“CYBER” sounds scary. Cyber-criminals can empty your bank account; cyberterrorists are the stuff of Hollywood thrillers. Cyber-espionage involves stealing state secrets or intellectual property. You do not have to understand how computers work to be worried about the damage to you, your work or your country.
“网络”听起来很恐怖。网络罪犯能掏空你的银行帐户;网络恐怖分子是好莱坞惊悚片的常客;网络间谍会盗取国家机密或知识产权。就算你不懂电脑的工作原理,你也得担心它对你,对你的工作以及你的国家造成的伤害。
Yet businesses seeking to increase their sales, and officials and politicians who want more money and power, love tales of doom and gloom. Trade is booming for what some have dubbed the “cyber-industrial complex”. State agencies demand more power to fend off a dreadful attack by a foreign enemy—a kind of “digital Pearl Harbour”. Companies peddle security advice and software, often with a hefty price tag. The difficulty for the citizen and taxpayer is to decide: are people being too paranoid, or too complacent?
然而,公司企业想要提高销售额,官员政客渴望增加金钱和权利,所以他们乐意听到黑暗和毁灭的故事。某些人口中所称的“网络工业综合体”销售额蒸蒸日上。国家机构需要更多的权力来抵御外来敌人的猛烈攻击,这算得上一场“数字珍珠港大战”。各公司纷纷叫卖安全建议和软件,通常要价不菲。公民和纳税人的难题在于判断:人民是太过紧张,还是太过安于现状?
Two new books provide some useful perspective. “A Fierce Domain” is a collection of essays edited by Jason Healey, a former cyber-policy chief in the Obama White House. His main point is that this is not a new problem: the first big cyber-attack dates back to 1986, when a bunch of German hackers in Hanover, working for the KGB, sneaked into American military networks. Named “Cuckoo's Egg”, it was caught only because a sharp-eyed official noted a tiny 75-cent billing error, revealing unauthorised use of a computer network.
两本新书提供了一些有益的视角。《服务域激战》是一本由奥巴马白宫前任网络政策主管杰森希雷编辑的论文集。他的主要论点在于阐述,这并不是一个新问题:第一场大型网络攻击可以追溯到1986年,当时一拨在汉诺威的德国黑客,受命于克伯格,偷潜入美国军事网络。行动代号为“杜鹃蛋”,它的败露仅仅是由于一名眼尖的官员,发现了一个区区75美分的帐目错误,因为恰恰是这个错误,暴露了曾有人未经授权使用了电脑网络。
Many more attacks have followed: Moonlight Maze, Solar Sunrise, Titan Rain and Byzantine Hades. None is a household name, though from the gripping accounts in Mr Healey's book many readers will feel they all should be.
更多网络攻击接踵而至:“月光迷宫”,“太阳能日出”,“泰坦雨”还有“拜占庭偃角”。没有一次是家喻户晓的行动,但是希雷的书引人入胜地娓娓道来,让众多读者感到它们应该变得家喻户晓。
One especially damaging operation involved the theft of top-secret material from the most classified NATO networks. The attackers had used infected memory sticks, which were left lying around in car parks near sensitive buildings. Careless or thrifty officials picked them up, and some used them to copy material between classified computer networks and those connected to the internet. A clever bit of software then copied, encrypted, compressed and dispatched the material—probably, spooks think, to Moscow.
有一次行动破坏力尤其巨大,它包含从 NATO最高密级的网络中窃取最顶级的机密材料。黑客们利用已感染病毒的记忆棒,把它们撒放在敏感大楼旁边的车库地上。一些粗心或节俭的官员就会把它们拣起来,还有一些会用它们在加密电脑网和互联网之间拷贝资料。一小块智能软件兴许就此把资料复制、加密、压缩然后传送至莫斯科,想来就令人毛骨悚然。
Mr Healey's main message is to urge policymakers to be less secretive and more humble. Too many past attacks remain classified. Officials continue to burble the same warnings and assurances as they did 20 years ago; the public is left in the dark.
希雷主要是想敦促政策制定者更加公开,更加谦卑。历史上太多网络攻击仍处于保密状态。而官员还是和20年前一样,空谈着同样的警告和保证,公众还是被蒙在鼓里。
Thomas Rid is a German-born academic, now at King's College London. He is one of Britain's leading authorities on, and sceptics about, cyber-warfare. His provocatively titled book attacks the hype and mystique about sabotage, espionage, subversion and other mischief on the internet. He agrees that these present urgent security problems. But he dislikes talk of “warfare” and the militarisation of the debate about dangers in cyberspace. Computer code can do lots of things, but it is not a weapon of war. He criticises the American air force for using a “lobbying gimmick” with talk of “cyber” as a fifth domain of warfare, after land, sea, air and space.
托马斯瑞德是一名出生于德国学者,现在在伦敦的国王学院。在网络战争方面,他是伦敦首席权威之一,也是怀疑者。他的书名颇具挑衅意味,书中抨击了关于破坏、间谍、颠覆以及其他网络恶行的炒作和神秘主义论调。他同意,这些确实代表了社会安全问题。但是他反感谈到“战争”,反感军事化地辩论网络空间里的威胁。电脑编码确实作用很大,但是它不是一项战争武器。他批评美国空军,因为他们把谈及“网络”的“游说手段”作为继陆、海、空、太空之后的第五战争领域。
However much the military brass may hype up the threat, states are in fact highly unlikely to use cyber-weapons against each other, Mr Rid argues. They are expensive to acquire, unreliable and fiddly. That does not mean they are useless. Malicious code, “malware”, can do shocking damage, destroying machines, starting fires, spewing pollution or jamming communications. Cleverer weapons could be more dangerous still, such as malicious code that adapts to its environment, rewriting itself to evade pursuers. They will be used, but as part of sabotage or terrorism rather than all-out war, he argues.
但是,瑞德称,不论军方要员如何炒作网络威胁,各国政府实际上几乎不可能使用网络武器互相攻击。网络武器成本高,可靠性低,且因太过精细而难以操作。这并不意味着网络武器就毫无用处。恶意编码,恶意软件的破坏力惊人,它们能够摧毁机器,点燃火灾,喷出污染物,还能阻塞通信。更智能的网络武器还会更危险,比如能适应环境的恶意编码,能够通过自动重新编写来避过追踪者。他表示,这些武器自有用处,但是是用在破坏行动和恐怖行动上,而不是用在全面战争上。
Both books leave the reader feeling gloomy. People worry too much about the wrong things, and not enough about the real problems. Digital weapons are growing more sophisticated; the response has been self-interested, slow and crude.
读完两本书,读者都会感到沮丧。人们总是在错误的事情上操碎了心,对问题的症结却不够关心。数字武器日趋复杂先进,应对之策却一直缓慢、粗糙且只是为了私利。