This year’s US election has given rise to plenty of peculiar developments. Here is another one: Carbon Black, a cyber security firm, has released a poll suggesting that 58 per cent of voters think it “likely” that electronic voting machines could be cyber-hacked. Indeed, popular concern is so high that 15m voters may refuse to participate, Carbon Black says, noting that “voters believe a US insider threat (28 per cent), Russia (17 per cent) and the candidates themselves (15 per cent) pose the biggest risks”.
今年的美國大選引發(fā)了很多奇怪的事態(tài)。這里又有一樣:網(wǎng)絡(luò)安全公司Carbon Black公布民調(diào)顯示,58%的選民認(rèn)為電子投票器被入侵的“可能性較大”。Carbon Black稱,事實(shí)上,公眾擔(dān)憂之甚,以至于1500萬選民可能會(huì)拒絕參加投票。該公司指出,“選民認(rèn)為美國內(nèi)部人士(28%)、俄羅斯(17%)和候選人本身(15%)是前幾大構(gòu)成風(fēng)險(xiǎn)的危險(xiǎn)因素。”
It might seem tempting to dismiss this as marketing, or as a sign of the febrile political mood, but discounting that 58 per cent number that would be a terrible mistake. One reason is that many US government officials quietly share voters’ concerns. Little wonder. Small cyber breaches of the electoral register have already occurred in Arizona and Illinois. Several states are thought to be vulnerable to attacks on the election system, particularly those, like Pennsylvania, that use “direct-recording electronic” machines to tally the vote. “Pennsylvania, largely thought to be a key battleground state in the upcoming election, may be the largest concern when it comes to electronic voting machines,” Carbon Black suggests.
我們可能很容易想把上述結(jié)果簡單地歸結(jié)為一種營銷造勢(shì),或一個(gè)顯示狂熱政治情緒的標(biāo)志,但是忽視這個(gè)58%的數(shù)字將是個(gè)嚴(yán)重的錯(cuò)誤。一個(gè)原因是,美國很多政府官員私底下也存在與選民們相同的擔(dān)憂。這也難怪。亞利桑那州和伊利諾伊州的選民名冊(cè)數(shù)據(jù)庫已經(jīng)遭到過小規(guī)模入侵。多個(gè)州的選舉投票系統(tǒng)被認(rèn)為容易受到攻擊,特別是那些使用“直接記錄電子”機(jī)器來計(jì)票的州,比如賓夕法尼亞州。Carbon Black指出:“賓州在即將舉行的大選中被認(rèn)為是關(guān)鍵戰(zhàn)場(chǎng),而這個(gè)州的電子投票器可能是最令人擔(dān)憂的。”
Even if election fears turn out to be misplaced, they highlight a bigger point: a new front is opening up in cyber warfare. This has big implications for both political pundits and business leaders.
即便關(guān)于大選的擔(dān)憂到頭來原來是多慮,它們也突顯了更重要的一點(diǎn):一條新戰(zhàn)線正在網(wǎng)絡(luò)戰(zhàn)爭中打開。這對(duì)政治專家和商界領(lǐng)袖影響重大。
Two decades ago, it was presumed that hackers aimed to do one of four things: steal money; grab secrets; highlight a political cause; or inflict physical sabotage. Western intelligence forces have moved to offset those threats. For example, the Federal Bureau of Investigation and Department of Homeland Security are currently running a “cyber security awareness month” to teach consumers and businesses how to avoid fraud and theft. Meanwhile, the US military and DHS have been scrambled to protect so-called systemically important infrastructure from sabotage. There is intense activity around the US electricity grid, after hackers damaged a Ukrainian grid last year.
二十年前,人們認(rèn)定黑客的目標(biāo)無非是做以下四件事之一:偷錢、竊取情報(bào)、促使世人關(guān)注某項(xiàng)政治事業(yè)、或造成實(shí)際的破壞。西方情報(bào)部門已采取行動(dòng)來消除這些威脅。例如,美國聯(lián)邦調(diào)查局(FBI)和國土安全局(DHS)目前正在開展“網(wǎng)絡(luò)安全意識(shí)月”活動(dòng),教消費(fèi)者和企業(yè)如何避免遭受欺詐和盜竊。與此同時(shí),美國軍隊(duì)和國土安全局爭相保護(hù)所謂具有系統(tǒng)重要性的基礎(chǔ)設(shè)施免遭破壞。在去年黑客破壞烏克蘭電網(wǎng)后,針對(duì)美國電網(wǎng)也存在密集的黑客活動(dòng)。
The US election has put a fifth category of risks on the radar: cyber attacks that aim to inflict psychological damage by shattering public trust. “People have got it all wrong,” Dmitri Alperovitch, founder of cyber security group CrowdStrike, recently told me. (CrowdStrike revealed that hackers, apparently linked to Russia, had infiltrated the Democratic National Committee.)
美國大選將第五種風(fēng)險(xiǎn)帶到了人們的視線中:旨在通過動(dòng)搖公眾信任而造成心理上的破壞的網(wǎng)絡(luò)攻擊。“人們?nèi)沐e(cuò)了,”網(wǎng)絡(luò)安全公司CrowdStrike的創(chuàng)始人德米特里•阿爾佩羅維奇(Dmitri Alperovitch)最近向我表示。(CrowdStrike透露,看上去與俄羅斯有關(guān)聯(lián)的黑客之前已滲入過民主黨全國委員會(huì)(DNC)的網(wǎng)絡(luò))。
“For the past 30 years everyone has worried about kinetic attacks, say an attack on a grid — we were waiting for a cyber Pearl Harbor. But the Russians have always believed that the real value of cyber is psychological warfare and influence.”
“過去30年,每個(gè)人都擔(dān)心動(dòng)力受到攻擊、也就是電網(wǎng)受到攻擊——我們一直在等待一場(chǎng)網(wǎng)絡(luò)珍珠港事件。但是俄羅斯人始終認(rèn)為,網(wǎng)絡(luò)的真正價(jià)值在于心理方面的戰(zhàn)爭和影響力。”
As a senior US intelligence figure recently told a private meeting of business and policy luminaries: “What do we do if the key goal of cyber hackers now is not to steal things but undermine trust in things that guide our lives?” Intelligence officials are particularly uneasy about the risk of an attack on the financial system, since this is a sector which only functions if there is trust — as the crisis of 2008 showed.
正如美國一名高級(jí)情報(bào)官員最近在一次商界和政界名流齊聚的私人會(huì)議上所說的那樣:“如果現(xiàn)在網(wǎng)絡(luò)黑客的核心目標(biāo)不再是偷東西、而是破壞我們對(duì)指引我們生活的東西的信任,我們?cè)趺崔k?”情報(bào)官員格外擔(dān)憂黑客會(huì)攻擊金融系統(tǒng),因?yàn)榻鹑谑且粋€(gè)只有在存在信任的情況下才能正常運(yùn)行的領(lǐng)域——正如2008年金融危機(jī)所顯示的那樣。
American officials are trying to fight back. Last weekend, for example, the DHS offered to provide cyber security assistance to state governments to help them protect the election. Two dozen states have accepted. But the election is so close, and states so cash-strapped, that it is unclear how effective these defences will be. Bafflingly, the DHS has not designated the electoral register as “critical infrastructure”. It should do this now, so Federal funds can be released for the fight.
美國官員正嘗試反擊。例如,國土安全局近日表示愿向各個(gè)州政府提供網(wǎng)絡(luò)安全協(xié)助,幫助各州保護(hù)大選免受網(wǎng)絡(luò)攻擊。24個(gè)州接受了。但是大選日期近在咫尺,許多州又如此囊中羞澀,這些防御措施的效果如何尚不清楚。令人困惑的是,國土安全局并沒有把選民名冊(cè)定為“關(guān)鍵基礎(chǔ)設(shè)施”。該部門現(xiàn)在應(yīng)該這么做,這樣才能讓聯(lián)邦資金得以被用于打贏這場(chǎng)仗。
The really big issue, though, is the psychological threat. Donald Trump has called for aggressive counter-attacks in cyber space to provide a display of strength. Separately, Mr Alperovitch thinks the US government needs to publicly declare that Russia is launching psychological attacks, in order to “prepare” the public. “In the cold war days, the state department had a department which countered Soviet propaganda, but then it was disbanded,” he argues. “They need to once again build a strategy for countering Russia’s aggressive influence operations.”
不過,真正要緊的問題是心理威脅。唐納德•特朗普(Donald Trump)呼吁在網(wǎng)絡(luò)空間發(fā)動(dòng)強(qiáng)硬反擊,讓對(duì)手知道厲害。此外,阿爾佩羅維奇認(rèn)為,美國政府需要公開宣布俄羅斯正在發(fā)動(dòng)心理攻擊,從而讓公眾“做好心理準(zhǔn)備”。“在冷戰(zhàn)期間,美國國務(wù)院曾設(shè)有一個(gè)部門負(fù)責(zé)反擊蘇聯(lián)的宣傳,但后來解散了,”他認(rèn)為,“他們需要再次構(gòu)建起一套戰(zhàn)略來對(duì)抗俄羅斯咄咄逼人的造勢(shì)活動(dòng)。”
The risk of any aggressive action is that it might launch bigger counter-attacks or spread public fear. American voters and politicians seem stuck in a nervous waiting game. We had better hope that eventually a new form of cold war-style detente emerges in 21st-century cyber space, as it once did in the physical world. If not, business leaders need to look at the US election — and prepare for a world where digital trust is a new military plaything.
采取任何激進(jìn)行動(dòng)的風(fēng)險(xiǎn)是,可能引發(fā)更猛烈的反擊或在公眾中散播恐懼情緒。美國選民和政治人士似乎卡在了緊張的等待中進(jìn)退兩難。我們最好希望,在21世紀(jì)的網(wǎng)絡(luò)空間中,也能出現(xiàn)一種新的休戰(zhàn)——就像曾經(jīng)在現(xiàn)實(shí)世界中出現(xiàn)過的、為冷戰(zhàn)畫上了句號(hào)的那種。如果沒出現(xiàn),那么商界領(lǐng)袖需要關(guān)注美國大選,并準(zhǔn)備好迎接這樣一個(gè)世界,在這個(gè)世界里,數(shù)字空間里的信任成為新的被玩弄的對(duì)象。