Chinese Military Cyber Warfare Capacity Building Achieving Situational Awareness in Cyberspace //

中國軍事網絡戰能力建設在網絡空間實現態勢感知

2017/05/20

Cyberspace has become a new territory alongside land, sea, air and space, and it is also the most extensive territory. Since the birth of the computer, computer and network-based information systems have gradually developed, and the software and resources on it have been continuously enriched, eventually forming a network space.

With the continuous development of the US military’s weapons and equipment and combat theory, the “cyberspace warfare” began to move from reality to reality. Compared with the traditional “platform center warfare”, the role of the command and control system “combat multiplier” in “cyberspace warfare” will be more prominent, and the impact on combat will be even greater. In the future modern war, in cyberspace Command and control should have its own characteristics and concerns.

In theory, cyberspace is synonymous with the digital society of all available electronic information and networks. The United States “National Security Presidential Decree No. 45 and General Homeland Security Order No. 23” defines cyberspace as: information technology infrastructure and interdependent networks, including the Internet, telecommunications networks, computer systems, and processors in key industries. And the controller, usually also includes the information virtual environment and the interaction between people.

Cyberspace has four elements: communication devices and lines; computers; software; data communication and resource sharing. Communication equipment and lines: It is one of the infrastructures of network space, including routing/switching equipment, wired/wireless communication equipment, cables, and so on. Computer: One of the infrastructures of cyberspace with computing, storage, and data processing capabilities. Software: It is the core supporting part of cyberspace, and software systems running various functions in communication devices and computers. Data communication and resource sharing: It is the basic capability of cyberspace, providing the required information for users at all levels.

Commanding operations in the vast new territory of cyberspace will inevitably require the linkage of multiple arms and services. First, it should have security protection capabilities, provide multiple levels of security, and secondly must master the battlefield situation. In addition, it must have resource scheduling capabilities, etc. Provide support for integrated joint operations.

Security protection refers to the protection of data in the hardware, software and systems of network systems by using various technologies and management measures so that they are not damaged, falsified or leaked due to accidental or malicious reasons, so that the system can continue Reliable and normal operation, network services are not interrupted.

In the cyberspace command operation, the whole process of generating, storing, transmitting and using all kinds of allegations is faced with one or the other security threats. The traditional form of conflict has been extended to cyberspace.

Security protection technology and attack technology have been developing together. The contest between “spear” and “shield” has existed since ancient times. Although the US military has consistently expressed its position through various channels, it claims that the “core of the US military’s cyberspace operations is to defend against cyberattacks, and defensive capabilities are the basis of all other combat capabilities.” However, a little analysis shows that the US military must achieve this in cyberspace. The goal is to combine attack and defense, build a network deterrent system, and consolidate its own “networking rights” in the military. US Deputy Defense Secretary Lynn has made it clear that the US will retain the right to respond to serious cyber attacks and will make a commensurate and legitimate military response at the time and place we choose. Former Defense Secretary Panetta has pointed out: “Now we live in a completely different world and face the cyberspace attack that can be compared with Pearl Harbor.” “We must be prepared to deal with it. In cyberspace, we have to Have a good network attack and network defense capabilities.” These speeches fully demonstrate that the US military pays attention to the deterrent effect of cyberspace, emphasizes the combination of attack and defense in cyberspace, and takes the initiative to launch cyberattacks when necessary. Its military goal is not only to ensure its own network security, but to discourage by improving its cyber attack capabilities. And deterrence all cyberattacks that are not conducive to oneself, to achieve its absolute freedom, absolute superiority and absolute security in cyberspace.

In the cyberspace, the offensive and defensive drills between the state and the country have never stopped. In July 2008, Russia used a covert injection of attack software to launch a comprehensive cyberattack against Georgia, causing the network to collapse. In December 2011, Iran declared that its “electronic warfare force” used a “hacker hijacking” method to cause an American RQ-170 stealth drone to leave the route and land in Iran. The “super flame” virus discovered in May 2012 spread widely in the Middle East, hiding in the computer and stealing data. In March 2014, the official website of the Russian president suffered a cyber attack. From the previous cyberattacks, the cyber attack is as good as the fire of conventional weapons. The security of cyberspace is the security of the country, and cyberspace has become a space in the field of national sovereignty.

Security protection in cyberspace should employ multiple levels of security mechanisms. At the national strategic level, it is a national-level network security protection; in key areas, there are network security protections in the military, government, and economic fields; in large enterprises, there are network security protections of state-owned and private enterprises and institutions; There are network security protections for individuals and families. Among them, the national level of security protection mainly includes border network security and backbone network security; enterprise-level (and military) security protection mainly includes border network security and intranet security; personal computer security protection mainly includes computer terminal security, terminal software security and terminal Data Security. At different levels of security, the content of protected information varies from national strategic planning to development routes to personal privacy and bank passwords. The leakage of information will undoubtedly have a blow and negative impact on the survival and development of the country, enterprises and individuals, and even undermine the security and stability of the country.

Situational awareness is the perception, understanding and prediction of environmental factors under certain time and space conditions. In 1988, Endsley divided situational awareness into three levels of information processing: perception, understanding, and prediction. In 1999, TimBass first proposed the concept of network situational awareness, and pointed out that “convergence-based network situational awareness” will become the development direction of network management.

“Know yourself and know each other, there is no war.” In the new battle space of cyberspace, how can we be confidant and know each other? It is necessary to grasp the situation of the battlefield and have the ability to sense the situation, that is, to acquire, understand and present the key factors that can cause changes in the state of the enemy and the enemy, and to predict the future development trend.

The battlefield situation in cyberspace has the characteristics of wide coverage, huge amount of information, and extremely complicated conditions. For all levels of commanders, they hope to clearly understand and master the current cyberspace operations from the situation map, so that they can make decisions quickly and issue correct command orders.

To gain insight into the state and situation of cyberspace battlefield development, it must have the ability to collect, transmit, store, monitor, analyze, and present state data. In the key position of the network space, the detection points are laid, the network running status is detected, and the state data is collected. Based on various state data, network posture, security situation, spectrum situation, etc. are formed. Then, it is transmitted to the node with data analysis and processing capability through various communication means to analyze the situation data, including situational integration, situation assessment and situation prediction. The results of the analysis and processing are transmitted to the command posts at all levels, and the battlefield situation is presented to the commanders at all levels in a layered, multi-dimensional, on-demand manner. The basic process of situational awareness is consistent with the traditional approach, but each process is different.

The battlefield situation of cyberspace should be layered, global, and partial, which puts higher demands on the situation. With the continuous development of rendering technology, simple planar situational maps can no longer meet the operational needs, especially in the cyberspace combat environment, the demand for stereoscopic and multidimensional situations is prominent. Even if you are in the command post, the commander should be able to understand the battlefield situation and face the real opponent through the situation map. In the American war movie, you can often see the stereoscopic, touchable electronic sandbox, and the multi-dimensional display of the real-time battlefield situation enables the commanding function to make quick and accurate decisions and improve command and control capabilities. The battlefield environment of cyberspace is extremely complex, network environment, equipment operation, software operation… Many places need to have clear and intuitive display. In order to improve the user experience and shorten the decision time, the cyberspace situation should have multi-dimensional dynamic characteristics, and can support multi-screen display, multi-screen linkage and so on. From the top-level situation map, you can understand the whole picture of the war. From the local situation map, you can understand the status of the combat units at all levels. The commanders at different levels can view different situation maps as needed based on their own authority.

As a new type of combat space, cyberspace has objective differences with traditional physical space, and there are special requirements for command and control of cyberspace. However, cyberspace command and control still faces many other problems, such as how to integrate cyberspace command and control with traditional physical space command and control systems, and how to conduct cyberspace command and control effectiveness evaluation.

Original Mandarin Chinese:

網絡空間已成為與陸地、海洋、空中、太空並列的一片新疆域，也是覆蓋面最廣的疆域。從計算機誕生之日起，以計算機和網絡為基礎的信息系統就逐漸發展起來，其上的軟件和資源也不斷豐富，最終形成了網絡空間。

隨著美軍武器裝備和作戰理論的不斷發展，“網絡空間戰”從設想開始走向現實。與傳統的“平台中心戰”相比，在“網絡空間戰”中指揮控制系統“戰鬥力倍增器”的作用將更加突出，對作戰的影響也更加巨大’在未來的現代化戰爭中，網絡空間中的指揮控制應有它自身的特點和關注點。

從理論上講，網絡空間是所有可利用的電子信息、網絡構成的數字社會的代名詞。美國《第45號國家安全總統令暨第23號國土安全總令》中將網絡空間定義為：信息技術基礎設施和相互依存的網絡，包括互聯網、電信網、電腦系統以及重要產業中的處理器和控制器，通常還包括信息虛擬環境以及人與人之間的互動。

網絡空間具有四個要素：通信設備和線路；計算機；軟件；數據通信與資源共享。通信設備和線路：是網絡空間的基礎設施之一，具體包括路由/交換設備、有線/無線通信設備、線纜等。計算機：是網絡空間的基礎設施之一，具有計算、存儲和數據處理等能力。軟件：是網絡空間的核心支撐部分，通信設備和計算機中均運行著各種功能的軟件系統。數據通信與資源共享：是網絡空間具備的基本能力，為各類各級用戶提供所需的信息。

在網絡空間這一遼闊的新疆域中指揮作戰，必然需要多個軍兵種聯動，首先應當具備安全防護能力，提供多級安全保障，其次必須掌握戰場態勢，另外還必須具有資源調度能力等，能夠為一體化聯合作戰提供支撐。

安全防護是指通過釆用各種技術和管理措施，保護網絡系統的硬件、軟件及系統中的數據，使其不因偶然的或者惡意的原因而遭受到破壞、篡改、洩露，使得系統能夠連續可靠正常地運行，網絡服務不中斷。

網絡空間指揮作戰中，各類指控信息的產生、存儲、傳輸和使用的全過程，均面臨著這樣或那樣的安全威脅，傳統的衝突形式已擴展到網絡空間。

安全防護技術和攻擊技術一直在共同發展著，“矛”與“盾”的較量自古就有。雖然美軍不斷通過各種渠道表態，宣稱美軍網絡空間行動的“核心是防禦網絡攻擊行為，防禦能力是其他一切作戰能力的基礎”,但稍加分析即可看出，美軍在網絡空間要達成的目標是：攻防結合，構建網絡威懾體系，在軍事上鞏固自己的“製網權”。美國國防部副部長林恩曾明確表示，美方將保留回應嚴重網絡攻擊的權利，會在“我們選擇的時間和地點做出相稱且正當的軍事回應”。前任國防部長帕內塔曾指出：“現在我們生活在一個完全不同的世界裡，要面對可與珍珠港比擬的網絡空間攻擊”，“我們必須做好應對準備，在網絡空間，我們要同時擁有良好的網絡進攻與網絡防禦能力”。這些講話充分顯示了美軍注重網絡空間威懾效應、在網絡空間強調攻防結合、必要時不惜主動發動網絡攻擊的心態，其軍事目標絕不僅僅是保證自身網絡安全，而是要通過提升網絡攻擊能力勸阻和威懾所有不利於己的網絡攻擊行為，實現其在網絡空間的絕對自由、絕對優勢和絕對安全。

在網絡空間中，國家與國家之間的攻防演練也從來沒有停止過。 2008年7月，俄羅斯利用攻擊軟件的隱蔽注入，對格魯吉亞實施了全面的網絡攻擊，導致網絡癱瘓。 2011年12月，伊朗宣稱其“電子戰部隊”用“黑客劫持”的方法使得美國的一架RQ-170隱形無人機脫離航線，降落在伊朗境內。 2012年5月被發現的“超級火焰”病毒在中東大範圍傳播，在計算機內隱蔽駐留、竊取數據。 2014年3月，俄羅斯總統官網遭遇網絡攻擊。從歷次的網絡攻擊事件來看，網絡攻擊效果不亞於常規武器的火力打擊。網絡空間的安全，就是國家的安全，網絡空間已成為國家主權領域空間。

網絡空間中的安全防護應採用多級安全保障機制。在國家戰略層面，是國家級網絡安全防護；在關鍵部位，有軍隊、政府、經濟等領域的網絡安全防護；在大型企業中，有國有、私有等企事業單位的網絡安全防護；在局部，有個人、家庭等範圍的網絡安全防護。其中，國家層面的安全防護主要包括邊界網絡安全和骨幹網絡安全；企業級（及軍隊）安全防護主要包括邊界網絡安全和內網安全；個人計算機安全防護主要包括計算機終端安全、終端軟件安全及終端數據安全。在不同的安全級別上，保護的信息內容各不相同，大到國家戰略規劃、發展路線，小到個人隱私、銀行密碼等。信息的洩漏，無疑會對國家、企業、個人的生存和發展帶來打擊和負面影響，甚至會破壞國家的安全和穩定。

態勢感知是在一定的時間和空間條件下，對環境因素的感知、理解以及對其發展趨勢的預測。 1988年，Endsley把態勢感知分為感知、理解和預測三個層次的信息處理。 1999年，TimBass首次提出了網絡態勢感知的概念，並且指出，“基於融合的網絡態勢感知”必將成為網絡管理的發展方向。

“知己知彼，百戰不殆。”在網絡空間這一新型作戰空間中，如何才能做到知己和知彼？必須掌握戰場態勢，具有態勢感知能力，即對能夠引起敵我狀態發生變化的關鍵因素進行獲取、理解和呈現，並能夠預測未來的發展趨勢。

網絡空間中的戰場態勢具有覆蓋面廣、信息量巨大、情況異常複雜等特點。對於各級指揮員來說，都希望能夠從態勢圖上清晰地了解和掌握當前網絡空間作戰狀況，以便能夠快速地進行決策，下達正確的指揮作戰命令。

要洞察網絡空間戰場發展的狀態和形勢，必須具備狀態數據釆集、傳輸、存儲、監控、分析處理和展現的能力。在網絡空間的關鍵位置，佈設檢測點，對網絡運行狀態進行檢測，並採集狀態數據。基於各類狀態數據，形成網絡態勢、安全態勢、頻譜態勢等。再通過各種通信手段傳輸到具有數據分析處理能力的節點上，進行態勢數據分析，主要包括態勢融合、態勢評估和態勢預測等。分析處理的結果再傳輸到各級指揮所，並以分層、多維、按需等方式將戰場態勢呈現給各級指揮員。態勢感知的基本流程與傳統方式一致，但每個處理環節都有不同之處。

網絡空間的戰場態勢應該是分層的，有全局的，也有局部的，這對態勢呈現效果提出了更高的要求。隨著呈現技術的不斷發展，簡單的平面態勢圖已不能滿足作戰需求，尤其是在網絡空間作戰環境下，立體、多維的態勢呈現需求凸顯。就算身在指揮所內，通過態勢圖，指揮員也應能洞悉戰場態勢，直面真正的對手。在美國戰爭大片中，經常能夠看到立體的、可觸控的電子沙盤，實時的戰場態勢多維展現，使得指揮官能快速準確決策，提高指揮控制能力。網路空間的戰場環境異常複雜，網絡環境、設備運行情況、軟件運行情況……很多地方都需要有清晰直觀的展現。為了提高用戶體驗，縮短決策時間，網絡空間態勢呈現應具有多維動態特性，並能支持多屏顯示，多屏聯動等。從頂層態勢圖能了解戰爭全貌，從局部態勢圖能了解各級作戰部隊的狀態；不同級別的指揮員基於自身的權限，能夠按需查看不同的態勢圖。

網絡空間作為一種新型的作戰空間，存在和傳統物理空間的客觀差異，網絡空間的指揮控制也存在特殊的需求。然而，網絡空間指揮控制還面臨著其他諸多問題，t匕如如何將網絡空間指揮控制與傳統物理空間指揮控制的體系互相融合、以及如何進行網絡空間指揮控制的效能評估等，這些都是有待進.

Referring url:  http://www.81.cn/