立即打开
防止黑客袭击,要让数据“流动”起来

防止黑客袭击,要让数据“流动”起来

John Arquilla 2021-09-14
云存储是避免数据受到战略性网络犯罪侵害的最佳方式。

图片来源:DAVID KAWAI—BLOOMBERG/GETTY IMAGES

遇到黑客冻结用户信息系统并索取赎金,谁都会苦不堪言。美国科洛尼尔管道运输公司(Colonial Pipeline)曾经遭遇著名的黑客攻击事件,赎金动辄就是数百万美元,但比起今年黑客攻击在全球造成的预计高达200亿美元损失,这只是很小的一部分,而且损失呈急速上升趋势。与去年同期相比,2021年上半年欧洲的黑客袭击事件增加了两倍。过去一年,美国为黑客攻击支付的赎金翻了一番。亚洲的情况稍好一些,同一时期的攻击勒索事件仅增长了50%。

勒索软件攻击和其他以经济收益为目标的黑客攻击同属新“战略犯罪”模式,都是可能影响国家繁荣和实力的网络战。尽管犯罪分子的目的是经济利益,但必须指出,以敲诈勒索为目的的数据冻结手段在战时同样可以用于战略攻击,能够破坏关键基础设施,拖延军事行动——有时甚至可以阻止敌对势力行动。

显然,坐以待毙不是办法。但迄今为止,几乎所有的应对方式都很被动。应对方式可分为两种类型:一种是技术性手段,侧重于帮助数据解密和系统恢复;另一种是敦促各国政府采取报复行动,采取经济制裁的形式,或对被认为窝藏网络罪犯分子的国家施以同等网络攻击。

然而,两种补救措施都无法阻止勒索软件攻击的迅速蔓延。事后补救并不能防止事件发生,而报复可能会引发网络战争升级,最终开放市场社会受到的伤害比封闭的专制政权严重得多,人们通常认为封闭专制政权往往纵容甚至积极支持此类犯罪。

现在的核心挑战不是制定反应方案,而是思考如何防御各种形式的网络攻击。要想减少此类犯罪,唯一方法是加强能力,抵抗入侵或锁定关键信息系统。要做到这点,可能需要商业企业、社会和政府机构,甚至军队采取惊人之举,即如果认为数据冻结攻击可能削弱其运营能力,就将敏感信息从坚固的防火墙系统中转移出去。

然而,信息存放在哪里才安全呢?我认为最好的地方是在“云端”和“雾中”。云计算就是把数据放到别人的系统上,现在这种做法逐渐流行。云计算的普及鼓励人们将最敏感信息存储在云端。雾计算是“边缘计算”的一种形式,由产生数据的系统和云之间的结构组成。因为“雾”并不在自身数据中心的服务器上,所以能够成为黑客很难进入的隐藏和存储空间。这两种方法都可以简单有效地保存关键信息。

虽然说“云”更安全,但它偶尔也会被黑客攻击,其中最臭名昭著的案例就是从名人的iCloud账户中窃取私人照片。不过有一种方法能够进一步提高基于云和雾的安全性,我将其称之为“流动数据法”。具体操作流程是:首先创建严格的强加密数据方案,再将数据分解为几个部分并分别存储在云的不同位置;最后,保持数据的流动。我们经常说:“静止数据更容易被攻击。”

与常规存储和安全实践相比,该解决方案虽然要付出更多努力,但安全效果更好,也可以迅速降低勒索软件攻击的频率和成功率。

此外,数字时代面临的其他棘手问题也能够采用类似的网络安全方法,比如知识产权保护,目前全球各地公司每年因为假冒或盗版而蒙受的损失高达数万亿美元。

相比事后补救,学会阻止勒索软件攻击可以说一举两得:既能够在网络时代维护世界经济健康发展,也可以显著改善国家防御。(财富中文网)

作者约翰·阿尔奎拉是美国海军研究生院(U.S. Naval Postgraduate School)特聘教授,最近出版了《比特战争:网络战的新挑战》(Bitskrieg: The New Challenge of Cyberwarfare)。本文仅代表作者个人观点。

译者:冯丰

审校:夏林

遇到黑客冻结用户信息系统并索取赎金,谁都会苦不堪言。美国科洛尼尔管道运输公司(Colonial Pipeline)曾经遭遇著名的黑客攻击事件,赎金动辄就是数百万美元,但比起今年黑客攻击在全球造成的预计高达200亿美元损失,这只是很小的一部分,而且损失呈急速上升趋势。与去年同期相比,2021年上半年欧洲的黑客袭击事件增加了两倍。过去一年,美国为黑客攻击支付的赎金翻了一番。亚洲的情况稍好一些,同一时期的攻击勒索事件仅增长了50%。

勒索软件攻击和其他以经济收益为目标的黑客攻击同属新“战略犯罪”模式,都是可能影响国家繁荣和实力的网络战。尽管犯罪分子的目的是经济利益,但必须指出,以敲诈勒索为目的的数据冻结手段在战时同样可以用于战略攻击,能够破坏关键基础设施,拖延军事行动——有时甚至可以阻止敌对势力行动。

显然,坐以待毙不是办法。但迄今为止,几乎所有的应对方式都很被动。应对方式可分为两种类型:一种是技术性手段,侧重于帮助数据解密和系统恢复;另一种是敦促各国政府采取报复行动,采取经济制裁的形式,或对被认为窝藏网络罪犯分子的国家施以同等网络攻击。

然而,两种补救措施都无法阻止勒索软件攻击的迅速蔓延。事后补救并不能防止事件发生,而报复可能会引发网络战争升级,最终开放市场社会受到的伤害比封闭的专制政权严重得多,人们通常认为封闭专制政权往往纵容甚至积极支持此类犯罪。

现在的核心挑战不是制定反应方案,而是思考如何防御各种形式的网络攻击。要想减少此类犯罪,唯一方法是加强能力,抵抗入侵或锁定关键信息系统。要做到这点,可能需要商业企业、社会和政府机构,甚至军队采取惊人之举,即如果认为数据冻结攻击可能削弱其运营能力,就将敏感信息从坚固的防火墙系统中转移出去。

然而,信息存放在哪里才安全呢?我认为最好的地方是在“云端”和“雾中”。云计算就是把数据放到别人的系统上,现在这种做法逐渐流行。云计算的普及鼓励人们将最敏感信息存储在云端。雾计算是“边缘计算”的一种形式,由产生数据的系统和云之间的结构组成。因为“雾”并不在自身数据中心的服务器上,所以能够成为黑客很难进入的隐藏和存储空间。这两种方法都可以简单有效地保存关键信息。

虽然说“云”更安全,但它偶尔也会被黑客攻击,其中最臭名昭著的案例就是从名人的iCloud账户中窃取私人照片。不过有一种方法能够进一步提高基于云和雾的安全性,我将其称之为“流动数据法”。具体操作流程是:首先创建严格的强加密数据方案,再将数据分解为几个部分并分别存储在云的不同位置;最后,保持数据的流动。我们经常说:“静止数据更容易被攻击。”

与常规存储和安全实践相比,该解决方案虽然要付出更多努力,但安全效果更好,也可以迅速降低勒索软件攻击的频率和成功率。

此外,数字时代面临的其他棘手问题也能够采用类似的网络安全方法,比如知识产权保护,目前全球各地公司每年因为假冒或盗版而蒙受的损失高达数万亿美元。

相比事后补救,学会阻止勒索软件攻击可以说一举两得:既能够在网络时代维护世界经济健康发展,也可以显著改善国家防御。(财富中文网)

作者约翰·阿尔奎拉是美国海军研究生院(U.S. Naval Postgraduate School)特聘教授,最近出版了《比特战争:网络战的新挑战》(Bitskrieg: The New Challenge of Cyberwarfare)。本文仅代表作者个人观点。

译者:冯丰

审校:夏林

Most of us have become distressingly aware of the phenomenon of ransomware: when hackers freeze an information system and extort a ransom payment in return for its release. The few millions paid out in well-known incidents, like the Colonial Pipeline hack in the United States, are but a fraction of the estimated $20 billion USD that global ransomware attacks will cost this year, reflecting a sharp upward trend. There are three times as many attacks in Europe in the first half of 2021 compared to the same period in 2020. Ransoms paid out in the United States have doubled in the past year. Asia is slightly less alarming: Attacks increased by only 50% over the same span.

Ransomware attacks and other hacks that aim at having economic effects all form part of an emerging mode of “strategic crime,” an aspect of cyberwarfare that can have pernicious effects on the prosperity and power of nations, large and small. While the malefactors aim for financial gain, it must be noted that the same types of exploits used to freeze data for extortionate purposes can also be used as a form of strategic attack in wartime, crippling critical infrastructures and slowing military operations—sometimes even stopping them in their tracks.

Clearly, something has to be done. But to date virtually all responses have been reactive. They are of two types: One is technically focused on assisting with data decryption and system restoration; the other is about urging governments to take retaliatory action, either in the form of economic sanctions or cyberattacks on those nations thought to be harboring cybercriminals.

Neither of these remedies will halt the rapid spread of ransomware attacks. Cleaning up after these incidents does nothing to prevent them, while retaliation risks sparking an escalatory spiral of cyberwar that will hurt open-market societies more than the closed-up authoritarian regimes commonly thought to be allowing, if not actively supporting, these crimes.

The central challenge now is to go beyond developing reaction protocols and instead think through how to defend against these forms of cyberattack. Crafting an ability to thwart determined efforts to intrude into and/or lock up critical information systems is the only way to reduce this form of crime. And doing so may require commercial enterprises, social and governmental institutions—even militaries, who should see these data-freezing attacks as potentially crippling to their operational capabilities—to take a very surprising action: move sensitive information out from their own hardened, firewalled systems.

Where should information go to be safe? The best places are in the cloud and “the fog.” Cloud computing is about putting data on someone else’s system, and it is a practice on the rise. Growing comfort with the cloud should encourage a willingness to put even the most sensitive information out on it. The fog is a form of “edge computing” and consists of those structures between systems that produce data and the cloud. Because it is outside the servers in one’s own data center, the fog offers yet another hiding and storage space that hackers will find hard to access. Both are far better than simply keeping key information close.

While secure, the cloud has also been hacked on occasion, the most infamous case of which was the leaking of private photos from celebrities, grabbed from their iCloud accounts. But there’s a way to further improve cloud- and fog-based security via a process I call “data mobility.” It looks like this: Begin with a strict regimen of strongly encrypting data; break items into parts; place them in different parts of the cloud; and, finally, keep moving the data. I have a very simple mantra worth remembering: “Data at rest are data at risk.”

This solution takes a bit more effort than regular storage and security practices. But it is infinitely superior to existing approaches and will quickly reduce the frequency and effectiveness of ransomware attacks.

In addition, this approach to cybersecurity can and should be applied to other thorny issues of the digital age, such as the protection of intellectual property, which currently hemorrhages out of companies, worldwide, trillions of dollars each year in the form of counterfeit or pirated products.

By learning to thwart ransomware attacks in the first place, rather than just cleaning up after them, the health of the world economy can be better protected in this cyber age, and nations’ defenses will also be significantly improved. A classic “twofer.”

John Arquilla is distinguished professor emeritus at the U.S. Naval Postgraduate School and author, most recently, of Bitskrieg: The New Challenge of Cyberwarfare. The views expressed are his alone.

热读文章
热门视频
扫描二维码下载财富APP