防止黑客襲擊,要讓數據“流動”起來
John Arquilla
2021-09-14
圖片來源:DAVID KAWAI—BLOOMBERG/GETTY IMAGES
遇到黑客凍結用戶信息系統并索取贖金,誰都會苦不堪言。美國科洛尼爾管道運輸公司(Colonial Pipeline)曾經遭遇著名的黑客攻擊事件,贖金動輒就是數百萬美元,但比起今年黑客攻擊在全球造成的預計高達200億美元損失,這只是很小的一部分,而且損失呈急速上升趨勢。與去年同期相比,2021年上半年歐洲的黑客襲擊事件增加了兩倍。過去一年,美國為黑客攻擊支付的贖金翻了一番。亞洲的情況稍好一些,同一時期的攻擊勒索事件僅增長了50%。
勒索軟件攻擊和其他以經濟收益為目標的黑客攻擊同屬新“戰略犯罪”模式,都是可能影響國家繁榮和實力的網絡戰。盡管犯罪分子的目的是經濟利益,但必須指出,以敲詐勒索為目的的數據凍結手段在戰時同樣可以用于戰略攻擊,能夠破壞關鍵基礎設施,拖延軍事行動——有時甚至可以阻止敵對勢力行動。
顯然,坐以待斃不是辦法。但迄今為止,幾乎所有的應對方式都很被動。應對方式可分為兩種類型:一種是技術性手段,側重于幫助數據解密和系統恢復;另一種是敦促各國政府采取報復行動,采取經濟制裁的形式,或對被認為窩藏網絡罪犯分子的國家施以同等網絡攻擊。
然而,兩種補救措施都無法阻止勒索軟件攻擊的迅速蔓延。事后補救并不能防止事件發生,而報復可能會引發網絡戰爭升級,最終開放市場社會受到的傷害比封閉的專制政權嚴重得多,人們通常認為封閉專制政權往往縱容甚至積極支持此類犯罪。
現在的核心挑戰不是制定反應方案,而是思考如何防御各種形式的網絡攻擊。要想減少此類犯罪,唯一方法是加強能力,抵抗入侵或鎖定關鍵信息系統。要做到這點,可能需要商業企業、社會和政府機構,甚至軍隊采取驚人之舉,即如果認為數據凍結攻擊可能削弱其運營能力,就將敏感信息從堅固的防火墻系統中轉移出去。
然而,信息存放在哪里才安全呢?我認為最好的地方是在“云端”和“霧中”。云計算就是把數據放到別人的系統上,現在這種做法逐漸流行。云計算的普及鼓勵人們將最敏感信息存儲在云端。霧計算是“邊緣計算”的一種形式,由產生數據的系統和云之間的結構組成。因為“霧”并不在自身數據中心的服務器上,所以能夠成為黑客很難進入的隱藏和存儲空間。這兩種方法都可以簡單有效地保存關鍵信息。
雖然說“云”更安全,但它偶爾也會被黑客攻擊,其中最臭名昭著的案例就是從名人的iCloud賬戶中竊取私人照片。不過有一種方法能夠進一步提高基于云和霧的安全性,我將其稱之為“流動數據法”。具體操作流程是:首先創建嚴格的強加密數據方案,再將數據分解為幾個部分并分別存儲在云的不同位置;最后,保持數據的流動。我們經常說:“靜止數據更容易被攻擊。”
與常規存儲和安全實踐相比,該解決方案雖然要付出更多努力,但安全效果更好,也可以迅速降低勒索軟件攻擊的頻率和成功率。
此外,數字時代面臨的其他棘手問題也能夠采用類似的網絡安全方法,比如知識產權保護,目前全球各地公司每年因為假冒或盜版而蒙受的損失高達數萬億美元。
相比事后補救,學會阻止勒索軟件攻擊可以說一舉兩得:既能夠在網絡時代維護世界經濟健康發展,也可以顯著改善國家防御。(財富中文網)
作者約翰·阿爾奎拉是美國海軍研究生院(U.S. Naval Postgraduate School)特聘教授,最近出版了《比特戰爭:網絡戰的新挑戰》(Bitskrieg: The New Challenge of Cyberwarfare)。本文僅代表作者個人觀點。
譯者:馮豐
審校:夏林
遇到黑客凍結用戶信息系統并索取贖金,誰都會苦不堪言。美國科洛尼爾管道運輸公司(Colonial Pipeline)曾經遭遇著名的黑客攻擊事件,贖金動輒就是數百萬美元,但比起今年黑客攻擊在全球造成的預計高達200億美元損失,這只是很小的一部分,而且損失呈急速上升趨勢。與去年同期相比,2021年上半年歐洲的黑客襲擊事件增加了兩倍。過去一年,美國為黑客攻擊支付的贖金翻了一番。亞洲的情況稍好一些,同一時期的攻擊勒索事件僅增長了50%。
勒索軟件攻擊和其他以經濟收益為目標的黑客攻擊同屬新“戰略犯罪”模式,都是可能影響國家繁榮和實力的網絡戰。盡管犯罪分子的目的是經濟利益,但必須指出,以敲詐勒索為目的的數據凍結手段在戰時同樣可以用于戰略攻擊,能夠破壞關鍵基礎設施,拖延軍事行動——有時甚至可以阻止敵對勢力行動。
顯然,坐以待斃不是辦法。但迄今為止,幾乎所有的應對方式都很被動。應對方式可分為兩種類型:一種是技術性手段,側重于幫助數據解密和系統恢復;另一種是敦促各國政府采取報復行動,采取經濟制裁的形式,或對被認為窩藏網絡罪犯分子的國家施以同等網絡攻擊。
然而,兩種補救措施都無法阻止勒索軟件攻擊的迅速蔓延。事后補救并不能防止事件發生,而報復可能會引發網絡戰爭升級,最終開放市場社會受到的傷害比封閉的專制政權嚴重得多,人們通常認為封閉專制政權往往縱容甚至積極支持此類犯罪。
現在的核心挑戰不是制定反應方案,而是思考如何防御各種形式的網絡攻擊。要想減少此類犯罪,唯一方法是加強能力,抵抗入侵或鎖定關鍵信息系統。要做到這點,可能需要商業企業、社會和政府機構,甚至軍隊采取驚人之舉,即如果認為數據凍結攻擊可能削弱其運營能力,就將敏感信息從堅固的防火墻系統中轉移出去。
然而,信息存放在哪里才安全呢?我認為最好的地方是在“云端”和“霧中”。云計算就是把數據放到別人的系統上,現在這種做法逐漸流行。云計算的普及鼓勵人們將最敏感信息存儲在云端。霧計算是“邊緣計算”的一種形式,由產生數據的系統和云之間的結構組成。因為“霧”并不在自身數據中心的服務器上,所以能夠成為黑客很難進入的隱藏和存儲空間。這兩種方法都可以簡單有效地保存關鍵信息。
雖然說“云”更安全,但它偶爾也會被黑客攻擊,其中最臭名昭著的案例就是從名人的iCloud賬戶中竊取私人照片。不過有一種方法能夠進一步提高基于云和霧的安全性,我將其稱之為“流動數據法”。具體操作流程是:首先創建嚴格的強加密數據方案,再將數據分解為幾個部分并分別存儲在云的不同位置;最后,保持數據的流動。我們經常說:“靜止數據更容易被攻擊。”
與常規存儲和安全實踐相比,該解決方案雖然要付出更多努力,但安全效果更好,也可以迅速降低勒索軟件攻擊的頻率和成功率。
此外,數字時代面臨的其他棘手問題也能夠采用類似的網絡安全方法,比如知識產權保護,目前全球各地公司每年因為假冒或盜版而蒙受的損失高達數萬億美元。
相比事后補救,學會阻止勒索軟件攻擊可以說一舉兩得:既能夠在網絡時代維護世界經濟健康發展,也可以顯著改善國家防御。(財富中文網)
作者約翰·阿爾奎拉是美國海軍研究生院(U.S. Naval Postgraduate School)特聘教授,最近出版了《比特戰爭:網絡戰的新挑戰》(Bitskrieg: The New Challenge of Cyberwarfare)。本文僅代表作者個人觀點。
譯者:馮豐
審校:夏林
Most of us have become distressingly aware of the phenomenon of ransomware: when hackers freeze an information system and extort a ransom payment in return for its release. The few millions paid out in well-known incidents, like the Colonial Pipeline hack in the United States, are but a fraction of the estimated $20 billion USD that global ransomware attacks will cost this year, reflecting a sharp upward trend. There are three times as many attacks in Europe in the first half of 2021 compared to the same period in 2020. Ransoms paid out in the United States have doubled in the past year. Asia is slightly less alarming: Attacks increased by only 50% over the same span.
Ransomware attacks and other hacks that aim at having economic effects all form part of an emerging mode of “strategic crime,” an aspect of cyberwarfare that can have pernicious effects on the prosperity and power of nations, large and small. While the malefactors aim for financial gain, it must be noted that the same types of exploits used to freeze data for extortionate purposes can also be used as a form of strategic attack in wartime, crippling critical infrastructures and slowing military operations—sometimes even stopping them in their tracks.
Clearly, something has to be done. But to date virtually all responses have been reactive. They are of two types: One is technically focused on assisting with data decryption and system restoration; the other is about urging governments to take retaliatory action, either in the form of economic sanctions or cyberattacks on those nations thought to be harboring cybercriminals.
Neither of these remedies will halt the rapid spread of ransomware attacks. Cleaning up after these incidents does nothing to prevent them, while retaliation risks sparking an escalatory spiral of cyberwar that will hurt open-market societies more than the closed-up authoritarian regimes commonly thought to be allowing, if not actively supporting, these crimes.
The central challenge now is to go beyond developing reaction protocols and instead think through how to defend against these forms of cyberattack. Crafting an ability to thwart determined efforts to intrude into and/or lock up critical information systems is the only way to reduce this form of crime. And doing so may require commercial enterprises, social and governmental institutions—even militaries, who should see these data-freezing attacks as potentially crippling to their operational capabilities—to take a very surprising action: move sensitive information out from their own hardened, firewalled systems.
Where should information go to be safe? The best places are in the cloud and “the fog.” Cloud computing is about putting data on someone else’s system, and it is a practice on the rise. Growing comfort with the cloud should encourage a willingness to put even the most sensitive information out on it. The fog is a form of “edge computing” and consists of those structures between systems that produce data and the cloud. Because it is outside the servers in one’s own data center, the fog offers yet another hiding and storage space that hackers will find hard to access. Both are far better than simply keeping key information close.
While secure, the cloud has also been hacked on occasion, the most infamous case of which was the leaking of private photos from celebrities, grabbed from their iCloud accounts. But there’s a way to further improve cloud- and fog-based security via a process I call “data mobility.” It looks like this: Begin with a strict regimen of strongly encrypting data; break items into parts; place them in different parts of the cloud; and, finally, keep moving the data. I have a very simple mantra worth remembering: “Data at rest are data at risk.”
This solution takes a bit more effort than regular storage and security practices. But it is infinitely superior to existing approaches and will quickly reduce the frequency and effectiveness of ransomware attacks.
In addition, this approach to cybersecurity can and should be applied to other thorny issues of the digital age, such as the protection of intellectual property, which currently hemorrhages out of companies, worldwide, trillions of dollars each year in the form of counterfeit or pirated products.
By learning to thwart ransomware attacks in the first place, rather than just cleaning up after them, the health of the world economy can be better protected in this cyber age, and nations’ defenses will also be significantly improved. A classic “twofer.”
John Arquilla is distinguished professor emeritus at the U.S. Naval Postgraduate School and author, most recently, of Bitskrieg: The New Challenge of Cyberwarfare. The views expressed are his alone.
財富中文網所刊載內容之知識產權為財富媒體知識產權有限公司及/或相關權利人專屬所有或持有。未經許可,禁止進行轉載、摘編、復制及建立鏡像等任何使用。
