Chinese Military Analysis and Understanding of Foreign Military Cyberspace Combat Forces – People’s Liberation Army Situational Awareness Series

从世界主要国家网络空间作战力量建设情况看，美军作为最早公开宣布建设网络空间作战力量的军队，具备较强实力，在战争实践中多次实施了网络空间作战行动。欧盟、俄罗斯等组织和国家也展开了网络空间作战力量建设，并进行了一些实战行动。研究分析世界主要国家和地区军队网络空间作战力量建设的成功经验做法，对我国网络空间发展具有重要借鉴和启示意义。

随着网络信息技术的迅猛发展及在军事上的广泛运用，网络空间已成为继陆、海、空、天 4 个疆域之后的新兴作战疆域，网络空间作战也成为全域联合作战不可分割的重要组成部分，并成为夺取和保持作战主动权、控制权和制胜权的关键。美国、俄罗斯、日本等世界主要国家纷纷制定网络空间安全和发展战略，组建网络空间作战部队，研发先进网络技术和武器装备，加紧抢夺这一新的战略制高点。

1　美国引领网络空间建设

无论是网络空间概念和理论研究，还是其他相关技术研究和应用实践，美国都是网络空间发展的策源地和引领者，带动了各个国家与地区的网络空间发展。美军网络部队是世界上最早建立的“成建制”网络作战部队，历经克林顿时期初建防御、小布什时期网络反恐、奥巴马时期慑战并举和特朗普政府时期“前出防御”等阶段，已发展成为拥有 133 支网络任务分队、各军种数万人规模的网络作战部队。

1.1　强化战略威慑地位

美国为争夺网络空间的主控权和发展权，主动应对未来战争形态变化的新要求，将网络空间确立为与陆、海、空、天并列的新兴作战疆域，将其作为战略威慑力量摆到战略地位。

美国颁布的网络空间相关重要战略文件如表 1所示。2011 年，美国先后发布《网络空间国际战略》《网络空间可信身份识别国家战略》和《国防部网络空间行动战略》3 大战略文件，首次提出将网络空间视为第五作战域，将对网络空间的利用和控制提升为基本国策。

近年来，美军立足大国竞争，进一步提升网络空间的战略地位，网络空间作战的作战体系结构基本形成。2018 年，美军先后发布新版《国防部网络战略》[1] 以及《网络空间作战》联合条令，明确网络空间作战本身可作为独立作战样式达到创造战术、战役或战略效果，也可实现与其他领域作战样式的集成，通过协同作战以提升联合作战效能；2020 年，美网络空间日光浴委员会发布《来自未来的警告》报告，提出“前出防御”战略，建议由美国国防部将其拓展至国家层面，该战略是以持续交锋为主要行动模式，以行为塑造、获益拒止和成本强加为根本途径的国家网络空间分层威慑战略。

1.2　领导体制分工明确

美国将国家网络安全业务总体分成国土安全业务、国防业务、情报业务、执法业务 4 个部分，如图 1 所示。其中，国土安全业务由国土安全部主导，主要负责协调重要基础设施的网络空间安全，保护政府与商用网络和系统；国防业务由国防部主导，由美军网络司令部牵头，各军兵种提供组成部队力量，兼具攻击、防御、军事信息基础设施运维管理 3 大职能，是美网络安全力量的核心；情报业务由国家安全局主导，主要负责探测国外网络空间恶意活动，同时向国土安全局和国防部提供能力支援；犯罪执法则涉及司法部等多个部门及其下属机构。

表 1　美国颁布的网络空间相关重要战略文件

图 1　美国网络空间组织管理协调框架

美军网络司令部成立于 2009 年，原隶属于美军战略司令部，2017 年 8 月，美军网络司令部升级为第 10 个独立的美军联合作战司令部，将作战指控职责划归至网络司令部，并由国家安全局局长兼任司令官。对于美军网络作战，尤其是实时性要求很高的作战来说，此举措理顺了指挥控制关系，升级后的美国网络司令部与其他机构间的组织关系如图 2 所示。

图 2　升级后的美国网络司令部与其他机构间的组织关系

美军网络司令部接受美国总统、国防部长指挥，对国家网络任务部队总部、网络空间联合部队总部、军种网络空间部队总部和国防部信息网络联合部队总部等拥有作战控制权；各总部对配属的国家任务分队、作战分队、防护分队和支援分队等拥有作战控制权。

作战期间，美军网络司令部根据美国总统、国防部长指令开展网络作战行动，对所属部队实施作战控制，并向联合作战司令部提供定制的兵力包进行支援。兵力包由网络司令部所属网络作战部队、作战支援人员和其他网络空间力量组成。网络司令部对兵力包拥有作战控制权，并视情况将作战控制权指派给下属司令部。接受兵力包的指挥官拥有战术控制权，对网络空间作战时机和节奏进行控制。

1.3　组织力量规模庞大

美军网络部队是世界上最早建立的“成建制”网络作战部队，很早就开始征召网络人才，组建网络部队，并举行秘密演习。当前，美军基本形成了由网络司令部负责作战，各军种及国防信息系统局等国防部业务局负责建设的总格局。与陆、海、空作战领域不同，网络空间作战域的特殊性要求管理（军政）与作战（军令）这两条链条必须进行更紧密的合作。

美军网络空间战略作战力量主要是网络司令部下辖的 133 支网络任务分队，约 6200 名现役和文职人员。根据国防部 2013 年指示，该部队由各军种抽组力量组建（陆军 41 支，海军 40支，空军 39 支，海军陆战队 13 支）而成，2016年具备初始作战能力，2018 年具备全面作战能力，其主要遂行国防部信息网络运维防护行动、进攻性网络空间作战和防御性网络空间作战等任务。133 支网络任务分队根据肩负任务类型不同，编为国家网络任务部队、作战任务部队和网络防护部队 3 种类型部队。当前，美网络任务部队正扩充规模，2024 年将完成 21 支网络防护分队组建，使网络任务分队数量增至 154 支。

美军网络空间战术作战力量主要由美网络司令部下辖的陆军、海军、空军和海军陆战队4 大网络司令部的网络空间部队构成（总人数约为 8 万人），承担各军种网络防护和作战支援任务，在联合作战中为网络任务部队的进攻、防御和运维行动提供支撑。各军种网络司令部也正加紧网络作战力量的扩充与整合工作，为网络任务部队行动和各军种网络防护提供支撑。

1.4　作战能力系统全面

在装备研发上，美军遵循“边建边用、建用一体”的原则，不断加大网络战武器系统和装备的研发力度，开展网络作战关键技术的研究工作，在网络防御、网络攻击、监测预警、指挥控制和训练评估等方面开展了多个研究计划，并先后投入了数百亿美元用于研制开发各种网络空间作战装备，进而推动和改进网络作战技术水平，提升服务保障能力和作战效率。

网络防御最具代表性的装备包括“网络诱骗”系统、“网络狼”软件系统、网络攻击报警系统和网络漏洞扫描仪等，同时，美军还非常重视对“主动网络防御”概念的应用，这促使网络攻击溯源技术取得了长足的发展。网络攻击拥有“震网”“火焰”等威力强大的多种计算机病毒；战场网络攻击比较有代表性的是空军“舒特”系统和海军 EA-18G“咆哮者”飞机。侦察感知具备获取敌方通信、内容、网络协议、硬件地址、口令、身份鉴别过程、网络漏洞等信息的能力，通过实施“棱镜”“主干道”“码头”“核子”等一系列监控项目和“爱因斯坦”“普罗米修斯”等计划，形成大规模的情报生产能力，力图构建全球范围内的网络空间态势感知体系。

1.5　装备研制力量兼收并蓄

美军网络作战武器装备研发始终按照军商民结合、兼收并蓄的方法进行。网络空间作战装备与常规作战装备不同，其主要是以代码为基础、以设计为核心的研制生产形式，供应链的层级关系并不明晰。如今，美国具有以美国国防部高级研究计划局（Defense Advanced Research Projects Agency，DARPA）为核心的军方研究力量，以诺斯罗普·格鲁曼、雷声、洛克希德·马丁等传统防务公司为主，互联网、电子、软件、信息安全等领域公司兼收并蓄的研制力量。

美军方、政府科研机构和传统防务公司的网络空间研究方向通常覆盖网络空间侦察（态势感知）、监视、攻击、防御、测试验证、综合集成中的一方面或多个方面；而互联网、电子、软件、信息安全等领域公司，则在各自领域开展网络空间技术研究与装备研制生产。另外，由于网络空间作战装备的研发产品主要是软件，是一种逻辑层产品，这导致网络空间基础研究与装备研制生产之间的界限模糊，各大院校和政府科研机构，甚至一些小型科研团队及个人，也是美国网络空间工业的重要组成部分。网络空间研制生产能力主要力量结构如图3 所示。

图 3　美国网络空间研制生产能力主要力量结构

其中，大中型军工企业是美国网络空间装备分系统 / 子系统 / 技术领域研发的中坚力量。近几年，美国传统大中型军工企业以“兼并重组”为主要手段，迅速进入网络安全领域，形成了以诺斯罗普·格鲁曼、雷声、波音、洛克希德·马丁等几家综合性公司为龙头的网络安全国防产业，在 DARPA 和各军种网络空间项目的竞标中，这些大中型军工企业通常占据主承包商位置。

2　欧洲紧随其后蓄势待发

欧洲网络空间工业的起步晚于美国，主要侧重于对网络空间防御和网络空间安全问题的研究。近几年，欧洲各国政府和国防 / 电子企业也纷纷投入到网络空间安全领域，通过逐步完善战略政策，公私联合，引导网络空间技术研发，现已初步形成了跨越整个欧洲及其他国家和地区的网络空间防御体系。具体表现为以下几个层面。

研发层面，欧洲各国既唯美国马首是瞻，又借助北约、欧盟等跨国平台实现欧洲内部、欧洲与美国之间的融合互补，最终形成了共性与特性兼具的、仅次于美国的网络空间安全能力。

组织管理层面，由于欧洲国家大多规模较小，便于管理，因此成就了相对高效、一体化、能力强大的网络空间管理机制。同时，由于欧洲国家众多，存在竞争，因此，一些有关网络空间安全方面的国家级合作实施有时也存在阻力。

系统研发层面，由于欧洲很多国家的数字化、软件化、网络化水平非常高（甚至高于美国），导致其与美国一样面临非常大的网络空间防御压力，因此，其网络空间发展以确保网络空间安全为主。近几年，在以防御为主的网络空间思想的引领下，逐步加强网络空间技术，特别是网络空间安全技术的研发，同时，在原有信息技术基础设施的研究基础上推陈出新，在物联网等领域扩大投入和部署。当各国纷纷投入网络空间安全市场时，一些主要欧洲国家的网络空间安全产品已经占有较大的市场份额，开拓出一定规模的全球市场。

3　俄罗斯网络空间发展思路别具一格

相比西方国家，俄罗斯一直关注全面、大范围的信息空间，对作为信息空间子域的网络空间，没有像美国这样的深入和系统的研究。但由于俄罗斯长期对信息安全领域的关注和工业积累，使其在网络空间领域具有较好的基础。具体表现为以下几个层面。

战略规划层面，俄罗斯曾发布了一系列旨在保护国家各个方面信息安全的法律文件，例如《俄罗斯联邦信息安全学说》《俄罗斯社会信息发展战略》等，但在现有的法律文件中，没有涵盖信息空间与网络空间的关系体系，“网络安全”这一术语并未从“信息安全”的概念中分离。随着网络安全风险的不断增大，俄罗斯自 2010 年开始，将保护网络空间安全的重点放在关键信息基础设施方面，先后颁布了《俄罗斯联邦武装力量在信息空间活动的构想观点》《2020 年前俄罗斯联邦国际信息安全领域国家政策框架》《俄罗斯联邦网络安全战略构想（草案）》《俄罗斯联邦信息安全学说（第二版）》及《俄罗斯联邦关键信息基础设施安全法》等法律文件，从多个层面阐述了俄罗斯为推动网络空间发展的战略目标，以及为保护关键信息基础设施、指导网络空间发展所实施的重要举措。组织机构层面，2013 年 8 月，俄罗斯政府宣布在俄罗斯武装部队下面组建一个专门的信息战机构，且决定组建网络安全司令部和一个武装部队新机构，目的是提高该国的网络作战能力。

应用实践层面，美国 2010 年出版的《网络指挥官手册》中显示，全球网络作战的唯一实例是 2007—2009 年发生在爱沙尼亚、格鲁吉亚和吉尔吉斯斯坦的信息网络攻击事件，这 3 次小规模的攻击都是俄罗斯所为，可以认为俄罗斯在网络安全领域拥有独一无二的实战经验。

研发力量层面，俄罗斯拥有实力突出的网络安全防御公司，例如，卡巴斯基实验室是全球信息安全领域的一家重要企业，俄罗斯技术集团旗下的“俄罗斯技术信息”公司也是俄罗斯核心的网络安全公司。由于

透明度有限，很难从公开渠道发现俄罗斯具备网络攻击装备研发能力的公司，但并不代表俄罗斯没有这样能力的公司，此外，俄罗斯黑客组织在全球都享有“盛名”，此行为推动了民间网络空间装备的研制、生产和交易。

4　日本掀起网络空间发展热潮

日本是全球信息技术最先进的国家之一，同时也受到越来越多从针对个人到针对公共部门及基础设施的网络空间威胁，因此日本很早就开始关注网络空间安全议题。日本将这些威胁归为“信息安全”范畴，并在 2005 年成立了国家信息安全中心以应对威胁。随着美国提出的“网络空间”概念被广泛接受，日本也于 2010年前后开始从国家层面专门强调“网络空间”，并将网络安全作为影响国家安全的重要议题。具体表现为以下几个层面。

战略规划层面，2013 年，日本政府发布首份《网络安全战略》，该战略从国家层面推动网络安全建设与发展，明确提出了要将日本建设成为网络安全强国。2015 年 8 月、2018 年 7 月，日本政府先后出台了 2 份升级版《网络安全战略》，主要是为 2020 年东京奥运会和残奥会的网络安全防护提供准备。

组织机构层面，2010 年，日本防卫厅组建了一支由陆、海、空自卫队计算机专家构成的5 000 人左右的“网络战部队”，让其专门从事网络系统的攻防。日本“网络战部队”的主要任务是负责研制开发可破坏其他国家网络系统的跨国性“网络武器”，并承担自卫队计算机网络系统防护、病毒清除、程序修复等任务；开发战术性“网络武器”，并研究网络战的有关战术等；支援“网络特攻队”的反黑客组织、反病毒入侵等任务。国际研究人士指出，从日本“网络战部队”身上，可以看到美军“超级黑客部队”的影子。

应用实践层面，日本在网络攻防演习中，更注重贴合实战背景，从而提升演习的实用性和针对性。在 2014 年“3·18”演习中，预设场景为 2020 年东京奥运会期间日本关键基础设施遭遇网络攻击。在 2019 年日美举行的“山樱”联合演习中，预设场景为日本东京都和西南地区遭受导弹袭击等多项事态并发，该演习旨在检验指挥控制系统在网络和电磁攻击下的运转情况并研习对策。

系统研发层面，日本在构建网络作战系统中强调“攻守兼备”，拨付大笔经费投入网络硬件及“网络战部队”建设，分别建立了“防卫信息通信平台”和“计算机系统通用平台”，实现了自卫队各机关、部队网络系统的相互交流和资源共享。

5　启示建议

从世界主要国家网络空间作战力量建设情况看，美国、俄罗斯、日本及欧盟等世界主要国家和组织通过战略规划指导、组织机构建设、作战力量组建、系统装备研发等手段，不断强化军队网络空间作战力量建设，这对我国网络空间发展具有一定借鉴参考意义。

5.1　深化顶层设计，提升网络空间战略地位

网络空间使国家利益的边界得到极大的延伸和扩展，网络日益成为国家政治、经济、文化和社会活动的基础平台，成为实体经济的命脉和整个社会赖以正常运转的神经系统。由此可见，网络安全已不仅仅是网络自身的安全问题，其影响已辐射至国家安全和国家利益的方方面面，因此，有必要从国家战略层面整体谋划部署国家的网络安全问题。我国应借鉴国外网络空间战略经验，从国家层面制定网络空间战略、强化网络安全立法、构建国际合作体系，从国家层面整体谋划部署国家网络安全发展。

5.2　夯实能力基础，发展网络空间对抗能力

近年来，随着我国信息化建设的推进，国家网络基础设备的全面普及，来自国内外的网络安全威胁呈现多元化、复杂化、频发高发趋势，对我网络空间安全构成重大威胁，导致我国政府机构、关键基础设施的重要信息系统可能面临大规模的敏感信息外泄和信息系统瘫痪等安全风险。为保障网络空间信息基础设施的完整性、可用性，须提高其生存能力，对网络威胁做到快速响应，并在合适的时机主动发起攻击。基于此，我国必须从理论、技术和人才等方面出发，夯实网络空间能力基础，为未来可能出现的网络空间对抗和防御提供保障。

5.3　加强力量建设，构建网络空间支撑体系

如今，网络空间已成为新兴作战域，必须建设强大的网络空间作战部队，夺取这一新兴作战域的控制权，才能有效维护网络空间的国家安全和发展利益。自 2009 年 6 月美军网络司令部组建以来，美军的网络军事力量建设取得较大成效，形成了美国网络安全的有力军事保障，同时也对其他国家网络空间构成巨大威胁。我们必须加快网络空间部队建设步伐，不断提升全民的网络安全意识和信息防护能力，并加强国防动员建设，培养预备力量，打造有足够作战能力的网络作战力量体系，才能有效遏制抗衡对手对我国的网络威胁。

6　结　语

网络空间因其具有不受时空限制、不受作战目标约束、作战力量支撑来源广泛、作战过程突变性较强等特点，成为军队谋求发展的重要作战力量。近年来，美国、俄罗斯、日本及欧盟等世界主要国家和组织致力于推动网络空间作战力量建设，以抢夺在该领域的优势地位。我国应加快推进军队网络空间力量建设，提升我国网络空间作战能力，以谋求未来信息化战争的制胜权。

引用格式：李硕 , 李祯静 , 王世忠 , 等 . 外军网络空间作战力量发展态势分析与启示 [J]. 信息安全与通信保密 ,2022(5):90-99.

作者简介 >>>

From the perspective of the construction of cyberspace combat forces in major countries in the world, the U.S. military, as the first army to publicly announce the construction of cyberspace combat forces, has relatively strong strength and has carried out cyberspace combat operations many times in war practice. Organizations and countries such as the European Union and Russia have also launched cyberspace combat force building and carried out some actual combat operations. The study and analysis of the successful experience and practices of the major countries and regions in the world in the construction of military cyberspace combat forces has important reference and enlightenment significance for the development of cyberspace in my country.

With the rapid development of network information technology and its wide application in the military, cyberspace has become an emerging combat domain following the four domains of land, sea, air, and space, and cyberspace operations have also become an inseparable and important component of all-domain joint operations part, and become the key to gaining and maintaining the operational initiative, control and victory. The United States, Russia, Japan and other major countries in the world have formulated cyberspace security and development strategies, established cyberspace combat forces, and developed advanced network technologies and weapons and equipment, stepping up to seize this new strategic commanding height.

1. The United States leads the construction of cyberspace

Whether it is cyberspace concept and theoretical research, or other related technology research and application practice, the United States is the source and leader of cyberspace development, driving the development of cyberspace in various countries and regions. The U.S. military’s cyber force is the earliest “established” cyber combat force in the world. It has gone through stages such as the establishment of defense during the Clinton era, cyber counter-terrorism during the Bush era, simultaneous deterrence and war during the Obama era, and “forward defense” during the Trump administration. It has developed into a network combat force with 133 network task teams and tens of thousands of people in various services.

1.1 Strengthening the strategic deterrent position

In order to compete for the control and development of cyberspace, the United States actively responds to the new requirements of changes in the shape of future wars, and establishes cyberspace as an emerging combat domain alongside land, sea, air, and space, and places it as a strategic deterrent. Strategic Position.

The important strategic documents related to cyberspace promulgated by the United States are shown in Table 1. In 2011, the United States successively issued three major strategic documents, the “International Strategy for Cyberspace”, the “National Strategy for Trusted Identity in Cyberspace” and the “Strategy for Cyberspace Operations of the Department of Defense”. The use and control of cyberspace has been elevated to a basic national policy.

In recent years, based on competition among major powers, the U.S. military has further enhanced its strategic position in cyberspace, and a combat system structure for cyberspace operations has basically taken shape. In 2018, the U.S. military successively released the new version of the “DoD Cyber Strategy” [1] and the “Cyberspace Operations” joint doctrine, clarifying that cyberspace operations themselves can be used as an independent combat style to achieve tactical, operational or strategic effects, and can also be integrated with other fields. The integration of combat styles improves the effectiveness of joint operations through coordinated operations; in 2020, the U.S. Cyberspace Sunbathing Committee released the “Warning from the Future” report, proposing the “defense forward” strategy, and recommending that the U.S. Department of Defense expand it to the national level , the strategy is a national cyberspace layered deterrence strategy based on continuous confrontation as the main mode of action, and behavior shaping, benefit denial, and cost imposition as the fundamental approaches.

1.2 The leadership system has a clear division of labor

The United States divides its national cyber security business into four parts: homeland security business, national defense business, intelligence business, and law enforcement business, as shown in Figure 1. Among them, the homeland security business is dominated by the Department of Homeland Security, which is mainly responsible for coordinating the cyberspace security of important infrastructure and protecting government and commercial networks and systems; the national defense business is dominated by the Department of Defense, led by the US Cyber Command, and various military services provide troops It has three major functions of attack, defense, and military information infrastructure operation and maintenance management. It is the core of the US cyber security force; the intelligence business is dominated by the National Security Agency, which is mainly responsible for detecting malicious activities in foreign cyberspace. The Ministry of Defense provides capability support; criminal law enforcement involves multiple departments including the Department of Justice and its subordinate agencies.

Table 1. Important strategic documents related to cyberspace promulgated by the United States

Figure 1. Management and coordination framework of cyberspace organizations in the United States

The U.S. Cyber Command was established in 2009 and was originally affiliated to the U.S. Strategic Command. In August 2017, the U.S. Cyber Command was upgraded to the 10th independent U.S. Joint Operations Command, and the responsibility for combat command was assigned to the Cyber Command. And the director of the National Security Agency also serves as the commander. For the U.S. military’s network operations, especially operations with high real-time requirements, this move straightens out the command and control relationship. The organizational relationship between the upgraded U.S. Cyber Command and other agencies is shown in Figure 2.

Figure 2. The organizational relationship between the upgraded US Cyber Command and other agencies

The U.S. Cyber Command is under the command of the President and Secretary of Defense of the United States, and has operational control over the headquarters of the National Cyber Mission Force, the Headquarters of the Joint Cyberspace Forces, the Headquarters of the Cyberspace Forces of the Services, and the Headquarters of the Joint Forces of the Department of Defense Information Network; Mission detachments, combat detachments, protection detachments and support detachments have operational control.

During the operation, the U.S. Cyber Command conducts cyber operations in accordance with the instructions of the U.S. President and Secretary of Defense, implements operational control over its subordinate forces, and provides customized force packages to the Joint Operations Command for support. The force package is composed of cyber combat forces, combat support personnel and other cyberspace forces under the Cyber Command. Cyber Command maintains operational control of force packages and delegates operational control to subordinate commands as appropriate. The commander receiving the force package has tactical control over the timing and tempo of cyberspace operations.

1.3 Large scale of organizational strength

The U.S. military’s cyber force is the first established “organized” cyber combat force in the world. It has long recruited cyber talents, formed a cyber force, and held secret exercises. At present, the U.S. military has basically formed a general pattern in which the Cyber Command is responsible for operations, and the military services and the Defense Information Systems Agency and other Ministry of Defense business bureaus are responsible for the construction. Different from the land, sea, and air combat domains, the particularity of the cyberspace combat domain requires that the two chains of management (military administration) and operations (military orders) must cooperate more closely.

The U.S. military’s cyberspace strategic combat force is mainly composed of 133 cyber mission teams under the Cyber Command, with about 6,200 active duty and civilian personnel. According to the instructions of the Ministry of National Defense in 2013, the force was formed by drawing forces from various services (41 from the Army, 40 from the Navy, 39 from the Air Force, and 13 from the Marine Corps). It mainly performs tasks such as the operation and maintenance protection operations of the Ministry of National Defense information network, offensive cyberspace operations, and defensive cyberspace operations. The 133 cyber mission teams are organized into three types of troops: national cyber mission troops, combat mission troops, and network protection troops, according to the different types of tasks they undertake. Currently, the U.S. Cyber Task Force is expanding its scale. By 2024, 21 cyber protection teams will be formed, increasing the number of cyber task teams to 154.

The cyberspace tactical combat force of the U.S. military is mainly composed of the cyberspace forces of the four major cybercommands of the Army, Navy, Air Force, and Marine Corps under the U.S. Cyber Command (the total number is about 80,000 people), and they are responsible for network protection and combat support of various services. The mission provides support for the offensive, defensive, and operation and maintenance operations of the cyber mission force in joint operations. The network commands of various services are also stepping up the expansion and integration of network combat forces to provide support for the operations of network mission forces and the network protection of various services.

1.4 Comprehensive combat capability system

In terms of equipment research and development, the U.S. military adheres to the principle of “building while using, and integrating construction and use”, continuously intensifies the research and development of cyber warfare weapon systems and equipment, and conducts research on key technologies for cyber warfare. A number of research programs have been carried out in early warning, command and control, and training and evaluation, and tens of billions of dollars have been invested in the research and development of various cyberspace combat equipment, thereby promoting and improving the level of network combat technology, enhancing service support capabilities and operational capabilities. efficiency.

The most representative equipment for network defense includes “network deception” system, “cyber wolf” software system, network attack alarm system and network vulnerability scanner. At the same time, the US military also attaches great importance to the application of the concept of “active network defense”. It has promoted the rapid development of network attack traceability technology. Cyber attacks include a variety of powerful computer viruses such as “Stuxnet” and “Flame”; battlefield cyber attacks are more representative of the Air Force’s “Shuter” system and the Navy’s EA-18G “Growler” aircraft. Reconnaissance perception has the ability to obtain information such as enemy communications, content, network protocols, hardware addresses, passwords, identity authentication processes, and network vulnerabilities. Programs such as “Einstein” and “Prometheus” have formed large-scale intelligence production capabilities and are trying to build a global cyberspace situational awareness system.

1.5 Equipment research and development forces are all-inclusive

The research and development of the U.S. military’s network combat weapons and equipment has always been carried out in accordance with the method of combining military, commercial and civilian, and inclusive. Cyberspace combat equipment is different from conventional combat equipment. It is mainly a code-based, design-centric development and production form, and the hierarchical relationship of the supply chain is not clear. Today, the United States has a military research force with the Defense Advanced Research Projects Agency (DARPA) as the core, and traditional defense forces such as Northrop Grumman, Raytheon, and Lockheed Martin. The company is the mainstay, and the company has an eclectic research and development force in the fields of Internet, electronics, software, and information security.

The cyberspace research directions of the U.S. military, government scientific research institutions, and traditional defense companies usually cover one or more aspects of cyberspace reconnaissance (situational awareness), surveillance, attack, defense, test verification, and comprehensive integration; while the Internet, electronics, Companies in the fields of software and information security carry out cyberspace technology research and equipment development and production in their respective fields. In addition, since the research and development products of cyberspace combat equipment are mainly software, which is a logical layer product, this has led to a blurred boundary between basic research in cyberspace and equipment development and production. Teams and individuals are also an important part of the US cyberspace industry. Figure 3 shows the main power structure of cyberspace R&D and production capabilities.

Figure 3 The main force structure of US cyberspace R&D and production capabilities

Among them, large and medium-sized military enterprises are the backbone of the research and development of the US cyberspace equipment subsystem/subsystem/technical field. In recent years, the traditional large and medium-sized military enterprises in the United States have rapidly entered the field of network security through “mergers and reorganizations” as the main means, and formed several companies such as Northrop Grumman, Raytheon, Boeing, and Lockheed Martin. Comprehensive companies are the leading network security defense industry. In the bidding of DARPA and various military cyberspace projects, these large and medium-sized military enterprises usually occupy the position of main contractors.

2 Europe follows closely behind

The European cyberspace industry started later than the United States, mainly focusing on research on cyberspace defense and cyberspace security issues. In recent years, European governments and national defense/electronic companies have also invested in the field of cyberspace security. Through the gradual improvement of strategic policies, public-private alliances, and guidance of cyberspace technology research and development, a network that spans the entire Europe and other countries and regions has been initially formed. Cyberspace defense system. Specifically, it is manifested in the following levels.

At the level of research and development, European countries not only follow the lead of the United States, but also rely on NATO, the European Union and other transnational platforms to achieve integration and complementarity within Europe and between Europe and the United States, and finally formed a cyberspace security capability with both commonality and characteristics, second only to the United States .

At the level of organization and management, since most European countries are small in scale and easy to manage, they have achieved a relatively efficient, integrated, and powerful cyberspace management mechanism. At the same time, due to the large number of European countries and the existence of competition, there are sometimes obstacles to the implementation of national-level cooperation on cyberspace security.

At the level of system research and development, due to the very high level of digitalization, softwareization, and networking in many European countries (even higher than the United States), they are facing great pressure in cyberspace defense just like the United States. Therefore, their cyberspace development is to ensure cyberspace Safety first. In recent years, under the guidance of cyberspace thinking that focuses on defense, the research and development of cyberspace technology, especially cyberspace security technology, has been gradually strengthened. Expand investment and deployment in the field. When countries are investing in the cyberspace security market one after another, the cyberspace security products of some major European countries have already occupied a relatively large market share and opened up a certain scale of global market.

3. Russia’s cyberspace development ideas are unique

Compared with Western countries, Russia has always paid attention to comprehensive and large-scale information space, and has not conducted in-depth and systematic research on cyberspace as a subdomain of information space like the United States. However, due to Russia’s long-term attention to the field of information security and industrial accumulation, it has a good foundation in the field of cyberspace. Specifically, it is manifested in the following levels.

At the level of strategic planning, Russia has issued a series of legal documents aimed at protecting information security in all aspects of the country, such as the “Russian Federation Information Security Doctrine”, “Russian Social Information Development Strategy”, etc., but in the existing legal documents, it does not cover The relational system between information space and cyberspace, the term “cyber security” is not separated from the concept of “information security”. With the continuous increase of network security risks, Russia has focused on the protection of cyberspace security on key information infrastructure since 2010, and successively promulgated “Conceptual Viewpoints of Russian Federation Armed Forces in Information Space Activities” and “2020 Legal documents such as the National Policy Framework in the Field of International Information Security of the Russian Federation, the Strategic Conception of the Russian Federation Network Security (Draft), the Doctrine of Information Security of the Russian Federation (Second Edition) and the Law on the Security of Key Information Infrastructures of the Russian Federation It expounds Russia’s strategic goals to promote the development of cyberspace at multiple levels, as well as the important measures implemented to protect key information infrastructure and guide the development of cyberspace. At the organizational level, in August 2013, the Russian government announced the formation of a specialized information warfare agency under the Russian Armed Forces, and decided to form a cyber security command and a new agency of the armed forces, with the aim of improving the country’s cyber combat capabilities.

At the level of application practice, the “Network Commander’s Handbook” published by the United States in 2010 shows that the only example of global network operations is the information network attacks that occurred in Estonia, Georgia, and Kyrgyzstan from 2007 to 2009. These three small-scale attacks They are all done by Russia. It can be considered that Russia has unique practical experience in the field of network security.

In terms of research and development capabilities, Russia has a network security defense company with outstanding strength. For example, Kaspersky Lab is an important company in the field of global information security, and the “Russian Technological Information” company under the Rostec Group is also a core network security company in Russia. because

Transparency is limited, and it is difficult to find Russian companies capable of researching and developing cyber attack equipment from public channels, but this does not mean that Russia does not have such capabilities. In addition, Russian hacker organizations enjoy a “famous reputation” around the world. Research, production and trade of equipment.

4 Japan set off a wave of cyberspace development

Japan is one of the countries with the most advanced information technology in the world. At the same time, it is also subject to more and more cyberspace threats ranging from targeting individuals to public sectors and infrastructure. Therefore, Japan has long paid attention to cyberspace security issues. Japan classifies these threats under the umbrella of “information security” and established the National Information Security Center in 2005 to address the threat. As the concept of “cyberspace” proposed by the United States has been widely accepted, Japan also began to emphasize “cyberspace” at the national level around 2010, and regarded cybersecurity as an important issue affecting national security. Specifically, it is manifested in the following levels.

At the level of strategic planning, in 2013, the Japanese government issued the first “Network Security Strategy”, which promotes the construction and development of network security at the national level, and clearly proposes to build Japan into a powerful country in network security. In August 2015 and July 2018, the Japanese government successively issued two upgraded versions of the “Cyber Security Strategy”, mainly to prepare for the network security protection of the 2020 Tokyo Olympic and Paralympic Games.

At the organizational level, in 2010, the Japanese Defense Agency established a “cyber warfare force” of about 5,000 people composed of computer experts from the land, sea, and air self-defense forces to specialize in the attack and defense of network systems. The main task of Japan’s “cyber warfare forces” is to develop transnational “cyber weapons” that can destroy the network systems of other countries, and undertake tasks such as self-defense force computer network system protection, virus removal, and program repair; develop tactical “cyber weapons” “, and study the relevant tactics of cyber warfare; support the anti-hacking organization and anti-virus intrusion tasks of the “Network Special Attack Team”. International researchers pointed out that from the Japanese “cyber warfare forces”, we can see the shadow of the US military’s “super hacker force”.

At the level of application practice, Japan pays more attention to the actual combat background in network offensive and defensive exercises, so as to improve the practicality and pertinence of the exercises. In the “March 18” exercise in 2014, the preset scenario was that Japan’s key infrastructure encountered cyber attacks during the 2020 Tokyo Olympics. In the “Yamazakura” joint exercise held by Japan and the United States in 2019, the preset scenario was that Tokyo and the southwest region of Japan were attacked by missiles and other events concurrently. The exercise aimed to test the operation of the command and control system under cyber and electromagnetic attacks situation and study countermeasures.

At the level of system research and development, Japan emphasizes “both offense and defense” in building a network combat system, allocates a large amount of funds to invest in network hardware and “network warfare troops”, and establishes a “defense information communication platform” and a “common computer system platform” respectively. It facilitates the mutual communication and resource sharing of various organs and military network systems of the Self-Defense Force.

5 Apocalyptic Suggestions

From the perspective of the construction of cyberspace combat forces in major countries in the world, major countries and organizations in the world, such as the United States, Russia, Japan, and the European Union, have continuously strengthened military cyberspace operations through strategic planning guidance, organizational structure construction, combat force formation, and system equipment research and development. This has certain reference significance for the development of my country’s cyberspace.

5.1 Deepen the top-level design and enhance the strategic position of cyberspace

Cyberspace has greatly extended and expanded the boundaries of national interests. The Internet has increasingly become the basic platform for national political, economic, cultural and social activities, the lifeblood of the real economy and the nervous system on which the entire society depends. It can be seen that network security is not only a security issue of the network itself, but its impact has radiated to all aspects of national security and national interests. Therefore, it is necessary to plan and deploy the country’s network security issues from the national strategic level. my country should learn from the experience of foreign cyberspace strategies, formulate cyberspace strategies at the national level, strengthen cybersecurity legislation, build an international cooperation system, and plan and deploy national cybersecurity development as a whole at the national level.

5.2 Consolidate the foundation of capabilities and develop cyberspace countermeasures

In recent years, with the advancement of my country’s informatization construction and the comprehensive popularization of national network infrastructure equipment, network security threats from home and abroad have shown a trend of diversification, complexity, and frequent occurrence, posing a major threat to China’s cyberspace security, leading to my country’s Important information systems of government agencies and critical infrastructure may face security risks such as large-scale leakage of sensitive information and paralysis of information systems. In order to ensure the integrity and availability of cyberspace information infrastructure, it is necessary to improve its survivability, respond quickly to cyber threats, and initiate attacks at the right time. Based on this, our country must proceed from the aspects of theory, technology, and talents to consolidate the foundation of cyberspace capabilities and provide guarantees for possible cyberspace confrontation and defense in the future.

5.3 Strengthen strength building and build a cyberspace support system

Today, cyberspace has become an emerging combat domain. It is necessary to build a powerful cyberspace combat force and seize control of this emerging combat domain in order to effectively maintain national security and development interests in cyberspace. Since the establishment of the U.S. Cyber Command in June 2009, the U.S. military has made great achievements in the construction of cyber military power, forming a strong military guarantee for U.S. cyber security, and at the same time posing a huge threat to the cyberspace of other countries. We must speed up the construction of cyberspace forces, continuously improve the cybersecurity awareness and information protection capabilities of the whole people, strengthen national defense mobilization, cultivate reserve forces, and build a network combat force system with sufficient combat capabilities, so as to effectively contain and counter the opponent’s attack on our country. cyber threat.

6 Conclusion

Cyberspace has become an important combat force for the military to seek development because of its characteristics such as not being restricted by time and space, not being constrained by combat objectives, having a wide range of sources of support for combat forces, and strong mutations in the combat process. In recent years, major countries and organizations in the world, such as the United States, Russia, Japan, and the European Union, have been committed to promoting the construction of cyberspace combat capabilities in order to seize the dominant position in this field. my country should accelerate the construction of military cyberspace forces and enhance our country’s cyberspace combat capabilities in order to seek the right to win future information warfare.

Citation format: Li Shuo, Li Zhenjing, Wang Shizhong, et al. Analysis and Enlightenment of the Development Situation of Foreign Military Cyberspace Combat Forces [J]. Information Security and Communication Secrecy, 2022(5):90-99.

Reference: https://www.163.com/dy/article/