and deeds on the network.

(4) co-ordinate network security and development

There is no national security without national security, there is no information without modernization. Network security and information is one of the two wings, driven by the two wheels. Correctly handle the development and security of the relationship, adhere to the security development, to promote the development of security. Security is the prerequisite for development, and any development at the expense of security is difficult to sustain. Development is the foundation of security, and development is not the greatest insecurity. No information development, network security is not guaranteed, the existing security and even lost.

Fourth, strategic tasks

China’s Internet users and network size of the world’s first, to maintain China’s network security, not only their own needs, for the maintenance of global network security and world peace are of great significance. China is committed to safeguarding the national cyberspace sovereignty, security, development interests, promote the Internet for the benefit of mankind, and promote the peaceful use of cyberspace and co-governance.

(A) firmly defended cyberspace sovereignty

According to the Constitution and laws and regulations to manage China’s sovereignty within the network activities to protect China’s information facilities and information resources security, including economic, administrative, scientific and technological, legal, diplomatic, military and other measures, unswervingly maintain China’s cyberspace sovereignty. Resolutely oppose all the acts of subverting China’s state power through the Internet and undermining our national sovereignty.

(B) firmly uphold national security

To prevent, stop and punish any act of using the Internet for treason, secession, incitement to rebellion, subversion or incitement to subdue the people’s democratic dictatorship; to prevent, stop and punish the use of the Internet to steal, to disclose state secrets and other acts endangering national security; Prevent, stop and punish foreign forces to use the network to penetrate, destroy, subvert, split the activities.

(Iii) Protection of critical information infrastructures

The key information infrastructure of the country refers to the information facilities that are related to national security, national economy and people’s livelihood, which have been damaged, destroyed or lost, which may seriously endanger the national security and public interests, including but not limited to the provision of public communication, radio and television transmission Information network, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, health care, social security, public utilities and other areas of important information systems, important Internet applications. Take all necessary measures to protect critical information infrastructures and their important data from attack damage. Adhere to the combination of technology and management, protection and deterrence simultaneously, focus on identification, protection, detection, early warning, response, disposal and other aspects, the establishment of the implementation of key information infrastructure protection system, from management, technology, personnel, Comprehensive measures to effectively strengthen the key information infrastructure security protection.

Key information infrastructure protection is the common responsibility of the government, enterprises and society as a whole. The supervisors, the operating units and organizations shall take the necessary measures to ensure the safety of the key information infrastructure in accordance with the requirements of laws, regulations and system standards. Strengthen critical information infrastructure risk assessment. Strengthen the party and government organs and key areas of the site security protection, grassroots party and government organs to build an intensive mode of operation and management. The establishment of government, industry and business network security information orderly sharing mechanism, give full play to enterprises in the protection of key information infrastructure in the important role.

Adhere to open to the outside world, based on open environment to maintain network security. Establish and implement the network security review system, strengthen the supply chain security management, the party and government organs, key industries procurement and use of important information technology products and services to carry out security review, improve product and service security and control, to prevent product service providers And other organizations use information technology to implement unfair competition or harm the interests of users.

(D) to strengthen the construction of network culture

Strengthen the construction of online ideological and cultural positions, vigorously cultivate and practice the socialist core values, the implementation of network content construction projects, the development of a positive network culture, the dissemination of positive energy, gather a strong spiritual strength, and create a good network atmosphere. Encourage the development of new business, create new products, to create the spirit of the times reflect the network culture brand, and constantly improve the network culture industry scale. The implementation of the outstanding culture of Chinese online communication project, and actively promote the excellent traditional culture and contemporary culture of digital, network production and dissemination. Play the advantages of Internet communication platform, promote the excellent cultural exchange between China and foreign countries, so that people understand the Chinese culture, so that the Chinese people understand the excellent culture of all countries, and jointly promote the prosperity and development of network culture, enrich people’s spiritual world and promote the progress of human civilization.

Strengthen the network ethics, network civilization construction, play moral education guide role, with human civilization excellent results nourish network space, repair network ecology. The construction of civilized integrity of the network environment, advocate civilization network, civilized Internet, the formation of safe, civilized and orderly information dissemination order. Resolutely crack down on rumors, obscenity, violence, superstition, cults and other harmful information spread in cyberspace spread. Improve the youth network literacy literacy, strengthen the protection of minors online, through the government, social organizations, communities, schools, families and other aspects of the joint efforts for the healthy growth of young people to create a good network environment.

(5) to combat cyber terror and crime

Strengthen the network anti-terrorism, anti-spy, anti-stealing capacity building, crack down on cyber terror and cyber espionage.

Adhere to comprehensive management, source control, according to the law to prevent, crack down on cyber fraud, Internet theft, trafficking in drug trafficking, infringement of personal information, dissemination of pornography, hacking, infringement of intellectual property rights and other criminal acts.

(6) improve the network management system

Adhere to the law, open, transparent network management network, and effectively do law, according to law, law enforcement must be strict, illegal research. Improve the network security laws and regulations system, enacted network security law, minor network protection regulations and other laws and regulations, a clear social responsibility and obligations, a clear network security management requirements. To speed up the revision and interpretation of existing laws, so that it applies to cyberspace. Improve the network security related system, establish a network trust system, improve the network security management of the scientific standardization level.

Speed ​​up the construction of legal norms, administrative supervision, industry self-discipline, technical support, public supervision, social education, a combination of network governance system to promote the network of social organization and management innovation, improve the basic management, content management, industry management and network crime prevention and combat Work linkage mechanism. Strengthen the cyberspace communication secrets, freedom of speech, trade secrets, as well as the right to reputation, property rights and other legitimate rights and interests of protection.

Encourage social organizations to participate in network governance, the development of network public welfare undertakings, strengthen the new network of social organization. Encourage Internet users to report network violations and bad information.

(7) reinforce the network security foundation

Adhere to innovation-driven development, and actively create a policy environment conducive to technological innovation, co-ordinate resources and strength to enterprises as the main body, combining production and research, collaborative research to point to the surface, the overall advance, as soon as possible in the core technology breakthrough. Attention to software security, accelerate the application of secure and credible products. The development of network infrastructure, rich network space information content. The implementation of “Internet +” action, vigorously develop the network economy. The implementation of national large data strategy, the establishment of large data security management system to support large data, cloud computing and other new generation of information technology innovation and application. Optimize the market environment, encourage network security enterprises bigger and stronger, to protect the national network security and consolidate the industrial base.

Establish and improve the national network security technology support system. Strengthening the basic theory and major problems of network security. Strengthen the network security standardization and certification work, more use of standard norms cyberspace behavior. Do a good job of level protection, risk assessment, vulnerability discovery and other basic work, improve the network security monitoring and early warning and network security emergency response mechanism.

The implementation of network security personnel projects, strengthen the network security professional construction, build first-class network security college and innovation park, the formation of personnel training and innovation and entrepreneurship of the ecological environment. Run the network security publicity week activities, vigorously carry out the national network security publicity and education. Promote the network security education into the teaching materials, into the school, into the classroom, improve the network media literacy, enhance the whole society network security awareness and protection skills, improve the network of Internet users harmful information, network fraud and other illegal and criminal activities identification and resistance.

(8) to enhance the ability of network space protection

Cyberspace is the new territory of national sovereignty. Construction and international status commensurate with the network power to adapt to the network space protection, and vigorously develop the network security and defense means to detect and resist the network invasion, casting and maintenance of national network security strong backing.

(9) to strengthen international cooperation in cyberspace

On the basis of mutual respect and mutual trust, strengthen cooperation in international cyberspace dialogue and promote the transformation of the global governance system of the Internet. Deepen cooperation with the bilateral and multilateral network security dialogue and information communication, effective control of differences, and actively participate in global and regional organizations, network security cooperation, to promote the Internet address, root domain name servers and other basic resource management internationalization.

Support the United Nations to play a leading role in promoting the development of international agreements on cyberspace, international cyberspace international anti-terrorism conventions, and sound legal mechanisms to combat cybercrime, deepening policy and legal, technical innovation, standards, emergency response, critical information infrastructure Protection and other fields of international cooperation.

Strengthen support for assistance in the development of Internet technologies and infrastructure in developing and backward regions, and strive to bridge the digital divide. To promote “along the way” building, improve the level of international communication interoperability, smooth information Silk Road. To build the World Internet Conference and other global Internet sharing system, and jointly promote the healthy development of the Internet. We will build a multilateral, democratic and transparent international Internet governance system through active and effective international cooperation to build a peaceful, safe, open, cooperative and orderly cyberspace.

Original Mandarin Chinese:
















































































Original Source: http://politics.people.com.cn/n1/2016/1227/c1001-28980829.html


A Summary of China ‘s Internet Security Situation in China in 2016 // 2016年中國中國互聯網安全形勢總結

A Summary of China ‘s Internet Security Situation in China in 2016


19 APRIL 2017 BEIJING, People’s Republic of China

April 19, the National Computer Network Emergency Technology Processing Coordination Center (referred to as “National Internet Emergency Response Center”, the English referred to as “CNCERT”) released “China’s Internet security situation in 2016,” a review of China’s Internet macro security situation monitoring On the basis of the combination of network security warning and emergency response work, the paper focuses on analyzing and summarizing the Internet security situation of China in 2016 and predicting the hotspot of network security in 2017.

Analysis of Internet Security Monitoring Data in China in 2016

CNCs continued to monitor the macroeconomic situation of China’s cybersecurity. In 2016, the number of mobile Internet malicious programs was captured, the number of backdoor attacks and the number of security vulnerabilities were increased compared with 2015, and the number of Trojans and botnets was denied. Quantity, phishing and page tampering the number of pages have declined.

According to the sampling monitoring, about 70,000 Trojans and botnet control servers in 2016 control 1699 million hosts in our country, the number of control servers decreased by 8.0% compared with 2015, the number of domestic infection host decreased by 14.1% compared with 2015. The Among them, about 48,000 from outside the control server control of China’s 1499 million units in the host, from the United States the number of control servers in the first place, followed by Hong Kong, China and Japan.

In the botnet found in the detection of malicious programs and the formation of botnets, the size of more than 100 hosts in the number of botnets 4896, of which the size of more than 100,000 units in the number of botnets 52. According to the quantitative analysis of the distribution of Trojans and botnets in China, the top three were Guangdong Province (13.4% of the total number of infections in China), Jiangsu Province (9.2%) and Shandong Province (8.3 %). In order to effectively control the damage caused by the host of Trojans and botnets, in 2016, under the guidance of the Ministry of Industry and Information Technology, under the guidance of “Trojan and botnet monitoring and disposal mechanism”, CNCERT organization basic telecommunications companies, domain name service agencies, etc. successfully closed 1011 Control the larger botnets.

In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor switching, an increase of 39.0% over 2015, and continued to maintain rapid growth in the past seven years. According to their malicious behavior classification, the top three were hooliganism, malicious deductions and tariff consumption class 1, accounting for 61.1%, respectively, 18.2% and 13.6%. CNCERT found that mobile Internet malicious program download links nearly 670,000, an increase of nearly 1.2 times compared with 2015, involving more than 22 million source of the source, IP address of more than 30,000, the number of malicious programs spread to 124 million times.

In 2016, CNCERT focused on the “album” category 2 Andrews and malicious pornographic software with malicious deductions and maliciously disseminated attributes that were spread by SMS and had malicious behavior such as stealing user messages and correspondence, and coordinated work The A total of 47,316 cases of such malicious programs were found in the year, and more than 1.01 million were collected, and 6045 domain names were used to disseminate malicious programs. 7645 malicious mailbox accounts for receiving user’s text messages and contacts were used to receive user text messages Malicious mobile phone number 6616, leaked users SMS and address book mail 222 million, seriously endangering the user’s personal information security and property security. Under the guidance of the Ministry of Industry and Information Technology, according to the “mobile Internet malicious program monitoring and disposal mechanism”, CNCERT organization of e-mail service providers, domain name registrar and other active coordination work to find the malicious mailbox account, malicious domain name, etc. Dispose of.

Second, 2016 China’s Internet security situation

In recent years, with China’s network security laws and regulations, management system of continuous improvement, China’s network security technology strength, personnel, international cooperation, and achieved remarkable results. In 2016, China’s Internet security situation is generally stable, the rapid development of network security industry, network security and protection capabilities have been improved, international cooperation to further strengthen the network security. But with cyberspace strategically

The increasing number of countries, the world’s major countries have set up cyberspace attack capability, the growing national network conflict, China’s cyberspace security challenges facing increasingly complex.

Domain name system security in good condition, anti-attack ability increased significantly. In 2016, China’s domain name service system security in good condition, no major security incidents. According to the sampling monitoring, 2016 years for China’s domain name system traffic scale of more than 1Gpbs DDoS attacks on the daily average of about 32 cases, did not affect the domain name resolution services in China, the basic telecommunications companies have not seriously affected the success rate of analysis Attack events, mainly with the domain name system to strengthen security measures, anti-DDoS attack ability significantly improved related. In June 2016, there were large-scale DDoS attacks against the global root domain name servers and their mirrors. Most of the root domain servers were affected to varying degrees. The domain name mirroring servers in China also suffered large-scale network traffic attacks at the same time. Due to emergency treatment in a timely manner, and the root zone top-level domain cache expiration time is often more than 1 day, the attack did not affect the domain name system network security.

For the industrial control system of network security attacks increasing, many important industrial control system security incidents should pay attention. In 2016, the world occurred more than the major areas of industrial accidents worthy of our country wake up. In August, Kaspersky Security Laboratories exposed the “ghoul” network attack against the industrial sector, which focused on the Middle East and other countries’ Industrial enterprises launched a targeted network intrusion; in December, the Ukrainian power grid once again experienced a power supply failure, according to the analysis of the origin of this malpractice “dark forces” variants.

China’s industrial control system is huge, security vulnerabilities, malicious detection, etc. to our industrial control system to bring some security risks. As of the end of 2016, CNVD included 1036 industrial malpractices, of which 173 were included in 2016, an increase of 38.4% over 2015. Industrial control system mainly exists buffer overflow, lack of access control mechanism, weak password, directory traversal and other loopholes risk. Through the analysis of network traffic, 2016 CNCERT cumulative monitoring to the network of industrial equipment fingerprint detection event more than 880,000 times, and found 60 countries from outside the 1610 IP address of China’s network of industrial equipment for fingerprint detection.

High-level persistent threat normalization, China’s attack is particularly serious threat. As of the end of 2016, domestic enterprises issued a senior Sustainability Threat (APT) study reported a total of 43 APT organizations, including targeted targets for China’s APT organizations have 36 4. From the attack to achieve the point of view, more APT attacks using engineering to achieve, that is, relying on commercial attack platform and the Internet black industry

Chain data and other mature resources to achieve APT attacks. This kind of attack not only reduces the technical and resource threshold of initiating APT attack, but also increases the difficulty of traceability analysis. In 2016, many of the important information system for the implementation of the APT attacks were exposed, including “white elephant action 5”, “Man Linghua attack action”, mainly in China’s education, energy, military and scientific research as the main target The In August 2016, the hacker organization “Shadow Brokers” published the Formula Organization 6 frequently used toolkits, including various firewall exploits, hacking tools and scripts involving Juniper, Flying Tower, Cisco, and Financial letter, Huawei and other manufacturers products. CNCERT released 11 software vulnerabilities (there are four suspected 0day vulnerability) for census analysis and found that the world has about 120,000 IP addresses carrying the relevant products of network equipment, of which China’s IP address of about 33,000, accounting for 27.8% of all IP addresses poses a serious potential threat to cyberspace security in China. In November 2016, the hacker organization “shadow broker” also announced a group has been attacked by the National Security Agency network control and IP address and domain name data, China is the most attacked countries, involving at least nine universities in China, 12 Energy, aviation, telecommunications and other important information systems departments and two government information centers.

A large number of networked smart devices were attacked by malicious programs to form botnets, which were used to initiate large traffic DDoS attacks. In recent years, with the intelligent wearable equipment, intelligent home, intelligent routers and other terminal equipment and network equipment, the rapid development and popularization, for the Internet of intelligent devices, the proportion of network attacks increased, the attackers use the Internet of things intelligent device vulnerabilities Access to device control rights, or other hacker underground transactions for user information data theft, network traffic hijacking, or for controlling the formation of large-scale botnets. CNCERT on-line monitoring of vehicle network security system analysis and found that some car network information service providers and related products, security vulnerabilities can lead to vehicle, location and vehicle owners information disclosure and vehicle remote control and other security risks. At the end of 2016, Mirai malicious programs were widely watched as a result of large-scale off-site events on the east coast of the United States and a large number of users of Deutsche Telekom visited Internet anomalies. Mirai is a typical use of Internet of things intelligent device vulnerabilities to penetrate infiltration to achieve the control of the device malicious code, the number of charged devices accumulated to a certain extent will form a huge “botnet”, known as “Mirai botnet.” And because of Internet of things intelligent devices are generally 24 hours online, infected with malicious programs are not easily perceived by the user, forming a “stable” attack source. CNC inspections of the Mirai botnet show that by the end of 2016, a total of 2526 control servers were deployed to control 125.4 million devices, which posed a serious potential security threat to the stable operation of the Internet. In addition, CNCERT also analyzed the Gafgyt botnet sampling analysis. In the fourth quarter of 2016, a total of 817 control servers were selected to control 425,000 devices, and more than 18,000 DDoS attacks were initiated, with peak traffic 5Gpbs more than 72 times the number of attacks.

Web site data and personal information leak is not uncommon, “derivative disaster” serious. Due to the disappearance of the traditional boundaries of the Internet, all kinds of data spread across the terminal, network, mobile phone and cloud, coupled with the interests of the Internet black industry chain driven by data leakage threats are increasing. In 2016, the domestic and international website data and personal information leakage incidents frequently, the political, economic and social impact gradually deepened, and even personal life safety has also been violated. In the United States, the United States election candidate Hillary’s mail leak, directly affect the US election process; Yahoo two account information disclosure involving about 1.5 billion personal accounts, resulting in US telecom operators Verizon $ 4.8 billion acquisition of Yahoo plans to shelve May even be canceled. In the country, China’s immune planning system network was malicious invasion, 200,000 children’s information was stolen and publicly sold online; information leakage led to frequent fraud cases, college entrance examination information leaks to take away the university students will soon enter the life of Xu Yuyu ; 2016 public security organs were detected more than 1,800 cases of infringement of personal information, seized 30 million pieces of personal information of various types of citizens. In addition, according to the news media reported that Russia, Mexico, Turkey, the Philippines, Syria, Kenya and other countries of the government website data leaked.

Mobile Internet malicious program more profitable, mobile Internet black industry chain has matured. In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor exchange, up 39.0% from 2015 and continued to grow at a high rate in the past six years. Through malware behavior analysis, it was found that the number of applications for fraudulent, malicious deductions, lockdowns and other economic interests was 59.6% of the total number of malicious programs, nearly three times over 2015. From the spread of malicious programs found that fraudulent acts of fraudulent procedures mainly through SMS, advertising and network disk and other specific communication channels to spread, the number of infected users reached 24.93 million, causing significant economic losses. From the attack mode of malicious programs, it is found that the number of malicious programs that steal SMS verification codes is larger than that of SMS, and 10845 samples are obtained in the whole year. It shows the characteristics of simple production, fixed attack mode and huge profits. The mobile Internet industry Mature.

Extortion software raging, a serious threat to local data and intelligent equipment security. According to CNCERT monitoring found in 2016 in the traditional PC side, to capture extortion class malicious program sample of about 19,000, the number of a record high in recent years. Analysis of extortion software attack object found that extortion software has been gradually extended from the individual terminal equipment to business users, especially for high-value target blackmail situation

Heavy. For enterprise users, blackmail software exploits security vulnerabilities to attack, the enterprise database encryption and extortion, the end of 2016 open source MongoDB database was a blackmail software attacks, a large number of users affected. For personal terminal equipment, extortion software malicious behavior in the traditional PC and mobile terminals show obvious different characteristics: in the traditional PC side, mainly through the “encrypted data” to blackmail, that is, the user’s computer file encryption, stress users Purchase the decryption key; on the mobile side, mainly through the “encryption device” to blackmail, that is, remote lock the user mobile devices, so that users can not use the device, and to coerce users to pay the cost of unlocking. However, from the extortion of software transmission point of view, the traditional PC and mobile side show a common, mainly through e-mail, counterfeit normal application, QQ group, network disk, paste it, victims and other spread.

Three, 2017 worthy of attention to the hot spots

According to the analysis of the characteristics of China’s Internet security situation in 2016, CNCERT predicts that the hot spots that are worthy of attention in 2017 are as follows.

(A) cyberspace according to the law of governance more clear. On November 7, 2016, the Twenty-fourth Session of the Standing Committee of the 12th National People’s Congress passed the “Network Security Law” and came into effect on June 1, 2017. The Act has 7 chapters and 79 articles on cyberspace sovereignty, network products and service providers ‘security obligations, network operators’ safety obligations, personal information protection rules, critical information infrastructure security protection systems and important data cross-border transmission rules, etc. Has been clearly defined. It is expected that the departments will pay more attention to the propaganda and interpretation work of the “Network Security Law” in 2017, compile relevant supporting policies and regulations, implement various supporting measures, and make cyberspace according to law more clear.

(B) the use of Internet of things intelligent device network attacks will continue to increase. 2016 CNVD collection of intelligent networking equipment vulnerabilities 1117, mainly related to web cameras, intelligent routers, smart appliances, intelligent gateway and other equipment. The vulnerability type is mainly privilege to bypass, information disclosure, command execution, etc., which weak password (or built-in default password) vulnerability is easy to be used, the actual impact is very extensive, malicious code attack to use an important risk point. With the development of unmanned aerial vehicles, autopilot vehicles, the popularity of smart home appliances and the development of smart cities, the number of vulnerabilities in networked smart devices will increase significantly, and network attacks against or using intelligent networking devices will be more frequent.

(C) the Internet and the traditional industry integration caused by the security threat is more complex. With the deepening of China’s “Internet +” and “Made in China 2025” action plan, almost all traditional industries, traditional applications and services in China are being changed by the Internet, bringing innovation and development opportunities to various industries. In the process of integration innovation and development, the traditional industry closed mode gradually changed to open mode, but also the future of the Internet virtual network security events into real-world security threats. Internet finance, industrial Internet and other emerging industries rapid development, but triggered a new network security threats can not be ignored, the Internet financial integration of information flow and capital flow, the risk of information flow is likely to lead to loss of capital flow; industrial control system more For the intelligent, network, open Internet brings malicious sniffing behavior increased, the risk of malicious attacks continue to increase. Traditional Internet security and real-world security issues intertwined with the security threat is more complex, the consequences are more serious.

(D) personal information and important data protection will be more attention. In recent years, the development of Internet technology is extremely convenient and rich in our lives and work, online shopping, online job search, social platform, government services and other platforms are filled with a large number of personal detailed privacy information. Since 2011, China’s serious personal information on the leak of the event, especially in recent years, the case of network fraud, the victim’s details have been grasped by fraud, to social stability and serious harm. 2013 “Snowdon incident” and the follow-up of the US government has been a large-scale monitoring of the project, to stimulate countries to strengthen the protection of important data measures, strict norms of Internet data collection, use, storage and so on. China in the “Network Security Law” on the personal information protection rules, important data cross-border transmission has been clearly defined, is expected on personal information and important data protection of the detailed regulatory documents will be enacted, and effectively implement the protection measures.

(5) Network security threats Information sharing has attracted the attention of all parties. Timely comprehensive access to and analysis of network security threats, ahead of network security early warning and deployment of emergency response measures, fully embodies a national network security comprehensive defense capabilities. Through the network security threat information sharing, the use of collective knowledge and technical ability, is to achieve a comprehensive grasp of the network security threats an effective way. The United States as early as 1998 in the Clinton administration signed a presidential decree to encourage the government and enterprises to carry out network security information sharing, to the Obama administration is the network security information sharing is written into the government bill. In recent years, China attaches great importance to the work of network security information sharing, in the “Network Security Law” clearly put forward to promote the relevant departments, key information infrastructure operators and the relevant research institutions, network security services and other network security information sharing The However, in the face of complex and multi-dimensional data source information, how to carry out sharing and in-depth analysis efficiently, we need to establish a set of information security standards for network security threats based on large data analysis. At present, many organizations in our country have been engaged in the exploration and practice of information sharing of network security threats. The relevant national standards and industry standards have been formulated. CNCERT has also established a network security threat information sharing platform for sharing in the communication industry and security industry. jobs.

(6) the background of the network disputes will continue to heat up the degree of concern. At present, China’s Internet penetration rate has reached 53.2% 7, the public through the Internet to get the news more and more fast and convenient, people concerned about the global political hot spots are also rising. 2016 US presidential election “mail door” incident, the Russian hacker exposure of the World Anti-Doping Agency scandal, etc., allow netizens to feel organized, purposeful careful network attacks can have a serious impact on the politics of other countries, Will have a national background of the network disputes from the perspective of industry concerns extended to all Internet users. With a large number of countries continue to strengthen the network space military capacity building, there are national background of the network dispute event will be hot, the crisis frequently, the trend of popular discussion will continue to heat up.

(7) based on artificial intelligence network security technology research in full swing. In the third World Internet Conference, “World Internet leading technology results release activities” site, Microsoft, IBM, Google three major international technology giants show machine learning based on artificial intelligence technology, for us to describe a beautiful future of artificial intelligence. At present, the network attack events are endless, the means are complex, the purpose is complex, the shortage of network security personnel is difficult to cope with the rapid changes in the network security situation, and machine learning in the field of data analysis outstanding performance, artificial intelligence is considered in the network security will “Great as”. There are statistical agencies found that the 2016 “network security” and “artificial intelligence” co-appeared in the article the frequency of rapid rise, indicating that more and more discussions will be linked together with the two together. Based on the large data related to network security, artificial intelligence technology such as machine learning can make breakthrough progress in unknown threat discovery, network behavior analysis and network security warning.

Original Mandarin Chinese:

據抽樣監測,2016年約9.7萬個木馬和殭屍網絡控制服務器控制了我國境內1699萬餘台主機,控制服務器數量較2015年下降8.0%,境內感染主機數量較2015年下降了14.1%。 。其中,來自境外的約4.8萬個控制服務器控制了我國境內1499萬餘台主機,來自美國的控制服務器數量居首位,其次是中國香港和日本。
在監測發現的因感染惡意程序而形成的殭屍網絡中,規模在100台主機以上的殭屍網絡數量4896個,其中規模在10萬台以上的殭屍網絡數量52個。從我國境內感染木馬和殭屍網絡主機按地區分佈數量分析來看,排名前三位的分別是廣東省(占我國境內感染數量的13.4%)、江蘇省(佔9.2%)和山東省(佔8.3 %)。為有效控制木馬和殭屍網絡感染主機引發的危害,2016年,在工業和信息化部指導下,根據《木馬和殭屍網絡監測與處置機制》,CNCERT組織基礎電信企業、域名服務機構等成功關閉1011個控制規模較大的殭屍網絡。
2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近7年來持續保持高速增長趨勢。按其惡意行為進行分類,前三位分別是流氓行為類、惡意扣費類和資費消耗類1,佔比分別為61.1%、18.2%和13.6%。 CNCERT發現移動互聯網惡意程序下載鏈接近67萬條,較2015年增長近1.2倍,涉及的傳播源域名22萬餘個、IP地址3萬餘個,惡意程序傳播次數達1.24億次。
近年來,隨著我國網絡安全法律法規、管理制度的不斷完善,我國在網絡安全技術實力、人才隊伍、國際合作等方面取得了明顯的成效。 2016年,我國互聯網網絡安全狀況總體平穩,網絡安全產業快速發展,網絡安全防護能力得到提升,網絡安全國際合作進一步加強。但隨著網絡空間戰略地
域名系統安全狀況良好,防攻擊能力明顯上升。 2016年,我國域名服務系統安全狀況良好,無重大安全事件發生。據抽樣監測,2016年針對我國域名系統的流量規模達1Gpbs以上的DDoS攻擊事件日均約32起,均未對我國域名解析服務造成影響,在基礎電信企業側也未發生嚴重影響解析成功率的攻擊事件,主要與域名系統普遍加強安全防護措施,抗DDoS攻擊能力顯著提升相關。 2016年6月,發生針對全球根域名服務器及其鏡像的大規模DDoS攻擊,大部分根域名服務器受到不同程度的影響,位於我國的域名根鏡像服務器也在同時段遭受大規模網絡流量攻擊。因應急處置及時,且根區頂級域緩存過期時間往往超過1天,此次攻擊未對我國域名系統網絡安全造成影響。
針對工業控制系統的網絡安全攻擊日益增多,多起重要工控系統安全事件應引起重視。 2016年,全球發生的多起工控領域重大事件值得我國警醒。 3月,美國紐約鮑曼水壩的一個小型防洪控制系統遭攻擊;8月,卡巴斯基安全實驗室揭露了針對工控行業的“食屍鬼”網絡攻擊活動,該攻擊主要對中東和其他國家的工業企業發起定向網絡入侵;12月,烏克蘭電網再一次經歷了供電故障,據分析本次故障緣起惡意程序“黑暗勢力”的變種。
鏈數據等成熟資源實現 APT攻擊。這類攻擊不僅降低了發起APT攻擊的技術和資源門檻,而且加大了受害方溯源分析的難度。 2016年,多起針對我國重要信息系統實施的APT攻擊事件被曝光,包括“白象行動5”、“蔓靈花攻擊行動”等,主要以我國教育、能源、軍事和科研領域為主要攻擊目標。 2016年8月,黑客組織“影子經紀人(Shadow Brokers)”公佈了方程式組織6經常使用的工具包,包含各種防火牆的漏洞利用代碼、黑客工具和腳本,涉及Juniper、飛塔、思科、天融信、華為等廠商產品。 CNCERT對公佈的11個產品漏洞(有4個疑似為0day漏洞)進行普查分析,發現全球有約12萬個IP地址承載了相關產品的網絡設備,其中我國境內IP地址有約3.3萬個,佔全部IP地址的27.8%,對我國網絡空間安全造成嚴重的潛在威脅。 2016年11月,黑客組織“影子經紀人”又公佈一組曾受美國國家安全局網絡攻擊與控制的IP地址和域名數據,中國是被攻擊最多的國家,涉及我國至少9所高校,12家能源、航空、電信等重要信息系統部門和2個政府部門信息中心。
大量聯網智能設備遭惡意程序攻擊形成殭屍網絡,被用於發起大流量DDoS攻擊。近年來,隨著智能可穿戴設備、智能家居、智能路由器等終端設備和網絡設備的迅速發展和普及利用,針對物聯網智能設備的網絡攻擊事件比例呈上升趨勢,攻擊者利用物聯網智能設備漏洞可獲取設備控制權限,或用於用戶信息數據竊取、網絡流量劫持等其他黑客地下產業交易,或用於被控制形成大規模殭屍網絡。 CNCERT對車聯網系統安全性進行在線監測分析,發現部分車聯網信息服務商及相關產品存在安全漏洞,可導致車輛、位置及車主信息洩露和車輛被遠程控制等安全風險。 2016年底,因美國東海岸大規模斷網事件和德國電信大量用戶訪問網絡異常事件,Mirai惡意程序受到廣泛關注。 Mirai是一款典型的利用物聯網智能設備漏洞進行入侵滲透以實現對設備控制的惡意代碼,被控設備數量積累到一定程度將形成一個龐大的“殭屍網絡”,稱為“Mirai殭屍網絡”。又因物聯網智能設備普遍是24小時在線,感染惡意程序後也不易被用戶察覺,形成了“穩定”的攻擊源。 CNCERT對Mirai殭屍網絡進行抽樣監測顯示,截至2016年年底,共發現2526台控制服務器控制了125.4萬餘台物聯網智能設備,對互聯網的穩定運行形成了嚴重的潛在安全威脅。此外,CNCERT還對Gafgyt殭屍網絡進行抽樣檢測分析,在2016年第四季度,共發現817台控制服務器控制了42.5萬台物聯網智能設備,累計發起超過1.8萬次的DDoS攻擊,其中峰值流量在5Gpbs以上的攻擊次數高達72次。
網站數據和個人信息洩露屢見不鮮,“衍生災害”嚴重。由於互聯網傳統邊界的消失,各種數據遍布終端、網絡、手機和雲上,加上互聯網黑色產業鏈的利益驅動,數據洩露威脅日益加劇。 2016年,國內外網站數據和個人信息洩露事件頻發,對政治、經濟、社會的影響逐步加深,甚至個人生命安全也受到侵犯。在國外,美國大選候選人希拉里的郵件洩露,直接影響到美國大選的進程;雅虎兩次賬戶信息洩露涉及約15億的個人賬戶,致使美國電信運營商威瑞森48億美元收購雅虎計劃擱置甚至可能取消。在國內,我國免疫規劃系統網絡被惡意入侵,20萬兒童信息被竊取並在網上公開售賣;信息洩露導致精準詐騙案件頻發,高考考生信息洩露間接奪去即將步入大學的女學生徐玉玉的生命;2016年公安機關共偵破侵犯個人信息案件1800餘起,查獲各類公民個人信息300億餘條。此外,據新聞媒體報導,俄羅斯、墨西哥、土耳其、菲律賓、敘利亞、肯尼亞等多個國家政府的網站數據發生了洩漏。
移動互聯網惡意程序趨利性更加明確,移動互聯網黑色產業鏈已經成熟。 2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近6年來持續保持高速增長趨勢。通過惡意程序行為分析發現,以誘騙欺詐、惡意扣費、鎖屏勒索等攫取經濟利益為目的的應用程序驟增,佔惡意程序總數的59.6%,較2015年增長了近三倍。從惡意程序傳播途徑發現,誘騙欺詐行為的惡意程序主要通過短信、廣告和網盤等特定傳播渠道進行傳播,感染用戶數達到2493萬人,造成重大經濟損失。從惡意程序的攻擊模式發現,通過短信方式傳播竊取短信驗證碼的惡意程序數量佔比較大,全年獲得相關樣本10845個,表現出製作簡單、攻擊模式固定、暴利等特點,移動互聯網黑色產業鏈已經成熟。
(一)網絡空間依法治理脈絡更為清晰。 2016年11月7日第十二屆全國人大常委會第二十四次會議表決通過《網絡安全法》,並將於2017年6月1日起施行。該法有7章79條,對網絡空間主權、網絡產品和服務提供者的安全義務、網絡運營者的安全義務、個人信息保護規則、關鍵信息基礎設施安全保護製度和重要數據跨境傳輸規則等進行了明確規定。預計2017年各部門將更加重視《網絡安全法》的宣傳和解讀工作,編制出台相關配套政策法規,落實各項配套措施,網絡空間依法治理脈絡將更為清晰。
(二)利用物聯網智能設備的網絡攻擊事件將繼續增多。 2016年CNVD收錄物聯網智能設備漏洞1117個,

(四)個人信息和重要數據保護將更受重視。近年來,互聯網技術的發展極大的方便和豐富了我們的生活和工作,網上購物、網上求職、社交平台、政府服務等平台上充斥著大量的個人詳細隱私信息。自2011年以來我國關於嚴重個人信息洩露的事件不絕於耳,特別是近年來的網絡詐騙案件中,受害人的詳細信息都被詐騙分子所掌握,給社會安定帶來嚴重危害。 2013年 “斯諾登事件”及後續相繼爆出的美國政府大範圍監聽項目,刺激著各國加強重要數據的保護措施,嚴格規範互聯網數據的收集、使用、存儲等。我國在《網絡安全法》中對個人信息保護規則、重要數據跨境傳輸進行了明確規定,預計關於個人信息和重要數據信息保護的詳細規範性文件將製定出台,切實落實保護措施。
(六)有國家背景的網絡爭端受關注度將繼續升溫。目前,我國互聯網普及率已經達到53.2%7,民眾通過互聯網獲得的新聞資訊越來越快捷方便,民眾關注全球政治熱點的熱度也不斷高漲。 2016年美國總統大選“郵件門”事件、俄羅斯黑客曝光世界反興奮劑機構醜聞事件等,都讓網民真切感受到有組織、有目的的一場縝密的網絡攻擊可以對他國政治產生嚴重的影響,將有國家背景的網絡爭端從行業領域關注視角延伸到了全體網民。隨著大量的國家不斷強化網絡空間軍事能力建設,有國家背景的網絡爭端事件將會熱點不斷、危機頻出,全民討論的趨勢將會持續升溫。

中國軍事戰雲 ~ Chinese Military Use of the Battle Cloud

中國軍事戰雲 ~ Chinese Military Use of the Battle Cloud

“Cloud” is a metaphor of the network, the Internet, “cloud concept” is one of the hottest high-tech concept in recent years, its Internet, efficient, shared and other characteristics, not only profound impact and change our lives, Is also promoting major changes in the military field. In 2013, the US Air Force for the first time the “cloud concept” into the field of operations, put forward the “operational cloud” concept, and quickly get the US Department of Defense, Navy and other military recognition, and gradually become the US military response to the 21st century, a new information war Strategy.

Why –

Intended to build the new US military superiority

In the 21st century, the US military has launched a number of wars in Afghanistan, Iraq, Libya and Syria in the name of anti-terrorism and the suppression of the proliferation of weapons of mass destruction. Every time the war is almost entirely dominated by powerful information and firepower, Quickly won the war. But the US military has a clear sense of this: the above war a few US military did not encounter a truly strong opponent, the war in the United States to grasp the absolute air power and the right to information under the low confrontation environment, the future if the loss of absolute space and information advantages , The US military will be difficult to maintain control of the battlefield. The US military believes that if you want to maintain a sustained battlefield advantage in future wars, facing an unprecedented “threat and challenge”:

Rival strong “anti-entry / regional denial” threat. The US military believes that its information in previous local wars, the advantages of firepower, mainly rely on a strong space-based information systems, large-scale maritime combat platform, joint command and control center, etc., and in the “opponents into the area and the ability to continue Enhance the “background, especially in the face of a large number of” precision-guided long-range cruise missiles and ballistic missiles “threat, these traditional strengths and the strength of the US military to rely on these forces formed by the combat style” will not be renewed, “” opponents Can be a small number of key nodes through the attack quickly paralyzed US military combat power system.

The Challenges of Advanced Combat Weapons and Backward Combat. In the new century, after a large number of equipment F-22 advanced stealth fighters, the US military has ushered in F-35 fighters, DDG-1000 missile destroyers, Ford-class aircraft carrier and other highly informative weapons and equipment. But the appearance of the US military command and control, but also remain in the 2003 “free Iraq” action, highly dependent on satellite, early warning aircraft and other core equipment platform “network-centric war” era. Former US Air Force Secretary Mike Wayne exclaimed: “Just as the use of the 20th century mechanized forces in the First World War was fighting in the 19th century, we now have the danger of fighting in the twentieth century in the twentieth century. “The US military in urgent need of new operational theory to activate the new information technology equipment combat potential,” to regain the US military and rival superiority. ”

Combat power to maintain the challenges with the defense budget tightening. In the United States “financial crisis” “debt crisis” and “national security needs continue to grow” and other factors, the US military arms are also caught in financial dilemma. In the same report, the US Air Force is mainly from the old A-10, F-15/16, B-1, B-1, the first deputy chief of staff, 52 aircraft and B-2 and a small number of F-22, F-35, not enough to meet the opponent’s “anti-entry and regional denial” capabilities, and called to “change strategy” to deal with “available for defense resources The proportion of decline “challenge.

These “threats and challenges” that the US military consider themselves are the context of the concept of “operational cloud”.

Core concept –

To achieve a variety of platforms cross-domain joint operations

In the face of these new “threats and challenges”, in January 2013, the US Air Force Air Combat Command Commander Michael Ostić first proposed the “operational cloud” concept program. In 2014, David de Putura on its basis, the “operational cloud” concept of a comprehensive program, pointed out: “similar to the way cloud computing, ‘combat cloud’ is a kind of military air force use Decentralized air combat, in the evolution of the data chain, anti-jamming communication systems and new targeting tools to support the realization of the air, ground, sea and space field information sharing capabilities jump, and thus maximize the stealth aircraft, accurate Combat weapons, advanced command and control systems, and the combined use of unmanned systems to create large, modular and flexible combat capabilities to ensure that enemies’ attacks on single combat units will not paralyze US operations.

In the same year, the United States “Aviation Week” released a “operational cloud” concept map, described by the orbital space reconnaissance / communications / navigation satellites, airborne early warning aircraft, F-15/16 fighter, maritime aviation battle group, and in-depth integrated air defense system F-22/35 stealth fighter, RQ-180 unmanned reconnaissance aircraft, new long-range bomber (LRS-B) and other multi-dimensional combat unit, jointly build the “air superiority cloud” development prospects, more clearly show the US military “combat Cloud “concept of the whole picture.

From the above US military interpretation and description of the concept of “operational cloud”, we can roughly analyze the characteristics of the US military “operational cloud” and its basic ideas to deal with “threats and challenges”

Battlefield information cross – domain integration. “Combat cloud” relying on “evolving data link, anti-jamming communication system” and other advanced battlefield information network, and “new targeting tool” and other new battlefield sensor system, large data and cloud computing and other information network technology support , Will be widely distributed in space, near the space, air, ground, sea and underwater combat platform of the battlefield intelligence information integration, and real-time seamless operation in the various areas of the platform on-demand distribution. “Combat cloud” formed by the “information sharing capabilities”, both to ensure that the US military on the battlefield on demand is highly transparent, but also to avoid the “anti-entry / regional denial” ability of opponents, its space-based information system , Large-scale maritime combat platform, joint command and control center and other key information nodes “break a little, paralysis of a” situation. The US military envisages that in the “battle cloud” system, the absence of any one or more battlefield nodes will not decisively influence the sharing and distribution of information on the unity of its battlefield.

Group strength distribution operations. With the traditional combat forces of the air forces according to the platform attribute classification allocation, according to the administrative means of combining different ways, “combat cloud” through the “continuous evolution of the data chain, anti-jamming communication system”, the arms of the air force to ” Decentralized air combat form “, according to real-time task requirements, online optimization configuration combination, the formation of” modular “group strength. Each group of forces in a highly integrated cross-domain integration of information support, through the “operational cloud” system of efficient scheduling and control, distribution operations. This group of forces distribution mode of operation, not only inherited the “network-centric war” to obtain the advantages of information, and further developed from the information to the fire distribution, target damage transformation advantages, significantly reduced the combat ” – Review “cycle chain, comprehensively enhance the combat effectiveness of US military information equipment.

Cross – platform platform synergies. Through the “battle cloud” battlefield information cross-domain integration capabilities, three generations of four generations of combat platform to gain dive into the enemy of the five generations of stealth combat platform, unmanned combat platform target information, to achieve an effective blow to the depth of the battlefield; But also to get three generations of four generations of combat platform for long-range fire support, to make up for their own lack of volatility. “Combat cloud” of this inter-generation platform synergies, is considered the US military to deal with “power and financial dilemma” an important means. In September 2014, the outgoing Michael Ostić at the annual meeting of the American Air Force Association made it clear that the US Air Force did not have enough budget to form a full five fleet, to fulfill the role of the Air Force, the highest priority The task is to achieve the “four generations and five generations” of information fusion, collaborative operations.

Development status –

Is changing from concept to actual action

As soon as possible to the “operational cloud” concept program into a practical state, in the United States Department of Defense co-ordination and traction, the US military arms and arms are in line with their own military functions and equipment characteristics, to promote their own “combat cloud” project construction and experiment verification.

Ministry of Defense steadily traction “cloud” infrastructure and conceptual improvement. As early as 2009, the US Department of Defense proposed a concept of data sharing at sea, air and space, and tried to apply the increasingly sophisticated Internet technology to tactical intelligence. In July 2012, the US Department of Defense Chief Information Officer signed the “Ministry of Defense cloud computing strategy” to the military strategy in the form of advancing the process, and continued to carry out “cloud” related storage facilities, computing platform and software services. At present, the US Department of Defense has identified this concept as a “war cloud”, and from the arms and arms, industrial sector and academia deployed personnel, work together to create a perfect “combat cloud” concept program, the ultimate goal is to form an arch Data network, expansion and upgrading of the existing “global information grid” to achieve the maritime warships, combat aircraft, space satellite real-time data sharing.

Each army and arms competing to carry out “combat cloud” project construction. The Air Force is the pioneer of the concept of “operational cloud”, which argues that the key to achieving the “operational cloud” is information fusion and the focus of the “Sky Advantage Cloud” on F-15/16 and F-22/35 Five generations of information on the exchange of information. In 2014, the “Multi-Domain Adaptive System (MAPS) Program” was launched to attempt to integrate the F16-16 Link16 data link, the F-22 IFDL data link, and the F-35’s MADL data link to achieve battlefield data Real-time exchange. US Navy also through the “Naval Integrated Fire Control and Air Defense (NIFC-CA) program” to achieve its use of air E-2D early warning aircraft or sea “Aegis” ship and other combat platforms for the F / A-18E / F and F- 35C and other carrier-based aircraft and the “standard” series of ship-to-air missiles to provide targeted information, and even command the future of the sixth generation F / A-XX multi-purpose fighter aircraft to launch weapons vision. Although the Navy project is not called “combat cloud” due to military interests, the project emphasizes multi-platform information cross-domain integration has a typical “cloud” features. In addition, the US Marine Corps also launched the implementation of its “expeditionary combat sea tactical cloud” project construction.

“Combat cloud” combat mode test verification has been in full swing. September 23, 2014, the US Air Force F-22 for the first time led the joint air raid fleet, the Syrian territory of the “Islamic countries” extreme organizational goals of air strikes. After the completion of the task, when the US Air Operations Commander Mike Hustage in an interview with “defense headlines”, said, “generally believed that stealth is a symbol of the five generations of machines, in fact, the focus is on ‘integration’,” Fusion “makes the F-22 fundamentally different from other platforms,” ​​”Fusion” is the fundamental feature of the five generations of machines, “” Five generations of machines in front of reconnaissance detection targets, and then let four generations of machines in the area to fight it, you must have ‘combat Cloud ‘, which has the ability to transfer data back and forth. ” The position, but also directly proved that the US Air Force is actively against the “combat cloud” combat mode to carry out actual test verification.

(Author: Air Force Military Theory Institute)

Edit comments

Jump on the “cloud” end of the wind and thunder


When we shop online, the website will be based on the previous shopping records to determine our purchase preferences, push a lot of commodity information; when we browse the news, the software will be based on our reading habits, “good” Directional push content topic … … these phenomena are that we have come to a cloud computing era.

“Combat cloud” reason to enter our topic vision, not only because it frequently appeared in the latest US combat theory, everywhere revealed against the “system of combat” thinking, more importantly, it represents the US military cloud computing used in the field of military the latest achievements, reflecting the US military use of scientific and technological achievements to maximize the effectiveness of combat a train of thought.

Like many high-tech, cloud computing first appeared in the commercial field. In August 2006, Google CEO Eric Schmidt first proposed the “cloud computing” concept. Soon, the US military on this new technology showed a strong interest. In 2008, the US Department of Defense and Hewlett-Packard Company to establish a cloud computing infrastructure. Then, the United States air, sea, land and other military services are signed with commercial companies related to cloud computing systems. The US military’s passion for cloud computing has a strong background in the field of information technology, but it also reflects their keen sense of smell and rapid transformation of the latest cutting-edge technology.

In attending the plenary session of the PLA delegation at the Second Session of the 12th National People’s Congress, the Chairman stressed that “it is necessary to take the initiative to discover, cultivate and use the cutting-edge technology that can serve the national defense and army building to capture the potential growth point of military capability development”. Obviously, to promote the field of cloud computing military and civilian collaboration innovation, we are promising. Because, compared to the United States and other developed countries in the field of cloud computing development, China is not backward, some domestic companies have a more mature use of experience. The key is how to combine our military reality, to achieve the transformation of cloud computing technology in the military field.

Of course, we develop the use of cloud computing technology, we must learn from the experience of foreign troops, but not step by step also cloning. The practice of the US military is only to provide a model used. In the era of information revolution boom, through the core key technological breakthrough is possible to achieve “corner overtaking”. Dare to hit the water flow, Fang Xian hero character.

Original Mandarin Chinese:

“雲”是對網絡、互聯網的一種比喻說法,“雲概念”則是近年來最火的高科技概念之一,其互聯、高效、共享等特質,不但深刻影響和改變著我們的生活,也正在推動軍事領域的重大變革。 2013年,美空軍首次將“雲概念”引入作戰領域,提出“作戰雲”概念,並迅速得到美國防部、海軍及其他軍種的認可,逐漸成為美軍應對21世紀下一場信息化戰爭的新方略。





先進作戰武器與落後作戰方式的挑戰。進入新世紀,在大量裝備F-22先進隱身戰機後,美軍又先後迎來F-35戰機、DDG-1000導彈驅逐艦、福特級航母等高度信息化武器裝備。但綜觀美軍的作戰指揮與控制,還停留在2003年“自由伊拉克”行動時,高度依賴衛星、預警機等核心裝備平台的“網絡中心戰”時代。美國前空軍部長麥克·韋恩就驚呼:“正如第一次世界大戰使用20世紀的機械化部隊卻在以19世紀的方式作戰,我們現在同樣存在以20世紀的方式在21世紀作戰的危險。 ”美軍急需新的作戰理論來激活新型信息化裝備的作戰潛能,“重拾美​​軍與對手的跨代優勢”。

作戰力量保持與國防預算緊縮的挑戰。在美國“金融危機”“債務危機”和“國家安全需求不斷增長”等多重因素影響下,美軍各軍兵種也陷入財政窘境。美空軍前情報主管、第一副參謀長大衛·德普圖拉在一份報告中指出,目前美軍空中力量主要由老舊的A-10、F-15/16、B-1、B- 52飛機和B-2以及少量的F-22、F-35組成,不足以應對21世紀對手的“反進入與區域拒止”能力,並呼籲要“改變方略”以應對“可用於國防的資源比重下降”的挑戰。




面對這些新的“威脅和挑戰”,2013年1月,美空軍空中作戰司令部司令邁克爾·奧斯蒂奇首次提出“作戰雲”概念方案。 2014年,大衛·德普圖拉在其基礎上,對“作戰雲”概念方案進行了全面闡述,指出:“類似於雲計算的方式,’作戰雲’是一種各軍種的空中力量採用分散的空中作戰形式,在不斷進化的數據鏈、抗干擾通信系統和新的瞄準工具等支持下,實現空中、地面、海上和太空領域信息共享能力的躍升,進而最大程度地發揮隱身飛機、精確打擊武器、先進指揮與控制系統以及有人與無人系統結合的優勢,創造出規模化、模塊化的靈活作戰能力,並以此確保敵人對單一作戰單元的攻擊不會癱瘓美軍的作戰行動。”



戰場信息跨域融合。 “作戰雲”依托“不斷進化的數據鏈、抗干擾通信系統”等先進的戰場信息網絡,和“新的瞄準工具”等新型戰場傳感系統,在大數據和雲計算等信息網絡技術的支撐下,將廣泛分佈於太空、臨近空間、空中、地面、海上和水下各域作戰平台的戰場情報信息一體融合,並實時無縫地在各域作戰平台按需分發。 “作戰雲”所形成的這種“信息共享能力”,既保證了美軍對戰場的按需高度透明,同時也避免了具備“反進入/區域拒止”能力的對手,對其天基信息系統、大型海上作戰平台、聯合指揮控制中心等關鍵信息節點“破一點、癱一片”的局面。美軍設想,在“作戰雲”體系中,任何一個和多個戰場節點的缺失,都不會決定性地影響其戰場統一態勢信息的共享和分發。


跨代平台協同增效。通過“作戰雲”的戰場信息跨域融合能力,三代四代作戰平台能夠獲得潛入敵縱深的五代隱身作戰平台、無人作戰平台的目標指示信息,實現對縱深戰場的有效打擊;五代隱身作戰平台也能夠獲得三代四代作戰平台的遠程火力支援,彌補自身載彈量不足的劣勢。 “作戰雲”的這種跨代平台協同增效,被認為是美軍應對“力量與財務困局”的重要手段。 2014年9月,即將離任的邁克爾·奧斯蒂奇在美國空軍協會年會上明確表示,美國空軍沒有足夠的預算來組建一支全五代機隊,要履行好空軍的職能,最優先的任務是實現“四代與五代”的信息融合、協同作戰。




國防部穩步牽引“雲”基礎建設和概念完善。早在2009年,美國防部就提出了覆蓋海上、空中、太空的數據共享概念,嘗試將日益成熟的互聯網技術應用到戰術情報領域。 2012年7月,美國防部首席信息官簽署了《國防部雲計算戰略》,以軍隊戰略的形式推進這一進程,並持續穩步開展“雲”相關的存儲設施、計算平台和軟件服務建設。目前,美國防部已將這一概念確定為“作戰雲”,並分別從各軍兵種、工業部門和學術界抽調人員,共同著力塑造完善“作戰雲”概念方案,最終目標是要形成一個拱形數據網絡,擴展升級現有“全球信息柵格”,實現海上戰艦、作戰飛機、空間衛星的實時數據共享。

各軍兵種爭相開展“作戰雲”項目建設。美空軍是“作戰雲”概念的先行者,其認為實現“作戰雲”的關鍵是信息融合,並將“空中優勢雲”的重點放在F-15/16等四代機與F-22/35五代機的信息互通上。 2014年啟動了“多域自適應系統(MAPS)計劃”,企圖將F-15/16的Link16數據鏈、F-22的IFDL數據鏈、F-35的MADL數據鏈有機融合,實現戰場數據的實時交換。美海軍也在通過“海軍綜合火控與防空(NIFC-CA)計劃”,實現其用空中E-2D預警機或海上“宙斯盾”艦等作戰平台,為F/A-18E/F和F- 35C等艦載機及“標準”系列艦空導彈提供瞄准信息,甚至指揮未來第六代F/A-XX多用途戰鬥機發射武器的願景。雖然由於軍種利益,海軍項目並不叫“作戰雲”,但其項目強調的多平台信息跨域融合具有典型的“雲”特徵。此外,美海軍陸戰隊也啟動實施了其“遠征作戰海上戰術雲”項目建設。

“作戰雲”作戰模式檢驗驗證已經全面展開。 2014年9月23日,美空軍F-22首次率領聯合空襲機群,對敘利亞境內的“伊斯蘭國”極端組織目標實施空襲作戰。任務完成後,時任美軍空中作戰司令部司令麥克·侯斯塔奇在接受《防務頭條》採訪時,表示“一般認為隱身是五代機的標誌,其實不然,重點在於’融合’”,“’融合’使得F-22與其他平台根本不同”,“’融合’是五代機的根本特徵”,“五代機在前方偵察探測目標,然後讓四代機在防區外打擊它,你必須擁有’作戰雲’,其擁有將數據來回傳輸的能力”。這次表態,也直接證明了美空軍正在積極針對“作戰雲”作戰模式開展實戰性檢驗驗證。






像很多高新技術一樣,雲計算最早出現在民用商業領域。 2006年8月,谷歌首席執行官埃里克·施密特首次提出“雲計算”概念。很快,美軍就對這種新技術表現出濃厚興趣。 2008年,美國防部與惠普公司合作建立了一個雲計算基礎設施。緊接著,美國空、海、陸等各軍種都與商業公司簽約設計相關雲計算系統。美軍對雲計算技術的熱情擁抱,有其在信息技術領域處於領先地位的大背景,但同時也反映了他們對最新前沿科技的敏銳嗅覺以及迅速的轉化運用能力。



Original Source:

2017年03月21日09:52  来源:解放军报

中國浅析伊拉克战争中美军网络中心战 ~ China Analysis of Analysis of the US Central Command Network War During Iraq War

China Analysis of Analysis of the US Central Command Network War During Iraq War



The network center war was first proposed by the US Navy in 1997, initially reflected in the war in Afghanistan, it is the core of the future of US military joint operations.

As early as 1997, the Navy put forward the concept of network-centric warfare. In 2001, the Pentagon upgraded it into the war form of the information age. In 2002, the Bush administration regarded the network center warfare capability as the focus of the military transformation and the core of the future joint operations. In view of the network center war in the war in Afghanistan in the initial results, the US military in the Iraq war to further test the new concept of combat.

· Construction of the US military network centric warfare architecture

in the Iraq war, the US military stressed that network-centric warfare, and the prominence of the role of information, with an agile and efficient digital network structure information gathering, command and control and communications, firepower three systems integration, Shortened the time from the detection of the target, the formation of operational instructions to combat the destruction of the target. The networked combat structure can improve the level of information sharing, enhance situational awareness, speed up command and decision speed, achieve combat coordination, enhance the lethality, viability and responsiveness, thus greatly improving the combat effectiveness and shorten the war process. Figure 1 and Figure 2 show the network structure of the US military network structure and three-tier network structure diagram.

Full-dimensional detection network to seize the information advantage is to give full play to the network center war the first condition. The US military used almost all high-tech means of detection, the establishment of the days, air, sea and land integration of full-dimensional detection network. In addition to the outer space constitutes a huge satellite surveillance network, the air at the same time there are low altitude, hollow, high altitude three reconnaissance aircraft on the Iraqi military positions to scan, the ground also deployed a large number of sensors. It is with the full-dimensional detection network, the US military captured the asymmetric information advantage, and its conversion into asymmetric firepower advantage, arbitrary implementation of the long-range strike, not only makes the Iraqi air force can not fight, ground forces are not large-scale assembly , In a passive position. <A I = 5> flexible allegations In the Gulf War, the message in the chain after a few hours or days after the transfer, the commander to issue an attack command, so the US military even through the reconnaissance found a mobile missile launcher, can not Timely strike. In this Iraq war, the US military used a flexible allegation network to effectively integrate the allegation system, greatly reducing the combat preparation time. Through the network, the commander can at the same time with the subordinate forces at all levels to contact, while commanding scattered in the regional combat forces, the formation of the overall force.

Efficient combat network At present, the US military services are more than half of the equipment to achieve the information, these information equipment on the battlefield constitutes an interconnected, interoperable network environment, different services, deployed in different spaces of various weapons platforms and fire units Equivalent to a node in the network, you can exchange the battlefield information in a timely manner, indicating the target, in accordance with the unified fire plan to implement precision strike, more effective performance. In this battle, DDG-75 “Aegis” destroyers for the “Patriot” missiles to provide early warning information, the platform through the network to achieve an example of interoperability.

In the Iraq war, the US military with the network structure for the first time to achieve a real sense of the land, sea, air and marines combat operations. Soon after the war, the US military to effectively implement the space cooperation, air force in the use of precision guided weapons to combat the implementation of the enemy at the same time, the ground forces to provide effective close support.   Enhanced one-way transparency and situational awareness Since the war, the US military to use the most advanced and most powerful network technology, access to transparent and sustained battlefield charts. US Joint Operations Center is located in Qatar, is the command of the nerve center of war against Iraq. A variety of information after nearly 700 intelligence officers of the analysis, sent to the highest commander on the screen, six display battlefield information on a few minutes to update. Through the display can watch the battlefield situation, such as the movement of Iraqi tanks, deployed in Baghdad’s commando and in the flight section of the “Tomahawk” cruise missiles. <A I = 10> Realize the battlefield real-time Gulf War, the US air raid from the discovery to attack target takes 3 days, if the temporary target is difficult to adjust the air raid plan. In the Kosovo war, this time is shortened to 2h, making a considerable part of the air raid mission can be re-adjusted after the plane lift. Afghanistan war time to further shorten to 19min, the attack real-time greatly improved. In this war, this time control in 10min. The high-speed digital network system enables the US military to make faster and more responsive responses to the rapid changes in the battlefield, and to command and control the coordination of arms and operations efficiently and efficiently, which greatly improves the ability to respond quickly to changes in operational plans.

Try the effect-based operations and fast decisive combat Unlike the Gulf War, the US war in Iraq warn of information warfare using information-based weapons, not only to ensure victory, but also to achieve rapid decisive combat. To this end, the US military rely on the network of combat structure, the pursuit of effect-based operations, the target to combat more selective and targeted. US military straight to the goal of two: First, Saddam Hussein and other senior officials and the main defenders, “beheading action” from beginning to end throughout the war; the second is the Iraqi capital Baghdad, the US military did not like the traditional city war as the first to seize And occupation of the suburbs, and then step by step, layers of advance, but the first to capture the city’s strategic location.

Quickly hit time sensitive targets When time-sensitive targets appear on the battlefield, the time-sensitive targeting team within the Joint Air Combat Center of the Saudi Air Force Base will be able to identify the target in just a few minutes and determine the best attack. On 20 March, two mobile missile launchers in Iraq launched the “Abubel” -100 missile in Kuwaiti territory, which was discovered by the US airborne reconnaissance plane at a temporary US Air Force Base at 40 km from the launch site To fly the aircraft combat mission, the aircraft took off after the bombing of the missile launch vehicle bombing.

The first test of the digitalization of the United States after the Gulf War put forward the “digital network as the center of the war” concept, and at the end of the last century put forward the “digital battlefield and digital forces” concept. In 2001, the fourth machine division became the world’s first digital division, it can share the location and target information, has a unique battlefield access to tactical Internet capabilities, but has not yet been tested. April 13, the US military step 4 division vanguard arrived in Ticritt, to accept the actual test. <A (FBCB2)

The basic components of the system include the computer hardware / software, GPS receiver and communication interface, the main function is the main function of the system is the core of the war, To the commander, squad and individual show enemy position, send and receive combat command and logistical data, improve the battlefield situational awareness, target recognition. FBCB2 can provide e-mail service, connected with the Army’s high-level tactical communications system, allowing combatants to send a large number of news and digital reconnaissance reports to field commanders.

Tactical Internet Tactics The Internet is made up of three main tactical communications systems, namely, airborne radio systems, enhanced location reporting systems and mobile user equipment, including radio, communications satellites, mobile phones, fiber optic cables and switching facilities. Tactical Internet enables seamless connectivity between tactical users, voice, data, image and real-time video transmission, support for text, network management and security, and e-mail services, delivering fast and accurate information and instructions to each Combat unit.

“Global Command and Control System” (GCCS-J) to support the war against Iraq, the US military pre-war with the latest version of GCCS-J6. 0 The global command and control system enhances the intelligence capabilities so that the data from the common operations map can be better synchronized. GCCS-J combines the command and control systems of all arms and arms and correlates the data of unmanned aerial vehicles, terrestrial and satellite sensors to the integrated image and intelligence system, which can assist the commander in analyzing operational intelligence data, Generate target data and plan tasks.   ”Can be deployed joint command and control system” (DJCCS) In this war, the US military for the first time using the DJCCS. The system is a computer information sharing platform, with a video conference, Internet and send and receive e-mail function, the battlefield commander in the state of movement in an unprecedented way to monitor the progress of action, keep abreast of the arms and operations of the situation, the timely release of combat orders.

JFN is a network-centric combat system for the US Navy, consisting of the TES, the Global Command and Control System (GCCS) and the Joint Operations Image Processing System, (JSIPS) to provide real-time information interaction, sensor control, target generation, mission planning and combat damage assessment capabilities, can identify and attack target time from a few hours to 10nin, to combat time-sensitive targets. TES allows the theater command center to receive target information directly from the wu1 man-machine or U-2 reconnaissance platform, and the pilots of the attack aircraft can receive the target indication data from the theater command center. GCCS provides the commander with a command and control network to issue target attack orders. JSIPS for data processing. In the future, JFN will be able to process intelligence data into targeted data more quickly, to achieve the goal of moving all people in the network, sharing common operational charts and requesting fire support.

“Tactical Input System” (TIS) TIS has been installed on the “Nimitz” aircraft carrier, and is expected to deploy to other US Navy aircraft carrier and the main amphibious ship. The system can receive digital images via terrestrial and sea-based airborne sensor platform radio lines, including optoelectronic, infrared and synthetic aperture radar images. Navy intelligence personnel can click on the interface to analyze the image, get important information, mark the potential target. TIS gives the US Navy a complete, end-to-end electronic image that greatly enhances the ability to collect, identify and target targets throughout the battlefield, reducing sensor-to-shooter time. <A (CEC) system April 7, equipped with CEC system, the US Navy “Nimitz” aircraft carrier into the designated waters, which is the first time the actual deployment of the system. CEC system is mainly composed of data distribution system and collaborative combat processor, is a network center war concept more mature a system, will make the sea air defense combat revolution, it will be aircraft carrier battle group formation in the platform (including ships and early warning aircraft ) The target detection system, the command and control system and the weapon system are organically linked to allow the platform to share all the data acquired by the various detection devices in the formation with a very short delay, so that the combat system breaks through the single ship, Within the realization of integration.

Tactical data information chain In the network center war, the tactical data information chain is one of the important means for the US military and allied forces to realize the information superiority, mainly including Link-16 and Link-11. Link-16 can transmit all kinds of tactical data information between command and control system and aircraft, missile and other weapons system platform and between combat units, effectively connect information source, accusation center and weapon system platform to realize battlefield resource sharing. The tactical data information chain using time division multiple access technology, with relative navigation and anti-jamming capability to relay the way of communication, the working frequency band 960MHz-1215MHz, the data rate of 115.2lkbps-238kbps. Link-11 operates at high frequency / UHF band, data rate is 1.8kbps, can be used for real-time exchange of early warning information, air / ground / underwater target data, control instructions and the status of the unit weapons, and has a certain degree of confidentiality , The entire network under the control of the network control station network communication, the use of master-slave polling, can be over-the-horizon transmission.

The analysis of the characteristics of the US military development network center war shows that the concept of network-centric warfare has gradually become a new form of combat for the US military in the 21st century. In the development and application of network-centric warfare concept, the US military showed the following characteristics:

In the Iraq war, the US military uses a variety of detection and communication means to make the entire battlefield transparent, from beginning to end are information-led. This shows that in the future war who can have the advantage in the detection and communication, to seize the right to information, who will be able to achieve greater battlefield initiative.

Pay attention to the digitalization of weapons and equipment, information construction Digital is the basis of network-based warfare, is expected to US military services in 2010-2020 to achieve full digital. Weapon and equipment information is to achieve the network as the center of the joint operations of the core, the US military will be further in the world to take the lead in the information age of information technology.   To strengthen the network center warfare related equipment R & D The US military effective implementation of the network center war relies on in recent years targeted research and development of various related equipment, such as joint fire network, collaborative combat capability, tactical Internet, tactical input system, global command and control system, Data information chain and so on.

(Source: “National Defense Technology” 2003 the first 18)

Original Mandarin Chinese:





全维的探测网 夺取信息优势是充分发挥网络中心战的首要条件。美军动用了几乎所有高技术探测手段,建立了天、空、海、陆一体化全维探测网。除在外层空间构成庞大的卫星监视网外,空中同时有低空、中空、高空三个层次的各种侦察飞机对伊军阵地进行扫描,地面上也部署了大量传感器。正是借助全维的探测网,美军夺取了不对称的信息优势,并将其转化为不对称的火力优势,随心所欲地实施远程打击,不但使得伊拉克空军无法作战,地面部队也不敢大规模集结,陷于被动境地。

灵活的指控网 在海湾战争中,信息在指控链中需经过数小时或数天的传递后,指挥官才能下达攻击命令,因此美军即使通过侦察发现了机动导弹发射车,也无法及时实施打击。这次伊拉克战争中,美军利用灵活的指控网有效整合了指控系统,大大缩短打击准备时间。通过网络,指挥官可以同时与下属各级部队进行联络,同时指挥分散在各地域的作战部队,形成整体合力。

高效的作战网 目前,美军各军种均有一半以上的装备实现了信息化,这些信息化装备在战场上构成互联、互通的网络环境,不同军种、部署在不同空间的各种武器平台和火力单元相当于网络中的一个节点,可以及时交换战场信息,指示目标,按照统一的火力计划实施精确打击,更有效地发挥效能。在这次作战中,DDG-75“宙斯盾”驱逐舰为“爱国者”导弹提供预警信息,是平台通过网络化途径实现互通的一个例证。


检验联合作战的协同性 伊拉克战争中,美军借助网络化结构首次实现了真正意义上的陆、海、空和海军陆战队协同作战。开战不久,美军就有效地实施空地协同,空中力量在使用精确制导武器对敌军实施打击的同时,对地面部队提供有效的近距离支援。

增强单向透明度和态势感知能力 自开战以来,美军运用最先进、最强大的网络技术,获取透明持续的战场态势图。美军联合作战中心位于卡塔尔,是指挥对伊作战的神经中枢。各种信息经过近700名情报人员的分析,传送到最高指挥官的显示屏上,6个显示屏上的战场信息几分钟就更新一次。通过显示屏可观察战场情况,如运动中的伊拉克坦克、部署在巴格达的突击队以及处于飞行段的“战斧”巡航导弹。

实现战场实时化 海湾战争中,美军空袭从发现到攻击目标需要3天,若临时发现目标时很难及时调整空袭计划。在科索沃战争中,这一时间缩短到2h,使得相当一部分空袭任务可以在飞机升空后重新调整。阿富汗战争时这一时间进一步缩短到19min,攻击的实时性大大提高。而在这次战争中,这一时间控制在1Omin内。高速数字化网络系统使美军能对战场瞬息变化作出更快、更灵敏的反应,及时高效地指挥、控制与协调各军兵种的行动,大大提高了临时改变作战计划时的快速反应能力。

尝试基于效果的作战和快速决定性作战 与海湾战争不同,此次伊拉克战争美军提出用信息化武器装备打信息化战争,不仅要求确保胜利,而且要求实现快速决定性作战。为此,美军依靠网络化作战结构,追求基于效果的作战,对目标打击更有选择性和针对性。美军直取的目标有两个:一是萨达姆和其他高官以及主要捍卫者,“斩首行动”由始至终贯穿整个战争;二是伊拉克首都巴格达,美军没有像传统的城市战那样首先夺取和占领市郊,然后步步为营,层层推进,而是首先夺取市内的战略要地。

快速打击时间敏感目标 当战场上出现时间敏感目标时,美军在沙特空军基地的联合空中作战中心内的时间敏感瞄准小组只用几分钟时间就可准确识别目标,决定最佳攻击行动。3月20日,伊拉克两辆机动导弹发射车刚向科威特境内发射“阿巴比尔”-100导弹,即被美国空中侦察机发现,在距发射地点40km的一个美空军基地立即临时调整了几架待飞飞机的作战任务,飞机起飞后投掷炸弹将导弹发射车炸毁。

首次检验数字化师 美国在海湾战争后提出了“以数字化网络为中心的战争”概念,并于上世纪末率先提出了“数字化战场和数字化部队”的构想。2001年,第4机步师成为世界上第一支数字化师,它可以共享位置和目标信息,具有独一无二的战场接入战术因特网的能力,但尚未经过实战检验。4月13日,美军第4机步师先头部队到达提克里特,接受实战检验。


“21世纪旅及旅以下作战指挥控制系统”(FBCB2) 该系统的基本组件包括计算机硬/软件、GPS接收机和通信接口,主要功能是向指挥官、小分队和单兵显示敌我位置、收发作战命令和后勤数据、提高战场态势感知能力、进行目标识别等。FBCB2可提供电子邮件服务,与陆军的高层战术通信系统相连接,允许作战人员向战地指挥官发送大量消息和数字化侦察报告。

战术互联网 战术互联网由陆军3个主要的战术通信系统,即机载无线电系统、增强型定位报告系统和移动用户设备互联而成,包括无线电、通信卫星、移动电话、光缆和交换设施。战术互联网能够实现战术级用户间的无缝连接,提供语音、数据、图像和实时视频传输,支持文电、网络管理和安全以及电子邮件业务,可快速、准确地将战地情报和指示传递给每个作战单元。

“全球指挥与控制系统”(GCCS -J) 为支持对伊作战,美军战前采用了最新版本的GCCS-J6.0全球指挥和控制系统,提高了情报能力,使通用作战图传来的数据可以更好地同步。 GCCS-J联合了所有军兵种的指挥与控制系统,并使无人机、地面和卫星传感器的数据相互关联并传递到图像与情报综合系统,后者能够帮助指挥官分析作战情报数据、管理和生成目标数据以及规划任务。

“可部署的联合指挥与控制系统”(DJCCS) 在这次战争中,美军首次实战使用了DJCCS。该系统是一个计算机信息共享平台,具有召开电视会议、上网和收发邮件功能,可使战场指挥官在运动状态下以前所未有的方式监控行动进展,随时了解各军兵种作战情况,及时下达作战命令。

“联合火力网”(JFN) JFN是美海军的一个以网络为中心的作战系统,由“战术利用系统”(TES)、“全球指挥与控制系统”(GCCS)和“联合作战图像处理系统”(JSIPS)组成,能够提供实时信息交互、传感器控制、目标产生、任务计划制定以及作战毁伤评估功能,可将识别和攻击目标的时间从数小时减少到10nin,打击时间敏感目标。TES可使战区指挥中心直接从wu1人机或U -2等侦察平台接收目标信息,攻击机的飞行员能从战区指挥中心接收目标指示数据。GCCS为指挥官提供下达目标攻击指令的指挥控制网络。JSIPS进行数据处理。未来,JFN将能更快地把情报数据处理成瞄准数据,用于打击移动目标,最终实现使所有人员都置身于网络中,共享通用作战态势图和请求火力支援。

“战术输入系统”(TIS) TIS已安装在“尼米兹”号航母上,并有望部署到美海军其他航母和主要两栖舰上。该系统可通过陆基和海基机载传感器平台的无线电线路接收数字式图像,包括光电、红外及合成孔径雷达图像。海军情报人员可通过点击界面分析图像,获得重要信息,标记潜在目标。TIS使美海军拥有了完整的、端对端的电子图像,极大地提高在整个战场上搜集、识别和打击目标的能力,减少传感器到射手的时间。

“协同作战能力”(CEC)系统 4月7日,装有CEC系统的美海军“尼米兹”号航母进入指定海域,这是该系统首次实战部署。 CEC系统主要由数据分发系统和协同作战处理器组成,是网络中心战概念比较成熟的一个系统,将使海上防空作战发生革命性变化,它将航母战斗群编队中各平台(包括舰艇和预警机等)所装载的目标探测系统、指挥控制系统和武器系统有机联系起来,允许各平台以极短的延时共享编队内各种探测设备获取的所有数据,使作战系统突破单舰的限制,在编队内实现集成。

战术数据信息链 在网络中心战中,战术数据信息链是美军及盟军实现信息优势的重要手段之一,主要包括Link-16和Link -11。Link-16可在指挥控制系统与飞机、导弹等武器系统平台之间以及在各作战单元之间传输各种战术数据信息,有效连接信息源、指控中心与武器系统平台,实现战场资源共享。该战术数据信息链采用时分多址技术,具有相对导航和抗干扰能力,以中继方式进行通信,工作频段为960MHz-1215MHz,数据速率为115.2lkbps-238kbps。Link-11在高频/特高频频段工作,数据速率为1.8kbps,可用于实时交换预警信息、空中/地面/水下目标数据、控制指令以及各单元武器状况信息,并具有一定的保密能力,整个网络在网络控制站的管制下组网通信,采用主从式轮询,可进行超视距传输。



建立全维的探测网,夺取制信息权 伊拉克战争中,美军运用多种探测和通信手段使整个战场透明化,从始至终都以信息为主导。这说明在未来战争中谁能够在探测和通信上占有优势,夺取制信息权,谁就能够取得更大的战场主动权。

注重武器装备的数字化、信息化建设 数字化是网络中心战的基础,预计美国各军种将在2010-2020年间全面实现数字化。武器装备的信息化是实现以网络为中心的联合作战的核心,美军将进一步在世界上率先建成信息时代的信息化军队。

加强网络中心战相关装备研发 此次美军有效实施网络中心战依赖于近年有针对性地研发各种相关装备,如联合火力网、协同作战能力、战术互联网、战术输入系统、全球指挥与控制系统、数据信息链等。(来源:《国防科技》2003年第18期)


中國軍隊戰略層面的網絡空間特種作戰 China’s Strategic Level of Cyberspace Special Operations

战略层面的网络空间特种作战 –

China’s Strategic level of Cyberspace Special Operations

Editor’s Note: US Army Lieutenant Colonel Patrick Mitchell Dugen at the US Army War College during the fourth quarter of 2015, “Joint Force Quarterly” published “strategic level of cyberspace special operations,” a paper, the article was Chairman of the Association of the United Nations in 2008 Strategic Papers Competition Strategy Research Award.

In this paper, by reviewing the cyberspace special operations cases, this paper analyzes the potential power of using network tools in asymmetric conflicts, and points out that cyberspace special operations have become an effective strategic tool to achieve national goals. Become a regional power to avoid the US military dominance and to ensure that their strategic interests of the unconventional path. The author proposes three new options for integrating emerging technologies and special operations: “cloud-driven” foreign defense, network counter-insurgency and unconventional cyber warfare advance team. Designed to maintain the US network technology advantages, and to build an important partnership, shaping the full spectrum of the conflict environment has a revolutionary impact. Iran and Russia and other regional forces of cyberspace special combat readiness why more than the United States? How does Iran and Russia strengthen its power at the tactical level while the United States has assembled its network and network capabilities at the strategic level? The United States in more than 20 years ago issued a network of special operations related documents, but why the network of special operations policies, departments and regulations are still not mature enough? For the US military, the most basic question is: how will the United States build a strategic level of network special combat capability?

As early as 1993, Internet technology theorists John Achilla and David Lennfield in his book “cyber war is coming” a book has predicted the recent Iran and Russia to implement the cyberspace special operations. “A large number of scattered small groups around the use of the latest communications technology coordinated” control network, to obtain the decisive advantage of the opponent. In reality this scene has been staged again and again. “We are using the information and the more information we have, and the less demand for traditional weapons,” says Achilla and Lunfield. US military executives have also realized that with asymmetric network tools, unconventional tactics and a large number of false information armed, a small amount of special combatants can form a certain strategic impact. There is news that both Iran and Russia have succeeded in using cyberspace special operations as a strategic tool to achieve their national goals. Both countries have an integrated network of special operations forces that know how to exploit the potential power of network tools in asymmetric conflicts. The asymmetric approach of the two countries has become a strong and unconventional path for regional powers to circumvent US military superiority and to ensure their strategic interests. Low price Of the network of high-tech allows potential rivals can develop a strong network warfare capabilities. Therefore, the United States urgently need to make strategic choices, the development of cyberspace special operations, as a tool for the protection and projection of national interests.

Low-cost network of high-tech technology allows potential rivals to develop a strong network warfare capabilities In February 2013, the Russian chief of staff Grazimov in the Russian “military messenger” magazine published “science in the forecast value” article. In the paper, Gracimov predicted a new generation of war that could “change the rules of the game”, whose strategic value would exceed “the effectiveness of weapon forces.” He called for universal asymmetric action to counter the enemy’s strengths and create a permanent frontier in the territory of the enemy through “special forces and internal confrontation and continuous improvement of information operations, equipment and means.” In the spring of 2014, Western media reported that in the eastern part of Ukraine, a casual special operations squad from Russia through the Ukrainian border, occupation of government buildings and arsenal and transferred to the separatist armed. At the same time, the Ukrainian authorities claim that their digital, telephone and cyber communications are cut off, interfered or attacked. The Ukrainian government attributed the cyber attacks on information and logistics infrastructure, including Internet servers and railroad control systems, to the destruction of Russia, and argued that the implementation of information fraud in Russia was costly in important social media, blogs, and News website published 50 pro-Russian comments every day, inside and outside Ukraine to form a large number of false information flow, on the one hand to cover up its non-traditional military operations in cyberspace, on the other hand to create a political illusion. “Russia is not doing the usual information warfare about false information, lies, leaks or cyber sabotage, it reshapes reality, creates public illusions, and then translates them into political action,” said senior government officials. To this end, in September 2014 at the NATO security summit, the NATO Allied Supreme Commander, US Air Force Admiral Philip Bride Leaf pointed out that Russia in East Ukraine to implement the “mixed” non-traditional operations on behalf of the war The most amazing information in history is Blitzkrieg. Bride Leaf urges the Allies to immediately develop the ability to counter the Russian non-traditional warfare, propaganda and cyber attacks. Russia’s use of the “non-traditional Western as a war” non-traditional means to achieve its political purpose, which makes the Western and NATO countries by surprise. Russia is not a fragmented way to use special forces, information operations or network capabilities.

On the contrary, as General Glashimov said, “the war does not need to be publicly announced, when the special forces with advanced technology and a lot of information for the traditional forces in the maintenance of peace and crisis under the cover of strategic objectives to create good conditions, the war on “Cybercrime deception and cyber attacks are special forces in” war and peace ”

Network information spoofing and cyber attack action for special combat forces in the “war and peace” between the implementation of non-traditional warfare to win the time and space lessons learned from the Russian case can draw four major experience, for the United States special operations Action and network capacity integration to provide a viable theoretical framework. First, there are tactical and strategic differences in the offensive network tools used by the Russian Special Forces, targeting tactical “closed networks”, such as local communications, social media, regional networks and logistics infrastructure, while retaining Its more advanced open network tools as a backup. Second, the network special operations are primarily an agent behavior, emphasizing the minimization of the source tracking. As Gracimov described, “the long-distance, non-contact action against the enemy is becoming the primary means of the tactical battle.” Network special operations usually avoid direct contact with people, but in peace and war in the gray area to start action. Third, information and communication technology, network attacks and information operations in the network to form a non-conventional warfare play an important role. As long as the appropriate implementation, the traditional special operations can go far beyond its original function, “which involves the comprehensive application of a wide range of capabilities to achieve policy objectives.” To be effective, it must also be integrated to synchronize other areas of expertise. Fourth, the network special operations can both deter the conflict, can also be used to deal with the whole spectrum of conflict, because “it is suitable for all stages of action, from shaping the environment to the intense war to post-war reconstruction.” Although the network war to destroy the original intention, but also has a constructive side. The widespread dissemination of low-cost information and communication technologies is conducive to strengthening the security of partner countries and thus helping to prevent the occurrence of conflicts.

“‘Foreign help defense’ (FID) under ‘cloud drive’ is both a concept of cloud computing and a metaphorical description of partnering and trust through virtual means. “The concept of” cloud-driven “FID” has not yet been clearly defined, but it can be integrated into an interdisciplinary field to better understand people, geography and virtual worlds and to act together on related goals. Technically, the “cloud-driven” FID “strengthens the partnership, consolidates data through the federated facilities, enhances automation, and disseminates the analysis process. “Cloud-driven” is flexible and can be developed in private, public, community, or mixed form, using different software, platforms, and infrastructure. Security personnel use intelligent technology to drive confidential mobile applications, analyze tools and share data through “cloud-driven” FIDs. Although the data associated with the virtual cloud, but its real value is to make the timely dissemination of information to the hands of tactics. “The cloud-driven” FID “can also be likened to a persistent, active partnership, the data never stops, the network has been busy. Technology is only a tool to drive deeper, extensive socio-cultural, political and historical factors that are often prone to conflict. “Cloud-driven” FID “can build more sustainable competencies and trust with partner countries. “The cloud-driven” FID “lay a virtual foundation for the future establishment of various institutions, centers and laboratories to bridge the benefits of inter-agency across the United States. From the strategic point of view of the US government, “cloud-driven” FID “is a pragmatic” partnership-centered approach designed to target the core interests of partner countries rather than to Way to change the partner country “. “The cloud-driven” FID “is also a prudent strategic move to” prevent the US partner countries from becoming a public relations crisis due to domestic political problems. ” “The cloud drive ‘FID’ also offers other opportunities. The technology and networks it forms can react quickly to emergencies, such as humanitarian relief or relief operations, prevent mass killings, or evacuate personnel from non-combatants. This saves time, money and manpower by providing information for the decision-making process. For the construction of the partnership, the cloud-driven FID can store local non-US social media information, rich social network analysis, social network maps, and behavioral and opinion trends analysis. Most importantly, the “cloud drive ‘FID” builds trust in an innovative and extremely powerful way to build lasting influence on allies and partners.

Today’s global environment drives the United States to use cyber special operations as a strategic tool network for national military strategies Anti-riot counterintelligence network Anti-riot operations (CNCOIN) aims to use social media networks to achieve the purpose of rebellion. To break the asymmetric information superiority of the enemy, CNCOIN uses non-technical means to combat the relevant crowd and control its perception, behavior and action. It adds a military color to the cyber space’s ubiquitous anti-social network. Although these means are not clearly defined, this article believes that it actually refers to the manipulation of social media, cover up the true identity, to achieve ulterior motives. While social media provides a wide range of opportunities for anti-social networks, such as malicious use, intentional misconduct, but from the military point of view, social media provides a wealth of information resources to affect the psychological vulnerability, but also an ideal attack platform. There are several technologies that contribute to its implementation in each functional category. The scope of action includes, but is not limited to, cyber-pseudo operation and cyber-herding operation. Network fraud is a classic counter-insurgency strategy, “government forces and technical staff will pretend to be insurgents, into the enemy network after the use of advanced intelligence technology in the network within the implementation of the destruction.” Internet expulsion means that “individuals, groups, or organizations deport other individuals, groups, or organizations to the default network area.” The magic of the two technologies is the expulsion of insurgents in the virtual network by exploiting the inherent flaws of the communication technology and communication platform. The two tactics are aimed at rebel activist online communities, manipulating or disrupting them, and ultimately providing more opportunities for cyberbullying. The virtual world magnifies the environmental factors, because the characters in the network are more difficult to determine their authenticity. Planning command control, communication frequency and equipment platform and other elements will become the key to the implementation of network fraud or network expulsion operations to manipulate, mislead or expel the target group to the desired results. The scope of information includes, but is not limited to, Crowdsourcing and Social Networking Analysis, SNA). Crowdsourcing is the use of large-scale knowledge base, provided by the participants voluntarily, to solve the problem to provide new ideas, services or observation, you can quickly expand the organizers of the field of vision. Social network analysis depicts and measures the relationships, strengths, and cores of social links in a visual way to illustrate the social network structure. Social network visualization or social networking maps can provide a unique window for assessing, depicting and even predicting the intensity, time, space, and relationship dimensions of relationship events. In September 2013, during the crisis in the Philippines, the anti-government armed Moro National Liberation Front (hereinafter referred to as “the dismount”) was dissatisfied with the situation of national reconciliation, hijacked more than 200 civilians as hostages, attacked commercial shops and burned urban buildings. Throughout the crisis, crowdsourcing and social network analysis are very successful non-traditional tactical means. The Philippine security forces use crowdsourcing tactics to encourage Zamboang residents to discover and report on the “melodic” members of the hiding place. FEI security forces, together with crowdsourcing information and intelligence analysis, provide information for security operations and humanitarian operations. The use of social network analysis to assess the “Mobility” of the public support, and in the social media against the “interpretation” declaration, to ban the violation of social media user agreement propaganda site, but also the use of crowds of information blockade ” Troops, attacking their temporary command post. The Philippine security forces used solid media to track the key information and lead the use of social media, and then use the solid forces to defeat the “interpretation” of the asymmetric advantage. The information warfare category includes but is not limited to cyber intrusion (cyber Aggression, forum vest (sock-puppeting), astro-turfing and so on. Three tactics are anonymous use of social media to implement misleading, false information to manipulate behavior, public opinion and action. The cyber-invasion is proposed by Teanna Felmyr, which refers to “an electronic or online act that is intended to cause psychological harm to others or damage its reputation by using e-mail, instant messaging, cell phones, digital information, chat rooms

As well as social media, video, game sites, etc. “. It is much broader than the range of ordinary cyber-aggressive behavior. Its anonymity may cause substantial psychological harm and negative consequences, as the relevant information will be repeatedly sent to the target or published in the social media. Its value to CNCOIN is that it can use sensitive digital information to humiliate, defame or hurt the target, causing psychological barriers. This powerful cyber-invading action can reduce the credibility, influence and power of the target, and ultimately lose the power of the target or other insurgents. The other two tactics, the forum vest and the fake are all fictitious online propaganda tools used to spread distorted views to create a wider range of support or opposition to the illusion. In fact, with the forum vest is the same concept, but more complex, more organized, larger. Both tactics use virtual characters to distribute false information in cyberspace, with the aim of initiating group reactions or actions. Combining massive amounts of text, images, and video with a planned misleading network activity will significantly enhance the effectiveness of CNCOIN’s action. The third way to advance the US network’s special operations is the unconventional cyber warfare team (cyber-UW Pilot Team, using social media networks to shape the physical environment, the establishment of regional mechanisms, in the implementation of non – conventional war before the regional connectivity. The core of the unconventional network warfare team is the special forces, with a number of professional organizations to provide technical support, its task is in the field of network security for the preparation of unconventional operations. The penetration of the traditional advance team is the target of enemy territory, military facilities and other entities, rather than the conventional advance team is through the virtual means of infiltration, and then into the sensitive, hostile or refused to area. Through the virtual means, can reduce the United States and partner countries armed forces in time, risk, equipment and other aspects of the loss and risk. Conceptually, unconventional cyber warfare teams use web tools and advanced technology to build people, entities, intelligence, and information infrastructures on social media. While deepening understanding of the local human terrain, the team can strengthen its local language and cultural skills, as well as identify resistance leaders, assess motivation and resistance, and overall support for US government goals, while at the same time understanding Informal hierarchical distribution, psychology and behavior. In addition, you can also incorporate the Internet’s white noise into the social media network to “improve the cultural understanding of potential collaborators in the United States and the local situation before action.” While the US national security strategy has long recognized the strategy of cyber warfare Role, but this understanding is not fully translated into a clear strategic level of thinking and combat capability. For example, the US Department of Defense cyberspace action strategy did not give much solution or specific measures, only from five aspects of the previous repeated network ideas. Lack of clear ideas lead to our network strategy is flawed, making the United States advanced network technology advantages to hand over to the potential rival risk. In contrast, Iran and Russia’s asymmetric innovation modeled other regions and global forces, trying to circumvent the US military advantage by unconventional means to ensure their strategic interests. Cyberspace special operations are a must to fill the strategic level of the blank. Obviously, the United States must actively seek a tactical level of unconventional combat into the cyber space operations in the form of special operations. Rand’s recent study of special operations concluded that “the United States needs to use a more advanced form of special operations to ensure national interests, taking into account the recent US and its interests facing the security threat situation, special operations

Become the most appropriate form of ensuring national interests “. In an increasingly interconnected global environment, the physical infrastructure is quickly allocated Internet protocol addresses, accessory networking. By 2020, there will be 50 billion “machine-to-machine” equipment (currently 1 3 billion units) will be through the “embedded computer, sensor and Internet capabilities” access to network space. Cyberspace special operations Unicom virtual and reality, through the modern information network and with the traditional face-to-face combination of special operations partnership. Today’s global environment has prompted the United States to use cyber special operations as a strategic tool for national military strategies. Potential rivals combine offensive network capabilities with unconventional tactics to set a terrible example for other enemies in the United States, and they will follow suit quickly. This paper presents three new options for integrating emerging technologies and special operations: foreign-assisted defense under “cloud-driven”, anti-riot operations in the network, and non-conventional cyber warfare advance teams. Full play of these three tactics will not only maintain the advantages of the US network technology, but also to build an important partnership, shaping the whole spectrum of combat environment have a revolutionary impact. If successful implementation, network special operations will become the United States a strong new strategic options

Original Mandarin Chinese:





网络信息欺骗和网络攻击行动为特种作战力量在“战争与和平之间”实施非传统战赢得了时间和空间 经验教训从俄罗斯的案例中可以得出四个方面的主要经验,可为美国特种作战行动与网络能力整合提供一个可行的理论框架。第一,俄罗斯特种部队所使用的进攻性网络工具存在战术和战略层面的差别,主要以战术层面的“封闭网络”为目标,如本地通讯、社交媒体、区域网络和后勤基础设施等,同时保留其更为先进的开放网络工具作为备用。第二,网络特种作战主要是一种代理人行为,强调最小化的来源跟踪。正如格拉西莫夫所描述的那样,“对敌方的远距离、无接触行动正在成为战术战役目标的主要手段”。网络特种作战通常避免人员的直接接触,而是在和平与战争的灰色地带展开行动。第三,信息与通信技术、网络攻击及信息作战等在网络赋能的非常规战中发挥着重要作用。只要恰当的实施,传统的特种作战可以远远超出其原有的功能,“这涉及到对广泛能力的综合运用,以达成政策目标”。要发挥效能,还必须整合同步其他领域的专门知识。第四,网络特种作战既可以慑止冲突,也可用于应对全频谱冲突,因为“它适合行动的各个阶段,从塑造环境到剧烈战争再到战后重建等”。虽然网络战以破坏为初衷,但也具有建设性的一面。低成本的信息和通信技术的广泛传播有利于强化伙伴国安全,从而有助于阻止冲突的发生。

网络空间特种作战是一种必须填补的战略层面的能力空白,美国必须积极寻求一种在战术层面的非常规作战中融入网络空间作战的特种作战形式 “‘云驱动’下的‘国外协助防御’(FID)”既是一种云计算概念,也是通过虚拟手段增强伙伴能力和信任的一种比喻性描述。“‘云驱动’FID”概念虽然还未经明确界定,但是它却可以联接整合跨学科领域,以更好地理解人员、地理及虚拟世界,并对相关目标展开共同行动。从技术上而言,“‘云驱动’FID”可以强化伙伴关系,通过联合设施,实时共享数据,增强自动化,传播分析过程。“云驱动”是灵活多变的,能够以私人、公共、社区或混合形式出现,各自使用不同的软件、平台和基础设施等。安全人员通过“‘云驱动’FID”使用智能技术驱动保密的移动应用软件、分析工具和共享数据。虽然数据与虚拟云相联,但其真正价值在于使信息及时传播到战术人员手中。“‘云驱动’FID”也可比喻为一种持续的、活跃的伙伴关系,数据永不停止,网络一直忙碌。技术仅仅是一种工具,用以驱动更深入、广泛的社会文化、政治和历史因素的理解,这些往往是容易造成冲突的因素。“‘云驱动’FID”可以与伙伴国构建更具持续性的能力和信任。“‘云驱动’FID”为未来建立各种机构、中心和实验室弥合美国各跨机构间的利益打下一个虚拟的基础。从美国政府的战略视角而言,“‘云驱动’FID”是一种实用主义的“以伙伴国为中心的方式,旨在围绕伙伴国的核心利益设计行动,而不是寄希望于以短视的方式来改变伙伴国”。“‘云驱动’FID”还是一种审慎的战略举措,“以防美国的伙伴国由于国内政治问题出现公共关系危机”。“‘云驱动’FID”也提供了其他的机会。它所形成的技术和关系网络可以迅速对紧急事件做出反应,如人道主义救援或救灾行动、阻止大规模屠杀,或者非战斗人员撤离任务等。这样可以通过为决策过程提供信息而节约时间、金钱和人力等。对于伙伴关系的构建而言,“‘云驱动’FID”可以存储当地的非美国社交媒体信息、丰富的社交网络分析、社会网络地图以及行为和舆论趋势分析等信息。最为重要的是,“‘云驱动’FID”以富有创新性和极为有力的方式构建信任,打造对盟友及伙伴国的持久影响力。

当今的全球环境促使美国采用网络特种作战作为国家军事战略的战略性工具 网络反暴乱平叛行动网络反暴乱平叛行动(CNCOIN)旨在利用社交媒体网络达成平叛的目的。为打破敌人的非对称性信息优势,CNCOIN使用非技术手段打击相关人群,控制其感知、行为和行动。它为网络空间无处不在的反社交网络手段增添了军事色彩。虽然这些手段没有明确界定,本文认为,它实际上就是指操纵社交媒体,掩盖真实身份,达成不可告人的目的。虽然社交媒体为反社交网络提供了广泛的机会,如恶意利用、有意误导等,但从军事角度而言,社交媒体提供了丰富的信息资源以影响心理脆弱性,也是一个理想的攻击平台。每种功能性范畴中都有几种有助于其实施的技术。行动范畴包括但不局限于网络欺骗行动(cyber-pseudo operation)和网络驱逐行动(cyber-herding operation)。网络欺骗行动是一种经典的平叛策略,“政府军和技术人员将自己假扮为叛乱分子,渗入敌方网络后使用先进的谍报技术在该网络内部实施破坏”。网络驱逐行动就是指,“个人、团体或组织把其他的个人、团体或组织驱逐到预设的网络区域”。两种技术的奇妙之处在于,通过利用通信技术与通信平台的内在缺陷来驱逐虚拟网络中的叛乱分子。两种战术以叛乱分子活跃的网络社群为目标,对其进行操控或者瓦解,最终为网络平叛提供更多的机会。虚拟世界放大了环境因素,因为网络中的人物更难确定其真实性。规划指挥控制、通信频率以及设备平台等要素将成为网络欺骗行动或网络驱逐行动实施的关键点,用以操纵、误导或者驱逐目标群走向预想的结果。情报范畴包括但不局限于众包(Crowdsourcing)和社交网络分析技术(Social Networking Analysis, SNA)。众包就是利用大规模的知识库,由参与者自愿提供的,为解决问题提供新思路、服务或观察,可以迅速扩展组织者的视野。社交网络分析以可视的方式描绘和测量社交链接的关系、强度及核心性以说明社会网络结构。社交网络可视化或者社网图可以提供独特的窗口用以评估、描绘甚至预测关系事件的强度、时间、空间和关系维度。2013年9月,菲律宾三宝颜危机期间,反政府武装摩洛民族解放阵线(以下简称“摩解”)对民族和解状况感到不满,挟持200多名平民为人质,袭击商业店铺,烧毁城市建筑。整个危机期间,众包和社交网络分析都是非常成功的非传统战术手段。菲律宾安全部队使用众包战术鼓励三宝颜居民发现并报告“摩解”成员的藏身地点。菲安全部队结合众包信息和情报分析,为安全行动和人道主义行动提供信息。使用社交网络分析来评估“摩解”的民众支持度,并在社交媒体上反制“摩解”宣言,封禁违反社交媒体用户协议的宣传网站,还使用众包信息封锁“摩解”小股部队,攻击其临时指挥哨所。菲安全部队通过使用社交媒体跟踪关键信息和领导节点,随后使用实体部队挫败了“摩解”的非对称性优势。信息作战范畴包括但不局限于网络入侵(cyber aggression)、论坛马甲(袜子手偶sock-puppeting)、以假乱真(Astro-turfing)等。三种战术都是匿名利用社交媒体实施误导、假信息等来操纵行为、舆论及行动。网络入侵是由蒂安娜·菲尔姆利提出,是指“一种电子或在线行为,旨在对他人实施心理伤害或损毁其名誉,通过使用电子邮件、即时信息、手机、数字信息、聊天室以及社交媒体、视频、游戏网站等”。它比普通的网络攻击性行为的范围要广泛得多。它的匿名性可能会引起实质性的心理伤害和负面后果,因为相关信息会被重复发送给目标或者在社交媒体发布。它对CNCOIN的价值在于,可以利用敏感的数字信息来羞辱、诽谤或伤害目标,造成心理障碍行为。这种强大的网络入侵行动可以降低目标的可信度、影响力和权力,最终使目标或其它叛乱分子丧失实力。其它两种战术,论坛马甲和以假乱真都是虚构的在线宣传工具,用来散布扭曲的观点,以制造更广范围的支持或者反对的假象。以假乱真实际上跟论坛马甲是同一个概念,只不过更为复杂、更有组织、规模更大。两种战术都使用虚拟人物在网络空间散布虚假信息,目的是引发群体反应或行动。以假乱真的网络信息作战行动包含海量文字、图片和视频,与有计划的误导性网络活动相结合,将显著增强CNCOIN行动的效果。 非常规网络战先遣队推进美国网络特种作战的第三种方式是非常规网络战先遣队(cyber-UW Pilot Team),利用社交媒体网络塑造实体环境,建立区域机制,在实施非常规战之前将各区域联通起来。非常规网络战先遣队的核心是特种部队,拥有多个专业机构提供的技术支持,其任务是在网络安全领域进行非常规作战的准备。传统先遣队的渗透目标是敌方领土、军事设施等实体目标,而非常规先遣队则是通过虚拟手段进行渗透,再潜入敏感、敌对或拒止区域。通过虚拟手段,可以减少美国及伙伴国武装力量在时间、风险、装备等方面的损失和风险。从概念上讲,非常规网络战先遣队利用网络工具和先进技术在社交媒体上打造人员、实体、情报以及信息基础设施。在加深对当地人文地形理解的同时,小组可以强化其本地语言和文化技能,还可识别抵抗活动领导者、评估动机和抵抗能力以及对美国政府目标的总体支持度,与此同时,还可以了解非正式的层级分布、心理及行为等。此外,还可以通过接入社交媒体网络混入互联网白噪音,以“提高美国对潜在合作者的文化理解以及在采取行动之前的当地形势。”虽然美国国家安全战略中早就承认了网络作战的战略作用,但是这种认识并没有完全转化成明晰的战略层面的思维和作战能力。例如,美国《国防部网络空间行动战略》中并没有给出多少解决方案或具体措施,仅仅从五个方面重复了先前的网络思路。缺乏明确的思路导致我们的网络战略存在缺陷,使得美国先进的网络技术优势有拱手让给潜在对手的风险。对比之下,伊朗和俄罗斯的非对称性创新为其他地区和全球力量树立了模仿的样板,都试图以非常规手段规避美国的军事优势,确保各自的战略利益。网络空间特种作战是一种必须填补的战略层面的能力空白。很显然,美国必须积极寻求一种在战术层面的非常规作战中融入网络空间作战的特种作战形式。兰德公司最近的一份研究特种作战的报告得出结论,称“美国需要运用一种更为先进的特种作战形式来确保国家利益,考虑到近来美国及其利益面临的安全威胁形势,特种作战成为确保国家利益的最合适的形式”。在一个日益互联的全球环境中,实体性基础设施快速被分配互联网协议地址,接入物联网。到2020年,将有500亿台“机器对机器”设备(目前为130亿台)会通过“嵌入计算机、传感器和互联网能力”接入网络空间。网络空间特种作战联通了虚拟与现实,通过现代的信息网络并与传统的面对面的特种作战伙伴关系相结合。当今的全球环境促使美国采用网络特种作战作为国家军事战略的战略性工具。潜在对手将进攻性网络能力与非常规战术相结合为美国的其他敌人树立了可怕的榜样,他们必将快速跟进。本文提出了融合新兴技术与特种作战的三种新选项:“云驱动”下的国外协助防御、网络反暴乱平叛行动以及非常规网络战先遣队。充分发挥这三种战术将不仅仅能维持美国的网络技术优势,还可对构建重要伙伴关系、塑造全频谱作战环境产生革命性影响。如果能成功实施,网络特种作战必将成为美国强有力的新战略选项。


2016-08-22 17:42现代军事

中國軍隊信息戰裝備的作戰運用 – Chinese Military Operation of Information Warfare Equipment


Chinese Military Operation of Information Warfare Equipment

Information warfare is the C4ISR system and C4ISR system of confrontation, is the advantage of information contention, the main purpose is to ensure that their own information system to run properly, from the enemy use, paralysis and destruction; the same time, trying to use, paralyzed and destroy the enemy’s information system, So that in a paralyzed, confused state. Information warfare includes two parts: strategic information warfare and battlefield information warfare.

Strategic information warfare and information warfare battlefield

strategic information warfare is mainly characterized by a wide range of sectors covering all key political, economic, technological, and military and other special areas; special way, relates to psychological warfare, media warfare, deception warfare, media warfare and other special Means that the target is special, mainly through the decadence war, psychological warfare, information deterrence attack the enemy’s understanding system and thinking system; great harm, can make the whole country’s economic, political or military paralyzed, and even make it happen alternately; Personnel special, the war is not necessarily military personnel, computer experts, international criminal groups, ulterior motives of hackers or terrorist organizations and so may become war personnel.

Battlefield information warfare is the information warfare in the battle space, refers to the preparation and conduct of a campaign, the integrated use of information technology and a variety of information technology weapons, information combat platform and C4ISR system, in reconnaissance detection and early warning, information processing and Transmission, weapons control and guidance, operational command and control, camouflage deception and interference, as well as military strategy and other aspects of the comprehensive confrontation and struggle. Battlefield information warfare is through the interference or disrupting the enemy decision-making process, so that the enemy can not effectively take concerted action. Therefore, we must first affect the enemy decision-making, and then affect its actions, that is, to win the air electromagnetic advantage, and then made the air superiority, and finally the use of conventional forces to take combat operations. To seize the right to information system, to seize the initiative to fight the space, but also for the fight for land rights, air supremacy, sea power and the system of the right to lay a good foundation and necessary conditions.

A The basic combat forces and means are digital forces and information weapons equipment, the main contents include combat confidentiality, military deception, electronic warfare, psychological warfare and fire destroyed, the core purpose is to compete for the battle space information access , Control and use rights. Battlefield information warfare is the confrontation of the information system, it directly affects the entire battle space, the whole process of war and success or failure. Battlefield information warfare The main combat style is the electronic warfare and cyber warfare. Electronic warfare is an important part of the battlefield information warfare, mainly for the enemy communications, radar and other electromagnetic radiation source for the lure, interference, destruction and destruction activities. In the Gulf War, the electronic warfare was not only for the first time on a large scale, but also as a campaign stage and a specific campaign in war. In the Kosovo war, NATO used a lot of electronic warfare equipment, and the first use of electromagnetic pulse bombs and the first time a network war. Network warfare is a cyber-confrontational activity in computer cyberspace, using the Internet, and is being used for the first time in the Kosovo war. NATO network warfare measures include: network advertising; hacker attacks; attacks on financial networks. The main feature of the network war in the Southern Alliance is the people’s war mode, fans, computer fans and computer enthusiasts spontaneously carried out a large number of network operations, such as online publicity, attack NATO website, the use of network transmission of information.

Information warfare equipment in war equipment electronic warfare equipment the trend of electronic warfare equipment increasingly integrated and universal, under the conditions of information technology in the local war, the battlefield of the electromagnetic environment is increasingly complex, the past that the separation of each other, a single function of electronic warfare equipment is far from Adapt to combat needs. Integration and generalization has become the focus of the development of electronic warfare equipment and future electronic warfare equipment overall development direction. In order to deal more effectively with the complex and volatile electromagnetic threat in the information warfare, the future of the new generation of electronic warfare equipment, will be widely used advanced computer technology, greatly improve the automation of the entire system to have better real-time capabilities, since Adaptability and full power management capability. Electronic warfare equipment, work areas continue to widen, increasing the transmission power, millimeter-wave technology and the development of optical technology, the modern electronic warfare equipment, the frequency of continuous development to a wider band. On the whole, the future range of electronic warfare equipment will be extended to the entire electromagnetic spectrum. GPS interference and anti-interference will be concerned about the practice of war has shown that if the loss of GPS support, it will greatly weaken the information advantage, so that command, control, reconnaissance, combat, military and other military aspects are facing severe tests, Combat effectiveness. Focusing on the development of anti-radiation and new electronic warfare jets, attention to the development of new, special electronic warfare technology and equipment, such as anti-satellite laser weapons, high-energy particle beam weapons, and meteor communication, neutrino communication and so on.

Computer virus weapon <a In the military information system, the battlefield information acquisition, transmission, processing and other functions need to complete the computer and network, computer network is the basis and pioneer of information warfare. The use of software-driven sniffers and hardware magnetic sniffers and other sniffing network is an important way to attack the network. These sniffing tools were originally a test device used to diagnose and assist in repairing the network, so it was a powerful tool for network management personnel to manage the network, but it was a terrible computer virus weapon in information warfare. It can make the network “service denied”, “information tampering”, information “halfway steal” and so on. In addition, will also focus on design “portal trap”. “Portal trap”, also known as “back door”, is a computer system designer in the system in advance of a structure, in the application appears or operating system, the programmer to insert some debugging agencies. System programmers in order to achieve the purpose of the attack system, deliberately left a small number of portal traps for familiar with the system staff to go beyond the normal system protection and sneak into the system. Network is an important infrastructure for information warfare, network-based warfare is mainly based on the network and the network is reliable to determine the outcome of the war. Therefore, to strengthen the network of offensive and defensive combat research, to win the future of information war is essential.   Electromagnetic pulse bombs

Iraq war, the US military used a lot of electronic warfare equipment, and the use of electromagnetic pulse bombs attacked the Iraqi radio and television system and the Iraqi military various types of electronic radiation source. Electromagnetic pulse bomb, also known as microwave pulse bomb, is through the micro-beam into electromagnetic energy, damage to each other’s electronic facilities and personnel of a new directional energy weapons. Its working principle is: high-power microwave through the antenna gathered into a very narrow, very strong electromagnetic waves fired at each other, relying on this beam of electromagnetic waves generated by high temperature, ionization, radiation and other integrated effects in the target internal electronic circuit to produce fatal voltage And the current, breakdown or burn the sensitive components, damage to the computer stored in the data, so that the other side of the weapons and command system paralyzed, loss of combat effectiveness. According to the test, a briefcase size of the microwave bomb, can produce power of 300 million watts of pulse waves. Will be more than one connection, it can become an adjustable radiation source, resulting in more than 2 billion watts of pulse waves. This pulse wave is somewhat similar to the nuclear pulse generated when the nuclear explosion can easily from the power and communication pipes into the underground bunker, which rely on radio, radar, computers, power grids and telephone modern weapons systems, chemical and biological arsenal and its production The shop was paralyzed in an instant.

GPS interference device <a I = 13> Iraq war, the Iraqi military use of GPS interferometer on the Tomahawk cruise missiles for effective interference, which is the first time in combat in the GPS guidance system interference. GPS signal is very weak, very easy to interfere. A Russian company offers a 4-watt power handheld GPS jammers that can be bought for less than $ 4,000. If you buy parts from a retail e-store, spend $ 400 to create a GPS jammer with a radius of 16 km or more. Before the war in Iraq, the United States had expected the Iraqi side to interfere with GPS signals. The United States has already been equipped with anti-jamming technology for its GPS bombs and missiles so that these GPS-guided weapons can continue to use GPS signals in the event of interference; even if the GPS signal is lost, these weapons can also use their own other guidance system Such as inertial navigation, laser guidance, etc., so that they reach the target. Nevertheless, the early Iraq war, the US military more than a dozen Tomahawk cruise missiles or because of interference from the scheduled route, falling in Turkey, Syria and Iran. Small GPS jitter problem alerted the US government, Powell personally come forward to investigate the source of Iraqi GPS jammers, Russia and other countries imposed no small pressure.

Gulf War, GPS navigator as a trial for the first time issued to the use of desert combat personnel, the effect is obvious. At that time, including cruise missiles, including all the weapons are not using GPS navigation device. During the war in Iraq, we saw almost all of the combat platforms, and every soldier, almost all of the missiles and bombs used this kind of navigation device, so that the tanks, planes, ships were more mobile so that the missiles and bombs were The probability error is reduced to 1-3 m, within a maximum of 10 m. <A I = 15> everything has a disadvantage. GPS navigation defects and information technology weapons and equipment of the drawbacks is the same, that is, electronic interference. From the perspective of the development of weapons and equipment, the purchase of a cruise missile needs more than 100 million dollars, and manufacturing a GPS jammers only a few hundred dollars, as a strategic defense side, if a large number of development and development of GPS jammers, not only for US missiles And bombs are a threat to their tanks, planes, ships and personnel navigation and positioning will also have a huge impact. Of course, you should also see the US military fight, further, after the end of the war in Iraq will be based on the lessons of the war to improve the GPS system. Is expected to be improved in three areas: First, GPS satellites, mainly to enhance the satellite launch signal, and as much as possible to launch GPS satellites; Second, improve the guidance system, mainly to increase the composite guidance device, after the GPS guidance is disturbed, Automatic recovery or transfer to inertia and other navigation methods to ensure the normal operation of the platform and weapons; Third, GPS anti-interference, mainly to improve the GPS receiver anti-jamming capability, the development of new GPS receiver, Machine and jamming machine for electronic suppression and interference.


Original Mandarin Chinese:

















中國的網絡空間治理或衝突的困境選擇 – China’s Dilemma Choice of Cyberspace Governance or Conflict

中國的網絡空間治理或衝突的困境選擇 –

China’s Dilemma Choice of Cyberspace Governance or Conflict

The problem of cyberspace security governance is attracting more and more attention from the international community. Among them, the problem of cyberspace conflict management is more and more concerned. Compared with the physical space conflict, the cyber space conflict has the characteristics of diversification of the actors, rapid updating of the attack means and unpredictability of the conflict. This leads to the reality that the cyberspace conflict management is faced with serious challenges such as serious cognitive differences, difficult to effectively govern, deterrence and “structural problems”. Therefore, the network space conflict governance needs to change the governance concept, through the pragmatic cooperation between countries, the integration of all the advantages of resources, to build a global network of governance mechanisms, and cultivate cooperation and sharing of governance culture. As a global network of countries, China has been actively advocating the establishment of multilateral, democratic and transparent global governance system. At the same time, China will make a positive contribution to the construction of international rules of cyberspace and the global network governance mechanism in the areas of innovation governance, bridging the digital divide, carrying out bilateral and multilateral international cooperation.
With the extensive application and rapid development of network information technology in the world, the relationship between network and national security is becoming more and more closely. Among the security issues, the most interesting is cyberspace conflict. Cyberspace is called “next battlespace” by military strategists and futurists. The primary objective of governments in cyberspace is to ensure that their core interests are not compromised and that nationals are protected from cyber attacks. But the reality is that the vast majority of cyber attacks are not directly initiated and implemented by the government, but are operated directly by non-state actors. Moreover, the cost of launching a network attack is low, action is hidden, and can cause serious consequences. This also causes cyberspace to burst out of clashes or even cyber warfare (cyber warfare). Once the cyberspace conflict or war, its size and scope of influence will be difficult to estimate. Cyber ​​space conflicts can also lead to direct hostility and conflict among nations in the real world. In addition, due to the lack of necessary international legal jurisdiction and norms, cyber conflict management is also facing serious challenges. Effective control of the intensity of cyberspace conflict, the development of cyberspace national code of conduct, will be the international community to explore new issues of cyber conflict.

First, the changes and challenges of

cyberspace conflict Network space conflict from the behavior of the network threat to the perception and the resulting response. Network threats can be broadly divided into two categories: one is called cyber attacks, is deliberately destroying the behavior of the network system; the other is called cyber exploitation (cyber exploitation), that is, the use of network infrastructure to achieve illegal purposes, but Will not harm the network system itself. [1] The target of cyber attacks is aimed at national and non-state actors, including sovereign states, organizations and individuals, which can disrupt both hardware and software and other aspects of the computer, or by improperly invasive computer operating systems Information or implement remote control. Network attacks can cause network conflicts, and network conflicts can be upgraded to cyber warfare. A cyber war generally refers to the destruction and disruption of a nation or nation that infiltrates another country’s computer or network. [2] cyber war can seriously endanger the country’s political, economic and social security and stability, is the highest form of network conflict. <A I = 3> Network information technology has the immediacy, convenience, cheap nature, so that conflict and war becomes easy to operate and implement. Network information technology to the traditional conflict and war has undergone a subversive change. As long as there is a network of computers, a few people can implement a network attack, launched a small-scale war without smoke. Network space weapons development costs are very low, as long as there are one or two computers, and can achieve network connectivity, and then equipped with several high-level hackers, is enough to create a very lethal network weapons. [3] Therefore, the impact of the Internet on national security will be comprehensive, thorough and unprecedented. Network information technology from the continuous innovation and development of communication technology. The emergence and continuous updating of instant messaging technology has enhanced the efficiency of political decision-making on the battlefield. Network information technology for the innovation of weapons technology has an important role in promoting, especially in the era of nuclear weapons, computer technology to make nuclear weapons more accurate, reliable and high speed. During the Cold War, the United States and the Soviet Union attached great importance to the development of information processing technology. With the comprehensive development of computer technology, the United States first proposed the “information warfare doctrine” (information warfare doctrine), that is, the use of information technology, tactics and means beyond the opponent. Western scholars said that the current international society is no greater risk of weapons of mass destruction, but large-scale destructive weapons (weapons of mass disruption). [4] In the technical breakthrough, cyber space conflict and war more profound changes reflected in the behavior of the main, means of attack and the consequences of conflict and so on. (I) Increasing diversity of actors The cyberspace provides a broader platform for non-State actors to move beyond the limits of territory and sovereignty and to play a greater role in reality and in the virtual world. Traditional conflicts and wars occur between different groups, generally monopolized by powerful states, and individual individuals are difficult to attack groups. Network information technology has greatly enlarged the power of relatively weak behavior. With the help of a network information platform, small countries can challenge the hegemonic countries, small groups can attack the powerful sovereign states, individuals can also attack the group. The United States has always regarded North Korea as a threat in cyberspace. According to the US Fox News Network reported that the beginning of 2010, the report shows that North Korea has trained thousands of top computer students to become excellent “cyber warrior” (cyber Warrior), whose operational targets are locked for the United States and South Korea. [⑤] In recent years, terrorism has also gained the “new life” with the help of network carrier and information tools. Al Qaeda uses Internet technology to promote its extreme ideas, and use the network platform to implement member recruitment, online training, fund raising, remote command and other activities. It can be said that the cyber space of the hidden and open features to increase the international community to prevent and combat the difficulty of terrorism. [⑥] In 2008, a 14-year-old boy in Poland, through the invasion and control of the Lodz tram system, caused confusion, resulting in four trams derailed, 12 people were injured, the accident did not cause death. [⑦] for the increasingly diverse network attackers, the US Strategic Command Command Kevin Hilton (Gen. Kevin P. Chilton) vividly believes that “our enemy range, including not only the boring young hackers, but also criminal organizations, but also related to national actors.” [ 2] Attack means to constantly update the original intention of the development of the Internet is to facilitate the effective flow of information to achieve resource sharing, interoperability. Open environment will often bring more risks and challenges to security, cyberspace and thus appeared in the “offensive and defensive imbalance” problem. This structural imbalance triggers cyber malicious attacks, thereby reducing confidence in deterrence and effective defense. [⑨] static defense in cyberspace (static defenses), that is, passive defense, refers to the most powerful hackers as a new challenge or to be resolved. [⑩] Skilled cyber attackers can easily find network vulnerabilities and successfully bypass security defense software. Compared with the traditional conflict, cyber space in the attackers in a shelter, and specifically attack the target of the weak links. In the “offensive side of the defensive side” in the context of the network of offensive weapons has become very common. The general network of offensive weapons, including computer viruses, malware, logic bombs (logic bombs, denial of service (denial of service) and so on. Low-end network weapons, the goal is simply to steal information, access to passwords, modify the program, generally do not produce significant harm. By contrast, high-end network weapons can cause data or critical facilities to be interrupted or severely damaged. A series of cyber attacks can evolve into major emergencies, breaking critical services over a period of time, including disrupting military command or information systems, shutting down power supply or oil pipelines, and stopping financial services. In 2008, the US Department of Defense to store encrypted military information on the computer network had infected with malicious code. Malicious code diffuses to encrypted and unencrypted file systems without being perceived. Although it was found in time, but the US military is very scared that such an event may make its military confidential documents are uploaded to foreign intelligence agencies, and even unknown hostile forces, the consequences will be disastrous. [11] Complex high-end malicious code has a strong self-camouflage ability, it is difficult to be found, often has been caused after serious injury will be found. In 2010, Iran’s nuclear facilities were attacked by “Stuxnet” (Stuxnet), making Iran’s Natanz uranium enrichment plant 1 More than 1,000 IR-1 centrifuges have to be replaced due to abnormal operation and damage. The fact that the “shock virus” attack target is very accurate or single, that is, the German Siemens control system (SIMATIC WinCC). This is a data acquisition and monitoring (SCADA) system, widely used by Iran in the defense of basic industrial facilities. “Seismic virus” in the invasion of a computer, it will automatically find the Siemens software to confirm the software found, the virus will be unaware of the state control of industrial computer systems, and control the computer software to other factories on the computer Issue a given order. Network security experts believe that the “earthquake network virus” is the first physical world infrastructure for the target “precision guidance” worm. [12] As the first disclosure of “shock virus” German well-known network security experts, Ralph Langner (Ralph Langner) through systematic analysis, that “shock network virus” structure than imagined even more complex , Including two different “digital warhead” (digital warhead), respectively, for different offensive targets, uranium enrichment facilities and Bushehr nuclear power plant external turbine. He believes that the power of the second warhead is equivalent to the Bushehr nuclear power plant for a precise air strike. [13] US information security expert Kevin Clayman (Kevin Coleman) 2010 in the United States National Defense Science and Technology published an article that the number of network attacks will be a sharp upgrade. To support this assertion, he mentioned that the number of malware in 2009 reached the highest level in the past 20 years, with multiple reports showing that more than 25 million malware was confirmed, and that growth would continue. [14] Through the above examples, it is easy to see the cyber space in the offensive weapon technology content is high and has a strong pertinence. Such weapons are more subtle, more precise, more offensive and destructive than conventional weapons. At the same time, network offensive weapons can not be reused, must be constantly upgrading. Matin Libici, a digital warfare expert at the famous American think tank, argues that it is no longer a weapon once someone knows how the cyber warfare works. The best weapon is the enemy does not know, but they already have. [15] (c) the consequences of conflict unpredictable <a I = 11> opponents in traditional conflicts are clearly visible, and the results of the conflict are predictable. In the conflict of cyberspace, once the offensive weapon is in power, the damage scale and influence caused by it are constantly copied and disseminated, and it is difficult to get effective control as the traditional conflict. More seriously, cyber attacks can bring serious panic to society, which is more serious than traditional wars. All kinds of infrastructure in modern society are controlled by computer and Internet systems. Once the network attacks are affected by water, electricity and financial control systems, the losses will be immeasurable and may even cause serious social unrest. American scholars envisioned the serious consequences of cyber attacks: no air control system or airport security system, no electronic control of rail traffic, no reliance on electronic computer day and night delivery of parcels or e-mails, no employer through payment software to pay workers wages Check, no electronic withdrawal record, no automatic teller machine, hospital or health center No reliable digital record, no electricity leads no light, no heat, no refueling system or fuel, petrol, no traffic lights, no phone, no internet service , There is no police effective security management, this series of problems will make the American society into a short-term paralysis. [16] According to the CIA revealed that the number of cyber attacks against the US public utility network in 2007 showed that the person in charge of the power company was even reluctant to talk about the risk of these events because of fear of serious social panic. In addition, the openness of cyberspace makes the network attacks happen and its scope of influence will be diffuse. In April 2013, hackers stole the Associated Press’s Twitter account and posted a false message that US President Barack Obama was injured in an explosion at the White House. A few minutes later, the Associated Press official used another Twitter account before the account was stolen. White House spokesman also clarified by President Obama did not hurt the radio. But many people have seen the news of the stolen Twitter account, the event led to the Dow Jones Industrial Average and S & P500 index both fell, after the two trading index and rapid rebound. Alert alleged that the Twitter account has 2 million audiences, the release of instant messaging is very influential. [17] The incident also sounded the alarm to the US government, with a simple account stolen event is likely to trigger a financial panic, which seriously disrupt the social order. The above new features of cyber conflict governance have had serious consequences. The diversity of the behavior makes it difficult to change the concept in a short time to overcome the differences and differences of cognition. The continuous innovation of the network attack means makes the international legal system and deterrence difficult to play the role. The unpredictable consequence is aggravating the inter- Mutual suspicion. These factors will seriously hinder the formation of cyberspace conflict management mechanism and play a role. Second, the network space conflict governance mechanism of the plight of cyberspace conflict and the traditional sense of the international conflict is very different. The main actors in the current global governance mechanism are sovereign states, who propose a series of rules and regulations on the basis of understanding and understanding of traditional armed conflicts. But in cyberspace, the effective regulation of the behavior of non-State actors is a matter of law and morality. And “structural dilemma” and other practical problems also exacerbated the difficulty of cyber conflict. (A) cognitive differences hinder effective governance At present, countries on the core concept of network security understanding of the network security events and their attribution (attribution) and identified there are deep differences. For example, the United States, Britain, Japan, Germany, France and the European Union have developed a network security strategy, through comparison can be found, the parties to “cyberspace”, “network security”, “network war” and other core concepts defined difference. [18] In cyberspace, how to determine that some of the acts have violated the basic norms of international law and can be used to combat Can individuals and organizations become the target of a national network attack? How do you define the national sovereignty of cyberspace? For these questions, the current international legal system has no ready answers. The United Nations, as a broadly representative international organization for the maintenance of international peace and security, has its own limitations, highlighting the development of the Charter of the United Nations much earlier than the arrival of the cyber-information age and therefore does not take into account the issue of cyber attacks. It is difficult to define cyber attacks as the use of force in accordance with prevailing norms of international law. During the three weeks before the 2008 Russian-Russian war, Unknown Acts used a commercial IP address to launch a decentralized denial service in several countries to attack the Georgian president’s website. The outside world believes that the relevant malware (named MachBo) was written in Russia and used by Russian hackers, although there is no definite proof that the Russian government has planned and implemented cyber attacks. Another dilemma faced by current international legal norms is the blurring boundary between cybercrime and cyber warfare. Realistic disagreement is manifested in the fact that the attacked state considers cybercrime to be a cybercrime and encourages implementation or support in the back of the country that cyber attacks are a cyber warfare for the maintenance of national interests. It can be seen that the lack of unified cognitive standards and operational guidelines make cyberspace conflict management difficult to carry out. In general, cyberspace behavior can be divided into three categories, one is legal (recognized is legal); the second is crime (illegal, the current legal norms that it is a crime); three is not legal (by the state and Non-state actors are found to be malicious, but the existing legal framework is not clearly defined). To be sure, cyber attacks should first fall within the jurisdiction of domestic law. If the attacker violates domestic law, the government of the host country is bound to enforce the jurisdiction. If the attacker attacked the target of another country, and the relationship between the target country and the host country is not friendly, there is a realistic problem. Especially for intelligence gathering, disruption of communications, or network behavior such as issuing erroneous directives to the enemy, it is easy for the implementer to be deemed to be a cyber attack because of being favored by the host country, So that it will not be punished. [19] (b) difficult to effectively govern international legal norms <a There are indeed many problems with the current international legal system and governance mechanisms. First, the existence of existing rules on armed conflict applied to cyberspace issues; second, the existing international rules can be applied to cyberspace governance, the majority of international rules focus on inter-State conflict, and cyberspace in the unconventional conflict But the more and more; third, the lack of legal experts; Fourth, the current rules focus on how to limit the network war, but the physical and collateral damage and other potential issues less concerned. [20] These problems make the existing international legal system not only effective control of cybercrime behavior, nor can it provide legal protection for civilian infrastructure and ordinary civilians. The Law of War and Armed Conflict (“the Law of Armed Conflict”) originated in the mid-19th century and is a humanitarian norm that regulates violence and conflict. The law of armed conflict applies exclusively to the conflict between the regular forces of the state. Countries in 1864 on the “Geneva Convention” to reach a consensus in 1868 in St. Petersburg officially signed. But the law of armed conflict, the Charter of the United Nations in the legal control of the war and wartime war behavior constraints are not applicable to cyberspace. And the existing legal norms do not clearly define the “war behavior” (war of act) concept. In general, war refers to the legal consequences of the use of force between States. The law of armed conflict is based on the use of force and aggression. In cyberspace, there is a great deal of controversy over whether cyber attacks are equal to the use of force and should be governed by the law of armed conflict. On the one hand, although not explicitly defined, it is generally believed that cyber attacks are hostile in cyberspace using network and information technology to achieve a certain purpose or effect; on the other hand, whether a cyber attack can be called For the conflict or war, still need the international community generally recognized. [21] There are gaps in the existing international legal norms for the control network space conflict. Within the existing international legal framework, the international legal norms governing conflict are the law of armed conflict, whose main legal sources are international treaties and international customs. It is the sum of binding principles, rules and regulations, and systems that adjust the relations between the warring parties and the warring parties and the neutral States in war and armed conflict. [twenty two] The subject of the law of armed conflict rests with the State and does not involve the question of the exercise of jurisdiction over individuals and international organizations. In addition, in the network attack, how to effectively distinguish between military and non-military objectives is also a real challenge. In the field of traditional warfare, military and non-military objectives are clearly defined, just as green tanks carry soldiers, and yellow cars carry students. But in the absence of clear boundaries in the cyberspace, the boundaries of the two are vague. The blurring of boundaries will lead to bias and shift of offensive targets, such as the blow to a country’s military facilities likely to shift to civilian infrastructure targets. In the network war, for the commander, it is difficult to distinguish which networks have military strategic objectives, which goals are civil. The more difficult problem is that it is difficult to determine the attacker’s long-range attack. Even if it is possible to determine the presence of the attacker and the attack itself, it is difficult to determine the identity of the attacker. Cyber ​​space conflict also exists on the application of the right of self-defense in traditional war. If a cyber attack against a country has occurred, the State under attack has the right to self-defense in accordance with the provisions of the Charter of the United Nations. But how to determine the implementation of the main body to determine whether the attack on the country’s attack, to define the extent of the attack, there is no uniform standard. Although the existing international legal system clearly stipulates that conventional wars can not use weapons of mass destruction, they are almost equivalent to the use of weapons of mass destruction if they are likely to be devastated by malicious code and malware. If this assumption is true, it will pose a serious challenge to the above principles. And if the network army in the public website embedded malicious code, and the infection code of the non-military system than the military system, which should be considered a violation of the principle of abuse of weapons. Whether there is a “network of weapons of mass destruction” in cyberspace, and the international community has not reached a consensus on the use and co-operation of these weapons that can cause serious consequences. In addition, the development of network information technology in the 21st century makes the soldiers separated from their war behavior. The closer the separation of the acts of war, the harder it is to preserve the humanitarian spirit implicit in the law of armed conflict. At the same time, the openness of cyberspace makes the public and private, government and private network mutual penetration, overlap each other. This will result in a joint attack on the consequences of a network attack and may cause physical damage and injury. (C) the network deterrence lost utility <a I = 25> cyberspace The international legal system is not yet sound is an existing fact, then can the cyber deterrence strategy be effectively implemented and achieve the intended purpose? The deterrence strategy emphasizes the strength and the will of the contest. Deterance refers to the strength of one party is strong enough to make its opponents can not attack, otherwise it will pay a significant price. The prerequisite for deterrence is the possibility and credibility: the possibility that one party has the absolute ability to launch retaliation and counterattack, credible means that at the crucial moment one party decides to impose the necessary blow to its opponent. To achieve the purpose of affecting the opponent’s decision-making, you need to let the opponent clearly understand and perceive the deterrent implementation of the absolute strength and revenge. In reality, there are serious limitations in the use of deterrence strategies in cyberspace: first, deterrence theory is generally applied between two powerful opponents, the deterrent can be effective to assume that the other is rational, can not bear the cost of attack. But in cyberspace, there may be a serious asymmetry between the attacking entity and the attacked object, and even if effective retaliation is implemented, the purpose of deterrence can not be achieved. Second, the asymmetry of retaliatory means would disrupt the existing international rules. If the network attacker only launched a general decentralized denial of attack, only led to the attacking country network system paralysis, if the attacking countries using conventional military and nuclear forces to fight back, will cause a lot of economic losses and casualties, which will Deviation from the “principle of proportionality” in international law, the return action will be the loss of legal legitimacy. Finally, cyber attacks are instantaneous, one-off, successful, or failing only in the twinkling of an eye. Successful attacks can cause harm, and the victim is retaliated after being attacked, and deterrence will be completely lost because the injury has arisen. In a cyber environment, a party that initiates a cyber attack usually attacks an attack through a “zombie computer” (a computer that has been hijacked after it invades), which adds significant difficulty to the attacker’s determination of the attacker. In addition, the process of determining the identity of the attacker takes a long time, after the confirmation is correct, the loss has been generated and irreversible. Re-implementation of such retaliation under such conditions would challenge the “self-defense principle” under international law, since Article 51 of the Charter of the United Nations clearly stipulates that “self-defense” is prerequisite for action against force. The more challenging issue is that if the attackers are identified as being an organization or an individual, the various norms of international law will not work. Former deputy secretary of the United States Department of Defense William Lynn Lynn) also mentioned the difficulty of the network deterrent, “deterrence credible prerequisite for the identity of the adversaries to confirm no doubt, but in the cyberspace almost no such case.” [23] (d) “structural problems” threat to international cooperation and the real world, cyberspace is also in anarchy. In this state, there is no absolute authority, so the relationship between the cyberspace state is facing a “structural problem.” This is highlighted as two aspects: First, the network developed countries and emerging network power between the competitive relationship, which is reflected in the network security issues on the two camps, “different voices.” The first camp is the United States led the Western countries group, they have introduced the corresponding national network security strategy, and put forward the values ​​of Western countries to reflect the cooperation and governance philosophy. In March 2014, the United States stated that it had strengthened bilateral and multilateral coordination and cooperation with the EU in matters related to the Internet. The United States made it clear that US-European cooperation is based on shared values, common interests, multi-stake governance concepts, cyber freedom and the protection of cyberspace human rights. [24] Early 2015, the United States and the United Kingdom expressed the need to protect key infrastructure, strengthen network defense, support network academic research and other aspects of pragmatic cooperation. [25] In June the same year, the United States and Japan to enhance network deterrence and strengthen information and intelligence sharing agreement. [26] It is not difficult to find that the first camp headed by the United States places more emphasis on the values ​​of freedom and democracy in cyberspace and strengthens its own network deterrent. The second camp is China, Russia and other emerging countries group. “Prism door incident” occurred, China and Russia and other countries are very concerned about maintaining the network of national sovereignty, called on the international community to pay attention to the United States to cyberspace open, free in the name of the actual violation of the sovereignty of other countries. At the BRICS National Summit in Brazil in 2014, Russia proposed strengthening the BRIC network security cooperation. [27] Russia and China as the representative of the BRIC countries that “WikiLeaks” and “prism door incident” shows that the United States and other Western countries in the network security issues on the implementation of double standards: on the one hand advocate the so-called absolute freedom of cyberspace, On the other hand use the network to steal other countries information. One of the two camps advocated “network freedom first”, the other side advocated “network sovereignty first”, the two sides views obvious and difficult to eliminate. <A I = 32> Second is the inequality between developed and developing countries. Developed countries because of the advantages of early development, has been in the network information technology has the initiative; and the majority of developing countries due to historical, economic development and technical conditions and other factors, network information technology has long been lagging behind. According to the statistics of the International Telecommunication Union and other relevant agencies, the number of online online users has reached 2.3 billion by 2011, the Internet penetration rate in developing countries is about 25%, the penetration of the Internet in developed countries is 70%, and the per capita Internet users in Europe Bandwidth is equivalent to 25 times the bandwidth of Africa’s per capita. [28] Inequality in status will allow the vast majority of developing countries to remain marginal and passive. Although the United States and other Western countries put forward on the network security issues to the vast number of developing countries to provide the necessary assistance, but because they are in the implementation of assistance along with the concept of Western values, in fact, the majority of developing countries, “value output.” The majority of developing countries are very worried about the United States and other Western countries to form a network security technology level of “dependency”, the network space conflict governance North-South cooperation is also difficult to achieve. Third, the network space conflict mechanism of governance mechanism to explore the war has entered the information age, the existing international law should be necessary to improve and upgrade. The diversity of actors, the escalating offensive technology, and the uncertainty of the consequences call global governance of cyberspace conflicts. People are aware that cybercrime, cybercriminals, and cyber-terrorism have become global problems that can not be solved by the power of individual countries alone. Thus, the issue of cybersecurity is not just the domestic security of individual countries, but it is necessary to carry out long-term, extensive and in-depth international cooperation. At the same time, the existing international legal norms need to be updated and perfected. In the case of international legal norms governing the international conflict, prevention and control of cyberspace conflicts should be increased. At the same time, cyberspace cooperation requires the cultivation of peace and cooperation, development and win-win governance philosophy. Only the concept of governance enjoys popular support, international cyberspace conflict governance action will be concerned about, but also in the international community is widely recognized. (A) the transformation of global governance awareness Although there are Estonia, the Georgia network attack and “earthquake network virus” on Iran’s nuclear facilities caused serious damage and other typical cases, but so far there has been no large-scale inter-country network conflict. Nevertheless, people are still highly concerned about the cyberspace conflict, the urgent need to change the corresponding sense of governance. <A First, the most important subject involved in the management of cyberspace conflict is still the sovereign state. Although the role of individuals and groups is magnified by cyberspace, their power is still limited. Individuals and groups lead to large-scale network conflict and even the possibility of war is still minimal. Therefore, the focus on the network conflict should still be the country. Only countries in accordance with the law to effectively manage and regulate their own and their domestic organizations, individual behavior, cooperation between countries can play a role. Second, to coordinate and integrate the power and resources. Need to pay special attention to is that cyberspace itself beyond the borders, can not fully rely on government and national power. The United States and Europe and other Western countries in the network defense is the most worth learning experience is the full integration of civil resources, to achieve effective interaction between the official and civil. Should be aware of non-state actors in the field of cybersecurity in the important role, rather than national actors also hope to cooperate with the government to reduce network risk. [29] In 2010, the National Security Agency (NSA) in the Google company suffered high persistence attacks (Advanced Persistent Threat, APT), to provide information and technical assistance. [30] The basic elements of cyberspace are individuals and social groups, only to stimulate the vitality of individuals and social organizations, to enhance their network security and cooperation awareness, cyberspace will be more secure. In the government’s active promotion, the integration of technical personnel, experts and scholars, social groups, enterprises, government and other resources in order to effectively eliminate all kinds of cyberspace threats. In some cases, the need to deal with cyberspace problems also need to find answers in the network. In reality, the use of “white off” is an important strategic choice. In January 2014, the Russian Federation Committee proposed the use of “white off” (no criminal criminal record, can find a system of loopholes and experienced network of experts) services to deal with complex and volatile network attacks. [31] US network security software vendor experts also stressed that should be concerned about the “white” group, can not let it be tempted by the dark forces or even use. [32] Third, the implementation of hierarchical management of network behavior. The biggest challenge facing the international community is that countries can not agree on many cyberspace governance issues. From the point of view of harm, low to high behavior includes cyber vandalism, cyber espionage and cybercrime, denial of service, cyber attacks and large-scale cyber attacks. The first three categories already exist, and network attacks and large-scale network attacks have not yet occurred, although it is the most concern, but also the most likely to lead to network conflict behavior. Because cyber attacks and large-scale cyber attacks are targeted at key infrastructure, it can lead to serious social unrest in the attacked countries. Thus, such acts are almost intolerable and can cause reprisals by the injured State. For the first three categories of relatively light sabotage, the parties can be resolved through consultation and cooperation; for possible serious consequences of network attacks and large-scale attacks, countries should be through consultation to achieve a clear ban on such acts of cyberspace international code of conduct The (B) to cultivate the concept of cooperation in cyberspace “attack side overwhelming” reality makes cyberspace deterrence difficult to achieve, which will encourage the network intruder from another direction, eventually leading to network arms race. On the surface, the attack can bring some benefits and produce a sense of security, but the consequences will be cyberspace behavior between the competition, mutual hostility. Therefore, in the Internet, open network space is impossible to obtain absolute security. <A I = 42> On the contrary, if the defensive side is dominant, the behavior is more inclined to cooperate. Any threatened intrusion is carried out on the basis of successful defensive measures. Therefore, to enhance the defense capacity in order to obtain positive and lasting security. This requires the establishment of two types of mechanisms: one is the early warning mechanism, so that the attacked countries can early detection and take the necessary preventive measures. From the “network virus” attacks can be seen in the case, the virus invasion must bypass the victim’s security firewall. If you take a security defense measures, “earthquake network virus” is unable to implement the damage. Second, the information sharing mechanism, the parties to coordinate and cooperate with each other will help to achieve common security. This first requires the sharing of information between countries, which can increase mutual trust, is conducive to pragmatic and effective cooperation to achieve mutually beneficial win-win goal. Second, the sharing of information between government and private enterprises is also necessary. In many cases, the country’s infrastructure is operated by private enterprises, but there are obvious shortcomings in the information and intelligence collection channels, quantity and quality compared with the country. Third, in the network space conflict management should also focus on cultivating the “humanitarian” spirit, in the physical space to attack the party has the obligation to minimize the harm of civilians. Any country with strong technical capacity must also consider minimizing civilian damage when using cyber weapons. Some scholars even believe that the degree of damage caused by network weapons should be limited to less than a bomb damage. [33] (c) the establishment of conflict governance mechanism The international community has been advocating the creation of international mechanisms for conflict resolution, its purpose is through the policy coordination between countries, on the basis of consensus on the formation of network conflict management mechanism, and gradually establish cyberspace International order, and thus cultivate a global network of space management culture. [34] The international community attaches great importance to the inconceivable destructive power and influence of cyber space conflicts. In practice, attempts are made to bilateral and multilateral cooperation and have achieved some results, which can provide the necessary reference for the construction of global cyberspace governance mechanism. As the most influential intergovernmental organization, the United Nations should play a leading role in the governance of cyberspace conflict. The United Nations cyberspace conflict management mechanism is not widely represented and is not universally recognized by the international community. As early as 2006, the United Nations set up an open Internet Governance Forum (Internet Governance Forum, IGF). [35] As of 2014, the Internet Governance Forum has been held for nine consecutive sessions. In April 2015, the United Nations launched a dialogue with Russia on the International Convention on Cybercrime, but there was no consensus on the serious differences between developed countries and developed countries and organizations such as the United States, Canada and the European Union. This shows that countries have opened the door to dialogue for a global agreement. [36] As a specialized agency of the United Nations, the International Telecommunication Union (ITU) has also played an important role, actively advocating the “stakeholder” (stakeholder) concept, called on countries around the world to participate in the process of safeguarding the international community network security. The exploration and attempt of the international community shows that cyberspace governance itself is part of global governance. Every country faces the threat of cyber attacks, network conflicts and even cyber warfare. Participation in multilateral cooperation is the best choice for all countries to safeguard their own interests. At the same time, regional international organizations are also exploring new models of cyberspace governance. The 7th SCO Council of the Shanghai Cooperation Organization (SCO), held in 2007, proposed the Action Plan for information security, emphasizing the state’s control over the network system and information content. At the beginning of 2008, NATO convened an emergency meeting of the North Atlantic Council for the Estonian incident and introduced a cyber-defense policy, which for the first time established cyber security issues as the content of its collective defense obligations. NATO claims that if its member countries are subjected to catastrophic cyber attacks, the new cybersecurity policy will provide an effective counterattack tool. In April, NATO Cyber ​​Defense Management Authority (CDMA) was established to form a unified deployment of allied network action capabilities. In May, the Cooperative Cyber ​​Defense Center of Excellence, CCS COE) was formally established in Tallinn to strengthen the comprehensive capabilities of NATO’s network defense, and the establishment of the two institutions became a symbol of NATO’s network defense. [37] NATO officials also expressed their intention to cooperate safely with cyberspace in South Korea and other East Asian countries. In the current global governance mechanism, the success of cyberspace conflict management is the Mutual Legal Assistance Treaties (MLATs). It is aimed at nationally recognized cybercrime, which stipulates that participating countries share information, evidence and other forms of cooperation. The treaty is mainly applicable to the use of the network system to implement the crime. The Council of Europe Convention on Cybercrime (CEC) was signed by the Council of Europe in 2001 to define and punish the deterrence of cybercrime. The Cybercrime Convention is the most important multilateral cooperation agreement against cyber attacks and the world’s first international convention against cybercrime, which will have a significant impact on the legislation of many countries. Some scholars have suggested that international justice cooperation in the fight against cybercrime be carried out in accordance with the Convention. [38] Joseph Chennai believes that restricting all cybercrime is impossible, but it can be done from combating cybercrime and cyber-terrorism, and the great powers have many common interests on these issues. [39] Whether it is the United Nations or other regional international organizations, through their own practice to explore the global model of cyberspace governance. These practices will greatly enrich the theoretical basis and practical experience of cyberspace conflict management, which is of great significance to promote the international community to construct the relevant governance mechanism. The ultimate goal of cyberspace conflict management is to break through the differences of ideas, on the basis of common interests, to achieve beyond the borders, areas, levels of all-round, three-dimensional cooperation, and ultimately clean up the network space, to good governance. This process may take a long time and requires the joint efforts of the international community. China’s role and contribution in cyberspace conflict management According to China’s Internet Center (CNNIC) released the 36th “China Network Development Statistics Report” shows that by June 2015, the number of Internet users in China has reached 668 million, the Internet Penetration rate of 48%. 4%. This shows that China is already the largest number of Internet users in the country, but also shows that the Chinese people’s production and life, economic growth and innovation are closely related with the network, China has become a veritable global network power. As a global power, China has always positioned itself as a participant, builder and practitioner in cyberspace security governance. China’s national strategy is to develop from a network of major powers as a network power, and to promote the development of balanced development, sound rules and reasonable order of the global network space and make unremitting efforts. As the largest developing country, China has long been committed to the struggle for the vast number of developing countries, and actively participate in the construction of peace, security, openness and cooperation of cyberspace, and promote the establishment of multilateral, democratic and transparent global Internet governance system. At the same time, the Chinese government has put forward the principle of network governance with Chinese characteristics on the basis of the existing experience of governance, such as the rule of law, the order priority and the positive integration, which is similar to those of China. Furniture has important reference value and reference significance. [41] In September 2015, when the Chinese President visited the United States, he said in a written interview with The Wall Street Journal that China was a strong defender of cybersecurity. On the one hand, China will strengthen cooperation with the United States, the European Union, Russia, through the establishment of bilateral and multilateral cooperation mechanism to increase mutual trust, and is committed to building network security code of conduct. On the other hand, China will be more active in cyberspace global governance, and strive to incorporate the concept of safeguarding network sovereignty, network fairness and pragmatic cooperation advocated by China into cyberspace international standards. At the same time, China will also fulfill its commitments to actively promote the construction of cyberspace global order. In addition, China is working on the development of national network security for the relevant legal norms. In June 2015, the National People’s Congress for the first time considered the “People’s Republic of China Network Security Law (Draft)”. Article 5 of the General Regulations clearly states that “China will actively strengthen international exchanges and cooperation in the areas of cyberspace governance, network technology research and development and standard setting, and crack down on crimes against the Internet, and promote the construction of peaceful, safe, open and cooperative cyberspace. [42] This shows that China is committed to the law through the definition of network security, safeguarding network sovereignty, standardize network behavior, promote international cooperation in cyberspace. At the same time, China is also actively advocated in cyberspace governance to play the leading role of the United Nations. In 2011, China and Russia jointly submitted the International Code of Conduct for Information Security to the 66th Session of the General Assembly, put forward a series of basic principles of national conduct on the maintenance of information and cybersecurity, and called on countries to carry out further discussions within the framework of the United Nations. [43] In June 2013, China and the United States and other 15 countries in the United Nations network security dialogue, clearly advocated the “United Nations Charter” applies to cyberspace. [44] In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. In 2014, China and the United Nations jointly organized the International Symposium on Information and Internet Security, which is an important manifestation of China’s international rules for promoting cyberspace. In December 2015, Chinese President Xi Jinping delivered a speech at the Second World Internet Conference to elaborate on China’s basic position on cyberspace development and security, demonstrating China’s forward-looking thinking about the future development of cyberspace and calling for Countries around the world should strengthen communication, expand consensus, deepen cooperation, and jointly build the network space fate community. [45] In addition, China is also actively safeguarding the cyberspace interests of developing countries and “network sovereignty”. China advocates bridging the digital divide on multiple international occasions. Cyber ​​space threat is no border, its impact is transnational. Network vulnerabilities in many developing countries will be targets of attack, and they may also be manipulated into “bonnet” (bonnet) to attack other countries. In the field of Internet technology applications and development, there is a clear gap between China and Western countries. China advocates that the network is primarily used for commercial purposes and not for political and military purposes. In the future, China will continue to carry out independent research and development and innovation in network security technology. These network security technologies can become an important part of China’s foreign technical assistance. At present, China is promoting the “one way along the road” construction, which focus on cooperation, including the promotion of national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. The focus will include advancing national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation. The focus will include advancing national and regional network infrastructure. At the same time, China is also willing to assume more responsibility and play an active role in cyberspace cooperation.


Original Mandarin Chinese:

隨著網絡信息技術在全球範圍內的廣泛應用和快速發展,網絡與國家安全的關係日趨緊密且受到各國高度重視。在安全議題中,最引人關注的是網絡空間衝突。網絡空間被軍事戰略學家和未來學家稱為“下一個戰爭空間”(next battlespace)。各國政府在網絡空間中的首要目標是確保本國的核心利益不受損害,保障國民免受網絡襲擊的侵擾。但現實情況是絕大多數網絡襲擊並非由政府直接發動和實施,而是由非國家行為體直接策劃操作。而且,發動網絡襲擊的成本低廉、行動隱蔽,且能引發嚴重後果。這也造成網絡空間容易爆發衝突甚至網絡戰爭(cyber warfare)。一旦網絡空間發生衝突或戰爭,其規模和影響範圍將難以估量。網絡空間衝突也可能導致國家間在現實世界中的直接敵對與衝突。此外,由於缺乏必要的國際法律管轄與規範,網絡空間衝突治理也面臨著嚴峻挑戰。有效控製網絡空間衝突的烈度,制定網絡空間國家行為準則,將是國際社會探索網絡空間衝突治理的新課題。


網絡空間衝突源於行為體對網絡威脅的感知和由此作出的反應。網絡威脅大致可分為兩類:一類被稱為網絡襲擊,是指蓄意破壞網絡系統的行為;另一類被稱為網絡牟利(cyber exploitation),即利用網絡基礎設施來達到非法目的,但不會對網絡系統本身造成傷害的行為。 [①] 網絡襲擊針對的目標是國家和非國家行為體,包括主權國家、組織和個人,既可以破壞軟硬件和計算機的其他方面,也可以通過非法入侵計算機操作系統,運用不正當的手段獲取信息或實施遠程控制。網絡襲擊可能引發網絡衝突,而網絡衝突又可能升級為網絡戰爭。網絡戰爭一般是指一個民族國家為滲入另一個國家的計算機或網絡所進行的破壞和擾亂行為。 [②] 網絡戰爭可能嚴重危害國家的政治、經濟和社會安全與穩定,是網絡衝突的最高形式。
網絡信息技術所具備的即時性、便捷性、廉價性特質,使衝突和戰爭變得易於操作和實施。網絡信息技術使傳統的衝突與戰爭發生了顛覆性變革。只要有一台聯網的計算機,少數人就可以實施網絡攻擊,發動一場沒有硝煙的小規模戰爭。網絡空間的武器開發成本極低,只要有一兩台計算機,且能夠實現網絡連接,再配備幾名高水平的黑客,就足以製造極具殺傷力的網絡武器。 [③] 因此,互聯網對國家安全的影響都將是全面的、徹底的和前所未有的。網絡信息技術源自通訊技術的不斷創新與發展。即時通訊技術的出現和不斷更新,提升了戰場上的政治決策效率。網絡信息技術對於武器技術的革新具有重要推動作用,尤其是在核武器時代,計算機技術使核武器更加精準、可靠和高速。冷戰時期,美、蘇兩國十分重視發展信息處理技術。隨著計算機技術的全面發展,美國率先提出了“信息戰理念”(information warfare doctrine),也就是利用信息技術力量,在策略和手段方面超越對手。西方學者表示,目前國際社會最大的隱患不再是大規模殺傷性武器,而是大規模破壞性武器(weapons of mass disruption)。 [④] 在技術突破之外,網絡空間衝突與戰爭更深刻的變革體現在行為主體、攻擊手段和衝突後果等方面。
網絡空間為非國家行為體提供了更加廣闊的活動平台,使其可以超越領土和主權的限制,在現實和虛擬世界發揮更大的作用。傳統的衝突與戰爭發生在不同群體之間,一般被實力強大的國家所壟斷,而單獨個體難於發動對群體的攻擊。網絡信息技術極度放大了相對弱小行為體的力量。借助於網絡信息平台,小國可以向霸權國發起挑戰,規模小的群體可以向實力強大的主權國家發動襲擊,個人也可以發動對群體的攻擊。美國一直以來都將朝鮮視為網絡空間中的威脅。據美國福克斯新聞網透露,2010年年初的報告顯示,朝鮮已經培訓了數千名頂級的計算機專業學生成為出色的“網絡戰士”(cyber warrior),其行動目標鎖定為美國和韓國。 [⑤] 近年來,恐怖主義也藉助網絡載體和信息工具獲得了“新生”。基地組織利用互聯網技術宣傳其極端理念,並利用網絡平台實施成員招募、在線培訓、資金募集、遠程指揮等活動。可以說,網絡空間的隱蔽性和開放性特徵加大了國際社會防範和打擊恐怖主義的難度。 [⑥] 2008年,波蘭一名14歲少年通過入侵並控制洛茲市(Lodz)的有軌電車系統,從而引發混亂,導致4輛電車脫軌,12人受傷,所幸事故未造成人員死亡。 [⑦] 對於日益多元化的網絡襲擊者,美國戰略司令部司令凱文·希爾頓(Gen. Kevin P. Chilton)曾形像地認為,“我們的敵人范圍,不僅包括令人厭煩的年輕黑客,也包括犯罪組織,還涉及國家行為體”。 [⑧]
互聯網發展的初衷是便於信息的有效流動,實現資源共享、互聯互通。開放的環境往往會給安全防禦帶來更多風險和挑戰,網絡空間中因而出現了“攻守不平衡”問題。這種結構上的不平衡會激發網絡惡意攻擊,從而降低對威懾和有效防禦的信心。 [⑨] 網絡空間中的簡單靜態防禦(static defenses),即被動防禦,是指最多被強大的黑客視為一個新挑戰或待解決的問題。 [⑩] 技術嫻熟的網絡襲擊者能夠輕鬆找到網絡漏洞並成功繞開安全防禦軟件。與傳統的衝突相比,網絡空間中的襲擊者處於隱蔽處,並專門攻擊目標的薄弱環節。在“攻方壓倒守方”的背景下,網絡進攻性武器變得十分普遍。一般的網絡進攻武器,包括計算機病毒、惡意軟件、邏輯炸彈(logic bomb)、拒絕式服務(denial of service)等。低端網絡武器的目標只是簡單的竊取信息、獲取密碼、修改程序等,一般不會產生重大危害。相比較而言,高端網絡武器能夠造成數據和關鍵設施的中斷或嚴重受損。一系列的網絡攻擊能夠演變為重大突發事件,在一段時期內中斷關鍵服務,包括破壞軍事指揮或信息系統,關閉電力供應或石油管道,停止金融服務等。 2008年,美國國防部儲存加密軍事信息的電腦網絡就曾感染惡意代碼。惡意代碼在未被察覺的情況下擴散到加密和未加密文件系統。雖然被及時發現,但美國軍方對此十分恐慌,認為此類事件可能會使其軍事機密文件被上傳給國外情報機構,甚至是未知的敵對勢力,後果將不堪設想。 [11]
複雜高端的惡意代碼具有很強的自我偽裝能力,很難被發現,往往是在已經造成嚴重傷害後才會被發現。 2010年,伊朗核設施受到“震網病毒”(Stuxnet)的攻擊,使伊朗納坦茲鈾濃縮工廠的1 000多台IR-1型離心機由於非正常運轉並遭到破壞而不得不更換。事實表明,“震網病毒”的攻擊目標非常精確或單一,即德國西門子公司控制系統(SIMATIC WinCC)。這是一款數據採集與監視控制(SCADA)系統,被伊朗廣泛使用於國防基礎工業設施。 “震網病毒”在入侵一台電腦後,就會自動尋找西門子軟件,確認找到軟件後,這種病毒會在無人察覺的狀態下控制工業用的電腦系統,並控制電腦軟件對工廠其他電腦發出既定指令。網絡安全專家認為,“震網病毒”是第一個以物理世界基礎設施為攻擊目標的“精確制導”蠕蟲病毒。 [12] 作為第一個披露“震網病毒”的德國著名網絡安全問題專家,拉爾夫·朗納(Ralph Langner)經過系統分析,認為“震網病毒”的結構比想像中的還要復雜,包含兩個不同的“數字彈頭”(digital warhead),分別針對不同的進攻目標,鈾濃縮設施和布什爾核電站的外部渦輪機。他認為第二個彈頭的威力相當於對布什爾核電站進行一次精確的空中打擊。 [13] 美國信息安全問題專家凱文·克萊曼(Kevin Coleman)2010年在美國國防科技網上發表的文章認為,網絡襲擊的數量將會急劇升級。為支持這一論斷,他提到2009年惡意軟件的數量達到了此前20年來的最高水平,多份報告顯示超過2 500萬個惡意軟件被確認,而且這種增長趨勢還將繼續。 [14]
通過以上事例,不難看出網絡空間中的進攻武器技術含量高且具有極強的針對性。這樣的武器比常規武器更隱蔽、更精準、更具進攻性和破壞性。與此同時,網絡進攻性武器不能重複使用,必須不斷升級換代。美國著名智庫蘭德公司的數字戰專家馬丁·利比奇(Matin Libici)認為,一旦有人了解了網絡戰武器的工作原理,它就不再是一種武器了。最好的武器是敵人所不知,但自己卻已擁有的。 [15]
傳統衝突中的對手是清晰可見的,衝突的結果也是可以預測的。在網絡空間的衝突中,進攻武器一旦發揮威力,所造成的破壞規模和影響力一般都會不斷地複制和散播,很難像傳統衝突那樣能夠得到有效控制。更為嚴重的是,網絡襲擊會給社會帶來嚴重恐慌,其後果比傳統戰爭更為嚴重。現代社會中的各類基礎設施都是由計算機和互聯網系統控制,一旦網絡襲擊波及水、電、金融控制系統,帶來的損失將是無法估量的,甚至可能造成嚴重的社會動盪。美國學者設想了網絡攻擊可能引發的嚴重後果:沒有航空控制系統或者機場安監系統,沒有電子管控的鐵路交通,沒有依賴電子計算機日夜投遞的包裹或郵件,沒有雇主通過支付軟件支付工人工資的電子支票,沒有電子取款記錄,沒有自動取款機,醫院或者健康中心沒有可信賴的數字記錄,沒有電力導致沒有燈光,沒有熱力,沒有加油系統或者燃料、汽油,沒有交通信號燈,沒有電話,沒有網絡服務,沒有警察有效的治安管理,這一系列問題將使美國社會陷入短時癱瘓。 [16] 據美國中央情報局透露的發生在2007年針對美國公用電力網的多起網絡襲擊事件表明,由於擔心會造成嚴重的社會恐慌,電力公司的負責人甚至不願談及這些事件的風險。
此外,網絡空間的開放性特徵使網絡襲擊一旦發生,其影響範圍將具有擴散性。 2013年4月,黑客竊取了美聯社的推特賬號,發布了美國總統奧巴馬在白宮的一次爆炸中受傷的虛假消息。幾分鐘後,美聯社官方使用另一個推特賬號聲明之前的賬戶已被盜。白宮發言人也通過廣播澄清奧巴馬總統沒有受傷。但已有很多人看到了被盜推特賬號發布的消息,該事件導致道瓊斯工業指數和S&P500指數雙雙下挫,之後兩個交易指數又快速反彈。據稱美聯社的推特賬號有200萬受眾,其發布的即時消息影響力十分巨大。 [17] 這一事件也給美國政府敲響了警鐘,一起簡單的賬戶被盜事件很可能引發一場金融恐慌,從而嚴重擾亂社會秩序。


當前,各國對網絡安全核心概念的理解以及對網絡安全事件的歸因(attribution)和認定都存在深刻分歧。例如,美、英、日、德、法和歐盟等都制定了網絡安全戰略,通過對比可以發現,各方對“網絡空間”、“網絡安全”、“網絡戰爭”等核心概念的界定存在明顯差別。 [18] 在網絡空間中,如何確定一些行為已經違反了國際法基本準則,並可以實施武力打擊?個人和組織是否可以成為國家發動網絡進攻的目標?如何界定網絡空間的國家主權?對


[①] Abraham D. Sofaer, David Clark, Whitfield Diffie, “Cyber Security and International Agreements,” in Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, Washington, D.C.: The National Academies Press, 2010, pp. 179-180.
[②] Richard A. Clarke and Robert Knake, Cyber War: The Next Threat to National Security and What to Do about It, New York: Harper Collins, 2010, p. 10.
[③] 樊高月、赵力昌主编:《不流血的战争:网络攻防经典之战》,解放军出版社2014年版,第117页。
[④] Craig B. Greathouse, “Cyber War and Strategic Thought: Do the Classic Theorists Still Matter?” in Jan-Frederik Kremer and Benedikt Muller, eds, Cyberspace and International Relations: Theory, Prospects and Challenges, Verlag Berlin and Heidelberg: Spinger, 2014, p. 23.
[⑤] Kelley Beaucar Vlahos, “Special Report: The Cyberwar Threat from North Korea,” Fox News, February 14, 2014, http://www.foxnews.com/tech/2014/02/14/cyberwar-experts-question– north-korea-cyber-capabilities.
[⑥] 丛培影、黄日涵:《网络恐怖主义对国家安全的新挑战》,载《江南社会学院学报》2012年第2期,第2页。
[⑦] John Leyden, “Polish Teen Derails Tram after Hacking Train Network,” The Register, January 11, 2008, http://www.theregister.co.uk/2008/01/11/tram_hack/.
[⑧] Kelvin P. Chilton, “Cyberspace Leadership Towards New Culture, Conduct and Capabilities,” Air & Space Power Journal, Fall 2009, p. 7.
[⑨] Kenneth Lieberthal and Peter W. Singer, “Cybersecurity and U.S.-China Relations,” Brookings Institution, February 23, 2012, http://www.brookings.edu/~/media/research/files/papers/ 2012/2/23 cybersecurity china us singer lieberthal/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf.
[⑩] Erik M. Mudrinich, “Cyber 3.0: The Department of Defense Strategy for Operating in Cyberspace and Attribution Problem,” The Air Force Law Review, Vol. 68, p. 181.
[11] William J. Lynn, “Defending a New Domain: The Pentagon’s Cyber Strategy,” Foreign Affairs, September/October 2010, Vol. 89, No. 5, p. 97.
[12] 樊高月、赵力昌主编:《不流血的战争:网络攻防经典之战》,第123页。
[13] Jerusalem Post, “Stuxnet Specifically Targeted Iranian Nuclear Program,” The Jerusalem Post, November 20, 2010, http://www.jpost.com/Iranian-Threat/News/Stuxnet-specifically– targeted-Iranian-nuclear-program.
[14] Paul A. Matus, “Strategic Impact of Cyber Warfare Rules for the United States,” Homeland Security Digital Library, March 23, 2010, http://www.handle.dtic.mil/100.2/ADA522001.
[15] 《源代码之战》,载《国际金融报》2011年8月1日,第4版,http://paper.people.com.cn/ gjjrb/html/2011-08/01/content_885812.htm?div=-1。
[16] Michael J. Glennon, “State-level Cybersecurity,” Policy Review, February/March, 2012, p. 85.
[17] “Hacked AP Twitter Account Sends Dow Jones Down,” Southern California Public Radio, April 24, 2013, http://www.scpr.org/programs/airtalk/2013/04/23/31465/hacked-ap-twitter-account -sends-dow-jones-down/.
[18] 蒋丽、张晓兰、徐飞彪:《国际网络安全合作的困境与出路》,载《现代国际关系》2013年第9期,第56页。
[19] Yoram Dinstein, “Cyber War and International Law: Concluding Remarks at the 2012 Naval War College International Law Conference,” International Law Studies, Vol. 89, 2013, p. 284.
[20] Duncan B. Hollis, “Why States Need an International Law for Information Operations,” Lewis & Clark Law Review, Vol. 11, No. 4, 2007, pp. 1023-1024.
[21] Scott W. Beidleman, “Defining and Deterring Cyber War,” Military Technology, Vol. 11, 2011, p. 60.
[22] 顾德欣编:《战争法概论》,国防大学出版社1991年版,第9页。
[23] William Lynn, “Cyber Security,” Speech at the Center for Strategic and International Studies, June 15, 2009.
[24] “Fact Sheet: U.S.-EU Cyber Cooperation,” The White House Office of the Press Secretary, March 26, 2014, https://www.whitehouse.gov/the-press-office/2014/03/26/fact-sheet-us-eu-cyber– cooperation.
[25] “Fact Sheet: U.S.-United Kingdom Cybersecurity Cooperation,” The White House Office of the Press Secretary, January 16, 2015, https://www.whitehouse.gov/the-press-office/2015/01/16/ fact-sheet-us-united-kingdom-cybersecurity-cooperation.
[26] Franz-Stefan Gady, “Japan and the United States to Deepen Cybersecurity Cooperation,” The Diplomat, June 2, 2015, http://thediplomat.com/2015/06/japan-and-the-united-states-to– deepen-cybersecurity-cooperation.
[27]“China, Russia to Sign Information Security Pact: Report,” The Brics Post, October 21, 2014, http://thebricspost.com/china-russia-to-sign-information-security-pact-report/#.Vg4sYi-hdMs.
[28] 复旦国务智库编:《增量改进——全球治理体系的改进和升级》,复旦全球治理报告2014,复旦大学国际关系与公共事务学院,2014年,http://www.sirpa.fudan.edu.cn/_upload/arti cle/8e/7e/f72c6ae04f998c052fe4230493c5/b3ef8190-df38-40fb-829f-1a0c6f6f49a5.pdf,第36页。
[29] Salma Shaheen: “Offense-Defense Balance in Cyber Warfare,” in Jan-Frederik Kremer and Benedikt Muller, eds., Cyberspace and International Relations, Berlin: Springer, 2014, p. 91.
[30] Jon R. Lindsay: “The Impact of China on Cybersecurity,” International Security, Vol. 39, No. 3, 2014, p. 27.
[31] 《俄联邦委员会拟利用“白色黑客”应对网络攻击》,人民网,2014年1月26日,http://world.people.com.cn/n/2014/0126/c157278-24226902.html
[32] “The Chinese Cyber Threat: Challenges and Solutions,” AEI, July 22, 2015, http://www.aei.org/events/the-chinese-cyber-threat-challenges-and-sollutions/.
[33] “Cyber Security and International Law,” Chatham House, May 29, 2012, https://www. chathamhouse.org/sites/files/chathamhouse/public/Research/International Law/290512summary.pdf.
[34] 黄日涵:《网络战山雨欲来 安全困境亟须破局》,载《中国社会科学报》2014年12月10日,第B02版。
[35] 《联合国互联网治理论坛(IGF)简介》,国家工信部网站,2008年2月21日,http://www.miit.gov.cn/n11293472/n11295361/n11296722/11642344.html
[36] Mark Ballard, “UN Rejects International Cybercrime Treaty,” ComputerWeekly.com, April 20, 2010, http://www.computerweekly.com/news/1280092617/UN-rejects-international-cyber crime-treaty.
[37] 毛雨:《北约网络安全战略及其启示》,载《国际安全研究》2014年第4期,第112页。
[38] 王孔祥:《网络安全的国际合作机制探析》,载《国际论坛》2013年第5期,第4页。
[39] Joseph S. Nye, Jr, “From Bombs to Bytes: Can Our Nuclear History Inform Our Cyber Future?” Bulletin of the Atomic Scientists, 2013, Vol. 69, No. 5, p. 13.
[40] 《共同构建和平、安全、开放、合作的网络空间  建立多边、民主、透明的国际互联网治理体系》,人民网,2014年11月20日,http://politics.people.com.cn/n/2014/1120/c1024– 26057363.html。
[41] 丛培影、黄日涵:《中国网络治理模式的世界意义》,光明网,2014年12月15日,http://theory.gmw.cn/2015-12/15/content_18098761.htm
[42] 《中华人民共和国网络安全法(草案)》,中国人大网,2015年7月6日,http://www.npc. gov.cn/npc/xinwen/lfgz/flca/2015-07/06/content_1940614.htm。
[43] 《中俄等国向联合国提交“信息安全国际行为准则”文件》,新华网,2011年9月13日,http://news.xinhuanet.com/2011-09/13/c_122022390.htm
[44] Patrick Goodenough, “U.S., China Among 15 Countries Agreeing U.N. Charter Applies in Cyberspace,” CNS News, June 10, 2013, http://cnsnews.com/news/article/us-china-among-15– countries-agreeing-un-charter-applies-cyberspace.
[45] 《习近平在第二届世界互联网大会开幕式上的讲话》,新华网,2015年12月17日,http://news.xinhuanet.com/zgjx/2015-12/17/c_134925295.htm