美國網絡防禦戰效率堪憂 Prepare for the coming cyber attacks on America

Another week, another wave of cyber alarm in America. On Wednesday both the New York Stock Exchange and United Airlines suspended activity for several hours due to mysterious computing problems, while the Wall Street Journal’s website briefly went down. All three insisted that the outages reflected technical hitches, not malicious attack. But many are anxious after past assaults on mighty American companies and agencies.

上週，美國拉響了又一波網絡警報。上週三，紐約證交所(NYSE)和美國聯合航空(United Airlines)都因爲神祕的計算機故障暫停運轉數小時，《華爾街日報》(WSJ)網站也短暫出現無法打開的問題。以上三家機構都堅稱，服務中斷是因爲技術故障，而非惡意攻擊。但此前一些強大的美國企業和機構遭受的攻擊讓許多人對此感到焦慮。

In February Anthem, an insurance company, revealed that cyber hackers had stolen information on 80m customers. The Washington-based Office of Personnel Management said cyber hackers had taken data on millions of federal employees. Companies ranging from retailers to banks have been attacked, too.

今年2月，保險公司Anthem披露，網絡黑客竊取了其8000萬名客戶的信息。位於華盛頓的美國人事管理局(Office of Personnel Management)表示，網絡黑客竊取了數百萬聯邦僱員的資料。從零售商到銀行等各類企業也遭到了網絡攻擊。

On Wednesday — just as the NYSE was frozen — Cambridge university and Lloyds insurance group released a report suggesting that if a cyber assault breached America’s electrical grid, this could create $1tn dollars of damage. A few minutes later, James Comey, the FBI director, told Congress that it is struggling to crack encryption tools used by jihadis. In May, Mr Comey said Islamic terrorists were “waking up” to the idea of using malware to attack critical infrastructure. It is scary stuff.

上週三，就在紐交所因故障暫停交易的時候，劍橋大學(University of Cambridge)和保險集團勞合社(Lloyd's)發佈了一篇報告，稱如果有一次網絡攻擊突破了美國的電網，將給美國帶來1萬億美元的損失。幾分鐘後，美國聯邦調查局(FBI)局長詹姆斯•科米(James Comey)告訴國會，FBI很難破解聖戰分子使用的加密工具。科米在5月份表示，伊斯蘭恐怖分子使用惡意軟件攻擊關鍵基礎設施的意識“正在覺醒”。真是可怕的事情。

The key issue that investors, politicians and voters need to ponder is not simply who might be the next target, but whether Washington has the right system in place to handle these attacks. The answer is almost certainly No.

關鍵問題是，投資者、政界人士和選民不僅需要考慮誰可能會是下一個目標，還需要考慮華盛頓是否已部署好能夠應對這些攻擊的合適機制。答案几乎毫無疑問是否定的。

On paper, there is no shortage of resources; earlier this year, for example, President Barack Obama earmarked $14bn for the cyber fight. But the key problem now is not so much a lack of cash — but co-ordination: as fear spreads, a bewildering alphabet soup of different agencies and task forces is leaping into cyber battle, often with little collaboration. The institution that is supposed to be in charge of security threats is the Department of Homeland Security. But its skills are viewed with scepticism by military officials. The Pentagon has its own cyber warriors, as do America’s intelligence agencies.

名義上，資源並不短缺；比如，今年早些時候，美國總統巴拉克•奧巴馬(Barack Obama)指定了140億美元作爲爲網絡戰專項資金。但現在的關鍵問題，與其說是缺乏資金，不如說是缺乏協作；隨着恐懼擴散開來，讓人眼花繚亂的衆多不同機構和特別行動組紛紛投身網絡戰，而它們往往很少相互協作。理論上負責應對安全威脅的應是美國國土安全部(Department of Homeland Security)。但軍方官員對國土安全部的技能持懷疑看法。五角大樓(Pentagon)有自己的網絡戰士，美國的情報機構也是如此。

The White House has tried to force these bodies to work together. Separately, civilian agencies such as Nuclear Regulatory Commission started holding discreet meetings with each other last autumn on cyber issues too. But collaboration across sectors is patchy. “The level of readiness in different agencies varies enormously,” admits a senior Washington figure at the centre of these efforts. Add in private sector bodies and the picture is even worse: not only is the Pentagon wary of sharing data with, say, the Chamber of Commerce, but companies are often terrified of revealing attacks to each other.

白宮試圖迫使這些機構合作。去年秋天，美國核管理委員會(NRC)等非軍事機構之間已經開始低調地就網絡攻擊問題舉行會議。但跨部門之間的協作情況參差不齊。“不同機構的意願相差極大，”一名主持加強協作努力的華盛頓高級官員承認。如果再算上私營部門實體，情況就顯得更糟了：不僅五角大樓對於與美國商會(U.S. Chamber of Commerce)分享數據保持警惕，企業之間通常也害怕互相透露受到網絡攻擊的情況。

Is there a solution? One sensible response might be to create a new agency to provide a central focus for the cyber fight. There is precedent for that; most Washington regulators emerged in response to a new threat. The Securities and Exchange Commission, for example, was created after the 1929 stock market crash; the Food and Drug Administration appeared after scandals over dangerous medicines. A second option might be to relaunch the DHS to focus on the cyber fight. It could, for example, be named the Department of Cyber and Homeland Security.

有解決方法嗎？一種合理迴應可能是成立一個重點應對網絡戰的新機構。這是有先例的：大多數華盛頓監管機構最初都是爲了應對一種新威脅而成立的。 比如，美國證交會(SEC)是在1929年股市崩盤後成立的；美國食品藥品監督管理局(FDA)是在曝出危險藥品醜聞後成立的。第二個選項可能是將國土安全部改頭換面，專注於網絡戰。比如，國土安全部可以被重新命名爲網絡和國土安全部。

Either way, Washington needs to answer the question that Henry Kissinger once posed in relation to Europe: in a crisis: “Who do I call?” Some countries have found ways: Australia has impressive levels of co-ordination between the public and private sector over cyber defences. But as the sense of tribalism builds in Washington, the sad truth is that it may take something — like a really big crisis — before anyone can bang bureaucratic heads together in an effective way. Better just hope that this “something” will not be too devastating; such as a real attack on the transport sector and markets.

無論採取哪種方式，華盛頓都需要回答亨利•基辛格(Henry Kissinger)曾經對歐洲提出的那個問題：危急時刻，“我該打給誰”？一些國家已經找到了方法：澳大利亞的公共和私營部門在網絡防禦方面的協作程度令人印象深刻。但由於華盛頓內部的部落主義思想，令人悲哀的真相是，美國或許需要經歷一些事情——比如一場真正嚴重的危機——纔會有人將官僚體系的頭頭腦腦有效地聯合起來。我們最好還是希望這件“事情”不會太具毀滅性；比如一次針對交通部門和市場的真正攻擊。