Category Archives: 美國軍事網絡戰:黑客入侵防禦成為無菸的戰爭

中國軍隊對外軍網絡空間作戰力量的分析與認識——解放軍態勢感知系列

Chinese Military Analysis and Understanding of Foreign Military Cyberspace Combat Forces – People’s Liberation Army Situational Awareness Series

从世界主要国家网络空间作战力量建设情况看,美军作为最早公开宣布建设网络空间作战力量的军队,具备较强实力,在战争实践中多次实施了网络空间作战行动。欧盟、俄罗斯等组织和国家也展开了网络空间作战力量建设,并进行了一些实战行动。研究分析世界主要国家和地区军队网络空间作战力量建设的成功经验做法,对我国网络空间发展具有重要借鉴和启示意义。

随着网络信息技术的迅猛发展及在军事上的广泛运用,网络空间已成为继陆、海、空、天 4 个疆域之后的新兴作战疆域,网络空间作战也成为全域联合作战不可分割的重要组成部分,并成为夺取和保持作战主动权、控制权和制胜权的关键。美国、俄罗斯、日本等世界主要国家纷纷制定网络空间安全和发展战略,组建网络空间作战部队,研发先进网络技术和武器装备,加紧抢夺这一新的战略制高点。

1 美国引领网络空间建设

无论是网络空间概念和理论研究,还是其他相关技术研究和应用实践,美国都是网络空间发展的策源地和引领者,带动了各个国家与地区的网络空间发展。美军网络部队是世界上最早建立的“成建制”网络作战部队,历经克林顿时期初建防御、小布什时期网络反恐、奥巴马时期慑战并举和特朗普政府时期“前出防御”等阶段,已发展成为拥有 133 支网络任务分队、各军种数万人规模的网络作战部队。

1.1 强化战略威慑地位

美国为争夺网络空间的主控权和发展权,主动应对未来战争形态变化的新要求,将网络空间确立为与陆、海、空、天并列的新兴作战疆域,将其作为战略威慑力量摆到战略地位。

美国颁布的网络空间相关重要战略文件如表 1所示。2011 年,美国先后发布《网络空间国际战略》《网络空间可信身份识别国家战略》和《国防部网络空间行动战略》3 大战略文件,首次提出将网络空间视为第五作战域,将对网络空间的利用和控制提升为基本国策。

近年来,美军立足大国竞争,进一步提升网络空间的战略地位,网络空间作战的作战体系结构基本形成。2018 年,美军先后发布新版《国防部网络战略》[1] 以及《网络空间作战》联合条令,明确网络空间作战本身可作为独立作战样式达到创造战术、战役或战略效果,也可实现与其他领域作战样式的集成,通过协同作战以提升联合作战效能;2020 年,美网络空间日光浴委员会发布《来自未来的警告》报告,提出“前出防御”战略,建议由美国国防部将其拓展至国家层面,该战略是以持续交锋为主要行动模式,以行为塑造、获益拒止和成本强加为根本途径的国家网络空间分层威慑战略。

1.2 领导体制分工明确

美国将国家网络安全业务总体分成国土安全业务、国防业务、情报业务、执法业务 4 个部分,如图 1 所示。其中,国土安全业务由国土安全部主导,主要负责协调重要基础设施的网络空间安全,保护政府与商用网络和系统;国防业务由国防部主导,由美军网络司令部牵头,各军兵种提供组成部队力量,兼具攻击、防御、军事信息基础设施运维管理 3 大职能,是美网络安全力量的核心;情报业务由国家安全局主导,主要负责探测国外网络空间恶意活动,同时向国土安全局和国防部提供能力支援;犯罪执法则涉及司法部等多个部门及其下属机构。

表 1 美国颁布的网络空间相关重要战略文件

图 1 美国网络空间组织管理协调框架

美军网络司令部成立于 2009 年,原隶属于美军战略司令部,2017 年 8 月,美军网络司令部升级为第 10 个独立的美军联合作战司令部,将作战指控职责划归至网络司令部,并由国家安全局局长兼任司令官。对于美军网络作战,尤其是实时性要求很高的作战来说,此举措理顺了指挥控制关系,升级后的美国网络司令部与其他机构间的组织关系如图 2 所示。

图 2 升级后的美国网络司令部与其他机构间的组织关系

美军网络司令部接受美国总统、国防部长指挥,对国家网络任务部队总部、网络空间联合部队总部、军种网络空间部队总部和国防部信息网络联合部队总部等拥有作战控制权;各总部对配属的国家任务分队、作战分队、防护分队和支援分队等拥有作战控制权。

作战期间,美军网络司令部根据美国总统、国防部长指令开展网络作战行动,对所属部队实施作战控制,并向联合作战司令部提供定制的兵力包进行支援。兵力包由网络司令部所属网络作战部队、作战支援人员和其他网络空间力量组成。网络司令部对兵力包拥有作战控制权,并视情况将作战控制权指派给下属司令部。接受兵力包的指挥官拥有战术控制权,对网络空间作战时机和节奏进行控制。

1.3 组织力量规模庞大

美军网络部队是世界上最早建立的“成建制”网络作战部队,很早就开始征召网络人才,组建网络部队,并举行秘密演习。当前,美军基本形成了由网络司令部负责作战,各军种及国防信息系统局等国防部业务局负责建设的总格局。与陆、海、空作战领域不同,网络空间作战域的特殊性要求管理(军政)与作战(军令)这两条链条必须进行更紧密的合作。

美军网络空间战略作战力量主要是网络司令部下辖的 133 支网络任务分队,约 6200 名现役和文职人员。根据国防部 2013 年指示,该部队由各军种抽组力量组建(陆军 41 支,海军 40支,空军 39 支,海军陆战队 13 支)而成,2016年具备初始作战能力,2018 年具备全面作战能力,其主要遂行国防部信息网络运维防护行动、进攻性网络空间作战和防御性网络空间作战等任务。133 支网络任务分队根据肩负任务类型不同,编为国家网络任务部队、作战任务部队和网络防护部队 3 种类型部队。当前,美网络任务部队正扩充规模,2024 年将完成 21 支网络防护分队组建,使网络任务分队数量增至 154 支。

美军网络空间战术作战力量主要由美网络司令部下辖的陆军、海军、空军和海军陆战队4 大网络司令部的网络空间部队构成(总人数约为 8 万人),承担各军种网络防护和作战支援任务,在联合作战中为网络任务部队的进攻、防御和运维行动提供支撑。各军种网络司令部也正加紧网络作战力量的扩充与整合工作,为网络任务部队行动和各军种网络防护提供支撑。

1.4 作战能力系统全面

在装备研发上,美军遵循“边建边用、建用一体”的原则,不断加大网络战武器系统和装备的研发力度,开展网络作战关键技术的研究工作,在网络防御、网络攻击、监测预警、指挥控制和训练评估等方面开展了多个研究计划,并先后投入了数百亿美元用于研制开发各种网络空间作战装备,进而推动和改进网络作战技术水平,提升服务保障能力和作战效率。

网络防御最具代表性的装备包括“网络诱骗”系统、“网络狼”软件系统、网络攻击报警系统和网络漏洞扫描仪等,同时,美军还非常重视对“主动网络防御”概念的应用,这促使网络攻击溯源技术取得了长足的发展。网络攻击拥有“震网”“火焰”等威力强大的多种计算机病毒;战场网络攻击比较有代表性的是空军“舒特”系统和海军 EA-18G“咆哮者”飞机。侦察感知具备获取敌方通信、内容、网络协议、硬件地址、口令、身份鉴别过程、网络漏洞等信息的能力,通过实施“棱镜”“主干道”“码头”“核子”等一系列监控项目和“爱因斯坦”“普罗米修斯”等计划,形成大规模的情报生产能力,力图构建全球范围内的网络空间态势感知体系。

1.5 装备研制力量兼收并蓄

美军网络作战武器装备研发始终按照军商民结合、兼收并蓄的方法进行。网络空间作战装备与常规作战装备不同,其主要是以代码为基础、以设计为核心的研制生产形式,供应链的层级关系并不明晰。如今,美国具有以美国国防部高级研究计划局(Defense Advanced Research Projects Agency,DARPA)为核心的军方研究力量,以诺斯罗普·格鲁曼、雷声、洛克希德·马丁等传统防务公司为主,互联网、电子、软件、信息安全等领域公司兼收并蓄的研制力量。

美军方、政府科研机构和传统防务公司的网络空间研究方向通常覆盖网络空间侦察(态势感知)、监视、攻击、防御、测试验证、综合集成中的一方面或多个方面;而互联网、电子、软件、信息安全等领域公司,则在各自领域开展网络空间技术研究与装备研制生产。另外,由于网络空间作战装备的研发产品主要是软件,是一种逻辑层产品,这导致网络空间基础研究与装备研制生产之间的界限模糊,各大院校和政府科研机构,甚至一些小型科研团队及个人,也是美国网络空间工业的重要组成部分。网络空间研制生产能力主要力量结构如图3 所示。

图 3 美国网络空间研制生产能力主要力量结构

其中,大中型军工企业是美国网络空间装备分系统 / 子系统 / 技术领域研发的中坚力量。近几年,美国传统大中型军工企业以“兼并重组”为主要手段,迅速进入网络安全领域,形成了以诺斯罗普·格鲁曼、雷声、波音、洛克希德·马丁等几家综合性公司为龙头的网络安全国防产业,在 DARPA 和各军种网络空间项目的竞标中,这些大中型军工企业通常占据主承包商位置。

2 欧洲紧随其后蓄势待发

欧洲网络空间工业的起步晚于美国,主要侧重于对网络空间防御和网络空间安全问题的研究。近几年,欧洲各国政府和国防 / 电子企业也纷纷投入到网络空间安全领域,通过逐步完善战略政策,公私联合,引导网络空间技术研发,现已初步形成了跨越整个欧洲及其他国家和地区的网络空间防御体系。具体表现为以下几个层面。

研发层面,欧洲各国既唯美国马首是瞻,又借助北约、欧盟等跨国平台实现欧洲内部、欧洲与美国之间的融合互补,最终形成了共性与特性兼具的、仅次于美国的网络空间安全能力。

组织管理层面,由于欧洲国家大多规模较小,便于管理,因此成就了相对高效、一体化、能力强大的网络空间管理机制。同时,由于欧洲国家众多,存在竞争,因此,一些有关网络空间安全方面的国家级合作实施有时也存在阻力。

系统研发层面,由于欧洲很多国家的数字化、软件化、网络化水平非常高(甚至高于美国),导致其与美国一样面临非常大的网络空间防御压力,因此,其网络空间发展以确保网络空间安全为主。近几年,在以防御为主的网络空间思想的引领下,逐步加强网络空间技术,特别是网络空间安全技术的研发,同时,在原有信息技术基础设施的研究基础上推陈出新,在物联网等领域扩大投入和部署。当各国纷纷投入网络空间安全市场时,一些主要欧洲国家的网络空间安全产品已经占有较大的市场份额,开拓出一定规模的全球市场。

3 俄罗斯网络空间发展思路别具一格

相比西方国家,俄罗斯一直关注全面、大范围的信息空间,对作为信息空间子域的网络空间,没有像美国这样的深入和系统的研究。但由于俄罗斯长期对信息安全领域的关注和工业积累,使其在网络空间领域具有较好的基础。具体表现为以下几个层面。

战略规划层面,俄罗斯曾发布了一系列旨在保护国家各个方面信息安全的法律文件,例如《俄罗斯联邦信息安全学说》《俄罗斯社会信息发展战略》等,但在现有的法律文件中,没有涵盖信息空间与网络空间的关系体系,“网络安全”这一术语并未从“信息安全”的概念中分离。随着网络安全风险的不断增大,俄罗斯自 2010 年开始,将保护网络空间安全的重点放在关键信息基础设施方面,先后颁布了《俄罗斯联邦武装力量在信息空间活动的构想观点》《2020 年前俄罗斯联邦国际信息安全领域国家政策框架》《俄罗斯联邦网络安全战略构想(草案)》《俄罗斯联邦信息安全学说(第二版)》及《俄罗斯联邦关键信息基础设施安全法》等法律文件,从多个层面阐述了俄罗斯为推动网络空间发展的战略目标,以及为保护关键信息基础设施、指导网络空间发展所实施的重要举措。组织机构层面,2013 年 8 月,俄罗斯政府宣布在俄罗斯武装部队下面组建一个专门的信息战机构,且决定组建网络安全司令部和一个武装部队新机构,目的是提高该国的网络作战能力。

应用实践层面,美国 2010 年出版的《网络指挥官手册》中显示,全球网络作战的唯一实例是 2007—2009 年发生在爱沙尼亚、格鲁吉亚和吉尔吉斯斯坦的信息网络攻击事件,这 3 次小规模的攻击都是俄罗斯所为,可以认为俄罗斯在网络安全领域拥有独一无二的实战经验。

研发力量层面,俄罗斯拥有实力突出的网络安全防御公司,例如,卡巴斯基实验室是全球信息安全领域的一家重要企业,俄罗斯技术集团旗下的“俄罗斯技术信息”公司也是俄罗斯核心的网络安全公司。由于

透明度有限,很难从公开渠道发现俄罗斯具备网络攻击装备研发能力的公司,但并不代表俄罗斯没有这样能力的公司,此外,俄罗斯黑客组织在全球都享有“盛名”,此行为推动了民间网络空间装备的研制、生产和交易。

4 日本掀起网络空间发展热潮

日本是全球信息技术最先进的国家之一,同时也受到越来越多从针对个人到针对公共部门及基础设施的网络空间威胁,因此日本很早就开始关注网络空间安全议题。日本将这些威胁归为“信息安全”范畴,并在 2005 年成立了国家信息安全中心以应对威胁。随着美国提出的“网络空间”概念被广泛接受,日本也于 2010年前后开始从国家层面专门强调“网络空间”,并将网络安全作为影响国家安全的重要议题。具体表现为以下几个层面。

战略规划层面,2013 年,日本政府发布首份《网络安全战略》,该战略从国家层面推动网络安全建设与发展,明确提出了要将日本建设成为网络安全强国。2015 年 8 月、2018 年 7 月,日本政府先后出台了 2 份升级版《网络安全战略》,主要是为 2020 年东京奥运会和残奥会的网络安全防护提供准备。

组织机构层面,2010 年,日本防卫厅组建了一支由陆、海、空自卫队计算机专家构成的5 000 人左右的“网络战部队”,让其专门从事网络系统的攻防。日本“网络战部队”的主要任务是负责研制开发可破坏其他国家网络系统的跨国性“网络武器”,并承担自卫队计算机网络系统防护、病毒清除、程序修复等任务;开发战术性“网络武器”,并研究网络战的有关战术等;支援“网络特攻队”的反黑客组织、反病毒入侵等任务。国际研究人士指出,从日本“网络战部队”身上,可以看到美军“超级黑客部队”的影子。

应用实践层面,日本在网络攻防演习中,更注重贴合实战背景,从而提升演习的实用性和针对性。在 2014 年“3·18”演习中,预设场景为 2020 年东京奥运会期间日本关键基础设施遭遇网络攻击。在 2019 年日美举行的“山樱”联合演习中,预设场景为日本东京都和西南地区遭受导弹袭击等多项事态并发,该演习旨在检验指挥控制系统在网络和电磁攻击下的运转情况并研习对策。

系统研发层面,日本在构建网络作战系统中强调“攻守兼备”,拨付大笔经费投入网络硬件及“网络战部队”建设,分别建立了“防卫信息通信平台”和“计算机系统通用平台”,实现了自卫队各机关、部队网络系统的相互交流和资源共享。

5 启示建议

从世界主要国家网络空间作战力量建设情况看,美国、俄罗斯、日本及欧盟等世界主要国家和组织通过战略规划指导、组织机构建设、作战力量组建、系统装备研发等手段,不断强化军队网络空间作战力量建设,这对我国网络空间发展具有一定借鉴参考意义。

5.1 深化顶层设计,提升网络空间战略地位

网络空间使国家利益的边界得到极大的延伸和扩展,网络日益成为国家政治、经济、文化和社会活动的基础平台,成为实体经济的命脉和整个社会赖以正常运转的神经系统。由此可见,网络安全已不仅仅是网络自身的安全问题,其影响已辐射至国家安全和国家利益的方方面面,因此,有必要从国家战略层面整体谋划部署国家的网络安全问题。我国应借鉴国外网络空间战略经验,从国家层面制定网络空间战略、强化网络安全立法、构建国际合作体系,从国家层面整体谋划部署国家网络安全发展。

5.2 夯实能力基础,发展网络空间对抗能力

近年来,随着我国信息化建设的推进,国家网络基础设备的全面普及,来自国内外的网络安全威胁呈现多元化、复杂化、频发高发趋势,对我网络空间安全构成重大威胁,导致我国政府机构、关键基础设施的重要信息系统可能面临大规模的敏感信息外泄和信息系统瘫痪等安全风险。为保障网络空间信息基础设施的完整性、可用性,须提高其生存能力,对网络威胁做到快速响应,并在合适的时机主动发起攻击。基于此,我国必须从理论、技术和人才等方面出发,夯实网络空间能力基础,为未来可能出现的网络空间对抗和防御提供保障。

5.3 加强力量建设,构建网络空间支撑体系

如今,网络空间已成为新兴作战域,必须建设强大的网络空间作战部队,夺取这一新兴作战域的控制权,才能有效维护网络空间的国家安全和发展利益。自 2009 年 6 月美军网络司令部组建以来,美军的网络军事力量建设取得较大成效,形成了美国网络安全的有力军事保障,同时也对其他国家网络空间构成巨大威胁。我们必须加快网络空间部队建设步伐,不断提升全民的网络安全意识和信息防护能力,并加强国防动员建设,培养预备力量,打造有足够作战能力的网络作战力量体系,才能有效遏制抗衡对手对我国的网络威胁。

6 结 语

网络空间因其具有不受时空限制、不受作战目标约束、作战力量支撑来源广泛、作战过程突变性较强等特点,成为军队谋求发展的重要作战力量。近年来,美国、俄罗斯、日本及欧盟等世界主要国家和组织致力于推动网络空间作战力量建设,以抢夺在该领域的优势地位。我国应加快推进军队网络空间力量建设,提升我国网络空间作战能力,以谋求未来信息化战争的制胜权。

引用格式:李硕 , 李祯静 , 王世忠 , 等 . 外军网络空间作战力量发展态势分析与启示 [J]. 信息安全与通信保密 ,2022(5):90-99.

作者简介 >>>

From the perspective of the construction of cyberspace combat forces in major countries in the world, the U.S. military, as the first army to publicly announce the construction of cyberspace combat forces, has relatively strong strength and has carried out cyberspace combat operations many times in war practice. Organizations and countries such as the European Union and Russia have also launched cyberspace combat force building and carried out some actual combat operations. The study and analysis of the successful experience and practices of the major countries and regions in the world in the construction of military cyberspace combat forces has important reference and enlightenment significance for the development of cyberspace in my country.

With the rapid development of network information technology and its wide application in the military, cyberspace has become an emerging combat domain following the four domains of land, sea, air, and space, and cyberspace operations have also become an inseparable and important component of all-domain joint operations part, and become the key to gaining and maintaining the operational initiative, control and victory. The United States, Russia, Japan and other major countries in the world have formulated cyberspace security and development strategies, established cyberspace combat forces, and developed advanced network technologies and weapons and equipment, stepping up to seize this new strategic commanding height.

  1. The United States leads the construction of cyberspace

Whether it is cyberspace concept and theoretical research, or other related technology research and application practice, the United States is the source and leader of cyberspace development, driving the development of cyberspace in various countries and regions. The U.S. military’s cyber force is the earliest “established” cyber combat force in the world. It has gone through stages such as the establishment of defense during the Clinton era, cyber counter-terrorism during the Bush era, simultaneous deterrence and war during the Obama era, and “forward defense” during the Trump administration. It has developed into a network combat force with 133 network task teams and tens of thousands of people in various services.

1.1 Strengthening the strategic deterrent position

In order to compete for the control and development of cyberspace, the United States actively responds to the new requirements of changes in the shape of future wars, and establishes cyberspace as an emerging combat domain alongside land, sea, air, and space, and places it as a strategic deterrent. Strategic Position.

The important strategic documents related to cyberspace promulgated by the United States are shown in Table 1. In 2011, the United States successively issued three major strategic documents, the “International Strategy for Cyberspace”, the “National Strategy for Trusted Identity in Cyberspace” and the “Strategy for Cyberspace Operations of the Department of Defense”. The use and control of cyberspace has been elevated to a basic national policy.

In recent years, based on competition among major powers, the U.S. military has further enhanced its strategic position in cyberspace, and a combat system structure for cyberspace operations has basically taken shape. In 2018, the U.S. military successively released the new version of the “DoD Cyber Strategy” [1] and the “Cyberspace Operations” joint doctrine, clarifying that cyberspace operations themselves can be used as an independent combat style to achieve tactical, operational or strategic effects, and can also be integrated with other fields. The integration of combat styles improves the effectiveness of joint operations through coordinated operations; in 2020, the U.S. Cyberspace Sunbathing Committee released the “Warning from the Future” report, proposing the “defense forward” strategy, and recommending that the U.S. Department of Defense expand it to the national level , the strategy is a national cyberspace layered deterrence strategy based on continuous confrontation as the main mode of action, and behavior shaping, benefit denial, and cost imposition as the fundamental approaches.

1.2 The leadership system has a clear division of labor

The United States divides its national cyber security business into four parts: homeland security business, national defense business, intelligence business, and law enforcement business, as shown in Figure 1. Among them, the homeland security business is dominated by the Department of Homeland Security, which is mainly responsible for coordinating the cyberspace security of important infrastructure and protecting government and commercial networks and systems; the national defense business is dominated by the Department of Defense, led by the US Cyber Command, and various military services provide troops It has three major functions of attack, defense, and military information infrastructure operation and maintenance management. It is the core of the US cyber security force; the intelligence business is dominated by the National Security Agency, which is mainly responsible for detecting malicious activities in foreign cyberspace. The Ministry of Defense provides capability support; criminal law enforcement involves multiple departments including the Department of Justice and its subordinate agencies.

Table 1. Important strategic documents related to cyberspace promulgated by the United States

Figure 1. Management and coordination framework of cyberspace organizations in the United States

The U.S. Cyber Command was established in 2009 and was originally affiliated to the U.S. Strategic Command. In August 2017, the U.S. Cyber Command was upgraded to the 10th independent U.S. Joint Operations Command, and the responsibility for combat command was assigned to the Cyber Command. And the director of the National Security Agency also serves as the commander. For the U.S. military’s network operations, especially operations with high real-time requirements, this move straightens out the command and control relationship. The organizational relationship between the upgraded U.S. Cyber Command and other agencies is shown in Figure 2.

Figure 2. The organizational relationship between the upgraded US Cyber Command and other agencies

The U.S. Cyber Command is under the command of the President and Secretary of Defense of the United States, and has operational control over the headquarters of the National Cyber Mission Force, the Headquarters of the Joint Cyberspace Forces, the Headquarters of the Cyberspace Forces of the Services, and the Headquarters of the Joint Forces of the Department of Defense Information Network; Mission detachments, combat detachments, protection detachments and support detachments have operational control.

During the operation, the U.S. Cyber Command conducts cyber operations in accordance with the instructions of the U.S. President and Secretary of Defense, implements operational control over its subordinate forces, and provides customized force packages to the Joint Operations Command for support. The force package is composed of cyber combat forces, combat support personnel and other cyberspace forces under the Cyber Command. Cyber Command maintains operational control of force packages and delegates operational control to subordinate commands as appropriate. The commander receiving the force package has tactical control over the timing and tempo of cyberspace operations.

1.3 Large scale of organizational strength

The U.S. military’s cyber force is the first established “organized” cyber combat force in the world. It has long recruited cyber talents, formed a cyber force, and held secret exercises. At present, the U.S. military has basically formed a general pattern in which the Cyber Command is responsible for operations, and the military services and the Defense Information Systems Agency and other Ministry of Defense business bureaus are responsible for the construction. Different from the land, sea, and air combat domains, the particularity of the cyberspace combat domain requires that the two chains of management (military administration) and operations (military orders) must cooperate more closely.

The U.S. military’s cyberspace strategic combat force is mainly composed of 133 cyber mission teams under the Cyber Command, with about 6,200 active duty and civilian personnel. According to the instructions of the Ministry of National Defense in 2013, the force was formed by drawing forces from various services (41 from the Army, 40 from the Navy, 39 from the Air Force, and 13 from the Marine Corps). It mainly performs tasks such as the operation and maintenance protection operations of the Ministry of National Defense information network, offensive cyberspace operations, and defensive cyberspace operations. The 133 cyber mission teams are organized into three types of troops: national cyber mission troops, combat mission troops, and network protection troops, according to the different types of tasks they undertake. Currently, the U.S. Cyber Task Force is expanding its scale. By 2024, 21 cyber protection teams will be formed, increasing the number of cyber task teams to 154.

The cyberspace tactical combat force of the U.S. military is mainly composed of the cyberspace forces of the four major cybercommands of the Army, Navy, Air Force, and Marine Corps under the U.S. Cyber Command (the total number is about 80,000 people), and they are responsible for network protection and combat support of various services. The mission provides support for the offensive, defensive, and operation and maintenance operations of the cyber mission force in joint operations. The network commands of various services are also stepping up the expansion and integration of network combat forces to provide support for the operations of network mission forces and the network protection of various services.

1.4 Comprehensive combat capability system

In terms of equipment research and development, the U.S. military adheres to the principle of “building while using, and integrating construction and use”, continuously intensifies the research and development of cyber warfare weapon systems and equipment, and conducts research on key technologies for cyber warfare. A number of research programs have been carried out in early warning, command and control, and training and evaluation, and tens of billions of dollars have been invested in the research and development of various cyberspace combat equipment, thereby promoting and improving the level of network combat technology, enhancing service support capabilities and operational capabilities. efficiency.

The most representative equipment for network defense includes “network deception” system, “cyber wolf” software system, network attack alarm system and network vulnerability scanner. At the same time, the US military also attaches great importance to the application of the concept of “active network defense”. It has promoted the rapid development of network attack traceability technology. Cyber attacks include a variety of powerful computer viruses such as “Stuxnet” and “Flame”; battlefield cyber attacks are more representative of the Air Force’s “Shuter” system and the Navy’s EA-18G “Growler” aircraft. Reconnaissance perception has the ability to obtain information such as enemy communications, content, network protocols, hardware addresses, passwords, identity authentication processes, and network vulnerabilities. Programs such as “Einstein” and “Prometheus” have formed large-scale intelligence production capabilities and are trying to build a global cyberspace situational awareness system.

1.5 Equipment research and development forces are all-inclusive

The research and development of the U.S. military’s network combat weapons and equipment has always been carried out in accordance with the method of combining military, commercial and civilian, and inclusive. Cyberspace combat equipment is different from conventional combat equipment. It is mainly a code-based, design-centric development and production form, and the hierarchical relationship of the supply chain is not clear. Today, the United States has a military research force with the Defense Advanced Research Projects Agency (DARPA) as the core, and traditional defense forces such as Northrop Grumman, Raytheon, and Lockheed Martin. The company is the mainstay, and the company has an eclectic research and development force in the fields of Internet, electronics, software, and information security.

The cyberspace research directions of the U.S. military, government scientific research institutions, and traditional defense companies usually cover one or more aspects of cyberspace reconnaissance (situational awareness), surveillance, attack, defense, test verification, and comprehensive integration; while the Internet, electronics, Companies in the fields of software and information security carry out cyberspace technology research and equipment development and production in their respective fields. In addition, since the research and development products of cyberspace combat equipment are mainly software, which is a logical layer product, this has led to a blurred boundary between basic research in cyberspace and equipment development and production. Teams and individuals are also an important part of the US cyberspace industry. Figure 3 shows the main power structure of cyberspace R&D and production capabilities.

Figure 3 The main force structure of US cyberspace R&D and production capabilities

Among them, large and medium-sized military enterprises are the backbone of the research and development of the US cyberspace equipment subsystem/subsystem/technical field. In recent years, the traditional large and medium-sized military enterprises in the United States have rapidly entered the field of network security through “mergers and reorganizations” as the main means, and formed several companies such as Northrop Grumman, Raytheon, Boeing, and Lockheed Martin. Comprehensive companies are the leading network security defense industry. In the bidding of DARPA and various military cyberspace projects, these large and medium-sized military enterprises usually occupy the position of main contractors.

2 Europe follows closely behind

The European cyberspace industry started later than the United States, mainly focusing on research on cyberspace defense and cyberspace security issues. In recent years, European governments and national defense/electronic companies have also invested in the field of cyberspace security. Through the gradual improvement of strategic policies, public-private alliances, and guidance of cyberspace technology research and development, a network that spans the entire Europe and other countries and regions has been initially formed. Cyberspace defense system. Specifically, it is manifested in the following levels.

At the level of research and development, European countries not only follow the lead of the United States, but also rely on NATO, the European Union and other transnational platforms to achieve integration and complementarity within Europe and between Europe and the United States, and finally formed a cyberspace security capability with both commonality and characteristics, second only to the United States .

At the level of organization and management, since most European countries are small in scale and easy to manage, they have achieved a relatively efficient, integrated, and powerful cyberspace management mechanism. At the same time, due to the large number of European countries and the existence of competition, there are sometimes obstacles to the implementation of national-level cooperation on cyberspace security.

At the level of system research and development, due to the very high level of digitalization, softwareization, and networking in many European countries (even higher than the United States), they are facing great pressure in cyberspace defense just like the United States. Therefore, their cyberspace development is to ensure cyberspace Safety first. In recent years, under the guidance of cyberspace thinking that focuses on defense, the research and development of cyberspace technology, especially cyberspace security technology, has been gradually strengthened. Expand investment and deployment in the field. When countries are investing in the cyberspace security market one after another, the cyberspace security products of some major European countries have already occupied a relatively large market share and opened up a certain scale of global market.

  1. Russia’s cyberspace development ideas are unique

Compared with Western countries, Russia has always paid attention to comprehensive and large-scale information space, and has not conducted in-depth and systematic research on cyberspace as a subdomain of information space like the United States. However, due to Russia’s long-term attention to the field of information security and industrial accumulation, it has a good foundation in the field of cyberspace. Specifically, it is manifested in the following levels.

At the level of strategic planning, Russia has issued a series of legal documents aimed at protecting information security in all aspects of the country, such as the “Russian Federation Information Security Doctrine”, “Russian Social Information Development Strategy”, etc., but in the existing legal documents, it does not cover The relational system between information space and cyberspace, the term “cyber security” is not separated from the concept of “information security”. With the continuous increase of network security risks, Russia has focused on the protection of cyberspace security on key information infrastructure since 2010, and successively promulgated “Conceptual Viewpoints of Russian Federation Armed Forces in Information Space Activities” and “2020 Legal documents such as the National Policy Framework in the Field of International Information Security of the Russian Federation, the Strategic Conception of the Russian Federation Network Security (Draft), the Doctrine of Information Security of the Russian Federation (Second Edition) and the Law on the Security of Key Information Infrastructures of the Russian Federation It expounds Russia’s strategic goals to promote the development of cyberspace at multiple levels, as well as the important measures implemented to protect key information infrastructure and guide the development of cyberspace. At the organizational level, in August 2013, the Russian government announced the formation of a specialized information warfare agency under the Russian Armed Forces, and decided to form a cyber security command and a new agency of the armed forces, with the aim of improving the country’s cyber combat capabilities.

At the level of application practice, the “Network Commander’s Handbook” published by the United States in 2010 shows that the only example of global network operations is the information network attacks that occurred in Estonia, Georgia, and Kyrgyzstan from 2007 to 2009. These three small-scale attacks They are all done by Russia. It can be considered that Russia has unique practical experience in the field of network security.

In terms of research and development capabilities, Russia has a network security defense company with outstanding strength. For example, Kaspersky Lab is an important company in the field of global information security, and the “Russian Technological Information” company under the Rostec Group is also a core network security company in Russia. because

Transparency is limited, and it is difficult to find Russian companies capable of researching and developing cyber attack equipment from public channels, but this does not mean that Russia does not have such capabilities. In addition, Russian hacker organizations enjoy a “famous reputation” around the world. Research, production and trade of equipment.

4 Japan set off a wave of cyberspace development

Japan is one of the countries with the most advanced information technology in the world. At the same time, it is also subject to more and more cyberspace threats ranging from targeting individuals to public sectors and infrastructure. Therefore, Japan has long paid attention to cyberspace security issues. Japan classifies these threats under the umbrella of “information security” and established the National Information Security Center in 2005 to address the threat. As the concept of “cyberspace” proposed by the United States has been widely accepted, Japan also began to emphasize “cyberspace” at the national level around 2010, and regarded cybersecurity as an important issue affecting national security. Specifically, it is manifested in the following levels.

At the level of strategic planning, in 2013, the Japanese government issued the first “Network Security Strategy”, which promotes the construction and development of network security at the national level, and clearly proposes to build Japan into a powerful country in network security. In August 2015 and July 2018, the Japanese government successively issued two upgraded versions of the “Cyber Security Strategy”, mainly to prepare for the network security protection of the 2020 Tokyo Olympic and Paralympic Games.

At the organizational level, in 2010, the Japanese Defense Agency established a “cyber warfare force” of about 5,000 people composed of computer experts from the land, sea, and air self-defense forces to specialize in the attack and defense of network systems. The main task of Japan’s “cyber warfare forces” is to develop transnational “cyber weapons” that can destroy the network systems of other countries, and undertake tasks such as self-defense force computer network system protection, virus removal, and program repair; develop tactical “cyber weapons” “, and study the relevant tactics of cyber warfare; support the anti-hacking organization and anti-virus intrusion tasks of the “Network Special Attack Team”. International researchers pointed out that from the Japanese “cyber warfare forces”, we can see the shadow of the US military’s “super hacker force”.

At the level of application practice, Japan pays more attention to the actual combat background in network offensive and defensive exercises, so as to improve the practicality and pertinence of the exercises. In the “March 18” exercise in 2014, the preset scenario was that Japan’s key infrastructure encountered cyber attacks during the 2020 Tokyo Olympics. In the “Yamazakura” joint exercise held by Japan and the United States in 2019, the preset scenario was that Tokyo and the southwest region of Japan were attacked by missiles and other events concurrently. The exercise aimed to test the operation of the command and control system under cyber and electromagnetic attacks situation and study countermeasures.

At the level of system research and development, Japan emphasizes “both offense and defense” in building a network combat system, allocates a large amount of funds to invest in network hardware and “network warfare troops”, and establishes a “defense information communication platform” and a “common computer system platform” respectively. It facilitates the mutual communication and resource sharing of various organs and military network systems of the Self-Defense Force.

5 Apocalyptic Suggestions

From the perspective of the construction of cyberspace combat forces in major countries in the world, major countries and organizations in the world, such as the United States, Russia, Japan, and the European Union, have continuously strengthened military cyberspace operations through strategic planning guidance, organizational structure construction, combat force formation, and system equipment research and development. This has certain reference significance for the development of my country’s cyberspace.

5.1 Deepen the top-level design and enhance the strategic position of cyberspace

Cyberspace has greatly extended and expanded the boundaries of national interests. The Internet has increasingly become the basic platform for national political, economic, cultural and social activities, the lifeblood of the real economy and the nervous system on which the entire society depends. It can be seen that network security is not only a security issue of the network itself, but its impact has radiated to all aspects of national security and national interests. Therefore, it is necessary to plan and deploy the country’s network security issues from the national strategic level. my country should learn from the experience of foreign cyberspace strategies, formulate cyberspace strategies at the national level, strengthen cybersecurity legislation, build an international cooperation system, and plan and deploy national cybersecurity development as a whole at the national level.

5.2 Consolidate the foundation of capabilities and develop cyberspace countermeasures

In recent years, with the advancement of my country’s informatization construction and the comprehensive popularization of national network infrastructure equipment, network security threats from home and abroad have shown a trend of diversification, complexity, and frequent occurrence, posing a major threat to China’s cyberspace security, leading to my country’s Important information systems of government agencies and critical infrastructure may face security risks such as large-scale leakage of sensitive information and paralysis of information systems. In order to ensure the integrity and availability of cyberspace information infrastructure, it is necessary to improve its survivability, respond quickly to cyber threats, and initiate attacks at the right time. Based on this, our country must proceed from the aspects of theory, technology, and talents to consolidate the foundation of cyberspace capabilities and provide guarantees for possible cyberspace confrontation and defense in the future.

5.3 Strengthen strength building and build a cyberspace support system

Today, cyberspace has become an emerging combat domain. It is necessary to build a powerful cyberspace combat force and seize control of this emerging combat domain in order to effectively maintain national security and development interests in cyberspace. Since the establishment of the U.S. Cyber Command in June 2009, the U.S. military has made great achievements in the construction of cyber military power, forming a strong military guarantee for U.S. cyber security, and at the same time posing a huge threat to the cyberspace of other countries. We must speed up the construction of cyberspace forces, continuously improve the cybersecurity awareness and information protection capabilities of the whole people, strengthen national defense mobilization, cultivate reserve forces, and build a network combat force system with sufficient combat capabilities, so as to effectively contain and counter the opponent’s attack on our country. cyber threat.

6 Conclusion

Cyberspace has become an important combat force for the military to seek development because of its characteristics such as not being restricted by time and space, not being constrained by combat objectives, having a wide range of sources of support for combat forces, and strong mutations in the combat process. In recent years, major countries and organizations in the world, such as the United States, Russia, Japan, and the European Union, have been committed to promoting the construction of cyberspace combat capabilities in order to seize the dominant position in this field. my country should accelerate the construction of military cyberspace forces and enhance our country’s cyberspace combat capabilities in order to seek the right to win future information warfare.

Citation format: Li Shuo, Li Zhenjing, Wang Shizhong, et al. Analysis and Enlightenment of the Development Situation of Foreign Military Cyberspace Combat Forces [J]. Information Security and Communication Secrecy, 2022(5):90-99.

Reference: https://www.163.com/dy/article/

Chinese Military Review : US Army issued the “cyberspace and electronic warfare operations” doctrine // 中國軍事評論美國陸軍頒布《網絡空間與電子戰行動》條令

US Army issued the “cyberspace and electronic warfare operations” doctrine// 中國軍事評論美國陸軍頒布《網絡空間與電子戰行動》條令

The field command FM3-12 provides instructions and guidance for the Army to implement cyberspace and electronic warfare operations using cyberspace electromagnetic activity in joint ground operations. The Fields Act FM3-12 defines the Army’s cyberspace operations, electronic warfare, roles, relationships, responsibilities, and capabilities, and provides an understanding of this to support Army and joint operations. It details how Army forces protect Army networks and data, and explains when commanders must integrate custom cyberspace and electronic warfare capabilities within military operations.

On the basis of the 2006 National Cyberspace Operations Military Strategy (NMS-CO), the US Joint Chiefs of Staff announced the joint publication JP 3-12 in February 2013 as an internal document. October 21, 2014 The published document for public release is Joint Publication JP 3-12(R). The order states that “the global reliance on cyberspace is increasing, and careful control of offensive cyberspace operations is required, requiring national-level approval.” This requires commanders to recognize changes in national network policies that are mandated by operations. Potential impact. On April 11, 2017, the US Army issued the field command FM3-12 “Network Space and Electronic Warfare Action” on this basis. The field war said that in the past decade of conflict, the US Army has deployed the most powerful communication system in its history. In Afghanistan and Iraq, enemies lacking technological capabilities challenge the US military’s advantages in cyberspace, and the US military has taken the lead in cyberspace and electromagnetic spectrum (EMS) operations. However, regional rivals have demonstrated impressive capabilities in a mixed-operational environment that threatens the US Army’s dominance in cyberspace and the electromagnetic spectrum. Therefore, the Order states that the integration of cyberspace electromagnetic activity at all stages of combat operations is the key to acquiring and maintaining freedom of maneuver in the cyberspace and electromagnetic spectrum, while preventing the enemy from doing so. Cyberspace electromagnetic activity can synchronize capabilities across a variety of domains and operational functions, and maximize synergies within and through the cyberspace and electromagnetic spectrum. Intelligence, signal, information operations (IO), cyberspace, space and firepower operations are critical to planning, synchronizing, and implementing cyberspace and electronic warfare operations.

The Fields Order FM3-12 supports the Joint Cyberspace and Electronic Warfare Act and the Army Doctrine Reference Publication ADRP3-0, Combat, and provides a background to define the Army’s doctrine reference publication ADRP5-0 “Operational Process” and Cyberspace and The relationship between electronic warfare operations. In order to understand the basic principles of integration and synchronization of cyberspace and electronic warfare operations, you must first read the Army’s doctrine publication ADP2-0, the Army’s doctrine reference publication ADRP2-0, the Army doctrine publication ADP3-0, and the Army doctrine reference publication ADRP3. -0, Army doctrine publication ADP5-0, Army doctrine reference publication ADRP5-0, Army doctrine publication ADP6-0, Army doctrine reference publication ADRP6-0, Army technical publication ATP2-01.3, field bar FM3-13 And FM6-0. By planning, integrating, and synchronizing cyberspace and electronic warfare operations, cyberspace electromagnetic activities can integrate functions and capabilities across operational functions, defend networks, and provide critical capabilities to commanders at all levels during joint ground operations. Cyberspace and electronic warfare operations affect all combat functions and are also affected by them.

Network space visualization operating environment of electromagnetic spectrum

The field battles present detailed tactics and procedures for Army cyberspace and electronic warfare operations. The field command replaced the field title FM3-38 dated February 2014. The Fields Order FM3-12 is an Army cyberspace and electronic warfare campaign advocacy publication. The field battles contain the basic principles and guiding principles of cyberspace operations, electronic warfare, and cyberspace electromagnetic activities in a single publication. It provides a comprehensive account of how they support and achieve action, and how to support the missions and functions of the various levels of force. The field battles laid the foundation for subordinate Army technical publications.

Cyberspace and e-war operations incorporate established joint and Army processes into operations such as intelligence processes, targeting processes, and military decision-making processes (MDMPs). The field battles explain the basic ideas of the Army’s cyberspace and electronic warfare operations. Content includes staff responsibilities, contributions to military decision-making processes, cyberspace and target work in the electromagnetic spectrum, and reliance on intelligence and operational environment readiness (OPE) in cyberspace.

The field battles describe the relationship between cyberspace operations, missions, operations, electronic warfare, electromagnetic spectrum, and each other’s actions. This elaboration also includes cyberspace electromagnetic activity, providing compliance for military forces and the following combat forces planning, integration, and simultaneous electromagnetic activities.

Schematic diagram of electromagnetic spectrum

The first chapter provides an understanding of cyberspace, cyberspace operations, missions, actions, and effects. It describes cyberspace and situational understanding, situational awareness, threats, risks, vulnerabilities, and their relationship to information and operational environments. The level and characteristics of cyberspace confirm the legal authorization applicable to cyberspace and cyberspace operations, and discuss the basic information and spectrum management functions of electronic warfare related to cyberspace and electronic warfare operations.

Chapter 2 provides information on the use of cyberspace operations and tasks, rather than day-to-day operations, pointing out that information operations, intelligence, space operations, and targeted work can affect cyberspace, electromagnetic spectrum, cyberspace operations, and electronic warfare operations. Commanders and staff officers have integrated and synchronized all of these aspects of cyberspace and electronic warfare operations.

The third chapter expounds the Army’s cyberspace electromagnetic activity and mission-style command, the role of the commander, the cyberspace with combat functions and the electronic warfare action, and discusses how to incorporate the planning elements of cyberspace and electronic warfare operations into the operational process. This includes planning, preparation, implementation, evaluation, and targeting. The discussion of the operational environment is combined with the military decision-making process, followed by an overview of the preparation requirements, implementation tactics, and how to assess cyberspace and electronic warfare operations.

Figure cyberspace electromagnetic activity combat framework

Appendix A discusses cyberspace operations and various joint operations partners.

Appendix B highlights the location of cyberspace operational information in the Combat Command and Appendix 12 to Annex C. This appendix includes an example of Appendix 12 to Annex C, which describes the types of information contained in this appendix and sections.

Appendix C contains the procedures for handling cyberspace operations requests from military, military, and military units, as well as fields and information for the Cyber ​​Operations Application Form (CERF). Blank copies of the cyber operations application form and field explanations are all part of the process.

Appendix D includes fields and information for the Electronic Attack Request Form (EARF). A blank copy of the electronic attack application form and a five-line brief with field interpretation are part of the program.

Cyberspace and Electronic Warfare Actions Directory

Preface

preface

Chapter 1 Network Space and the Basic Principles of Electronic Warfare Action

Section 1 Overview of Cyberspace and Electromagnetic Spectrum

First, the network space domain

Second, combat operations and cyberspace domain

Third, cyberspace tasks and actions

Section 2 Understanding Network Space and Environment

1. Network space and electromagnetic spectrum

Second, cyberspace and information environment

Third, the network space level

Fourth, the characteristics of cyberspace

5. Cyberspace as part of the operational environment

Sixth, risk in cyberspace

Seven, authorization

Section III Electronic Warfare Action

First, the electromagnetic spectrum action

Second, electronic warfare

Third, the application of matters needing attention

Fourth, spectrum management

Chapter 2 Relationship with Cyberspace and Electromagnetic Spectrum

I. Interdependence

Second, information operations

Third, intelligence

Fourth, space operations

V. Target determination

Chapter III Electromagnetic Activities in Cyberspace in Operation

First, the basic principle

Second, matters needing attention

Third, the role of the commander

Fourth, empower resources

V. Planning work and cyberspace electromagnetic activities

Sixth, network effect application form and target determination activities

Appendix A Integration with Unified Action Partners

Appendix B Cyberspace in Combat Commands

Appendix C Network Effect Application Form

Appendix D Electronic Attack Application Form

Thanks for compiling/reviewing: Shen Song

Article source: Zhiyuan Strategy and Defense Research Institute

Electric Defense Research

Original Mandarin Chinese:

野战条令FM3-12为陆军在联合地面作战中使用网络空间电磁活动实施网络空间和电子战行动提供了指示与指导。野战条令FM3-12界定了陆军网络空间行动、电子战、角色、关系、职责和能力,并提供了对此的理解,从而为陆军和联合作战提供支持。它详述了陆军部队保护陆军网络与数据的方法,并阐述了指挥官必须在军事行动范畴内整合定制网络空间与电子战能力的时机。

在2006年《国家网络空间作战军事战略(NMS-CO)》基础上,美军参谋长联席会议在2013年2月只是以内部文件形式公布了联合出版物JP 3-12。2014年10月21日对外公开发布的条令文件为联合出版物JP 3-12(R)。该条令指出,“在全球范围内,对网络空间的依赖日益增加,需要仔细控制进攻性网络空间作战,需要国家层面的批准。”这就要求指挥官认识到国家网络政策的变化对作战授权的潜在影响。2017年4月11日,美国陆军在此基础上颁布了野战条令FM3-12《网络空间与电子战行动》。该野战条令认为,在过去十年的冲突中,美国陆军已经部署了其历史上最强大的通信系统。在阿富汗和伊拉克,缺少技术能力的敌人挑战美军在网络空间内的优势,美军在网络空间和电磁频谱(EMS)行动中取得了主导权。但是,地区同等对手已经在一种混合作战环境中展示了令人印象深刻的能力,这种混合作战环境威胁了美国陆军在网络空间和电磁频谱中的主导权。因此,该条令指出,在作战行动的所有阶段整合网络空间电磁活动是在网络空间和电磁频谱内获取和保持机动自由的关键,同时可以阻止敌人这么做。网络空间电磁活动可以同步贯穿各种域和作战职能中的能力,并在网络空间和电磁频谱内及通过它们最大程度地发挥互补效果。情报、信号、信息作战(IO)、网络空间、太空和火力作战对计划、同步和实施网络空间与电子战行动是至关重要的。

野战条令FM3-12支持联合网络空间与电子战行动条令以及陆军条令参考出版物ADRP3-0《作战》,并提供了条令背景以明确陆军条令参考出版物ADRP5-0《作战过程》和网络空间与电子战行动之间的关系。为了理解整合与同步网络空间与电子战行动的基本原理,必须首先要阅读陆军条令出版物ADP2-0、陆军条令参考出版物ADRP2-0、陆军条令出版物ADP3-0、陆军条令参考出版物ADRP3-0、陆军条令出版物ADP5-0、陆军条令参考出版物ADRP5-0、陆军条令出版物ADP6-0、陆军条令参考出版物ADRP6-0、陆军技术出版物ATP2-01.3、野战条令FM3-13和FM6-0。通过计划、整合和同步网络空间与电子战行动,网络空间电磁活动就可以横跨作战职能整合各种职能与能力,保卫网络,并在联合地面作战期间为各级指挥官提供关键能力。网络空间和电子战行动影响到所有的作战职能,也会受到它们的影响。

电磁频谱的网络空间可视化操作环境

本野战条令提出了陆军网络空间和电子战行动的详细战术和程序。该野战条令取代了日期标注为2014年2月的野战条令FM3-38。野战条令FM3-12是陆军网络空间和电子战行动倡导出版物。本野战条令将网络空间作战、电子战和网络空间电磁活动的基本原理与指导原则都包含在一本出版物中。它全面阐述了他们如何支持并达成行动,以及如何支持各级部队的使命任务和职能。本野战条令为下属陆军技术出版物奠定了基础。

网络空间和电子战行动将已经制定的联合和陆军流程纳入作战行动之中,比如情报流程、目标确定流程和军事决策流程(MDMP)。本野战条令阐释了陆军网络空间与电子战行动的基本想法。内容包括参谋职责、对军事决策流程的贡献、网络空间和电磁频谱中的目标工作、网络空间中对情报和作战环境准备(OPE)的依赖性。

本野战条令阐述了网络空间作战、任务、行动、电子战、电磁频谱以及相互间与所有陆军行动之间的关系。这种阐述还包括网络空间电磁活动,为军及以下规模的作战部队计划、整合和同步电磁活动提供遵循。

电磁频谱示意图

第一章提供了对网络空间、网络空间作战、任务、行动和效果的理解,阐述了网络空间和态势理解、态势感知、威胁、风险、脆弱性及其与信息和作战环境的关系,阐述了网络空间的层次与特点,确认了适用于网络空间和网络空间作战的法律授权,论述了与网络空间和电子战行动有关的电子战基本信息和频谱管理职能。

第二章提供了有关使用网络空间行动与任务的信息,而不是日常业务,指出信息作战、情报、太空作战和目标工作可能影响网络空间、电磁频谱、网络空间作战和电子战行动。指挥官和参谋人员对网络空间和电子战行动中的所有这些方面进行了整合和同步。

第三章阐述了陆军网络空间电磁活动和任务式指挥、指挥官的作用、具有作战职能的网络空间和电子战行动,论述了如何将网络空间和电子战行动的计划工作要素纳入作战流程。这包括计划、准备、实施、评估和目标确定。对作战环境的论述与军事决策流程结合在一起,随后概述了准备要求、实施战术以及如何评估网络空间和电子战行动。

图 网络空间电磁活动作战框架

附录A 论述了网络空间作战与各种联合行动伙伴。

附录B 强调了网络空间作战信息在作战命令和附件C之附录12中的位置。本附录包括一个附件C之附录12的例子,描述了本附录和各部分所包含的信息类型。

附录C 包含了在军、军以下、军以上级别部队处理网络空间作战行动申请的程序,以及网络作战行动申请表(CERF)的字段和信息。网络作战行动申请表的空白副本和字段解释都是该程序的组成部分。

附录D包括了电子攻击申请表(EARF)的字段和信息。电子攻击申请表的空白副本和带有字段解释的五行式简令都是该程序的组成部分。

《网络空间与电子战行动》目录

序言

导言

第一章 网络空间与电子战行动基本原理

第一节 网络空间和电磁频谱概述

一、网络空间域

二、作战行动与网络空间域

三、网络空间任务与行动

第二节 了解网络空间与环境

一、网络空间和电磁频谱

二、网络空间和信息环境

三、网络空间层次

四、网络空间的特点

五、作为作战环境组成部分的网络空间

六、网络空间中的风险

七、授权

第三节 电子战行动

一、电磁频谱行动

二、电子战

三、运用注意事项

四、频谱管理

第二章与 网络空间和电磁频谱的关系

一、相互依存

二、信息作战

三、情报

四、太空作战

五、目标确定

第三章 作战中的网络空间电磁活动

一、基本原理

二、注意事项

三、指挥官的作用

四、赋能资源

五、计划工作与网络空间电磁活动

六、网络效果申请表与目标确定活动

附录A 与统一行动伙伴的整合

附录B 作战命令中的网络空间

附录C 网络效果申请表

附录D 电子攻击申请表

感谢编译/述评:沈松

文章来源:知远战略与防务研究所

转载请注明出处

电科防务研究

Original Source:  http://cpc.people.com.cn/

Chinese Military Analysis of Cyber Space Deterrence – Important Strategic Points // 淺析網絡空間威懾的特徵、類型和運用要點

Chinese Analysis of Cyber Space Deterrence – Important Strategic Points

淺析網絡空間威懾的特徵、類型和運用要點

Chinese People’s Liberation Army Academy of Military Sciences Yuan Yi

January 04, 2016    

Editor’s note: When both opposing parties have the ability to ensure intrusion and damage to the other party’s network, they can bring about two-way network containment, making the two parties obliged to comply with the game rules that do not attack each other’s network under certain conditions, forming an invisible safety valve. Even international conventions or conventions that do not attack each other’s networks will be formed. The cyberspace has thus become a strategic area that can produce a huge deterrent effect. After the deterrence of cyberspace followed by nuclear deterrence, it began to enter the strategic vision of big country politicians and military strategists. Studying the characteristics, types, and points of use of cyberspace deterrence must be taken into consideration and necessary action by the Internet powers and the cyber force.

With the increasing dependence of human society on cyberspace, cyberspace has become the “second type of living space” for human production and life and the “fifth-dimensional combat space” for military confrontation. Countries around the world have fiercely competed for the dominant rights, control rights, and discourse power of cyberspace. The competition in the cyberspace has reached the level of human survival, national destiny, and success or failure of military struggles. Thinking about cyberspace deterrence capacity building has great practical and theoretical value.

First, analysis of the advantages and disadvantages of cyberspace deterrence

Cyberspace deterrence refers to the actions and actions taken in the cyberspace to demonstrate and control enemy cyberspace, and to control the enemy’s physical space through cross-domain cyberspace, so as to achieve the goal of destroying enemy forces, stopping the enemy, blocking the enemy, and preventing deterrence. A form of strategic deterrence for the enemy’s purpose. Compared with the physical space, the “virtual and real duality” of network space and the uniqueness of network warfare compared with traditional combat styles have determined that the advantages and disadvantages of cyberspace deterrence are very obvious.

(A) The advantages of cyberspace deterrence

The advantages of cyberspace deterrence are mainly reflected in the following: First, the deterrence approach has become more civilized and humane. Compared with nuclear, chemical, and chemical weapons based on physical, biological, and chemical killing mechanisms, the direct killing and destructive effects of cyber warfare weapons are much smaller than the former. Normally, they will not cause permanent damage and pollution to the natural environment, nor will they cause large numbers of people. Casualties and humanitarian disasters. Second, deterrence costs are inefficient. The network warfare weapons are dominated by viruses, Trojans and other software. The costs are relatively low, and the technical threshold is low. The destructive effects are rather alarming. The network defense points are multi-faceted, and they are hard to prevent. To increase the level of network security by one level, the input cost will increase exponentially. The contrast between the low cost of cyber offense and the high cost of cyber defense makes the offensive and defensive performance of the network a feature of “spirit shield”, and the cyber warfare weapon is thus called “the atomic bomb of the poor country”. The third is that deterrence methods are diverse and practical. The variety of cyber warfare weapons and the multiple goals of cyber attacks have determined that there are diversified cyberspace deterrent methods to choose from. The effects of cyberattacks are recoverable to a certain extent. As long as the application is properly implemented, the risk of causing war and escalating the war is relatively small. In a sense, the deterrence value of nuclear weapons is far greater than the value of actual combat, and cyber warfare weapons are both practical values ​​and deterrence values. Fourth, the use of repeatability and deterrence is strong. Once the “nuclear threshold” crosses, a full-scale nuclear war will erupt, and the two sides at the nuclear balance will fall into a state of mutual destruction. The easy implementation of nuclear deterrence, especially nuclear deterrence against non-nuclear countries, will also be condemned by international public opinion. These factors are all The use of nuclear deterrence is greatly limited. The deterrence of software and hardware and the controllable characteristics of cyberspace deter- mine the flexibility and control of deterrence in light of the changes and needs of the military struggle. It can be used in advance, used throughout, and used repeatedly. It has strong flexibility.

(B) Defects in cyberspace deterrence

The deterrence of cyberspace is mainly reflected in: First, the credibility of the deterrence effect has not been fully verified. The credibility of nuclear deterrence has been verified in actual combat. However, as of now, the real network war has not really exploded. People’s astonishing destructive power over cyber warfare is more of a speculation and worry. The real power of cyber warfare can only be convincing after being tested by actual combat. Second, the reliability of deterrence measures is not very high. Network warfare is a dynamic process of continuous offensive and defensive interaction between the two sides of the enemy and me. The characteristics of network confrontation and technicality determine that the network warfare attack has greater uncertainty and may not achieve the desired operational objectives, which will greatly reduce the effectiveness of deterrence. . For example, when the enemy performs cyberspace deterrence, if the enemy takes various effective defense measures in a timely manner, it will increase the difficulty of its own cyber attack and reduce the damage, and even lead to the failure of the attack. Third, the controllability of deterrence scope needs further improvement. As one of the important weapons of cyber warfare, viral weapons have strong dissemination, poor controllability, and a wide range of influence. It is difficult to launch targeted and targeted attacks on enemy computers and networks. If it can’t control its effective scope, it will spread to third-party neutral countries and even make itself a victim. As a result, the use of virus weapons suffers from the use of “imposed rats.” The fourth is the selective limitation of deterrence objects. Nuclear deterrence is clear and effective for any country, and the effectiveness of cyberspace deterrence has a lot to do with the level of informatization of enemy countries. Cyberspace deterrence is extremely effective for countries with a high degree of informatization, and for those underdeveloped countries with weak information infrastructure and weak network dependence, it is difficult for them to exert results, or even completely ineffective. Fifth, the organization of deterrence is relatively complicated. All nuclear powers in the world implement centralized and unified management of strategic nuclear forces. Command and control powers are highly centralized. When organizations implement nuclear deterrence operations, they can accurately control each combat unit, and the organization is well-executed. The implementation of the deterrence of cyberspace involves many forces such as investigation, control, defense, and control. It has many personnel and large scales and is scattered among different departments and units in the military and the military. It is very complicated to organize and it is difficult to form a synergy.

Second, the main types of cyberspace deterrence

The cyberspace deterrence includes four types: cyberspace technology test deterrence, cyberspace equipment demonstration deterrence, cyberspace operational deterrence deterrence, and cyberspace operational deterrence. Among them, the first three are demonstrative deterrence, and the latter is actual deterrence.

(A) Cyberspace Technology Test Deterrence

The cyberspace technology test deterrence is a field in the field of cyber warfare. It constantly conducts preliminary exploratory experiments on new concepts of warfare, new experiments on the effectiveness of attack mechanisms and tactics, and practical experiments on the weaponization of new technologies. The outside world is disclosed to demonstrate its strong strength in the basic research of information technology and its enormous potential for transforming it into a cyber warfare capability to achieve deterrence. At present, network offensive and defensive technology is still developing rapidly. A breakthrough in a key technology will often have a significant impact on cyberspace security and operations, and even lead to revolutionary changes. Whoever preempts the strategic commanding heights of the network offensive and defensive technology, who will be able to achieve a clear advantage in the future of network warfare.

(B) Cyberspace Equipment Demonstration

The demonstration of cyberspace equipment deterrence is the development of network warfare equipment development planning, technology development, target testing, stereotyped production and other development stages. According to the needs of the appropriate disclosure of network warfare equipment models, performance, characteristics, parameters and development schedule, etc. Reach the purpose of deterring opponents. There are two main ways: one is through public disclosure in official media such as national defense white papers, diplomatic bulletins, and newspapers, periodicals, and large-scale websites; and the other is through online social media or other unofficial. The channel has deliberately leaked equipment-related information and implemented hidden deterrence. The cyber space equipment demonstrates deterrence. On the one hand, it can invent new cyber-warfare equipment with new mechanisms and new concepts and render its unique combat capabilities. On the other hand, it can deliberately exaggerate the operational effectiveness of existing cyber warfare equipment. There are facts in the virtual reality, there is something in the real, and the implementation of fuzzy policies, so that the other party can not understand their true situation and strength, resulting in fear and jealousy. For example, the U.S. military’s “Shuute” on-board network power system has been put into practical use several times and poses a serious threat to the air defense systems of its hostile countries. However, its basic principles, working mechanisms, and combat technical indicators have not been publicly disclosed. It has not been completely mastered by other countries and has remained in a state of secrecy. It is difficult to distinguish between reality and reality and has played a very good deterrent effect.

(3) Deterrence in cyberspace operations exercises

The deterrence of cyberspace operations exercises is to conduct drills in cyberspace through virtual or virtual methods, and use various media channels to show potential war opponents their own cyber warfighting capabilities, strengths and determinations in order to achieve deterrence. Cyberspace operations can be divided into two kinds: actual drills and virtual exercises. The former is usually carried out nationwide or in alliance with allies, and is generally based on the joint exercise of military space and space defense operations. In recent years, the United States and its allies have held “Network Storm” series of cyber warfare exercises and “Shriver” series of space-network space exercises, which have demonstrated the mobilization strength, overall defense level, and the implementation of cyber warfare. Determination. The latter is usually held at the national large-scale network integrated shooting range, and is generally based on the offensive actions of the military professional cyber warfare forces.

(D) Deterrence in cyberspace operations

The deterrence of cyberspace operations is the actual deterrence of attacking specific opponents by deterring opponents with certain attacks. There are two opportunities for its use: First, when one’s own side is aware that the enemy is about to wage a war on one’s own side, one’s own choice of the key cyber targets of the enemy’s key defenses will be targeted to combat them, and preventive and deterrent deterrence will be implemented; When the Party initiates a tentative cyber attack on its own side and implements cyberspace deterrence, it must immediately conduct effective retaliatory and disciplinary deterrence. There are many types of cyber warfare operations that have deterrent effects. For example, infiltrate the enemy’s telecommunications network, send a large number of anti-war messages to the enemy’s citizens, and attack the enemy’s power grid, resulting in a short-term blackout of major cities in the enemy’s power; attacking the enemy’s broadcast television networks and inserting their own broadcasts during prime time. Special video programs; etc.

Third, the use of cyberspace deterrence points

The general requirements for the use of cyberspace deterrence are: combination of wartime and warfare, with strength, actual display capability, and determination, strive to demonstrate deterrence with small battles, ensure deterrence with strikes, and achieve deterrence with a small price. Specifically, the following points should be achieved.

(A) Combination of peacetime and long-term preparation

“Frozen feet, not a cold day.” Successful implementation of cyberspace deterrence requires a combination of peacetime and warfare, and we must fully and carefully prepare for peacetime. The first is to conduct comprehensive and thorough network reconnaissance. Requires the combination of spying, reconnaissance and technical reconnaissance, wireless reconnaissance, and cable reconnaissance. Conduct long-term and continuous network reconnaissance of enemy network targets, gradually understand the basic conditions of the enemy’s network, draw a picture of its network topology, and in particular analyze and find all kinds of soft enemies. Hardware system vulnerabilities. The second is to conduct a large number of effective strategic presets. Using hacking methods, secretive infiltrate all types of networks through the use of system vulnerabilities or password cracking, leaving the back door, setting up a springboard machine, and laying down logic bombs and Trojans to set a breakthrough for launching cyber attacks in the future. The third is to conduct pre-prepared cyber defenses. When deterring cyberspace deterrence against the enemy, one must adjust the deployment of network defenses in advance, make the enemy’s pre-designed attack path, anticipate the use of system loopholes, and plan to implement an attack plan that is difficult to implement, or the effect of implementation is greatly reduced to minimize the enemy’s Losses caused by cyber retaliation.

(B) careful decision-making, control strength

Sun Tzu said: “The Lord must not anger and raise a teacher. Cyberspace deterrence is a strategic game behavior between countries, especially with deterrence and sensitivity. It must be rational, beneficial, and tangible. It must not be abused because of the low threshold of deterrence. Otherwise, its effect may be counter-productive. . Cyberspace deterrence has a high requirement for combat intensity control. On the one hand, if the intensity is too small, the enemy’s government and people will not have fear and will not achieve the deterrent effect they deserve. The other party may also use the same methods to implement anti-deterrence, eventually leading to confrontational escalation and deterring one’s own deterrence. On the other hand, if it is too strong, it will cause huge economic losses and casualties to the enemy countries. This will cause the condemnation of the international community and the hatred of the enemy governments and people. It may trigger the enemy’s use of conventional forces to carry out large-scale revenge. Nuclear countries may even Nuclear power may be used. This will not only stop the war but will also play a role in warfare.

(III) Unified command and careful organization

The implementation of the deterrence of cyberspace requires centralized command, unified planning, and good coordination. The first is meticulous organization of strength. Uniformly organize the four forces of military investigation, attack, defense, and control, and actively coordinate the strength of the cyber warfare forces of all parties to form a joint force. In particular, it is necessary to organize and coordinate the strength of civil non-professional cyber warfare, especially patriotic hacking, so that there can be no phenomenon of “blindness” so as to avoid triggering friction, escalating fire, causing an escalation of cyber warfare, or prematurely exposing attack intentions and giving people a handle. , leading to uncontrollable situations or failure of operations. The second is to select the target. Should choose a wide range of influence, easy to produce a clear deterrent effect of the goal. For example, broadcast television channels with the highest ratings, portals with a large number of visitors, and wireless communication networks with numerous users. It is not possible to choose attacks that are irrelevant, insignificant, and indifferent to the target. They can easily be mistaken for cybersecurity incidents created by ordinary hackers and do not achieve the desired deterrent effect. In addition, we must also consider the constraints of international law and war laws. We must not choose targets that are easy to cause humanitarian disasters. We should try our best not to select the network goals of railways, aviation, finance, and medical departments so as not to arouse condemnation and resentment from the international community and the people of the other side. The third is the precise control of the process. Prior to the deterrent strikes in cyberspace, it is necessary to publicize the momentum through extensive public opinion, issue warnings to the enemy countries, and declare the justice of their actions to the world in order to gain the understanding and support of international public opinion. In order to highlight the deterrent effect, one can highly announce the target of the enemy’s network to be attacked, break through the enemy’s layered network defenses, and implement a resolute and effective cyber attack. If necessary, the network attack effect can be resumed regularly to show its superiority. The cyber attack technology and means make the enemy’s decision makers and the public have a sense of frustration that is hard to defend and difficult to parry, thus forming a strong shock effect.

(4) Combining actual situation with actual situation, focusing on strategy

The grandson said that “it is not possible to show and not to use it,” and it is used to deter online space. Its main points are summarized as “showing without propaganda, advocating without showing.” “Indicating nothing” means that it is difficult to track and locate using cyber attacks and conduct cyber attacks on specific targets. However, it is not done for others to announce that they are doing their own thing. It not only demonstrates their own capabilities, but also makes the enemy’s suspicion of doing their own thing. However, there is no evidence and it cannot be pursued. “Proclaiming but not showing” is the publicity or inadvertent disclosure of the type, performance, and characteristics of the advanced cyber warfare equipment developed or fabricated by the company, deliberately exaggerating its combat effectiveness, falsifying facts, and integrating facts and facts, so that the enemy can’t understand its true strength. , resulting in a deterrent effect. The cyber warfare operations have the characteristics of difficulty in tracking and traceability and complexity in forensics. The initiating party can either admit or deny it, or push the responsibility to civil hacker organizations. (Source: China Information Security).

Original Communist Mandarin Chinese:

編者按:當敵對雙方都具有確保侵入破壞對方網絡的能力時,就可以帶來雙向網絡遏制,使得雙方不得不在一定條件下,遵守互不攻擊對方網絡的遊戲規則,形成一個無形的安全閥,甚至國際上也會形成互不攻擊對方網絡的慣例協議或公約,網絡空間由此成為可以產生巨大威懾效應的戰略領域。網絡空間威懾繼核威懾之後,開始進入大國政治家和軍事家的戰略視野。研究網絡空間威懾的特徵、類型和運用要點,成為網絡強國、網絡強軍的必須考量和必要行動。

隨著人類社會對網絡空間依賴程度的不斷加深,網絡空間成為人類生產生活的“第二類生存空間”和軍事對抗的“第五維作戰空間”。世界各國圍繞網絡空間的主導權、控制權、話語權展開了激烈的爭奪,網絡空間的競爭已達到與人類生存、國家命運和軍事鬥爭成敗休戚相關的程度。思考網絡空間威懾能力建設,具有重大現實和理論價值。

一、網絡空間威懾的優劣分析

網絡空間威懾,是指在網絡空間採取各種行動,展示癱瘓控制敵方網絡空間,並通過網絡空間跨域控制敵方實體空間的決心和實力,從而達到懾敵、止敵、阻敵、遏敵目的的一種戰略威懾形式。網絡空間與實體空間相比所具有的“虛實二相性”,網絡戰與傳統作戰樣式相比所具有的獨特性,決定了網絡空間威懾的優缺點都非常明顯。

(一)網絡空間威懾的優點

網絡空間威懾的優點,主要體現在:一是威懾方式更趨文明和人道。與基於物理、生物、化學殺傷機理的核生化武器相比,網絡戰武器的直接殺傷和破壞效應要遠小於前者,通常不會對自然環境造成永久性破壞和污染,也不會造成大量的人員傷亡,並引發人道主義災難。二是威懾成本低效費比高。網絡戰武器以病毒、木馬等軟件為主,成本相對低廉,技術門檻較低,而造成的破壞效果卻相當驚人。網絡防禦點多面廣,防不勝防,要網絡安全程度每提高一個等級,投入成本會呈指數級增加。網絡進攻的低成本與網絡防禦的高成本對比鮮明,使得網絡攻防呈現“矛尖盾薄”的特點,網絡戰武器因而被稱為“窮國的原子彈”。三是威懾手段多樣實用性強。網絡戰武器多種多樣,網絡攻擊目標多元,決定了有多樣化的網絡空間威懾手段可供選擇。網絡攻擊效果在一定程度上是可恢復的,只要運用實施得當,引發戰爭和促使戰爭升級的風險相對較小。從某種意義上講,核武器的威懾價值遠大於實戰價值,而網絡戰武器則是實戰價值與威懾價值兼具。四是威懾運用可重複靈活性強。 “核門檻”一旦跨過就會爆發全面核戰爭,處於核均勢的雙方將陷入相互摧毀狀態,輕易實施核威懾特別是對無核國家進行核威懾,還會招致國際輿論的譴責,這些因素都極大地限制了核威懾手段的使用。而網絡空間威懾軟硬結合、威力可控的特點,決定了其可根據軍事鬥爭形勢的變化和需要,適時調控威懾強度,先期使用、全程使用、反複使用,具有很強的靈活性。

(二)網絡空間威懾的不足

網絡空間威懾的不足,主要體現在:一是威懾效果的可信性未得到充分驗證。核威懾的可信度已在實戰中得到了驗證。然而,截止目前,真正意義上的網絡大戰還沒有真正爆發過。人們對網絡戰驚人的破壞力,更多的只是一種猜測和擔憂,網絡戰的真實威力只有經過實戰檢驗後,才能真正令人信服。二是威懾手段的可靠性不太高。網絡戰是敵我雙方網絡攻防持續互動的動態過程,網絡對抗複雜、技術性強的特點,決定了網絡戰攻擊效果具有較大的不確定性,有可能達不到預期作戰目的,使威懾效果大打折扣。例如,對敵實施網絡空間實戰威懾時,敵方若及時採取各種有效防御手段,就會增加己方網絡攻擊的難度和降低破壞效果,甚至導致攻擊行動的失敗。三是威懾範圍的可控性需進一步改善。病毒武器作為網絡戰的重要武器之一,其傳播性強、可控性較差、影響範圍比較廣,很難針對敵國計算機和網絡發動專門性、針對性極強的攻擊。如果不能控制其有效作用範圍,就會波及第三方中立國家,甚至使自身也成為受害者,因而病毒武器的使用有“投鼠忌器”之患。四是威懾對象的可選擇性受限。核威懾對任何國家都是明確而有效的,而網絡空間威懾的效果與敵國的信息化程度有很大關係。網絡空間威懾對信息化程度高的國家極為有效,而對那些信息基礎設施薄弱,網絡依賴性不強的不發達國家,則很難發揮效果,甚至完全不起作用。五是威懾實施的組織相對複雜。世界各個核國家無不對戰略核力量實施集中統管,指揮控制權高度集中,組織實施核威懾行動時可以準確控製到每一個作戰單元,組織實施十分周密。而網絡空間威懾的組織實施,要涉及偵、控、防、控等多支力量,人員多、規模大,且分散在軍地不同部門和單位,組織起來非常複雜,形成合力不易。

二、網絡空間威懾的主要類型

網絡空間威懾主要有網絡空間技術試驗威懾、網絡空間裝備展示威懾、網絡空間作戰演習威懾和網絡空間作戰行動威懾四種類型。其中,前三種是示形威懾,後一種是實戰威懾。

(一)網絡空間技術試驗威懾

網絡空間技術試驗威懾,是在網絡戰領域,經常性地進行新作戰概念的先期探索性試驗、新攻擊機理和戰術的效果印證性試驗、新技術的實用化武器化試驗等,並通過媒體向外界披露,以展現本國雄厚的信息技術基礎研究實力,以及轉化為網絡戰能力的巨大潛力,以達到威懾對手的目的。當前,網絡攻防技術仍在快速發展,一項關鍵性技術的突破,往往會對網絡空間安全和作戰產生重大影響,甚至引發革命性變化。誰搶先佔領了網絡攻防技術的戰略制高點,誰就能在未來網絡戰中取得明顯優勢。

(二)網絡空間裝備展示威懾

網絡空間裝備展示威懾,是在網絡戰裝備發展規劃制定、技術開發、打靶試驗、定型生產等各個發展階段,根據需要適當披露網絡戰裝備的型號、性能、特點、參數以及研製進度等情況,以達到威懾對手的目的。其方式主要有兩種:一種是通過在國防白皮書、外交公報以及報紙、期刊、大型網站等權威媒體從官方渠道公開披露,實施顯性威懾;另一種是通過網絡社交媒體或其他非官方渠道,刻意洩露裝備相關情況,實施隱性威懾。網絡空間裝備展示威懾,一方面可以虛構新機理、新概念的新型網絡戰裝備,並渲染其獨特的作戰能力;另一方面可以刻意誇大已有網絡戰裝備的作戰效能。虛中有實、實中有虛,實施模糊政策,使對方摸不清己方真實情況和實力,產生恐懼和忌憚心理。例如,美軍的“舒特”機載網電一體攻擊系統已多次投入實戰使用,對其敵對國家的防空體系構成了嚴重威脅,但其基本原理、工作機制、戰技指標既沒有公開披露,也沒有被他國完全掌握破解,一直處於保密狀態,令人虛實難辨,起到了很好的威懾作用。

(三)網絡空間作戰演習威懾

網絡空間作戰演習威懾,是以實兵或虛擬的方式在網絡空間展開演習活動,並藉助各種媒體渠道,向潛在作戰對手展現本國網絡戰能力、實力與決心,以達到威懾對手的目的。網絡空間作戰演習可分為實兵演習和虛擬演習兩種。前者通常在全國范圍內或與盟國聯合進行,一般以演練軍地聯合網絡空間防禦行動為主。近幾年來,美國及盟國多次舉行“網絡風暴”系列網絡戰演習,以及“施里弗”系列太空-網絡空間演習,很好展現了網絡戰的動員實力、整體防禦水平,以及實施網絡戰的決心。後者通常在國家大型網絡綜合靶場舉行,一般以演練軍隊專業網絡戰力量的進攻行動為主。

(四)網絡空間作戰行動威懾

網絡空間作戰行動威懾,是指對特定的網絡目標實施攻擊,以確信的攻擊效果來威懾作戰對手的一種實戰性威懾。其運用的時機有兩個:一是當己方覺察敵方即將對己方發動戰爭時,己方選擇敵方重點防禦的關鍵性網絡目標進行針對性打擊,進行預防性、遏制性威懾;二是當敵方通過對己方發起試探性網絡攻擊,實施網絡空間威懾時,己方應立即進行有效的報復性、懲戒性威懾。具有威懾效果的網絡戰行動有多種。例如,對敵電信網滲透破壞,向敵國民眾手機大量發送宣傳反戰短信;對敵電力網進行攻擊,造成敵重要城市短時間的大面積停電;對敵廣播電視網進行攻擊,在黃金時段插播己方特製的視頻節目;等等。

三、網絡空間威懾的運用要點

網絡空間威懾總的運用要求是:懾戰結合,以實力、實戰展示能力和決心,力求以小戰體現威懾、以精打確保威懾,以較小的代價實現威懾目的。具體說來,應做到以下幾點。

(一)平戰結合,長期準備

“冰凍三尺,非一日之寒”。成功實施網絡空間威懾,需要平戰結合,在平時就要進行充分細緻的準備。一是要進行全面周密的網絡偵察。要求諜報偵察與技術偵察、無線偵察與有線偵察相結合,對敵網絡目標進行長期持續的網絡偵察,逐步摸清敵網絡基本情況,繪製其網絡拓撲結構圖,尤其是分析查找出敵各種軟硬件系統的漏洞。二是要進行大量有效的戰略預置。採用黑客手段,通過利用系統漏洞或口令破譯等辦法,秘密滲透進入敵各類網絡,留下後門,設置跳板機,埋設邏輯炸彈和木馬,為未來發動網絡攻擊預留突破口。三是進行預有準備的網絡防禦。在對敵實施網絡空間威懾時,己方應提前調整網絡防禦部署,使敵預先設計的攻擊路徑,預期利用的系統漏洞,預定執行的攻擊方案難以實施,或實施效果大打折扣,最大限度地降低敵網絡報復造成的損失。

(二)慎重決策,控制強度

孫子曰:“主不可以怒而興師,將不可以慍而致戰”。網絡空間威懾是國家之間的戰略博弈行為,尤其是實戰威懾,敏感性強,必須做到有理、有利、有節,決不能因為威懾“門檻”較低而濫用亂用,否則其效果可能會適得其反。網絡空間實戰威懾對作戰強度控制的要求很高。一方面,若強度太小,敵國政府和民眾不會產生畏懼心理,起不到應有的威懾效果,對方還可能採取同樣的手段實施反威懾,最終導致對抗升級,使己方威懾失效。另一方面,若強度過大,給敵國造成巨大的經濟損失和人員傷亡,引起國際社會的譴責和敵國政府、民眾的仇恨心理,就可能引發敵國運用常規力量進行大規模報復,有核國家甚至可能會動用核力量,這樣不但不能懾止戰爭,反而會起到戰爭導火索的作用。

(三)統一指揮,周密組織

網絡空間威懾的組織實施,要集中指揮,統一籌劃,搞好協同。一是精心組織力量。統一組織軍隊偵、攻、防、控四支力量,積極協調軍地各方網絡戰力量形成合力。尤其是要組織和協調好民間非專業網絡戰力量特別是愛國黑客,不能出現“盲動”現象,以免引發磨擦,擦槍走火,引起網絡戰的升級,或過早暴露攻擊意圖,授人以柄,導致局勢不可控或行動失敗。二是精當選擇目標。應選擇影響面廣,易產生明顯威懾效果的目標。例如,收視率排名靠前的廣播電視頻道、訪問量巨大的門戶網站、用戶眾多的無線通信網絡等。不能選擇無關痛癢、影響面小、民眾漠不關心的目標進行攻擊,易被誤認為是普通黑客製造的網絡安全事件,起不到應有的威懾效果。此外,還要考慮國際法和戰爭法約束,不能選擇易造成人道主義災難的目標,盡量不選取鐵路、航空、金融、醫療等部門的網絡目標,以免激起國際社會和對方民眾的譴責和反感。三是精確控制進程。實施網絡空間威懾性打擊之前,要通過廣泛的輿論宣傳造勢,向敵國發出打擊警告,並向全世界宣告己方行動的正義性,以爭取國際輿論的理解和支持。為突出威懾效果,己方可以高調宣布要攻擊的敵國網絡目標,再突破敵方層層網絡防禦,實施堅決有效的網絡攻擊,必要時最後還可對網絡攻擊效果進行定時恢復,以展現己方高超的網絡攻擊技術和手段,讓敵方決策者和民眾產生防不勝防、難以招架的心理挫折感,從而形成強烈的震懾效果。

(四)虛實結合,注重謀略

孫子所說的“能而示之不能,用而示之不用”,運用到網絡空間威懾,其要點概括起來就是“示而不宣、宣而不示”。 “示而不宣”,就是利用網絡攻擊難以追踪定位這一點,對特定目標實施網絡攻擊,但不對外宣布是己方所為,既展示了己方能力,又使得敵方雖然懷疑是己方所為,但沒有證據,無法追究。 “宣而不示”,就是公開宣傳或不經意透露己方研製或虛構的先進網絡戰裝備的型號、性能、特點,刻意誇大其作戰效能,虛虛實實,虛實結合,使敵摸不清己方真實實力,從而產生威懾效果。網絡戰行動具有追踪溯源困難、取證複雜的特點,發起方既可以承認,也可以矢口否認,或把責任推給民間黑客組織。 (來源:中國信息安全)

Original URL:

美國軍事網絡戰:黑客入侵防禦成為無菸的戰爭 // American military network warfare: hackers attack and defense creating a war without smoke

美國軍事網絡戰:黑客入侵防禦成為無菸的戰爭

American military network warfare: hackers attack and defense creating a war without smoke

Hackers may also be soldiers. Recently, the US Internet security company and the government issued a series of reports that “the Chinese military to participate in hacking.” With the “China hacker threat theory”, the US government immediately announced the latest anti-hacking strategy, although the Chinese Ministry of Foreign Affairs and the Ministry of Defense in a timely manner to make a refutation, but for a time, hacker news from the army or aroused everyone’s interest. In fact, the United States is the world’s largest Internet hacker location, has a huge network of troops.

As the daily consumption from the physical store to the transfer of electricity, and now the war has also moved from the line to the line. Not only the United States, Europe and the United States and Asia, many countries have begun to set up their own “network forces” – hackers is to become a frequent visitor to this service. And how these countries are leading the “formal” network of the army.

In 007 “skyfall” in the lovely Mr. Q is a network war master.

In May 2010, the US Department of Defense set up a network warfare headquarters officially launched, the US military strategic headquarters in September 1, 2010 before the development of a network warfare philosophy and plans, and plans in the next few years to expand the network security forces to 4900 people. This marks the United States intends to military hegemony from the land, sea, sky and space to the so-called “fifth field” of the network space extension.

It is reported that the United States is currently recruiting 2,000 to 4,000 soldiers, set up a “network special forces.” This unit not only to assume the task of network defense, but also to other countries of the computer network and electronic systems for secret attacks. According to Xinhua reported that a former US Air Force Major John Bradley at a meeting in 2002, said the United States spent on network attacks on the study than the network defense much more, because the senior staff of the former more Interested. And, the US military network attack time may be much earlier than we imagined.

In the Iraq war that began in 2003, the US military used the cyber warfare more widely. Before the war, thousands of Iraqi military and political officials in their e-mail mailbox received the US military sent the “persuade the letter”, resulting in a great psychological impact. Less than four hours after the war, Al Jazeera English website will be the US military “ban”, can not function properly.

In addition, the United States also in 2006 and 2008 has held two code-named “network storm” large-scale network war exercises.

Japan and South Korea: already set up a “network army”

At the end of 2009, the Ministry of Defense of Japan decided to establish a special “cyber space defense team” in 2011 to guard against hacker attacks and strengthen the ability to protect confidential information. According to the Japanese “Yomiuri Shimbun” reported on May 1, 2011, “cyberspace defense team” plan is set in the SDF command communications system under the initial number of about 60 people. This “network force” is responsible for collecting and analyzing the latest virus information, and anti-hacker attack training.

Japan’s network warfare is through the master “system of network” to paralyze the enemy combat system. Japan in the construction of network combat system, emphasizing the “offensive and defensive”, allocated large sums of money into the network hardware and “network warfare” construction, respectively, the establishment of the “defense information communication platform” and “computer system common platform”, to achieve the SDF Organs, forces network system of mutual exchange and resource sharing. And set up by the 5000 people of the “cyberspace defense team”, developed the network operations “offensive weapons” and network defense system, now has a strong network attack combat strength.

The DPRK this “enemy”, South Korea in 1999 put forward the overall vision of the future information construction, announced in 2009 will be the formation of “network command”, and officially launched in 2010. At present, South Korea already has about 20 million received professional training of the huge personnel, and 5% of annual defense funds are used to develop and improve the implementation of the core technology of network warfare.

Britain and Russia: enlisted hackers

Network forces hackers preferred, as early as 1998, because of the successful invasion of the US Pentagon computer system, Israel’s 18-year-old boy hacker Tenenbaum put on uniforms to become an Israeli soldier. Subsequently, the British government also in 2009, including former hackers, including network elite to defend the network security. They are young, diverse in background, some have been hackers, and even minor cybercrime.

On June 25, 2009, the UK government introduced its first national cybersecurity strategy and announced the establishment of two new departments of cybersecurity, the Network Security Office and the Network Security Operations Center, which are responsible for coordinating government security and coordination of government and government The security of the main computer system of civil society.

India in 2007 formed a land, sea and air armed forces joint emergency team, and enlisted hackers. At the same time, by absorbing the civil master enlisted and the cadet students “hacker” technical training, etc., and gradually complete the future network war talent pool.

Military power Russia in the 1990s on the establishment of the Information Security Committee, specifically responsible for network information security, launched in 2002, “Russian Federal Information Security Theory”, the network information warfare compared to the future “sixth generation of war.” Russia already has a large number of network elite, anti-virus technology is walking in the forefront of the world, in the event of a threat or need, these talents and technology will soon be transferred to military use.

“Black door”: ridiculous blame

Although there is no factual basis, but the US Internet security companies and the government is still often create “hacker door”, directed at China, not only involving colleges and universities, enterprises, as well as technical schools such as Shandong Lan Xiang, there are network individuals, now point to the Chinese military, Even to provide “hacker headquarters building” photos. However, the relationship between the IP address alone, “the source of the attack from China,” highlighting the ignorance of the relevant US people.

How do hackers use their own computer to attack? How can I leave a registered IP address? They usually through the springboard control of third-party computer to form a botnet and then attack. Take the initiative to expose the IP address left traces, is it a professional hacker!

China’s Ministry of Defense International Bureau of Communications Deputy Director Meng Yan wrote that the United States in the transformation of the way to render the Chinese hacker attack trick, even ignore itself is the network virtual space “rule makers.” 2012, 73,000 foreign IP addresses as Trojans and botnet control server to participate in the control of more than 1,400 million hosts in China, 32,000 IP through the implantation of the back door of China’s nearly 38,000 sites in the implementation of remote control, which originated in the United States The number of network attacks ranked first.

Hacker attack and defense: no smoke of the war

Only a few minutes, the domestic password experts, Tsinghua University Distinguished Professor Wang Xiaoyun and her research team with ordinary personal computers, will be able to crack MD5 password algorithm. Before her, even with the fastest giant computer, but also to calculate more than 1 million years to crack.

If this is a war, you can not hear the sound and can not see the smoke. Hackers often through the acquisition of passwords, place Trojan horse program, e-mail attacks, node attacks, network monitoring, find system vulnerabilities, steal privileges and so on, and the use of WWW spoofing technology, the use of account attacks, etc. to launch network attacks.

Reporters learned that the current “hanging horse” (that is, in the page to load Trojan virus), “phishing” (forged WEB site or e-mail, etc.) and other ways to become the mainstream of hacker attacks.

Original Mandarin Chinese:

 

黑客也可能是戰士。近日,美國網絡安全公司和政府接連發布報告稱“中國軍方參與黑客攻擊”。借助“中國黑客威脅論”,美國政府隨即公佈最新反黑客戰略,儘管中國外交部和國防部及時對此做出駁斥,但一時間,黑客從軍的消息還是激起大家的興趣。其實,美國才是世界上最大的網絡黑客所在地,擁有龐大的網絡大軍。

如同日常消費從實體店向電商轉移,如今戰爭也已經從線下搬到線上。不僅是美國,歐美亞等洲許多國家都已經著手建立本國的“網絡部隊”——黑客更是成為此軍種的常客。而這些國家又是如何領導這批“正規”的網絡大軍。

在007《skyfall》中可愛的Q先生就是一名網絡戰的高手。

2010年5月,美國國防部組建網絡戰司令部正式啟動,美軍戰略司令部要求在2010年9月1日前製訂出網絡戰作戰理念和計劃,併計劃在隨後幾年把網絡安全部隊擴編到4900人。這標誌著美國打算將軍事霸權從陸地、海洋、天空和太空向號稱“第五領域”的網絡空間延伸。

據悉,美國目前正在招募2000至4000名士兵,組建一支“網絡特種部隊”。這支部隊不僅要承擔網絡防禦的任務,還將對他國的電腦網絡和電子系統進行秘密攻擊。據新華網報導,一位前美國空軍少校約翰·布萊德利在參加2002年一次會議時就表示,美國花在網絡攻擊上的研究比網絡防禦上要多得多,因為高層人員對前者更感興趣。並且,美軍實施網絡攻擊的時間可能比大家想像的要早得多。

而在2003年開始的伊拉克戰爭中,美軍更為廣泛地使用網絡戰手段。戰前,數千名伊拉克軍政要員在他們的電子郵件信箱中收到美軍發來的“勸降信”,造成很大的心理影響。開戰後不到4個小時,半島電視台英語網站便被美軍“封殺”,不能正常運作。

另外,美國還於2006年和2008年先後舉行了兩次代號為“網絡風暴”的大規模網絡戰演習。

日韓:早已組建“網絡軍隊”

2009年底日本防衛省即決定,在2011年度建立一支專門的“網絡空間防衛隊”,以防備黑客攻擊,加強保護機密信息的能力。據日本《讀賣新聞》2011年5月1日報導,“網絡空間防衛隊”計劃設置於自衛隊指揮通信系統部之下,初期人數約60人。這支“網絡部隊”負責收集和分析研究最新的病毒信息,並進行反黑客攻擊訓練。

日本網絡戰是通過掌握“製網權”達到癱瘓敵人作戰系統。日本在構建網絡作戰系統中強調“攻守兼備”,撥付大筆經費投入網絡硬件及“網戰部隊”建設,分別建立了“防衛信息通信平台”和“計算機系統通用平台”,實現了自衛隊各機關、部隊網絡系統的相互交流和資源共享。並成立由5000人組成的“網絡空間防衛隊”,研製開發的網絡作戰“進攻武器”和網絡防禦系統,目前已經具備了較強的網絡進攻作戰實力。

而對朝鮮這個“敵人”,韓國在1999年提出了未來信息建設的總體設想,2009年宣布將組建“網絡司令部”,並於2010年正式啟動。目前,韓國已經擁有了約20萬接受過專業訓練的龐大的人才隊伍,而且每年國防經費的5%被用來研發和改進實施網絡戰的核心技術。

英俄:徵召黑客入伍

網絡部隊黑客優先,早在1998年,因為成功入侵美國五角大樓電腦系統,以色列18歲的少年黑客Tenenbaum穿上軍裝成為一名以色列士兵。隨後,英國政府也於2009年徵召包括前黑客在內的網絡精英保衛網絡安全。他們年輕,背景多樣,有的曾經是黑客,甚至有輕度網絡犯罪行為。

在2009年6月25日,英國政府出台首個國家網絡安全戰略,並宣布成立兩個網絡安全新部門,即網絡安全辦公室和網絡安全行動中心,分別負責協調政府各部門網絡安全和協調政府與民間機構主要電腦系統安全保護工作。

印度則在2007年組建了陸、海、空三軍聯合計算機應急分隊,並徵召黑客入伍。同時,通過吸納民間高手入伍和對軍校學員進行“黑客”技術培訓等方式,逐步完成未來網絡戰的人才儲備。

軍事大國俄羅斯上世紀90年代就設立了信息安全委員會,專門負責網絡信息安全,2002年推出《俄聯邦信息安全學說》,將網絡信息戰比作未來的“第六代戰爭”。俄羅斯已經擁有了眾多的網絡精英,反病毒技術更是走在了世界的前列,在遇到威脅或有需要時,這些人才和技術將能很快地轉入軍事用途。

“黑客門”:可笑的指責

雖然沒有事實依據,但美國網絡安全公司和政府仍然屢屢製造“黑客門”,矛頭直指中國,不僅涉及高校、企業,還有技校如山東藍翔,也有網絡個體,如今則指向中國軍方,甚至提供“黑客總部大樓”照片。然而,僅憑IP地址的關係就得出“攻擊源頭來自中國”,凸顯美國相關人士的無知。

黑客怎麼用自己的電腦發動攻擊?又怎麼會留下註冊IP地址?他們通常是通過跳板控制第三方電腦形成殭屍網絡再展開攻擊。主動暴露IP地址留下痕跡,豈是專業黑客所為!

中國國防部國際傳播局副局長孟彥日前撰文稱,美國各界在變換手法渲染中國黑客攻擊把戲時,竟然無視自身才是網絡虛擬空間的“規則制定者”。 2012年,7.3萬個境外IP地址作為木馬和殭屍網絡控制服務器參與控制中國境內1400餘萬台主機,3.2萬個IP通過植入後門對中國境內近3.8萬個網站實施遠程控制,其中源自美國的網絡攻擊數量名列第一。

黑客攻防:無硝煙的戰爭

只需要幾分鐘,國內密碼專家、清華大學特聘教授王小雲和她的研究小組用普通的個人電腦,就能破解MD5密碼算法。在她之前,即使採用最快的巨型計算機,也要運算100萬年以上才能破解。

如果這是戰爭,則聽不到聲音看不到硝煙。黑客往往通過獲取口令、放置特洛伊木馬程序、電子郵件攻擊、節點攻擊、網絡監聽、尋找系統漏洞、偷取特權等以及利用WWW欺騙技術、利用賬號攻擊等方式發起網絡攻擊。

記者了解到,目前“網頁掛馬”(即在網頁中加載木馬病毒)、“網絡釣魚”(偽造WEB站點或電子郵件等)等方式成為黑客攻擊的主流行為。