This year’s US election has given rise to plenty of peculiar developments. Here is another one: Carbon Black, a cyber security firm, has released a poll suggesting that 58 per cent of voters think it “likely” that electronic voting machines could be cyber-hacked. Indeed, popular concern is so high that 15m voters may refuse to participate, Carbon Black says, noting that “voters believe a US insider threat (28 per cent), Russia (17 per cent) and the candidates themselves (15 per cent) pose the biggest risks”.
今年的美國大選引發(fā)了很多奇怪的事態(tài)。這里又有一樣:網(wǎng)絡安全公司Carbon Black公布民調(diào)顯示,58%的選民認為電子投票器被入侵的“可能性較大”。Carbon Black稱,事實上,公眾擔憂之甚,以至于1500萬選民可能會拒絕參加投票。該公司指出,“選民認為美國內(nèi)部人士(28%)、俄羅斯(17%)和候選人本身(15%)是前幾大構成風險的危險因素。”
It might seem tempting to dismiss this as marketing, or as a sign of the febrile political mood, but discounting that 58 per cent number that would be a terrible mistake. One reason is that many US government officials quietly share voters’ concerns. Little wonder. Small cyber breaches of the electoral register have already occurred in Arizona and Illinois. Several states are thought to be vulnerable to attacks on the election system, particularly those, like Pennsylvania, that use “direct-recording electronic” machines to tally the vote. “Pennsylvania, largely thought to be a key battleground state in the upcoming election, may be the largest concern when it comes to electronic voting machines,” Carbon Black suggests.
我們可能很容易想把上述結(jié)果簡單地歸結(jié)為一種營銷造勢,或一個顯示狂熱政治情緒的標志,但是忽視這個58%的數(shù)字將是個嚴重的錯誤。一個原因是,美國很多政府官員私底下也存在與選民們相同的擔憂。這也難怪。亞利桑那州和伊利諾伊州的選民名冊數(shù)據(jù)庫已經(jīng)遭到過小規(guī)模入侵。多個州的選舉投票系統(tǒng)被認為容易受到攻擊,特別是那些使用“直接記錄電子”機器來計票的州,比如賓夕法尼亞州。Carbon Black指出:“賓州在即將舉行的大選中被認為是關鍵戰(zhàn)場,而這個州的電子投票器可能是最令人擔憂的。”
Even if election fears turn out to be misplaced, they highlight a bigger point: a new front is opening up in cyber warfare. This has big implications for both political pundits and business leaders.
即便關于大選的擔憂到頭來原來是多慮,它們也突顯了更重要的一點:一條新戰(zhàn)線正在網(wǎng)絡戰(zhàn)爭中打開。這對政治專家和商界領袖影響重大。
Two decades ago, it was presumed that hackers aimed to do one of four things: steal money; grab secrets; highlight a political cause; or inflict physical sabotage. Western intelligence forces have moved to offset those threats. For example, the Federal Bureau of Investigation and Department of Homeland Security are currently running a “cyber security awareness month” to teach consumers and businesses how to avoid fraud and theft. Meanwhile, the US military and DHS have been scrambled to protect so-called systemically important infrastructure from sabotage. There is intense activity around the US electricity grid, after hackers damaged a Ukrainian grid last year.
二十年前,人們認定黑客的目標無非是做以下四件事之一:偷錢、竊取情報、促使世人關注某項政治事業(yè)、或造成實際的破壞。西方情報部門已采取行動來消除這些威脅。例如,美國聯(lián)邦調(diào)查局(FBI)和國土安全局(DHS)目前正在開展“網(wǎng)絡安全意識月”活動,教消費者和企業(yè)如何避免遭受欺詐和盜竊。與此同時,美國軍隊和國土安全局爭相保護所謂具有系統(tǒng)重要性的基礎設施免遭破壞。在去年黑客破壞烏克蘭電網(wǎng)后,針對美國電網(wǎng)也存在密集的黑客活動。
The US election has put a fifth category of risks on the radar: cyber attacks that aim to inflict psychological damage by shattering public trust. “People have got it all wrong,” Dmitri Alperovitch, founder of cyber security group CrowdStrike, recently told me. (CrowdStrike revealed that hackers, apparently linked to Russia, had infiltrated the Democratic National Committee.)
美國大選將第五種風險帶到了人們的視線中:旨在通過動搖公眾信任而造成心理上的破壞的網(wǎng)絡攻擊。“人們?nèi)沐e了,”網(wǎng)絡安全公司CrowdStrike的創(chuàng)始人德米特里•阿爾佩羅維奇(Dmitri Alperovitch)最近向我表示。(CrowdStrike透露,看上去與俄羅斯有關聯(lián)的黑客之前已滲入過民主黨全國委員會(DNC)的網(wǎng)絡)。
“For the past 30 years everyone has worried about kinetic attacks, say an attack on a grid — we were waiting for a cyber Pearl Harbor. But the Russians have always believed that the real value of cyber is psychological warfare and influence.”
“過去30年,每個人都擔心動力受到攻擊、也就是電網(wǎng)受到攻擊——我們一直在等待一場網(wǎng)絡珍珠港事件。但是俄羅斯人始終認為,網(wǎng)絡的真正價值在于心理方面的戰(zhàn)爭和影響力。”
As a senior US intelligence figure recently told a private meeting of business and policy luminaries: “What do we do if the key goal of cyber hackers now is not to steal things but undermine trust in things that guide our lives?” Intelligence officials are particularly uneasy about the risk of an attack on the financial system, since this is a sector which only functions if there is trust — as the crisis of 2008 showed.
正如美國一名高級情報官員最近在一次商界和政界名流齊聚的私人會議上所說的那樣:“如果現(xiàn)在網(wǎng)絡黑客的核心目標不再是偷東西、而是破壞我們對指引我們生活的東西的信任,我們怎么辦?”情報官員格外擔憂黑客會攻擊金融系統(tǒng),因為金融是一個只有在存在信任的情況下才能正常運行的領域——正如2008年金融危機所顯示的那樣。
American officials are trying to fight back. Last weekend, for example, the DHS offered to provide cyber security assistance to state governments to help them protect the election. Two dozen states have accepted. But the election is so close, and states so cash-strapped, that it is unclear how effective these defences will be. Bafflingly, the DHS has not designated the electoral register as “critical infrastructure”. It should do this now, so Federal funds can be released for the fight.
美國官員正嘗試反擊。例如,國土安全局近日表示愿向各個州政府提供網(wǎng)絡安全協(xié)助,幫助各州保護大選免受網(wǎng)絡攻擊。24個州接受了。但是大選日期近在咫尺,許多州又如此囊中羞澀,這些防御措施的效果如何尚不清楚。令人困惑的是,國土安全局并沒有把選民名冊定為“關鍵基礎設施”。該部門現(xiàn)在應該這么做,這樣才能讓聯(lián)邦資金得以被用于打贏這場仗。
The really big issue, though, is the psychological threat. Donald Trump has called for aggressive counter-attacks in cyber space to provide a display of strength. Separately, Mr Alperovitch thinks the US government needs to publicly declare that Russia is launching psychological attacks, in order to “prepare” the public. “In the cold war days, the state department had a department which countered Soviet propaganda, but then it was disbanded,” he argues. “They need to once again build a strategy for countering Russia’s aggressive influence operations.”
不過,真正要緊的問題是心理威脅。唐納德•特朗普(Donald Trump)呼吁在網(wǎng)絡空間發(fā)動強硬反擊,讓對手知道厲害。此外,阿爾佩羅維奇認為,美國政府需要公開宣布俄羅斯正在發(fā)動心理攻擊,從而讓公眾“做好心理準備”。“在冷戰(zhàn)期間,美國國務院曾設有一個部門負責反擊蘇聯(lián)的宣傳,但后來解散了,”他認為,“他們需要再次構建起一套戰(zhàn)略來對抗俄羅斯咄咄逼人的造勢活動。”
The risk of any aggressive action is that it might launch bigger counter-attacks or spread public fear. American voters and politicians seem stuck in a nervous waiting game. We had better hope that eventually a new form of cold war-style detente emerges in 21st-century cyber space, as it once did in the physical world. If not, business leaders need to look at the US election — and prepare for a world where digital trust is a new military plaything.
采取任何激進行動的風險是,可能引發(fā)更猛烈的反擊或在公眾中散播恐懼情緒。美國選民和政治人士似乎卡在了緊張的等待中進退兩難。我們最好希望,在21世紀的網(wǎng)絡空間中,也能出現(xiàn)一種新的休戰(zhàn)——就像曾經(jīng)在現(xiàn)實世界中出現(xiàn)過的、為冷戰(zhàn)畫上了句號的那種。如果沒出現(xiàn),那么商界領袖需要關注美國大選,并準備好迎接這樣一個世界,在這個世界里,數(shù)字空間里的信任成為新的被玩弄的對象。