美国网络防御战效率堪忧

Another week, another wave of cyber alarm inAmerica. On Wednesday both the New York StockExchange and United Airlines suspended activity for several hours due to mysteriouscomputing problems, while the Wall Street Journal’s website briefly went down. All three insistedthat the outages reflected technical hitches, not malicious attack. But many are anxious afterpast assaults on mighty American companies and agencies.

上周，美国拉响了又一波网络警报。上周三，纽约证交所(NYSE)和美国联合航空(United Airlines)都因为神秘的计算机故障暂停运转数小时，《华尔街日报》(WSJ)网站也短暂出现无法打开的问题。以上三家机构都坚称，服务中断是因为技术故障，而非恶意攻击。但此前一些强大的美国企业和机构遭受的攻击让许多人对此感到焦虑。

In February Anthem, an insurance company, revealed that cyber hackers had stoleninformation on 80m customers. The Washington-based Office of Personnel Management saidcyber hackers had taken data on millions of federal employees. Companies ranging from retailersto banks have been attacked, too.

今年2月，保险公司Anthem披露，网络黑客窃取了其8000万名客户的信息。位于华盛顿的美国人事管理局(Office of Personnel Management)表示，网络黑客窃取了数百万联邦雇员的资料。从零售商到银行等各类企业也遭到了网络攻击。

On Wednesday — just as the NYSE was frozen — Cambridge university and Lloyds insurancegroup released a report suggesting that if a cyber assault breached America’s electrical grid,this could create $1tn dollars of damage. A few minutes later, James Comey, the FBI director,told Congress that it is struggling to crack encryption tools used by jihadis. In May, Mr Comeysaid Islamic terrorists were “waking up to the idea of using malware to attack criticalinfrastructure. It is scary stuff.

上周三，就在纽交所因故障暂停交易的时候，剑桥大学(University of Cambridge)和保险集团劳合社(Lloyd's)发布了一篇报告，称如果有一次网络攻击突破了美国的电网，将给美国带来1万亿美元的损失。几分钟后，美国联邦调查局(FBI)局长詹姆斯•科米(James Comey)告诉国会，FBI很难破解圣战分子使用的加密工具。科米在5月份表示，伊斯兰恐怖分子使用恶意软件攻击关键基础设施的意识“正在觉醒。真是可怕的事情。

The key issue that investors, politicians and voters need to ponder is not simply who might bethe next target, but whether Washington has the right system in place to handle theseattacks. The answer is almost certainly No.

关键问题是，投资者、政界人士和选民不仅需要考虑谁可能会是下一个目标，还需要考虑华盛顿是否已部署好能够应对这些攻击的合适机制。答案几乎毫无疑问是否定的。

On paper, there is no shortage of resources; earlier this year, for example, President BarackObama earmarked $14bn for the cyber fight. But the key problem now is not so much a lack ofcash — but co-ordination: as fear spreads, a bewildering alphabet soup of differentagencies and task forces is leaping into cyber battle, often with little collaboration. Theinstitution that is supposed to be in charge of security threats is the Department of HomelandSecurity. But its skills are viewed with scepticism by military officials. The Pentagon has its owncyber warriors, as do America’s intelligence agencies.

名义上，资源并不短缺;比如，今年早些时候，美国总统巴拉克•奥巴马(Barack Obama)指定了140亿美元作为为网络战专项资金。但现在的关键问题，与其说是缺乏资金，不如说是缺乏协作;随着恐惧扩散开来，让人眼花缭乱的众多不同机构和特别行动组纷纷投身网络战，而它们往往很少相互协作。理论上负责应对安全威胁的应是美国国土安全部(Department of Homeland Security)。但军方官员对国土安全部的技能持怀疑看法。五角大楼(Pentagon)有自己的网络战士，美国的情报机构也是如此。

The White House has tried to force these bodies to work together. Separately, civilian agenciessuch as Nuclear Regulatory Commission started holding discreet meetings with each other lastautumn on cyber issues too. But collaboration across sectors is patchy. “The level ofreadiness in different agencies varies enormously, admits a senior Washington figure at thecentre of these efforts. Add in private sector bodies and the picture is even worse: not only isthe Pentagon wary of sharing data with, say, the Chamber of Commerce, but companies areoften terrified of revealing attacks to each other.

白宫试图迫使这些机构合作。去年秋天，美国核管理委员会(NRC)等非军事机构之间已经开始低调地就网络攻击问题举行会议。但跨部门之间的协作情况参差不齐。“不同机构的意愿相差极大，一名主持加强协作努力的华盛顿高级官员承认。如果再算上私营部门实体，情况就显得更糟了：不仅五角大楼对于与美国商会(U.S.Chamber of Commerce)分享数据保持警惕，企业之间通常也害怕互相透露受到网络攻击的情况。

Is there a solution? One sensible response might be to create a new agency to provide acentral focus for the cyber fight. There is precedent for that; most Washington regulatorsemerged in response to a new threat. The Securities and Exchange Commission, for example,was created after the 1929 stock market crash; the Food and Drug Administration appearedafter scandals over dangerous medicines. A second option might be to relaunch the DHS tofocus on the cyber fight. It could, for example, be named the Department of Cyber andHomeland Security.

有解决方法吗?一种合理回应可能是成立一个重点应对网络战的新机构。这是有先例的：大多数华盛顿监管机构最初都是为了应对一种新威胁而成立的。 比如，美国证交会(SEC)是在1929年股市崩盘后成立的;美国食品药品监督管理局(FDA)是在曝出危险药品丑闻后成立的。第二个选项可能是将国土安全部改头换面，专注于网络战。比如，国土安全部可以被重新命名为网络和国土安全部。

Either way, Washington needs to answer the question that Henry Kissinger once posed inrelation to Europe: in a crisis: “Who do I call? Some countries have found ways: Australia hasimpressive levels of co-ordination between the public and private sector over cyber defences.But as the sense of tribalism builds in Washington, the sad truth is that it may take something— like a really big crisis — before anyone can bang bureaucratic heads together in an effectiveway. Better just hope that this “something will not be too devastating; such as a real attackon the transport sector and markets.

无论采取哪种方式，华盛顿都需要回答亨利•基辛格(Henry Kissinger)曾经对欧洲提出的那个问题：危急时刻，“我该打给谁?一些国家已经找到了方法：澳大利亚的公共和私营部门在网络防御方面的协作程度令人印象深刻。但由于华盛顿内部的部落主义思想，令人悲哀的真相是，美国或许需要经历一些事情——比如一场真正严重的危机——才会有人将官僚体系的头头脑脑有效地联合起来。我们最好还是希望这件“事情不会太具毁灭性;比如一次针对交通部门和市场的真正攻击。