【中文标题】中国的学术论文在美国拉响警报
【原文标题】Academic Paper in China Sets Off Alarms in U.S.
【登载媒体】纽约时报
【原文作者】JOHN MARKOFF / DAVID BARBOZA
【原文链接】http://www.nytimes.com/2010/03/21/world/asia/21grid.html
中国学生王建伟和他的教授编写了一篇学术论文,内容是有关美国电网遭受电脑攻击的弱点。科研人员表示这篇论文仅仅是技术性的演练。
王建伟在这个月遇到了一件意料之外的事情,这位中国辽宁的工程专业研究生在美国国会上被描述成一个可能发动攻击的网络战士。
军事战略师和中国专家Larry M. Wortzel在3月10日向白宫外事委员会报告,美国应当小心,因为“中国大连科技大学系统工程系的研究人员发表了一篇论文,内容是如何攻击小型美国电力分支网络,所提到的方法有可能连锁导致整个美国陷入瘫痪。”
记者电话联系到王先生。他说他和教授的确在去年春天的时候在一本国际性杂志《安全科学》上发表过一篇论文,题目是“针对美国电网弱点的连续性攻击”。但是王先生说,他仅仅是通过研究潜在的缺陷来尝试提高电力网络的稳定性。
他说:“我们习惯用‘攻击’这个词,可是你可以看看会不会有什么事情发生。我的真正重点是如何来保护电网。我的目标是寻找让电网变得更安全、更受保护的方法。”
王先生与Wortzel先生的意见分歧已经不仅仅局限在学术方面,事件的背景是中美之间已经在网络安全问题上相互充满了敌意,比如曾经发生过的大规模网络攻击事件。因此,即使是一个小小的误会也有可能让紧张局势升级,并引发过激行为。
一家位于渥太华的网络安全研究和咨询机构SecDev集团的分析师Nart Villeneuve说:“人们已经把这个事件当成是中国试图破坏美国电网,并从中获利的一种示威。如果你把这个国家的任何一个举动都看作是带有敌意的,这无疑是一种妄想症的症状。”
Wortzel先生在白宫听证会上的演讲得到了激烈的回应,尤其是加州共和党代表Ed Royce,他说王的论文“在我看来是对加州人民的公然挑衅”。
他暗示众人关注以下事件。2001年,洛杉矶时报报道,一次控制了电力系统的网络入侵被追踪到来源于中国广东省,这件事在当时引起了安全恐慌。随后的一些报道声称,其它一些网络攻击都是中国精心策划的,尽管尚无证据证明。
Wortzel先生在接受采访时,谈到王的论文和他的证词,他说这些研究人员的本意其实并不重要。“我的观点是说,现在这些电网的弱点已经完全暴露给中国,任何人都可以加以利用。”
但是一些网路科学专家们在调查了电网和互联网的稳定性之后,说根本不是这么回事。
宾夕法尼亚大学的物理学家Reka Albert从事过类似的研究。他在一封电子邮件中写道:“这篇论文的作者和以前的一些相关文章,都没有涉及到电网的真实特性,即网络的节点。所以从这些文章中不可能派生出有实际意义的攻击方案。”
计算机安全专家认为,论文引发的问题的背后,存在着美国官员提防中国的真正原因。中国说它既无人力也无意图在每个星期都组织大规模攻击美国政府和计算机系统的行动,而美国官员对此根本不予理会。
问题在于,掩饰一次计算机网络攻击的真实来源并不是一件困难的事,所以任何报复行动都是草率、盲目的。加州海军研究院信息工程中心主任John Arquilla说,这就是为什么过去几个月美中之间高层的口水仗愈演愈烈的原因。
Arquilla先生说:“基于我们对网络科学的了解,大量的数据在不同类型的地点间流通,其产生的效果极难预测。”网络战争有点类似于“人们所了解的生物武器,一旦你开始使用,就很难控制其造成的危害”。
谷歌在今年威胁退出中国市场,宣称其掌握了中国参与高端技术手段的网络入侵证据,由此使得中美间本来就紧张的关系愈加恶化。一系列的报告都使用措辞强烈的语言描述了恶性的网络攻击行为,尤其是那些来自中国的攻击。其中就包括一份去年10月份由美中经济安全考察委员会发布的报告,而Wortzel先生正是这个委员会的副主席。
报告中写道:“诸多细节充分和可以在法庭上使用的证据均强烈指向中国政府,证明他们曾经以国家名义直接参与,或通过由政府支持的第三方团体实施了这些行动。”
王先生的研究课题在这种思潮背景下显得有些不幸,特别是那些美国军方的承包商和高科技公司,他们普遍认为敌人马上要攻击美国的关键基础设施,比如电力网络。
王先生在接受采访时说,他选择美国电网作为研究对象只不过是因为其便利性。中国从不发布国家电网的相关数据,而美国会发布,而且那里又发生过几起大规模的停电事故。他可以读懂英文,所以美国是他唯一可以找到有用数据的国家。他说自己是“紧急事件管理”专家,他乐于“在网络出现故障时研究原因所在”。
他说:“我选择电力系统是因为电网可以最直观地显示出动力电流在网络中的流动状况,我只不过是想做理论方面的研究。”
论文中提到了不同类型的计算机网络在遭受“蓄意”攻击时存在的弱点。作者认为特定类型的攻击可能会引起整个网络的多米诺崩溃效应。作者写道:“我们的研究结果应该对实体网络有借鉴作用,可以有效地保护其中的主要节点,避免连锁效应的灾难发生。”
王先生在论文中引用了西北大学物理系教授Albert-Laszlo Barabasi的网络科学研究结果。Barabasi博士曾发表过多篇文章,都是关于网络在遇到所谓的工程性攻击时存在的弱点。
Barabasi博士在接受采访时说:“我不太懂什么阴谋理论,但这的确是一个主流课题。其涉及广泛类型的网络,甚至包括电力传输领域,而且也不仅限于美国——类似的电力网络研究全世界都存在。”
原文:
A Chinese student, Wang Jianwei, above, and his professor, wrote an academic paper on the vulnerability of the American power grid to a computer attack. Scientists said the paper was merely a technical exercise.
It came as a surprise this month to Wang Jianwei, a graduate engineering student in Liaoning, China, that he had been described as a potential cyberwarrior before the United States Congress.
Larry M. Wortzel, a military strategist and China specialist, told the House Foreign Affairs Committee on March 10 that it should be concerned because “Chinese researchers at the Institute of Systems Engineering of Dalian University of Technology published a paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S.”
When reached by telephone, Mr. Wang said he and his professor had indeed published “Cascade-Based Attack Vulnerability on the U.S. Power Grid” in an international journal called Safety Science last spring. But Mr. Wang said he had simply been trying to find ways to enhance the stability of power grids by exploring potential vulnerabilities.
“We usually say ‘attack’ so you can see what would happen,” he said. “My emphasis is on how you can protect this. My goal is to find a solution to make the network safer and better protected.” And independent American scientists who read his paper said it was true: Mr. Wang’s work was a conventional technical exercise that in no way could be used to take down a power grid.
The difference between Mr. Wang’s explanation and Mr. Wortzel’s conclusion is of more than academic interest. It shows that in an atmosphere already charged with hostility between the United States and China over cybersecurity issues, including large-scale attacks on computer networks, even a misunderstanding has the potential to escalate tension and set off an overreaction.
“Already people are interpreting this as demonstrating some kind of interest that China would have in disrupting the U.S. power grid,” said Nart Villeneuve, a researcher with the SecDev Group, an Ottawa-based cybersecurity research and consulting group. “Once you start interpreting every move that a country makes as hostile, it builds paranoia into the system.”
Mr. Wortzel’s presentation at the House hearing got a particularly strong reaction from Representative Ed Royce, Republican of California, who called the flagging of the Wang paper “one thing I think jumps out to all of these Californians here today, or should.”
He was alluding to concerns that arose in 2001 when The Los Angeles Times reported that intrusions into the network that controlled the electrical grid were traced to someone in Guangdong Province, China. Later reports of other attacks often included allegations that the break-ins were orchestrated by the Chinese, although no proof has been produced.
In an interview last week about the Wang paper and his testimony, Mr. Wortzel said that the intention of these particular researchers almost did not matter.
“My point is that now that vulnerability is out there all over China for anybody to take advantage of,” he said.
But specialists in the field of network science, which explores the stability of networks like power grids and the Internet, said that was not the case.
“Neither the authors of this article, nor any other prior article, has had information on the identity of the power grid components represented as nodes of the network,” Reka Albert, a University of Pennsylvania physicist who has conducted similar studies, said in an e-mail interview. “Thus no practical scenarios of an attack on the real power grid can be derived from such work.”
The issue of Mr. Wang’s paper aside, experts in computer security say there are genuine reasons for American officials to be wary of China, and they generally tend to dismiss disclaimers by China that it has neither the expertise nor the intention to carry out the kind of attacks that bombard American government and computer systems by the thousands every week.
The trouble is that it is so easy to mask the true source of a computer network attack that any retaliation is fraught with uncertainty. This is why a war of words, like the high-pitched one going on these past months between the United States and China, holds special peril, said John Arquilla, director of the Information Operations Center at the Naval Postgraduate School in Monterey, Calif.
“What we know from network science is that dense communications across many different links and many different kinds of links can have effects that are highly unpredictable,” Mr. Arquilla said. Cyberwarfare is in some ways “analogous to the way people think about biological weapons — that once you set loose such a weapon it may be very hard to control where it goes,” he added.
Tension between China and the United States intensified earlier this year after Google threatened to withdraw from doing business in China, saying that it had evidence of Chinese involvement in a sophisticated Internet intrusion. A number of reports, including one last October by the U.S.-China Economic and Security Review Commission, of which Mr. Wortzel is vice chairman, have used strong language about the worsening threat of computer attacks, particularly from China.
“A large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities, whether through the direct actions of state entities or through the actions of third-party groups sponsored by the state,” that report stated.
Mr. Wang’s research subject was particularly unfortunate because of the widespread perception, particularly among American military contractors and high-technology firms, that adversaries are likely to attack critical infrastructure like the United States electric grid.
Mr. Wang said in the interview that he chose the United States grid for his study basically because it was the easiest way to go. China does not publish data on power grids, he said. The United States does and had had several major blackouts; and, as he reads English, it was the only country he could find with accessible, useful data. He said that he was an “emergency events management” expert and that he was “mainly studying when a point in a network becomes ineffective.”
“I chose the electricity system because the grid can best represent how power currents flow through a network,” he said. “I just wanted to do theoretical research.”
The paper notes the vulnerability of different types of computer networks to “intentional” attacks. The authors suggest that certain types of attacks may generate a domino-style cascading collapse of an entire network. “It is expected that our findings will be helpful for real-life networks to protect the key nodes selected effectively and avoid cascading-failure-induced disasters,” the authors wrote.
Mr. Wang’s paper cites the network science research of Albert-Laszlo Barabasi, a physicist at Northeastern University. Dr. Barabasi has written widely on the potential vulnerability of networks to so-called engineered attacks.
“I am not well vested in conspiracy theories,” Dr. Barabasi said in an interview, “but this is a rather mainstream topic that is done for a wide range of networks, and, even in the area of power transmission, is not limited to the U.S. system — there are similar studies for power grids all over the world.” |
狗仔卡
发表于 2010-4-9 17:44
提升卡
变色卡
抢沙发
千斤顶
显身卡
发表于 2010-4-9 18:00
米国又说中国威胁论了!
