Tag Archives: 新“三十六計”之蜜罐誘騙防禦

General Qiao Liang: Confident Cyber Leadership Wins the future “network space war” // 喬亮將軍:充滿信心的網絡領導贏得了未來的“網絡太空戰爭”

General Qiao Liang: Confident Cyber Leadership Wins the future “network space war” //

喬亮將軍:充滿信心的網絡領導贏得了未來的“網絡太空戰爭”

For nearly half a century, electronic technology and information technology have developed at an impressive speed, and thus have completely changed the style of modern warfare. Although people are accustomed to the sorting of land, sea and air when they talk about the dimensions of war, from the military technical level, the “network warfare” capability of “electronic warfare” and “cyber warfare” has no doubt that it has come to the fore. Become the first combat power. Who can dominate the electronic warfare, who can dominate the battlefield. It is a pity that this conclusion has not yet been universally accepted by the military.

Carving a sword for a sword is a portrayal of the evolution of people’s understanding and the development of things. Today, when this round of military revolution is marked by electronic technology and chip technology, as the technology matures and the potential approaches the limit and comes to an end, the soldiers of most countries have a small tube and a smaller chip. It is possible to change the style of war and not yet fully prepared for the spirit and knowledge. This is an irony for human beings living in the age of information, especially those armed with informatized weapons.

The individual representation of the appearance of the world makes people intuitively divide the whole world into parts to understand and understand. Even though electronic technology and information technology have long integrated the whole world into the grid space and welded into a “domain”, people are still accustomed to split it into different “domain” blocks. For example, many soldiers who are ignorant of traditional thinking take the battle space into five major dimensions: land, sea, air, sky, and electricity, and think that they will fight in these five dimensions. The grid space battlefield, in their view, is only one of them. Even in the concept of joint operations, which attempted to bring the five-dimensional space into one, the space and space warfare is only one of the combat areas and combat styles. It is completely unknown that the world has been “informed.” Such lag thinking can’t keep up with the pace of technological leap: the boat is far from the lake, but the sword sinks to the bottom of the lake. Those who can win and win in the future battlefield must be the army that observes and thinks, operates and controls all battlefields as a whole. Only in this way can we find the key to open the door to victory: who can control the grid space, who can control the battlefield; who can prevail in the space war, who is the winner of the war. This is the general trend that modern warfare can not be reversed today.

Electronic warfare (which has evolved into information warfare or cyberspace warfare today) is a prerequisite for all modern battles, battles and even wars. In contrast, air supremacy, sea power, and even land and power, have handed over the first battle of the future battlefield to the power of the grid. Moreover, the struggle for the right to heaven is itself part of the power of the network. In Deng Shiping’s words, modern warfare, “there is no air superiority, and no one can beat it.” Yes, in the future war, there is no power to make electricity in the net, and nothing can be beaten.

Today, it is proposed to use the “air-sea battle” concept to contain China’s US military. It is a military machine that is almost fully informatized. Therefore, the US military knows that informatization is its strength and its shortcomings. Short and short, whoever has the advantage of space and space warfare, who can restrain the US military. Some people may ask, is it from a military point of view that the space warfare is so important that people think it is more important than firepower? Yes, this is the author’s answer. Because when your opponent has been fully dimensioned, it will either be better than the opponent’s network space warfare, or defeat the war first, and then the firepower war will only destroy the opponents who are still unwilling to admit defeat. The process of physical digestion.

Why is the space warfare so important? In fact, all of our main rivals have their strengths in all-dimensional informationization, and all their shortcomings are over-informatization. The shortcoming of informationization is that there is no chip-free, thus forming chip dependence. The chip makes the weapon platform ammunition stronger, but it is also extremely fragile. An electromagnetic pulse bomb can destroy all electronic components within its explosive coverage. This kind of scene makes the opponent who is armed with the chip to the teeth very scared. For us, what we fear the opponents should be our priority to focus on development.

If you play against a full-dimensional informatization opponent, the opponent is most worried about: one is attacked by the network, and the other is destroyed by the sky-based system. Because this will make the hardware advantages of all weapon platforms meaningless. Although our opponents also have this ability, once both sides use this ability to smash opponents, it means that the two sides will return to World War II. At that time, who has the advantage of population, who has the advantage of resources, who has the advantage of manufacturing, who has the advantage of war.

Seeing this clearly helps us to get rid of some kind of paradox: the more we understand the military system of our opponents, the more we worry about the gap in our military system. The more we recognize the gap, the more we want to learn to catch up with our opponents. The result is what the opponent has, I There is also something to be. In the end, I forced myself to a dead end with the strength of the opponent and the length of the opponent. How can this road lead us to “can fight, win and win”? Ancient and modern Chinese and foreign, whereever wins, all of them are short of my enemy, even if it is hard, it is the longest attack of my enemy. There is a winner who wins the enemy with the enemy. Moreover, winning the war in the future cannot be achieved at all costs. For China, there should be a requirement that is as important as victory. Weapons and equipment development and operational plan development must consider how to reduce costs. Never have anything for the opponent, we must have something. You can’t do it with the Dragon King, and you can’t become a local tyrant. You can’t compare it with the Dragon King. Today, we have some cognitive defects on how to win the overall war of local war under informatization conditions. We always consciously and unconsciously think that playing high-tech wars is a high-cost war, and we always want to compare costs with our competitors. And fight costs.

In fact, we can completely change the way of thinking, that is to take the low-cost route. There are no heavy aircraft carriers, there is no X37, there is no global fast strike system, the opponent does not care. It only cares if you can destroy its satellite system and lick its network system. After all, the tools and means of attacking satellite weapons and electromagnetic pulse bombs are not very expensive and scarce, and their effects will be low-cost and high-yield. We can’t help but fall into the arms race with our opponents because we are worried about the gap between ourselves and our opponents.

The Americans said in the “air-sea battle” concept that “we will drag China into the competition with us in this way, so that the Chinese will put more energy into the production of such missiles such as Dongfeng 21D. Then use a lot of bait and deception to force the Chinese to consume these weapons in a meaningful direction.” In this regard, someone in the country wrote an article reminding us that “we must prevent falling into the trap of the United States.” This is not wrong in itself, but it still belongs to only know one, and I don’t know the other. It is important to know that after such articles come out, it is very likely that our understanding will produce new deviations, because there are “trap traps (ie double traps)” in the above-mentioned American discourse. First, it attempts to lure the Chinese army into the trap of an arms race. If you compete with the US military, you will spend a lot of money and resources to follow the US military and not to surpass; secondly, if you realize that this is a trap and give up the competition, you will immediately fall into another trap: since giving up the arms race Waste martial arts. For China, if we are not willing to compete with our opponents and we are not willing to squander martial arts, what should we do? The conclusion is that we can only go our own way.

To develop our own strengths and develop the things that are most beneficial to me, it is best to use my strength and defeat the enemy. At least it must be my long, the enemy’s long. I can’t do it with my short enemy, and the enemy’s long enemy will not do the same. With the enemy’s long attacking enemy, you will never win.

Take a look at the main design of the “Air-Sea Battle”: the opening is to hit your space-based system, let you blind; then hit the “reconnaissance war”, let you call you; then come to officially start a regular battle with you.

Under such circumstances, what should we do? It is a passive move, the soldiers will block, the water will cover the earth, or will it be my strength, in exchange for low-cost means, in exchange for the opponent’s high-value goal? Of course, the latter. To do this, we must first have three capabilities:

The first is satellite anti-missile capability. This ability will lead to a serious reliance on informatized opponents, making them blind, defamatory, and dumb, so that they can only return to the level of World War II to compete with conventional forces.

The second is the ability to remotely play. You must ensure that you have the ability to sink high-priced targets like aircraft carriers. If such a high-priced target is sunk, it will seriously undermine the confidence of investors around the world against the opponent, so that the capital does not dare to invest in it again, resulting in a serious war financing dilemma for the opponent. This is the national weakness of the opponent’s combat planners who are not aware of it. The confidence of the sinking aircraft carrier in global investors will be a huge blow, which will interrupt the opponent’s global capital chain.

The third is that there must be a network space combat capability. Especially the ability to attack any network system of the opponent. If China and the powerful opponents are really fighting, you must demonstrate your ability and determination to attack and smash all of the grid system from the very beginning. This is a necessary way to contain war by deterrence.

The reason is always easier said than done. How to get the power of the network in the future war, or to offset the advantage of the opponent’s network warfare? It is necessary to make yourself technological progress. But what is more necessary is the progress of thinking. The long history of evolution proves that human beings are not always in a state of thought progress in the coordinate system of time. Degradation will happen from time to time. The degradation of thinking is sad, but consciously pull the pair back to the “old battlefield”, that is, to offset the opponent’s informational combat capability, so that the opponent’s technical advantage is lost, and thus with us to return to a certain historical stage of combat, At that time, it is a feasible idea to give full play to my own advantages.

(The author is a professor at the National Defense University)

Original Mandarin Chinese:

近半個世紀以來,電子技術、信息技術以令人瞠目的速度迅猛發展,並因此全面改變了現代戰爭的風貌。儘管人們在談論戰爭的維度時,習慣於陸海空天電的排序,但從軍事技術層面講,“電子戰”“網絡戰”所構成的“網電空間戰”能力,卻毫無疑問已後來居上,成為第一戰鬥力。誰能主導電子戰,誰就能主宰戰場。可惜的是,這一結論至今還未能被各國軍隊普遍接受。

刻舟求劍,是對人們的認識滯後於事物的演變和發展的形象寫照。時至今日,當以電子技術和芯片技術為標誌的這一輪軍事革命,因技術日臻成熟,潛力逼近極限而漸近尾聲時,大多數國家的軍人對一個小小的電子管和更小的芯片就能改變戰爭的風貌,還沒做好充分接納的精神和知識準備。這對生活在信息化時代的人類,特別是掌握著信息化武器的軍隊來說,不能不說是一種諷刺。

世界外觀所呈現的個體性表徵,使人們憑直覺把整個世界區分成各個部分去認知和理解。即便電子技術、信息技術早已把整個世界都納入了網電空間而焊接成了一“域”,人們仍然習慣於將其切分成不同的“域”塊。如不少囿於傳統思維的軍人,就想當然地把作戰空間切分成陸、海、空、天、電五大維度,並以為自己將在這五種維度下作戰。而網電空間戰場,在他們看來,只不過是其中的一維。甚至在聯合作戰這一試圖把五維空間打通成一體的概念中,網電空間戰也只是其中一種作戰領域和作戰樣式而已,全然不懂大千世界已然被“信息化”了。這樣的滯後思維不可能跟上技術飛躍的步伐:舟已遠離湖面,劍卻沉在了湖底。能在未來戰場上穩操勝券者,一定是把全部戰場作為一個整體觀察和思考、操作並控制的軍隊。只有如此,才能找到打開胜利之門的鑰匙:誰能控製網電空間,誰就能控制戰場;誰能在網電空間戰中佔上風,誰就是戰爭的贏家。這是現代戰爭發展到今天誰也無法逆轉的大趨勢。

電子戰(今日已衍化成為信息戰或網電空間戰)是一切現代戰鬥、戰役乃至戰爭的前提。與此相比,制空權、制海權,甚至制陸權與製天權,都已向製網電權拱手交出了未來戰場的第一制權。何況制天權的爭奪本身就是製網電權的一部分。套用鄧小平的一句話說,現代戰爭,“沒有製空權,什麼仗都打不下來”。是的,未來戰爭,沒有製網電權,什麼仗都打不下來。

今天,提出要用“空海一體戰”構想遏制中國的美軍,是一架幾乎全面信息化了的軍事機器。因此,美軍深知信息化是其所長,亦是其所短。短就短在誰具備網電空間戰優勢,誰就能製約美軍。有人會問,難道從軍事角度講,網電空間戰真的那麼重要,以至於讓人認為比火力硬殺傷更重要嗎?是的,這正是筆者的回答。因為當你的對手已全維信息化後,它要么先勝於與對手的網電空間戰,要么先敗於此戰,其後的火力戰,只是對還不肯認輸的對手進行從心理摧毀到物理消解的過程。

為什麼網電空間戰如此重要?實際上,我們的主要對手其全部的長處就在於全維信息化,而其全部的短處也在於過度信息化。信息化的短處就是無一處無芯片,從而形成芯片依賴。芯片讓武器平台彈藥如虎添翼變得強大,而其自身卻也極端脆弱。一枚電磁脈衝炸彈,就可以讓在它爆炸覆蓋範圍內的所有電子元件被毀失能。這種場景讓用芯片武裝到牙齒的對手很恐懼。而對我們來說,讓對手恐懼的東西,就應該是我們要優先側重發展的武器。

如果跟全維信息化對手交手,對手最擔心的是:一被網攻癱瘓網絡,二被天戰摧毀天基系統。因為這將使其一切武器平台的硬件優勢都變得沒有意義。儘管我們的對手同樣也有這種能力,但一旦雙方都動用這種能力將對手癱瘓,那就意味著,對陣雙方將一起退回二戰水平。那時,誰具有人口優勢,誰有資源優勢,誰有製造業優勢,誰就有戰爭優勢。

看清這一點,有助於我們擺脫某種悖論:越了解對手的軍事系統,就越擔心自身軍事系統存在的差距,越承認差距,就越想學習追趕對手,結果就是對手有什麼,我就也要有什麼。最終把自己逼上一條以對手之長,攻對手之長的死路。這條路怎麼可能把我們引向“能打仗,打勝仗”?古今中外,凡勝仗,無一不是以我之長攻敵之短,即便是硬仗也是以我之長攻敵之長,未見有以敵之長攻敵之長而取勝者。何況,取勝於未來戰爭,不能以不惜一切代價獲勝為目的。對於中國來說,還應該有一個與勝利同樣重要的要求,武器裝備發展,作戰方案製定,都要考慮如何降低成本。決不能對手有什麼,我們就一定要有什麼。乞丐跟龍王爺比寶不行,變成土豪了,也不能跟龍王爺比寶。今天,我們對如何打贏信息化條件下局部戰爭的整體想法是存在某種認知缺陷的,總是自覺不自覺地以為打高技術戰爭就是打高成本戰爭,總想和對手一樣去比成本、拼成本。

實際上,我們完全可以換一種思路,那就是走低成本路線。有沒有重型航母,有沒有X37,有沒有全球快速打擊系統,對手並不在乎。它只在乎你能不能摧毀它的衛星系統,癱瘓它的網絡系統。畢竟,攻擊衛星武器和電磁脈衝炸彈的工具和手段都不是很昂貴、很稀缺,而其效果將是低成本、高收益。我們斷不能因為擔心自己與對手的差距,就不由自主地陷入跟對手的軍備競賽中。

美國人在“空海一體戰”構想中說,“我們要通過這個方式,把中國拖入到與我們的競賽,讓中國人把更多的精力都投入到東風21D等諸如此類導彈的生產中去,然後用大量的誘餌和欺騙迫使中國人大量地把這些武器消耗到沒有意義的方向”。對此,國內有人寫了一篇文章,提醒“我們要防止掉入美國陷阱”,這本身沒有錯,但仍然屬於只知其一,不知其二。要知道,此類文章出來以後,很有可能導致我們的認識產生新的偏差,因為上述美國人的話語中存在“陷阱的陷阱(即雙重陷阱)”。首先,它企圖將中國軍隊引誘到軍備競賽的陷阱中來。如果你跟美軍進行競賽,你就會耗費大量財力物力尾隨美軍而不得超越;其次,如果你意識到這是陷阱而放棄競賽,你又立刻就會掉入另一個陷阱:由於放棄軍備競賽而自廢武功。對中國來說,如果我們既不願意跟對手競賽,又不願意自廢武功,那我們應該怎麼辦?結論是,我們只能走自己的路。

發展我們自己之長,發展對我最有利的東西,最好以我之長,克敵之短。起碼也要以我之長,克敵之長。以我之短克敵之長不行,以敵之長克敵之長同樣也不行。以敵之長攻敵之長,你將永無勝算。

看看“空海一體戰”最主要的設計:開場就是打擊你的天基系統,讓你致盲;接著打“偵察戰”,讓你致聾;然後才來跟你正式開打常規戰。

這種情形下,我們怎麼辦?是被動接招,兵來將擋,水來土掩?還是揚我所長,以低成本手段,換取對手高價值目標?當然是後者。為此,我們必須先具備三種能力:

第一種是衛星反導能力。這種能力將一擊致癱嚴重依賴信息化的對手,使其致盲、致聾、致啞,從而只能與你一道退回二戰水平去比拼常規戰力。

第二種是遠程精打能力。必須確保你有能力擊沉類似航母這樣的高價目標。這樣的高價目標如果被擊沉,將沉重地打擊全世界投資人對對手的信心,使資本不敢再投向它,造成對手嚴重的戰爭融資困境。這是對手的作戰計劃人員沒有意識到的國家軟肋。擊沉航母對全球投資人的信心將是一個巨大的打擊,從而將打斷對手的全球資本循環鏈。

第三種是必須有網電空間作戰能力。特別是對對手的任何網絡系統攻擊的能力。如果中國和遠比自己強大的對手真的發生戰爭,你必須從一開始就展示你有攻擊並癱瘓其全部網電系統的能力和決心,這是用威懾遏制戰爭的必要方式。

道理,總是說起來容易做起來難。如何在未來戰爭中拿到製網電權,或者對沖掉對手的網電戰優勢?讓自己獲得技術進步是必須的。但更必須的,是思維的進步。漫長的進化史證明,人類在時間的坐標系上,並不總是處於思維進步狀態。退化,會不時發生。思維的退化是可悲的,但有意識地把對手拉回“舊戰場”,即對沖掉對手的信息化作戰能力,讓對手的技術優勢盡失,從而與我們一道退回某一歷史階段的作戰水平,屆時,盡情發揮我自身優勢,則不失為一種可行的思路。

(作者係國防大學教授)

Original Referring URL: http://www.81.cn/jkhc/2014-12/

 

How Chinese Cyber Warfare Rejects Foreign Intruders Focuses on National Security // 中國網絡戰如何拒絕外國入侵者關注國家安全

How Chinese Cyber Warfare Rejects Foreign Intruders Focuses on National Security //

中國網絡戰如何拒絕外國入侵者關注國家安全

In the information age, cybersecurity has taken the lead in national security. The Outline of the National Informatization Development Strategy emphasizes that it should actively adapt to the new changes in the national security situation, new trends in information technology development, and new requirements for strong military objectives, build an information security defense system, and comprehensively improve the ability to win localized information warfare. Cyberspace has become a new field that affects national security, social stability, economic development and cultural communication. Cyberspace security has become an important topic of increasing concern to the international community.

The United States has clearly declared that cyberspace is a new field of operations, and has significantly expanded its network command and combat forces to continue to focus on cyberspace weapons development. Since entering the summer, the US military network exercises have been one after another, and the invisible wars are filled with smoke. At the beginning of March, “Network Storm 5” took the lead in kicking off the drill; in April, “Network Aegis 2016” completed the fifth-generation upgrade; in June, “Network Defense” and “Network Capture” as the core re-installation of the annual joint exercise Debut.

The essence of network security lies in the ability to attack and defend both ends. Currently, static, isolated, passive defenses such as firewalls, intrusion detection technologies, and anti-virus software are difficult to effectively deal with organized high-intensity network attacks. To build a cyberspace security defense line, we need to get rid of the idea of ​​falling behind and win the counterattack on the defensive concept.

New “Thirty-six” mobile target defense

Increase the difficulty of attack by building a dynamic network

Network attacks require a certain amount of time to scan and research the target network, detect and utilize system “vulnerabilities” to achieve intrusion control purposes. In theory, the attacker has unlimited time to start the scanning and detecting work, and always find the weak point of defense, and finally achieve the purpose of the invasion. To this end, the network pioneer USA is committed to planning and deploying security defense transformation work, striving to break through the traditional defense concept and develop revolutionary technology that can “change the rules of the game”. Mobile target defense is one of them.

Mobile target defense is called the new paradigm of cyberspace security defense. The technical strategy is to construct a dynamic network through the processing and control of the protection target itself, increasing randomness and reducing predictability to improve the difficulty of attack. If the static cyberspace is likened to a constant “city defense deployment”, it is difficult to stick to it; and the dynamic network configuration can be called the ever-changing “eight squad”, which is difficult to crack. At present, mobile target defense technology has priority in various US government and military research, covering dynamic platform technology, dynamic operating environment technology, dynamic software and data technology. In August 2012, the US Army awarded Raytheon’s “Deformation Network Facility” project to study the dynamic adjustment and configuration of networks, hosts and applications in case the enemy could not detect and predict, thus preventing, delaying or blocking the network. attack.

As a new idea in the field of cyberspace security, mobile target defense reflects the technological development trend of future network defenses to turn “dead” networks into “live” networks.

The new “Thirty-six” honey cans deceive defense

Reduce cyberattack threats by consuming attacker resources

Conventional network security protection is mainly to defend against cyber attacks from the front. Although the defensive measures have made great progress, they have not changed the basic situation of cyberspace “easy to attack and defend”. In recent years, the development of “Honeypot Deception Defense” has proposed a new concept of “bypass guidance”, which is to reduce the threat of cyber attacks to the real protection target by absorbing network intrusion and consuming the resources of attackers, thereby winning time. Strengthen protection measures to make up for the shortcomings of the traditional cyberspace defense system.

Similar to the intentional setting of false positions on the battlefield, honeypot deception defense is to actively use the computer network with lower security defense level to lure all kinds of network attacks, monitor its attack means and attributes, and set corresponding defenses on the target system that needs to be protected. System to stop similar attacks. Honeypots can be divided into two types, product-type honeypots and research-type honeypots. The main purpose of the former is to “attract firepower” and reduce the pressure of defense. The latter is designed for research and acquisition of attack information. It is an intelligence gathering system that not only needs network attack resistance but also strives to monitor powerfully to capture the attack behavior data to the maximum extent.

In addition to the establishment of a virtual network environment attack and defense laboratory consisting of four sub-networks of gray, yellow, black and green, the US military has also carefully deployed a honeypot decoy system on the Internet. What is certain is that the network defense idea based on deception will be further emphasized, and the technical means to achieve deception will be more and more.

New “Thirty-six Meters” linkage synergy defense

Integrate multiple defense technologies to “reject enemy from outside the country”

At present, most of the security protection devices and defense technologies are “individually fighting”. The data between network protection nodes is difficult to share, and the protection technologies are not related. As a result, the current defense system is isolated and static, which cannot meet the increasingly complex network security situation. need. The original motivation of the US “Einstein Plan” was that all federal agencies had exclusive access to the Internet, making overall security difficult to guarantee. Through the collaborative linkage mechanism, the relatively independent security protection devices and technologies in the network are organically combined to complement each other and cooperate with each other to defend against various attacks. It has become an inevitable choice for the future development of cyberspace security defense.

Collaborative collaborative defense refers to the use of existing security technologies, measures and equipment to organically organize multiple security systems that are separated in time, spatially distributed, and work and interdependent, so that the entire security system can maximize its effectiveness. Vertically, it is the coordinated defense of multiple security technologies, that is, one security technology directly includes or links to another security technology through some communication method. For example, the “deep defense” mechanism adopted by the US Navy network defense system targets the core deployment layer protection measures, including flag-based attack detection, WAN security audit, vulnerability alert, etc., and the attacker must break through multiple defense layers to enter the system. Thereby reducing its attack success rate. When a node in the system is threatened, it can forward the threat information to other nodes in time and take corresponding protective measures to adjust and deploy the protection strategy.

In the past, individual combat operations have been unable to meet the needs of today’s network security defenses, and coordinated collaborative defense will leap into the mainstream of network security. Integrate a variety of defense technologies, establish an organized defense system, and “reject the enemy outside the country” to effectively prevent problems before they occur.

The optimal strategy defense of the new “Thirty-six”

Seeking a balance between cybersecurity risks and investments

The attacks in cyberspace are more and more complicated. The ideal network security protection is to protect all the weak or attack behaviors. However, from the perspective of defense resources limitation, it is obviously unrealistic to pursue absolute security defense. Based on the concept of “moderate security”, the optimal strategy defense is on the horizon.

Optimal policy defense can be understood as seeking a balance between cyber security risks and inputs, and using limited resources to make the most reasonable decision defense. As far as investment is concerned, even the strong United States is trying to build a collective defense system for cyberspace. The United States and Australia cyberspace defense alliance agreement, as well as the Japan-US network defense cooperation joint statement, its “share of results” behind the “cost sharing” shadow. From the perspective of risk, the pursuit of absolute security will adhere to the principle of safety supremacy. When formulating relevant strategic objectives and responding to threats, it is easy to ignore the limited and legitimacy of the resources and means available, and it is difficult to grasp the advance and retreat.

The optimal strategy defense is mainly focused on the “optimal” strategy of game theory, focusing on the research direction of cyberspace security assessment, cost analysis, security defense model construction and evolution. Applying the idea of ​​game theory to cyber attacks and defenses provides a new way to solve the problem of optimal defense decision-making.

The new “Thirty-six” intrusion tolerance defense

Create a “last line of defense” for cyberspace security

The threats to cyberspace are unpredictable, irresistible, and unpredictable. Protection can’t completely avoid system failure or even collapse. Traditional reliability theory and fault-tolerant computing technology are difficult to meet the actual needs, which has to consider more comprehensive and deeper problems than pure protection. In this context, a new generation of intrusion-tolerance defenses has received increasing attention.

Intrusion tolerance is the third-generation network security technology, which belongs to the category of information survival technology and is called the “last line of defense” for cyberspace security defense. Unlike traditional cybersecurity defenses, intrusion-tolerant defenses recognize the existence of vulnerabilities and assume that some of them may be exploited by attackers to attack the system. When the target of protection is attacked or even some parts have been destroyed or manipulated, the target system can “kill the tail” like a gecko to complete the healing and regeneration of the target system.

Intrusion-tolerance technology is no longer based on “defense”, but on how to reduce losses and recover as soon as the system has been damaged. However, intrusion tolerance is an emerging research field. Its cost, cost and benefit will be the next research direction.

Original Mandarin Chinese:

新聞緣由

信息時代,網絡安全對國家安全牽一發而動全身。 《國家信息化發展戰略綱要》強調,積極適應國家安全形勢新變化、信息技術發展新趨勢和強軍目標新要求,構建信息安全防禦體系,全面提高打贏信息化局部戰爭能力。網絡空間已經成為影響國家安全、社會穩定、經濟發展和文化傳播的全新領域,網絡空間安全隨之成為國際社會日益關注的重要議題。

美國明確宣稱網絡空間為新的作戰領域,大幅擴編網絡司令部和作戰部隊,持續聚力網絡空間武器研發。進入夏季以來,美軍網絡演習接二連三,隱形戰火硝煙瀰漫。 3月初,“網絡風暴5”率先拉開演練戰幕;4月,“網絡神盾2016”完成第五代升級;6月,“網絡防衛”“網絡奪旗”作為年度聯合演習的核心重裝登場。

網絡安全的本質在於攻防兩端能力較量,目前依賴防火牆、入侵檢測技術和反病毒軟件等靜態的、孤立的、被動式防禦難以有效應對有組織的高強度網絡攻擊。構築網絡空間安全防線,需要革除落伍思想,打贏防禦理念上的反擊戰。

新“三十六計”之移動目標防禦

通過構建動態網絡增加攻擊難度

網絡攻擊行動均需要一定的時間用於掃描和研究目標網絡,探測並利用系統“漏洞”,達到入侵控制目的。從理論上說,攻擊者有無限的時間展開掃描探測工作,總能找到防禦薄弱點,最終達成入侵目的。為此,網絡先行者美國致力於籌劃和部署安全防禦轉型工作,力求突破傳統防禦理念,發展能“改變遊戲規則”的革命性技術,移動目標防禦即是其中之一。

移動目標防禦被稱為網絡空間安全防禦新範式,技術策略上通過對防護目標本身的處理和控制,致力於構建一種動態的網絡,增加隨機性、減少可預見性,以提高攻擊難度。若將靜態的網絡空間比喻為一成不變的“城防部署”,勢難固守;而動態的網絡配置堪稱變幻無窮的“八卦陣”,難以破解。目前,移動目標防禦技術在美國政府和軍方各類研究中均享有優先權,涵蓋動態平台技術、動態運行環境技術、動態軟件和數據技術等方面。 2012年8月,美陸軍授予雷神公司“變形網絡設施”項目,主要研究在敵方無法探測和預知的情況下,對網絡、主機和應用程序進行動態調整和配置,從而預防、遲滯或阻止網絡攻擊。

作為網絡空間安全領域的新思路,移動目標防禦反映了未來網絡防禦將“死”網絡變成“活”網絡的技術發展趨勢。

新“三十六計”之蜜罐誘騙防禦

通過消耗攻擊者的資源減少網絡攻擊威脅

常規的網絡安全防護主要是從正面抵禦網絡攻擊,雖然防禦措施取得了長足進步,但仍未能改變網絡空間“易攻難守”的基本局面。近年來發展的“蜜罐誘騙防禦”則提出了一個“旁路引導”的新理念,即通過吸納網絡入侵和消耗攻擊者的資源來減少網絡攻擊對真正要防護目標的威脅,進而贏得時間以增強防護措施,彌補傳統網絡空間防禦體系的不足。

與戰場上有意設置假陣地相仿,蜜罐誘騙防禦是主動利用安全防禦層級較低的計算機網絡,引誘各類網絡攻擊,監測其攻擊手段和屬性,在真正需要做防護的目標系統上設置相應防禦體系,以阻止類似攻擊。蜜罐可分為兩種類型,即產品型蜜罐和研究型蜜罐。前者主要目的是“吸引火力”,減輕防禦壓力,後者則為研究和獲取攻擊信息而設計,堪稱情報蒐集系統,不僅需要網絡耐攻擊而且力求監視能力強大,以最大限度捕獲攻擊行為數據。

美軍除了建立由灰網、黃網、黑網、綠網4個子網絡組成的虛擬網絡環境攻防實驗室外,還在國際互聯網上精心部署有蜜罐誘騙系統。可以肯定的是,基於誘騙的網絡防禦思想將被進一步重視,實現誘騙的技術途徑也將會越來越多。

新“三十六計”之聯動協同防禦

整合多種防禦技術“拒敵於國門之外”

目前的安全防護設備和防禦技術大都是“各自為戰”,網絡防護節點間的數據難共享,防護技術不關聯,導致目前的防禦體係是孤立和靜態的,已不能滿足日趨複雜的網絡安全形勢需要。美國“愛因斯坦計劃”最初的動因就在於各聯邦機構獨享互聯網出口,使得整體安全性難以保障。通過協同聯動機制把網絡中相對獨立的安全防護設備和技術有機組合起來,取長補短,互相配合,共同抵禦各種攻擊,已成為未來網絡空間安全防禦發展的必然選擇。

聯動協同防禦是指利用現有安全技術、措施和設備,將時間上分離、空間上分佈而工作上又相互依賴的多個安全系統有機組織起來,從而使整個安全系統能夠最大程度地發揮效能。縱向上,是多個安全技術的聯動協同防禦,即一種安全技術直接包含或是通過某種通信方式鏈接另一種安全技術。如美國海軍網絡防禦體係採用的“縱深防禦”機制,針對核心部署層層防護措施,包括基於標誌的攻擊檢測、廣域網安全審計、脆弱性警報等,攻擊方須突破多個防禦層才能進入系統,從而降低其攻擊成功率。當系統中某節點受到威脅時,能夠及時將威脅信息轉發給其他節點並採取相應防護措施,進行一體化調整和部署防護策略。

昔日的單兵作戰已不能適應當今網絡安全防禦的需要,聯動協同防禦將躍升為網絡安全領域的主流。整合多種防禦技術,建立有組織性的防禦體系,“拒敵於國門之外”才能有效防患於未然。

新“三十六計”之最優策略防禦

在網絡安全風險和投入之間尋求一種均衡

網絡空間的攻擊越來越複雜,理想的網絡安全防護當然是對所有的弱項或攻擊行為都做出對應的防護,但是從防禦資源限制等情況考慮,追求絕對安全的防禦顯然是不現實的。基於“適度安全”的理念,最優策略防禦呼之欲出。

最優策略防禦可以理解為在網絡安全風險和投入之間尋求一種均衡,利用有限的資源做出最合理決策的防禦。就投入而言,即便是實力雄厚的美國,也是盡量打造網絡空間集體防禦體系。美國與澳大利亞網絡空間防禦同盟協定,以及日美網絡防禦合作聯合聲明,其“成果共享”背後亦有“成本分攤”的影子。從風險角度看,對絕對安全的追求將會秉持安全至上原則,在製定相關戰略目標和對威脅作出反應時,易忽視所擁有資源和手段的有限性、合法性,難以掌握進退。

最優策略防禦主要圍繞博弈論的策略“最優”而展開,集中在網絡空間安全測評、代價分析、安全防禦模型構建與演化等研究方向上。將博弈論的思想應用到網絡攻擊和防禦中,為解決最優防禦決策等難題研究提供了一種新思路。

新“三十六計”之入侵容忍防禦

打造網絡空間安全 “最後一道防線”

網絡空間面臨的威脅很多是不可預見、無法抗拒和防不勝防的,防護再好也不能完全避免系統失效甚至崩潰的發生。傳統的可靠性理論和容錯計算技術難以滿足實際需要,這就不得不思考比單純防護更全面、更深層次的問題。在此背景下,新一代入侵容忍防禦愈發受到重視。

入侵容忍是第三代網絡安全技術,隸屬於信息生存技術的範疇,被稱作是網絡空間安全防禦“最後一道防線”。與傳統網絡安全防禦思路不同,入侵容忍防禦承認脆弱點的存在,並假定其中某些脆弱點可能會被攻擊者利用而使系統遭到攻擊。防護目標在受到攻擊甚至某些部分已被破壞或被操控時,防護目標系統可以像壁虎一樣“斷尾求生”,完成目標系統的癒合和再生。

入侵容忍技術不再以“防”為主,而是重在系統已遭破壞的情況下如何減少損失,盡快恢復。但入侵容忍畢竟是一個新興研究領域,其成本、代價、效益等將是下一步的研究方向。

Original Referring URL:  http://www.81.cn/jskj/2016-08/11/