中国对美国的网络战争

China’s Cyberassault on America

中国对美国的网络战争

If we discovered Chinese explosives laid throughout our national electrical system, we’d consider it an act of war. China’s digital bombs pose as grave a threat.

如果我们发现我们全国的电子系统中到处都是中国人的炸弹,我们必须考虑这是一种战争行为。中国人的数字炸弹是一个重大的威胁。

By RICHARD CLARKE

理查德·克拉克

In justifying U.S. involvement in Libya, the Obama administration cited the “responsibility to protect” citizens of other countries when their governments engage in widespread violence against them. But in the realm of cyberspace, the administration is ignoring its primary responsibility to protect its own citizens when they are targeted for harm by a foreign government.

在为美国卷入利比亚危机辩护时候,奥巴马政府解释道“我们有责任保护”那些正在被自己的政府广泛的暴力行为迫害的国家的公民。但在互连网这个虚拟王国,奥巴马政府却对保护自己的公民免于受到外国政府侵害这一责任上毫无作为。

Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America’s advantage.

美国政府的高级官员非常清楚中国政府正在系统化的攻击美国政府和公司的计算机系统。北京政府已经成功的盗窃了研发成果、软件源码、制造业专有技术和政府计划。在一个基于知识的全球竞争环境中,中国的网络行动正在腐蚀着美国的领先优势。

The Chinese government indignantly denies these charges, claiming that the attackers are nongovernmental Chinese hackers, or other governments pretending to be China, or that the attacks are fictions generated by anti-Chinese elements in the United States. Experts in the U.S. and allied governments find these denials hard to believe.
中国政府愤怒地否认了这一指控,声称这些网络攻击者是与政府无关的中国黑客,或者假装中国政府的其他政府,甚至声称这些攻击行为完全是美国一些反华人士炮制出來的虚构事件。美国及其盟国政府的专家们认为这种辩护令人难以信服。

Three years ago, the head of the British Security Service wrote to hundreds of corporate chief executive officers in the U.K. to advise them that their companies had in all probability been hacked by the government of China. Neither the FBI nor the Department of Homeland Security has issued such a notice to U.S. executives, but most corporate leaders already know it.

3年前,英国情报局局长写信给数百家英国公司的CEO提醒他们,他们的公司的计算机系统有可能被中国政府入侵。而美国,不管是FBI还是国土安全部都没有发出过类似的警告,尽管多数大公司的领导知道此事。

Some, like Google, have the courage to admit that they have been the victims of Chinese hacking. We now know that the “Aurora” attack (so named by the U.S. government because the English word appears in the attack software) against Google in 2009 also hit dozens of other information technology companies—allegedly including Adobe, Juniper and Cisco—seeking their source code. Aurora wasn’t an isolated event. This month Google renewed its charge against China, noting that the Gmail accounts of senior U.S. officials had been compromised from a server in China. The targeting of specific U.S. officials is not something that a mere hacker gang could do.

一些公司,例如google,敢于承认他们曾经是中国黑客攻击行为的受害者。现在我们知道,2009年针对google的“Aurora”攻击行动同时也攻击了大量别的IT公司——包括Adobe、Juniper 、Cisco——试图盗取他们的源代码。Aurora不是一次孤立的事件。这个月google再次指责了中国的攻击行为,指出一些美国高级官员的gmail帐户被位于中国的服务器侵入。针对特定的美国政府官员的攻击行为绝非一小伙黑客能够为之。

The Aurora attacks were followed by systematic penetrations of one industry after another. In the so-called Night Dragon series, attackers apparently in China went after major oil and gas companies, not only in the U.S. but throughout the world. The German government claims that the personal computer of Chancellor Angela Merkel was hacked by the Chinese government. Australia has also claimed that its prime minister was targeted by Chinese hackers.

紧随Aurora攻击之后的是从一个行业到另一个行业的系统化的渗透。在所谓的“夜龙”系列攻击中,显然是来自中国的黑客攻击了不光是美国、而且几乎是全球的主要的石油和天然气公司。德国政府声称,默克尔总理的个人计算机被中国政府侵入。澳大利亚政府也宣称,该国总理亦成为中国黑客的目标。

Recently the computer-security company RSA (a division of EMC) was penetrated by an intrusion which appears to have stolen the secret sauce behind the company’s SecureID. That system is widely used to protect critical computer networks. And this month, the largest U.S. defense contractor, Lockheed, was subject to cyberespionage, apparently by someone using the stolen RSA data. Cyber criminals don’t hack defense contractors—they go after banks and credit cards. Despite Beijing’s public denials, this attack and many others have all the hallmarks of Chinese government operations.

最近计算机安全企业RSA(EMC公司的一个分部)被侵入,并被盗走公司的安全ID。这个系统被广泛的用于保护计算机网络。本月,美国最大的国防承包商洛克希德被网络间谍活动攻击,攻击者用从RSA公司盗取的安全ID试图进入洛克希德的系统。普通的网络犯罪活动不会攻击国防承包商——他们通常是盗取网银也信用卡帐户的资金。尽管北京政府公开否认,这些攻击活动仍然有明显的中国政府行为的痕迹。

In 2009, this newspaper reported that the control systems for the U.S. electric power grid had been hacked and secret openings created so that the attacker could get back in with ease. Far from denying the story, President Obama publicly stated that “cyber intruders have probed our electrical grid.”

2009年,报纸报道美国电网的控制系统被入侵并留下秘密的后门,因此黑客可以从后门随时进入系统。远在北京否认攻击行为之前,奥巴马总统公开声明“网络黑客探测了我们的电网”

There is no money to steal on the electrical grid, nor is there any intelligence value that would justify cyber espionage: The only point to penetrating the grid’s controls is to counter American military superiority by threatening to damage the underpinning of the U.S. economy. Chinese military strategists have written about how in this way a nation like China could gain an equal footing with the militarily superior United States.

侵入电网系统既无经济收益,又没有情报可以盗取,这一渗透行为的唯一解释是,通过对支撑美国经济的电网系统的破坏来对抗美国在军事上的优势。中国军事战略学家曾经撰写过一个像中国这样的国家怎样通过此类手段在与美国这个超级军事强国抗衡。

What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a government response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government.

如果我们发现中国人的炸弹遍布于我们的电力系统,我们能怎么办?公众会要求政府做出响应。就算这些不是真的炸弹,是数字炸弹,仍然能够造成更大的破坏,而我们的响应只是沉默,尤其是我们的政府!

Congress hasn’t passed a single piece of significant cybersecurity legislation. When the Chinese deny senior U.S. officials’ claims (made in private) that Beijing is stealing terabytes of data in the U.S., Congress should not leave the American people in doubt. It should demand answers to basic questions:

国会通过了关于网络安全的庞大立法的一部分。当中国政府矢口否认一些美国高级官员提出的关于中国政府从美国盗取数以TB计的数据时候,国会不该不理会美国人民的质疑。他们应该回答几个基本的问题:

What does the administration know about the role of the Chinese government in cyberattacks on public and private computer networks in the United States?

我们的政府是否知道,在对美国的公共和私人的计算机系统发起的攻击行动中,中国政府扮演的是什么角色?

If there is widespread Chinese hacking of sensitive U.S. networks and critical infrastructure, what has the administration said about it to the Chinese government? Specifically, did President Obama raise concerns about these attacks with Chinese President Hu Jintao at the White House this spring?

当中国人对美国的敏感的网络和关键系统发动大规模攻击的时候,我们的政府对此事向中国政府说了些什么?具体的说,奥巴马总统在今年春中国总统胡锦涛访问美国时候是否在白宫会面中向其提出了对这些攻击行动的关切?

Since defensive measures such as antivirus software and firewalls appear unable to stop the Chinese penetrations, does the administration have any plan to address these cyberattacks?

在一般的防御措施例如防病毒软件和防火墙无法阻拦中国的渗透时候,政府是否有任何计划定位这些攻击?

In private, U.S. officials admit that the government has no strategy to stop the Chinese cyberassault. Rather than defending American companies, the Pentagon seems focused on “active defense,” by which it means offense. That cyberoffense might be employed if China were ever to launch a massive cyberwar on the U.S. But in the daily guerrilla cyberwar with China, our government is engaged in defending only its own networks. It is failing in its responsibility to protect the rest of America from Chinese cyberattack.

一些美国官员私下承认,美国政府对中国政府的网络入侵缺乏战略对策。比起保护美国公司来,五角大楼更倾向于“主动防御”,也就是进攻。如果中国对美国发动大规模的网络战,美国也必将发动网络进攻。但在与中国的日常网络游击战中,我们的政府只保护了他们自己的网络,他们根本没有尽到保护美国其他计算机网络系统免于被中国政府攻击的责任。

Mr. Clarke was a national security official in the White House for three presidents. He is chairman of Good Harbor Consulting, a security risk management consultancy for governments and corporations.

Mr. 克拉克是白宫的国家安全官员,曾经为三任总统服务。他同时也是f Good Harbor Consulting公司的主席,该公司致力于为政府和公司提供风险管理咨询服务。

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s