2013年6月4日 星期二

An Elizabethan Cyberwar


Op-Ed Contributors

An Elizabethan Cyberwar

觀點

打一場維多利亞式(哈哈牛頭不對馬嘴)的網絡戰


紐黑文——在貝拉克·奧巴馬與中國國家主席習近平準備下周在加利福尼亞州會晤之際,美中關係感覺越來越像冷戰,尤其是在網絡安全方面。
兩國都指責對方打破了遊戲的舊規則,雙方新一代的「網絡鷹派分子」都主張類似於冷戰的升級,可能使低級別的網絡衝突演變為全面戰爭。

但用對待勃列日涅夫(Brezhnev)時代的蘇聯的方式來對待當今的中國,將扭曲這種威脅的本質乃至美國的應對方式。
在迎接當今的網絡戰鬥時,美國應該少考慮蘇聯人,轉而多想想海盜。的確,如今的網絡競賽與其說像冷戰,不如說更像爭奪新世界(New World)的戰鬥。
發現美洲之後,歐洲列強爭奪對大西洋的控制權。就像今天的互聯網一樣,海洋在當時是貿易和交流的主要渠道,沒有一個國家能夠獨霸這個渠道。
那時候,西班牙帝國號稱擁有令人生畏的強大海軍,但它無法 主宰海洋。較為貧弱的英格蘭慫恿、武裝想要當海盜的人,讓這些人在沒有官方認可的情況下,代表英國行動,試探西班牙的實力。這些在一定程度上得到國家撐腰 的武裝民船在新世界乃至西班牙本土沿岸搶劫船舶,奪走了西班牙的黃金和驕傲,既為英格蘭皇室帶來財富,也增強了英國海軍軍力。西班牙無法將這些襲擊事件直 接歸咎於英格蘭,這讓伊麗莎白一世(Queen Elizabeth I)在一個缺乏法律或慣例的競技場中,彌補己方的劣勢。
如今的網絡戰沒有多大的區別。
有關中國網絡間諜活動技術含量不斷提高的多份報道,構成了奧巴馬與習近平下周峰會的大背景。本周早些時候曝光的證據表明,中國黑客曾侵入五角大樓多個絕密項目。此前有消息稱,據信隸屬解放軍的網絡戰單位在偃旗息鼓一陣後,再度對美國企業和政府機構發起攻擊。
隨着緊張關係加深,鷹派的中國軍方領導人正為發起進攻戰進 行鋪墊。蘭德公司(RAND Corporation)專家所做的一項研究稱,中方有人呼籲,「按照在中國日漸佔上風的先發制人戰略」,發動先發制人的網 絡攻擊。近期一篇論文發現,中國軍事官員已考慮利用震網(Stuxnet)等網絡武器來攻擊關鍵基礎設施;美國和以色列曾動用震網破壞伊朗核武項目。
美國的政策制定者正開始透過冷戰的稜鏡來看待美中網絡過招。五角大樓一名官員最近表示,冷戰期間,美國關注「莫斯科周邊的核指揮中心」,如今,美國領導人「也同樣擔心上海的計算機服務器。」
另一名高級官員宣稱,「冷戰強制設定了標準,當年的蘇聯和美國都沒有逾越一系列底線。」但他認為,「中國正在逾越那些底線。」
一些人將這些敵對行動視作冷戰的重演,其中一些人提議做出 更強烈的回應。今年早些時候,美國軍方宣布成立13支專職發動網絡攻擊的部隊,並批准了先發制人網絡攻擊的戰術。上月下旬,美國前駐華大使洪博培(Jon M. Huntsman Jr.)及前國家情報總監丹尼斯·C·布萊爾(Dennis C. Blair)建議,允許美國企業自行對中國黑客進行報復。
美中兩國都冒出網絡鷹派,增加了黑客行為升級為網絡戰爭的可能性。這些人可能會在各自的國家施壓,要求把任何一場不斷升級的網絡衝突都視為當代的古巴導彈危機。
但是,有着標準邊界、明確規則和「相互保證毀滅」威脅的冷戰模式,並不適合網絡空間。
第一個主要區別是地形。當年的美蘇爭奪全球影響力,雙方在 這裡部署大部隊,在那邊派遣秘密特工滲透敵後。互聯網則更具流動性。不論是美國還是中國,都無法把網絡空間分割為「勢力範圍」這種靠譜的結構。在沒有明顯 邊界讓各國侵入或防禦的情況下,網絡空間的威力一方面更易於施展,另一方面也更難以保持,這是一場綿里藏針的過招,而不是硬碰硬的威懾。
當今的參與者也更多了。當年的美國和蘇聯是世界上無可比擬 的核大國。但在網絡領域,美國和中國在「殺傷力」方面僅僅是略微領先於其他國家、黑客團體和個人。而且,這些行動者都可以躲藏在多層網絡和第三方背後,令 人難以發現攻擊者的身份甚至攻擊方式和攻擊時間。在多數情況下,都會有貌似可信的推諉。即便美國和中國的政策制定者希望像他們的前輩管理冷戰那樣認真管理 互聯網,也沒有什麼工作小組能夠降服這種不穩定性。
各國仍在探索如何在互聯網問題上互動,有關國際法是否適用互聯網的爭論仍相持不下。因此無論是法律明文規定或是「潛規則」,目前幾乎沒有什麼已經確立的網絡行為慣例。美國不應期待中國遵守上個時代的規則。在多年槍口外交中形成的美蘇爭霸規則,無法被移植到網絡空間。
如果美國政策制定者繼續把華盛頓和北京之間的網絡角力界定為一場新冷戰,他們將無法迎接挑戰。透過陳舊的稜鏡來看待中國的行為,會扭曲他們對中方意圖的判斷,並把美國的報復局限於昔日戰鬥的過時規則。
如果他們必須回顧過去,就應該去汲取16世紀的教訓,而不是20世紀。1588年,西班牙皇室在很大程度上就是因為對英格蘭的海盜行為忍無可忍而付諸大舉報復,派遣它的龐大艦隊去推翻伊麗莎白女王。此舉以災難告終,給英方送上一場大勝。
與其用老一套做法來擊退互聯網的新型不穩定性,美國官員不 如擁抱新現實。以恰當的視角來看待這場衝突,政策制定者不妨調低言論分貝,同時嘗試一系列新的回應方式,其力度超出譴責,但不到全面網絡戰爭的程度——使 他們既有周旋空間,同時又不把網絡衝突當成通向Defcon 1(極可能爆發核戰的最高戒備狀態——譯註)的路徑。
在這些法律上尚未探明的水域,只有伊麗莎白一世那樣的機智,而不是冷戰的邊緣政策,才能指引華盛頓安然度過風暴。
喬丹·錢 德勒·希爾施(Jordan Chandler Hirsch)是《外交》(Foreign Affairs)雜誌的前任編輯。薩姆·阿德爾斯伯格(Sam Adelsberg)是耶魯大學信息社會項目(Information Society Project)的參與者。他們目前都是耶魯大學法學院的學生。
翻譯:林蒙克


NEW HAVEN — AS Barack Obama and China’s president, Xi Jinping, prepare to meet in California next week, America’s relations with China are feeling increasingly like the cold war — especially when it comes to cybersecurity.
With the two countries accusing each other of breaking the old rules of the game, a new breed of “cyberhawks” on both sides are arguing for cold-war-like escalation that could turn low-level cyberconflict into total war.

But treating today’s Beijing like Brezhnev’s Moscow distorts the nature of the threat and how Washington should respond to it.
In confronting today’s cyberbattles, the United States should think less about Soviets and more about pirates. Indeed, today’s cybercompetition is less like the cold war than the battle for the New World.
In the era after the discovery of the Americas, European states fought for mastery over the Atlantic. Much like the Internet today, the ocean then was a primary avenue for trade and communication that no country could cordon off.
At that time, the Spanish empire boasted a fearsome navy, but it could not dominate the seas. Poorer and weaker England tested Spain’s might by encouraging and equipping would-be pirates to act on its behalf without official sanction. These semi-state-sponsored privateers robbed Spain of gold and pride as they raided ships off the coasts of the New World and Spain itself, enriching the English crown while augmenting its naval power. Spain’s inability to attribute the attacks directly to England allowed Queen Elizabeth I to level the playing field in an arena lacking laws or customs.
Today’s cyberbattles aren’t so different.
Next week’s summit takes place amid reports of increasingly sophisticated Chinese cyberespionage. Earlier this week, evidence surfaced that Chinese hackers had gained access to several top-secret Pentagon programs. That followed news that cyberunits believed to be linked to the Chinese Army have resumed attacks on American businesses and government agencies.
As tensions deepen, hawkish Chinese military leaders are paving the way for offensive war. A study by a RAND Corporation expert cited Chinese sources calling for pre-emptive cyberstrikes “under the rubric of the rising Chinese strategy of xianfa zhiren, or ‘gaining mastery before the enemy has struck.’ ” And a recent paper found that Chinese military officials have contemplated using cyberweapons like Stuxnet, which the United States and Israel deployed against Iran’s nuclear program, to target critical infrastructure.
American policy makers are beginning to view their cyberstruggle with China through a cold war lens. One Pentagon official recently said that while during the cold war America focused “on the nuclear command centers around Moscow,” today American leaders “worry as much about the computer servers in Shanghai.”
Another senior official declared that “the Cold War enforced norms, and the Soviets and the United States didn’t go outside a set of boundaries.” But, he argued, “China is going outside those boundaries now.”
Among those who view these hostilities as the cold war redux, some are proposing a more strident response. Earlier this year, the United States military announced the formation of 13 units dedicated to offensive cyberstrikes and endorsed pre-emptive cyberattacks. And late last month, Jon M. Huntsman Jr., the former ambassador to China, and Dennis C. Blair, the former director of national intelligence, suggested allowing American companies to retaliate against Chinese hackers on their own.
This emergence of cyberhawks in both nations raises the odds of a hack’s becoming a cyberwar. These voices could pressure both nations to treat any escalating cyberconflict as a latter-day Cuban missile crisis.
But the cold war model of a struggle with calibrated boundaries, clear rules, and the threat of mutual assured destruction simply doesn’t fit cyberspace.
The first major difference is terrain. The United States and the Soviet Union fought for global influence, manning divisions here and infiltrating covert operatives there. The Internet is more fluid. Neither the United States nor China can slice cyberspace into the reassuring structure of spheres of influence. With no obvious borders for states to violate or defend, power in cyberspace is at once easier to exercise and harder to maintain, a battle of subtleties rather than hard-nosed deterrence.
There are also more players today. The United States and the Soviet Union were the world’s unmatched nuclear powers. But in the cyberrealm, the United States and China stand only just ahead of other nations, hacker groups and individuals in their ability to inflict damage. And all of these actors can hide behind layers of networks and third parties, making it difficult to discover not only who attacked but also how and when. There will, in most cases, be plausible deniability. Even if American and Chinese policy makers wanted to manage the Web as carefully as their predecessors did the cold war, no working group could tame this instability.
With nations still navigating how to interact on the Web and arguments persisting about whether international law applies to the Internet, there are few established customs of cyberbehavior, legal or implicit. The United States should not expect China to follow the rules of a previous era. The norms of American-Soviet conflict, which themselves emerged out of years of gunpoint diplomacy, can’t be grafted onto cyberspace.
If American policy makers continue to define the cyberstruggle between Washington and Beijing as a new cold war, they will not meet the challenge. Viewing China’s actions through an obsolete lens will give them a distorted sense of its intentions. And it will limit American retaliation to the outmoded rules of a bygone battle.
If they must look to the past, they should heed the lessons of the 16th century, not the 20th. In 1588, the Spanish crown, in no small part due to its frustration with English piracy, resorted to massive retaliation, sending its armada to overthrow Queen Elizabeth. That move ended in disaster and an overwhelming English victory.
Instead of trying to beat back the New World instability of the Internet with an old playbook, American officials should embrace it. With the conflict placed in its proper perspective, policy makers could ratchet down the rhetoric and experiment with a new range of responses that go beyond condemnation but stop short of all-out cyberwar — giving them the room to maneuver without approaching cyberconflict as a path to Defcon 1.
In these legally uncharted waters, only Elizabethan guile, not cold war brinkmanship, will steer Washington through the storm.
Jordan Chandler Hirsch, a former staff editor at Foreign Affairs, and Sam Adelsberg, a fellow at the Yale Information Society Project, are students at Yale Law School.
 

沒有留言: