Digital dominance 数字霸权

2020年10月


A new ranking of cyber-power throws up some surprises
一份新的网络力量排名有点出人意料

 

Digital dominance 数字霸权


CHINA HAS the world’s largest army. Russia wields the most tanks. America owns the fanciest satellites. But who has the most cyber-power? A new National Cyber Power Index by the Belfer Centre at Harvard University ranks 30 countries on their level of ambition and capability. Offensive cyber-power—the ability to do harm in or through computer networks—is one measure. But so too are the strength of a country’s defences, the sophistication of its cyber-security industry and its ability to spread and counter propaganda (see chart).
中国拥有世界上最庞大的军队。俄罗斯拥有最多坦克。美国拥有最先进的卫星。但谁拥有最强大的网络力量?哈佛大学贝尔福中心(Belfer Centre)最新发布的国家网络力量指数(National Cyber Power Index)对30个国家的雄心和能力进行了排名。衡量指标之一是攻击性网络力量,即在计算机网络内或通过计算机网络造成伤害的能力。但同样作为指标的还有一国的防御力、网络安全产业的发展水平,以及宣传和反宣传能力(见图表)。 
That America stands at the top of the list is not surprising. Its cyber-security budget for fiscal year 2020 stood at over $17bn and the National Security Agency (NSA), its signals-intelligence (SIGINT) agency, probably gets well over $10bn. The awesome scale of America’s digital espionage was laid bare in leaks by Edward Snowden, a former NSA contractor, in 2013, which showed the agency hoovering up vast amounts of the world’s internet traffic and trying to weaken encryption standards.
美国名列榜首并不让人意外。它在2020财年的网络安全预算超过170亿美元,它的信号情报(SIGINT)机构美国国家安全局(NSA)的预算可能远高于100亿美元。国安局前承包商雇员斯诺登2013年泄露的文件揭露了美国数字间谍活动惊人的规模。文件显示国安局占用了全世界大量的互联网流量,并试图削弱加密标准。
China, in second place, has demonstrated a voracious appetite for commercial cyber-espionage abroad and an iron grip on the internet at home. Britain, whose National Cyber Security Centre has parried over 1,800 cyber-attacks since its creation in 2016, is third. Britain is currently setting up an offensive National Cyber Force staffed jointly by spies and soldiers. Russia, whose spies interfered with America’s last election, is in fourth place.
位居第二的中国展现出对国外商业网络间谍活动的极大兴趣,对国内的互联网施以铁腕管控。英国排名第三,它的国家网络安全中心(National Cyber Security Centre)自2016年成立以来已经抵御了1800多起网络攻击。英国目前正在组建一个进攻性的国家网络部队(National Cyber Force),成员有间谍也有士兵。俄罗斯排名第四,该国间谍干预了上一次美国大选。
The big surprise is the Netherlands in fifth place, ahead of France, Germany and Canada. Dutch expertise in analysing malware is particularly sharp, says a Dutch insider, who points out that this is handy both for spotting attacks and mounting them. The cybercrime team of the Dutch police has proved adept at apprehending online criminals. And in 2014 the small but world-class group of hackers working for Dutch intelligence managed to penetrate a computer network used by the SVR, Russia’s foreign intelligence service—including CCTV cameras in the building—allowing them to watch as the Russians hacked America’s State Department.
最让人惊讶的是荷兰位居第五,排在了法国、德国和加拿大前面。荷兰一位内部人士称,该国在分析恶意软件方面的专业技能尤为出色,他还指出这在发现攻击和实施攻击上都能派上用场。事实证明,荷兰警方的网络犯罪小组在追捕网络罪犯方面非常娴熟。而在2014年,为荷兰情报机构工作的一群规模虽小但世界顶尖的黑客成功侵入了俄罗斯对外情报局(SVR)的计算机网络,包括大楼里的闭路电视监控摄像头,这让他们看到了俄罗斯人入侵美国国务院网络的过程。
Measuring cyber-power is fraught with difficulty, warns Marcus Willett, a former deputy director of GCHQ, Britain’s SIGINT agency. Many experts are puzzled by Israel’s relatively low ranking on the Belfer index, despite its hacking prowess; its secrecy may be one reason for this. “Warships in the Antarctic can easily be seen,” says Mr Willett, “yet a piece of code inserted into a power plant is hard to detect.” Though some states acknowledge their offensive capabilities—America and Britain boast of smashing Islamic State networks in Iraq and Syria, partly as a signal to Russia and China—most shy away from doing so.
英国的信号情报机构政府通信总部(GCHQ)的前副主管马库斯•威利特(Marcus Willett)提醒道,衡量网络力量困难重重。令许多专家不解的是,以色列尽管黑客技术高超,在贝尔福中心这一指数中的排名却相对较低。该国在这方面的隐秘性可能是一个原因。“在南极的军舰很容易被发现,”威利特说,“而插入到发电厂程序中的一段代码却很难发现。”有些国家承认自己的进攻能力,比如美国和英国夸耀自己捣毁了伊斯兰国(IS)在伊拉克和叙利亚的网络,这一定程度上是为了向俄罗斯和中国发出信号。但大多数国家还是避而不谈。
Many countries outsource the dirtiest work to deniable proxies, like “hacktivists” and criminals. And whereas procuring a warship or missile is expensive and time-consuming, potent malware can be stolen or bought online. WannaCry, a ransomware attack mounted by North Korea in 2017, used a hacking tool, EternalBlue, which had leaked out of the NSA.
许多国家把最脏的活儿外包给可矢口否认的代理人,比如“激进黑客”和犯罪分子。购置军舰或导弹费钱又耗时,但强效的恶意软件可以从网上偷窃或购买。朝鲜在2017年发起的一场勒索软件攻击WannaCry就利用了从美国国安局流出的黑客工具“永恒之蓝”(EternalBlue)。
A forthcoming study of cyber-power by Mr Willett and his colleagues at the International Institute for Strategic Studies (IISS), a think-tank, concludes that, although stealing things and disrupting networks is important, what matters most over the longer term is control of digital infrastructure, such as the hardware that runs mobile telecommunications and key apps. Dominance there will be crucial to economic strength and national security, says the IISS. On that measure, “only China is currently positioned to be able to make the jump to join the US in the first rank.”
威利特和他在智库国际战略研究所(International Institute for Strategic Studies,简称IISS)的同事们即将发表的一项关于网络力量的研究得出结论称,尽管偷窃和扰乱网络很重要,但从更长远来看,最重要的是对数字基础设施的控制,比如运行移动通信和关键应用的硬件。IISS认为在这方面的支配地位将对经济实力和国家安全至关重要。按照这个标准,“目前只有中国的状况能够实现大步跨越,与美国并列第一集团。”