论文部分内容阅读
As 2014 came to a close, the United States and the Democratic People’s Republic of Korea (DPRK), also known as North Korea, kicked up a row over the alleged cyberattack on Sony Pictures Entertainment, one of the biggest movie producers in the United States. Washington accused Pyongyang of hacking Sony Pictures over a comedy film The Interview, which depicts an assassination attempt on North Korean top leader Kim Jong Un, but Pyongyang has denied involvement, dismissing such claims as “a wild rumor.” The United States pledged to “respond proportionally” to the Sony cyberattack. Days later, North Korea’s Internet and 3G mobile network repeatedly came to a standstill on December 22 and December 28, 2014, including a complete outage lasting about nine hours.
On January 2, 2015, U.S. President Barack Obama signed an executive order imposing new sanctions against three North Korean governmental organs as well as 10 officials in response to what he called Pyongyang’s “numerous provocations.” The U.S. move and subsequent media reports undoubtedly aim to tell the world that the DPRK Government ordered the cyberattack, ignoring the lack of clear evidence as to who was the culprit.
Could the evolving U.S.-North Korea cyber conflict grow into a full blown cyberwar?
The concept of a “cyberwar” originated in the United States. As early as 1993, John Arquilla and David Ronfeldt, two researchers of the U.S. RAND Corp., first coined the term in an article titled Cyberwar Is Coming! However, the article only gave a vague definition of cyberwar, saying that it refers to conducting and preparing to conduct military operations according to informationrelated principles. Although information technology has since progressed rapidly, no cyberwars have been widely recognized in the ensuing period. Meanwhile, no other authentic and widely recognized definition for cyberwar has been raised.
In the meantime, the subtext of a cyberattack is much broader and the concept is more widely recognized. All forms of malicious behavior within cyberspace—from hacking, website distortion to massive destruction on civil or military network infrastructure—are seen as cyberattacks. Such events in the past have not been as destructive as conventional warfare.
However, some cyberattack cases have already become components of international conflicts in recent years, thereby blurring the boundary between cyberwars and cyberattacks. For instance, in April 2007, a massive cyberattack by unknown attackers paralyzed Estonia’s key power infrastructure. The disruption lasted for several weeks, resulting in property damage and social turmoil in the Baltic nation. The event demonstrated the potential destructiveness of cyberattacks, and it was also the first time that such an event had threatened the national security of a country. Two months before the Russia-Georgia military conflict in August 2008, Georgia’s network infrastructure was hit by massive distributed denial-of-service (DDoS) attacks, which attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The network intrusions, which sought to destroy the Georgian Government’s communications capability, marked the first time that cyberattacks were employed in a military operation.
Another example is the computer worm Stuxnet that was discovered in 2010. In about 10 months, Stuxnet disabled almost one fifth of Iran’s centrifuges, causing severe technical problems for the country’s nuclear program. Michael Hayden, who served as director of the U.S. National Security Agency in 1999-2005, said that Stuxnet showed for the first time the level of damage that cyberattacks could bring to the world.
How can one distinguish between a cyberattack and cyberwar? According to a popular definition in the academic community, a cyberattack can constitute a cyberwar when it is part of a real military conflict or conforms to particular standards given no physical war happening. Though views on the particular standards differ, the degree of damage is universally agreed upon as primary judgment criteria. Military experts have shown unanimous concern over the much more disastrous consequences cyberattacks could bring to humankind than traditional wars given the fragility of cyberspace and its close link with people’s lives—for instance, the possible nuclear disasters caused by cyberattacks.
Currently, the international community has reached a consensus to keep alert and avoid setting the cyberwar threshold too low. Politically, war represents the most severe level of confrontation between rivals. A miscalculation could go against the peace and stability of cyberspace and the present world. People should never lightly define an event as a cyberwar, and the recent case between North Korea and the United States should not be regarded as a herald of “the coming of a cyberwar era.”
After the Sony Pictures cyberattack, U.S. Senator Lindsey Graham, a Republican from South Carolina, accused China of involvement in the attack but failed to present any evidence to support the claims.
Chinese Foreign Ministry spokeswoman Hua Chunying refuted Graham’s accusation, saying that China never allows any foreign country or individual to carry out cyberattacks from Chinese soil or by using Chinese facilities. While China benefits greatly from the rapid development of information technology, it is also facing a growing number of online threats from overseas. It has now become one of the biggest victims of cyberattacks in the world. The China Internet Development Report 2014 shows that “backdoors” created overseas hacked about 61,000 websites on the Chinese mainland in 2013, up 62.1 percent from 2012. A backdoor is a method of bypassing normal authentication and securing illegal remote access to a computer. Over 10.9 million computers on the China mainland were controlled by overseas servers. The United States was home to 30.2 percent of these servers.
To safeguard cyberspace, the Chinese Government has made great efforts to promote the global Internet interconnectivity and shared governance. During the First World Internet Conference held in China last year, Chinese President Xi Jinping called on the international community to jointly build a cyberspace of peace, security, openness and cooperation, as well as an international Internet governance system of multilateralism, democracy and transparency.
Besides promoting global Internet governance, the biggest threat for the peace and stability of the current cyberspace is not cyberwars but the preparation for such wars. Though a true cyberwar has not yet erupted, some countries have already prepared for such an event. The United States, particularly, has continued to update its cyberspace strategy or action plans, enlarge its cyber army, increase input on cyber armament development and conduct a variety of joint cyberwar military drills. The trend of cyberspace militarization has further increased the risk of incidents. To the point, besides enhancing international cooperation and building a mutual trust mechanism, the international community should also seriously manage and control cyberspace militarization, to truly safeguard the peace and stability of the virtual world.
On January 2, 2015, U.S. President Barack Obama signed an executive order imposing new sanctions against three North Korean governmental organs as well as 10 officials in response to what he called Pyongyang’s “numerous provocations.” The U.S. move and subsequent media reports undoubtedly aim to tell the world that the DPRK Government ordered the cyberattack, ignoring the lack of clear evidence as to who was the culprit.
Could the evolving U.S.-North Korea cyber conflict grow into a full blown cyberwar?
The concept of a “cyberwar” originated in the United States. As early as 1993, John Arquilla and David Ronfeldt, two researchers of the U.S. RAND Corp., first coined the term in an article titled Cyberwar Is Coming! However, the article only gave a vague definition of cyberwar, saying that it refers to conducting and preparing to conduct military operations according to informationrelated principles. Although information technology has since progressed rapidly, no cyberwars have been widely recognized in the ensuing period. Meanwhile, no other authentic and widely recognized definition for cyberwar has been raised.
In the meantime, the subtext of a cyberattack is much broader and the concept is more widely recognized. All forms of malicious behavior within cyberspace—from hacking, website distortion to massive destruction on civil or military network infrastructure—are seen as cyberattacks. Such events in the past have not been as destructive as conventional warfare.
However, some cyberattack cases have already become components of international conflicts in recent years, thereby blurring the boundary between cyberwars and cyberattacks. For instance, in April 2007, a massive cyberattack by unknown attackers paralyzed Estonia’s key power infrastructure. The disruption lasted for several weeks, resulting in property damage and social turmoil in the Baltic nation. The event demonstrated the potential destructiveness of cyberattacks, and it was also the first time that such an event had threatened the national security of a country. Two months before the Russia-Georgia military conflict in August 2008, Georgia’s network infrastructure was hit by massive distributed denial-of-service (DDoS) attacks, which attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The network intrusions, which sought to destroy the Georgian Government’s communications capability, marked the first time that cyberattacks were employed in a military operation.
Another example is the computer worm Stuxnet that was discovered in 2010. In about 10 months, Stuxnet disabled almost one fifth of Iran’s centrifuges, causing severe technical problems for the country’s nuclear program. Michael Hayden, who served as director of the U.S. National Security Agency in 1999-2005, said that Stuxnet showed for the first time the level of damage that cyberattacks could bring to the world.
How can one distinguish between a cyberattack and cyberwar? According to a popular definition in the academic community, a cyberattack can constitute a cyberwar when it is part of a real military conflict or conforms to particular standards given no physical war happening. Though views on the particular standards differ, the degree of damage is universally agreed upon as primary judgment criteria. Military experts have shown unanimous concern over the much more disastrous consequences cyberattacks could bring to humankind than traditional wars given the fragility of cyberspace and its close link with people’s lives—for instance, the possible nuclear disasters caused by cyberattacks.
Currently, the international community has reached a consensus to keep alert and avoid setting the cyberwar threshold too low. Politically, war represents the most severe level of confrontation between rivals. A miscalculation could go against the peace and stability of cyberspace and the present world. People should never lightly define an event as a cyberwar, and the recent case between North Korea and the United States should not be regarded as a herald of “the coming of a cyberwar era.”
After the Sony Pictures cyberattack, U.S. Senator Lindsey Graham, a Republican from South Carolina, accused China of involvement in the attack but failed to present any evidence to support the claims.
Chinese Foreign Ministry spokeswoman Hua Chunying refuted Graham’s accusation, saying that China never allows any foreign country or individual to carry out cyberattacks from Chinese soil or by using Chinese facilities. While China benefits greatly from the rapid development of information technology, it is also facing a growing number of online threats from overseas. It has now become one of the biggest victims of cyberattacks in the world. The China Internet Development Report 2014 shows that “backdoors” created overseas hacked about 61,000 websites on the Chinese mainland in 2013, up 62.1 percent from 2012. A backdoor is a method of bypassing normal authentication and securing illegal remote access to a computer. Over 10.9 million computers on the China mainland were controlled by overseas servers. The United States was home to 30.2 percent of these servers.
To safeguard cyberspace, the Chinese Government has made great efforts to promote the global Internet interconnectivity and shared governance. During the First World Internet Conference held in China last year, Chinese President Xi Jinping called on the international community to jointly build a cyberspace of peace, security, openness and cooperation, as well as an international Internet governance system of multilateralism, democracy and transparency.
Besides promoting global Internet governance, the biggest threat for the peace and stability of the current cyberspace is not cyberwars but the preparation for such wars. Though a true cyberwar has not yet erupted, some countries have already prepared for such an event. The United States, particularly, has continued to update its cyberspace strategy or action plans, enlarge its cyber army, increase input on cyber armament development and conduct a variety of joint cyberwar military drills. The trend of cyberspace militarization has further increased the risk of incidents. To the point, besides enhancing international cooperation and building a mutual trust mechanism, the international community should also seriously manage and control cyberspace militarization, to truly safeguard the peace and stability of the virtual world.