Cyberwar 网络战争

THROUGHOUT history new technologies have revolutionised warfare, sometimes abruptly, sometimes only gradually: think of the chariot, gunpowder, aircraft, radar and nuclear fission. So it has been with information technology. Computers and the internet have transformed economies and given Western armies great advantages, such as the ability to send remotely piloted aircraft across the world to gather intelligence and attack targets. But the spread of digital technology comes at a cost: it exposes armies and societies to digital attack.
历史上，新兴技术一次又一次地给战争带来了革命性的变化，有时巨变有如迅雷不及掩耳，有时点滴变化滴水石穿：历数往昔，战车，火药，飞机，雷达，核聚变，都深远地变革了战争。信息技术亦然。计算机和互联网改变了各国经济，使西方国家的军队获得了巨大优势，例如，他们能够向世界各地发射遥控飞行器，以搜集情报、攻击目标。但是数字技术的传播是需要付出代价的——它使军队和社会暴露在数字攻击的“炮火“下。

The threat is complex, multifaceted and potentially very dangerous. Modern societies are ever more reliant on computer systems linked to the internet, giving enemies more avenues of attack. If power stations, refineries, banks and air-traffic-control systems were brought down, people would lose their lives. Yet there are few, if any, rules in cyberspace of the kind that govern behaviour, even warfare, in other domains. As with nuclear- and conventional-arms control, big countries should start talking about how to reduce the threat from cyberwar, the aim being to restrict attacks before it is too late.
这种威胁复杂、多面，并具有潜在危险。现代社会越来越依赖于有网络连接的计算机系统，这增加了敌人的攻击途径。如若发电站、精炼厂、银行和空中交通管制系统被迫瘫痪，人们便性命难保。然而，在其他空间，人们的行为甚至战争都受到相关法规的管制，而网络空间却极少有此类规则。如同核军备和常规军备控制，大国应该开始就如何减少网络战争的威胁进行讨论，以及时扼制攻击，避免悲剧的发生。

The army reboots
军队重启

Cyberspace has become the fifth domain of warfare, after land, sea, air and space (see article). Some scenarios imagine the almost instantaneous failure of the systems that keep the modern world turning. As computer networks collapse, factories and chemical plants explode, satellites spin out of control and the financial and power grids fail.
网络已经成为陆地、海洋、天空和太空之外的第五战场。有的电影也天马行空地想象了维持现代世界运转的各个系统瞬间崩溃的场景。一旦计算机网络崩溃，工厂和化工厂便会爆炸，卫星会脱离控制，金融体系和电网也会瘫痪。

That seems alarmist to many experts. Yet most agree that infiltrating networks is pretty easy for those who have the will, means and the time to spare. Governments know this because they are such enthusiastic hackers themselves. Spies frequently break into computer systems to steal information by the warehouse load, whether it is from Google or defence contractors. Penetrating networks to damage them is not much harder. And, if you take enough care, nobody can prove you did it.
这在很多专家看来可能只是耸人听闻。不过大多数专家都认同一点：对于那些有意愿、有方法、有时间的人来说，网络渗透易如反掌。政府深知此事，因为它们自己就热衷于黑客行为。间谍经常闯入计算机系统，从谷歌或者国防承包商那里大批量盗取信息。渗入计算机网络并将其摧毁亦非难事。并且，如果你足够小心，没有人能证明你就是罪魁祸首。

The cyber-attacks on Estonia in 2007 and on Georgia in 2008 (the latter strangely happened to coincide with the advance of Russian troops across the Caucasus) are widely assumed to have been directed by the Kremlin, but they could be traced only to Russian cyber-criminals. Many of the computers used in the attack belonged to innocent Americans whose PCs had been hijacked. Companies suspect China of organising mini-raids to ransack Western know-how: but it could just have easily been Western criminals, computer-hackers showing off or disillusioned former employees. One reason why Western governments have until recently been reticent about cyber-espionage is surely because they are dab hands at it, too.
爱沙尼亚和格鲁吉亚分别在2007和2008年遭受网络攻击（格鲁吉亚遭受的攻击恰好与俄军进军高加索同时发生），这两次攻击被广泛认为是受克里姆林宫的指使，但是经调查责任只能追究到俄国网络罪犯身上。参与这些攻击的很多都是无辜的美国人的电脑，他们的个人电脑被“劫持”了。一些公司怀疑中国涉嫌组织小型攻击以劫掠西方技术知识：但是这也可能仅仅是西方罪犯、乐于炫耀的黑客或失意绝望的下岗职工所为。西方政府直到不久前还对网络间谍行为缄默不言，唯一的原因自然就是他们也已是内行老手了。

As with nuclear bombs, the existence of cyber-weapons does not in itself mean they are about to be used. Moreover, an attacker cannot be sure what effect an assault will have on another country, making their deployment highly risky. That is a drawback for sophisticated military machines, but not necessarily for terrorists or the armies of rogue states. And it leaves the dangers of online crime and espionage.
与核弹一样，网络武器的存在其本身并不意味着它们会被使用。另外，攻击者也无法确定发起一场袭击会对目标国家产生什么影响，这使他们的部署风险很大。这对于精密军事器械来说是一个不利条件，但是对于恐怖分子或“流氓国家”的军队来说则未必如此，网络上的犯罪行为和间谍活动同样也是漏网之鱼，危险万分。

All this makes for dangerous instability. Cyber-weapons are being developed secretly, without discussion of how and when they might be used. Nobody knows their true power, so countries must prepare for the worst. Anonymity adds to the risk that mistakes, misattribution and miscalculation will lead to military escalation—with conventional weapons or cyberarms. The speed with which electronic attacks could be launched gives little time for cool-headed reflection and favours early, even pre-emptive, attack. Even as computerised weapons systems and wired infantry have blown away some of the fog of war from the battlefield, they have covered cyberspace in a thick, menacing blanket of uncertainty.
这一切都使危机四伏。各国正在秘密地开发网络武器，而没有人讨论过如何使用及何时使用它们。也没有人知晓它们的真正威力，因而各国必须做最坏的打算，悉心准备。网络行为的匿名性加剧了风险，稍有差池，或张冠李戴，或错误推断，都会导致军事升级——或是常规武器的硝烟弥漫，或是网络武器的炮火连天。发起电子攻击可以如风驰电掣般迅速，几乎没有时间冷静思考，提早进攻甚至先发制人才是王道。电脑化的武器系统和网络步兵尽管可以驱散传统战场上的硝烟，但同时也给网络空间蒙上了一层厚重的云雾，使其险象环生，充满了不确定性。

One response to this growing threat has been military. Iran claims to have the world’s second-largest cyber-army. Russia, Israel and North Korea boast efforts of their own. America has set up its new Cyber Command both to defend its networks and devise attacks on its enemies. NATO is debating the extent to which it should count cyberwar as a form of “armed attack” that would oblige its members to come to the aid of an ally.
面对这一与日俱增的威胁，各国做出的唯一反应便是军事上的应对。伊朗声称其拥有世界第二大网络军队。俄罗斯、以色列和朝鲜也吹嘘着他们所做的努力。美国已建立起新的网络司令部，以保卫其网络并策划对敌人的进攻。北约正陷于唇枪舌战之中，讨论应在何种程度上将网络战争列为“武装攻击”的一种形式，使成员国有义务对受到攻击的盟国进行援助。

But the world needs cyberarms-control as well as cyber- deterrence. America has until recently resisted weapons treaties for cyberspace for fear that they could lead to rigid global regulation of the internet, undermining the dominance of American internet companies, stifling innovation and restricting the openness that underpins the net. Perhaps America also fears that its own cyberwar effort has the most to lose if its well-regarded cyberspies and cyber-warriors are reined in.
但是，世界需要网络威慑，同样也需要网络军备控制。美国直到最近还在抵制网络武器协议的签订，因为其担心这些协议会形成刻板的互联网全球管制，从而损害美国互联网公司的支配地位，抑制创新，使网络赖以生存的开放性大打折扣。或许美国也担心，一旦其备受瞩目的网络间谍和网络战士受到限制，其自身网络战争准备工作的损失将最为惨重。

Such thinking at last shows signs of changing, and a good thing too. America, as the country most reliant on computers, is probably most vulnerable to cyber-attack. Its conventional military power means that foes will look for asymmetric lines of attack. And the wholesale loss of secrets through espionage risks eroding its economic and military lead.
这种想法终于有改变的迹象了，这可谓喜事一桩。美国是最依赖电脑的国家，自然也很可能最容易受到网络攻击的危害。其强大的常规军事力量使敌人不得不另辟蹊径，寻觅另外的进攻线路。另外，网络间谍窃取了美国大量的机密，威胁着美国的经济和军事领先地位。

Hardware and soft war
硬件和软战

If cyberarms-control is to America’s advantage, it would be wise to shape such accords while it still has the upper hand in cyberspace. General Keith Alexander, the four-star general who heads Cyber Command, is therefore right to welcome Russia’s longstanding calls for a treaty as a “starting point for international debate”. That said, a START-style treaty may prove impossible to negotiate. Nuclear warheads can be counted and missiles tracked. Cyber-weapons are more like biological agents; they can be made just about anywhere.
如果网络军备控制对美国有利，那么明智之举是，美国应趁其仍在网络空间占据优势时先下手为强，决定这些协议的内容。因此，基思•亚历山大将军（美国网络司令部掌门人，四星上将）对俄国长期以来关于订立协议的呼吁表示欢迎，并将其称为“国际论战的起点”。说是这样说，但是要建立一个《削减战略武器条约》类型的裁武协议几乎是天方夜谭。核弹头可以清点，导弹可以追踪，而网络武器则更像是生物战剂，在任何地方都可以制造出来。

So in the meantime countries should agree on more modest accords, or even just informal “rules of the road” that would raise the political cost of cyber-attacks. Perhaps there could be a deal to prevent the crude “denial-of-service” assaults that brought down Estonian and Georgian websites with a mass of bogus requests for information; NATO and the European Union could make it clear that attacks in cyberspace, as in the real world, will provoke a response; the UN or signatories of the Geneva Conventions could declare that cyber-attacks on civilian facilities are, like physical attacks with bomb and bullet, out of bounds in war; rich countries could exert economic pressure on states that do not adopt measures to fight online criminals. Countries should be encouraged to spell out their military policies in cyberspace, as America does for nuclear weapons, missile defence and space. And there could be an international centre to monitor cyber-attacks, or an international “duty to assist” countries under cyber-attack, regardless of the nationality or motive of the attacker—akin to the duty of ships to help mariners in distress.
因此，各国应该达成更为温和的协议，甚至只是制定非正式的“明确性规则”以加重发起网络攻击的政治成本。或许可以达成一项协议，以防止“拒绝服务”攻击这种不成熟的行为，当初就是这种攻击通过向网站发送海量虚假的信息求索要求，从而导致爱沙尼亚和格鲁吉亚大量网站瘫痪；北约和欧盟可以声明，同真实世界的攻击一样，它们也会对网络空间的攻击行为作出反应；联合国或日内瓦公约的签约国可以宣告天下，同炸弹子弹造成的人身攻击一样，对民用设施的网络攻击在战争中同样是不可容忍的；富国可以向对网络犯罪无所作为的国家施加经济压力。应当鼓励各国阐明其在网络空间的军事政策，正如美国在核武器、导弹防御和太空方面的所做的那样。也可以成立一个国际中心以监控网络攻击，或者规定不论攻击者的国籍或动机，各国都有义务援助网络攻击受害国——类似于船只拯救遇险水手的义务。

The internet is not a “commons”, but a network of networks that are mostly privately owned. A lot could also be achieved by greater co-operation between governments and the private sector. But in the end more of the burden for ensuring that ordinary people’s computer systems are not co-opted by criminals or cyber-warriors will end up with the latter—especially the internet-service providers that run the network. They could take more responsibility for identifying infected computers and spotting attacks as they happen.
互联网并不是“共有资源”，而是主要是一个由私有网络纵横交织而成的网络。因此政府和私人部门更为密切的合作也会大有裨益。但最终，为确保普通百姓的电脑系统免遭罪犯或网络战士的干扰，后者——尤其是运营网络的网络服务供应商——的负担更重一些。他们在侦别受感染电脑和及时发现攻击行为方面可以肩负起更多的责任。