chertoff2_NICOLAS ASFOURIAFP via Getty Images_hackers

太阳风案的警报

Dec 16, 2020 Michael Chertoff , Latha Reddy, Alexander Klimburg

华盛顿—最近发现针对美国和全球目标发动毁灭性的森伯斯特黑客攻击活动再次挑战了国际社会面对网络攻击愈演愈烈的既定方式。过去一年来，世界各地的网络安全人员一直忙于应对针对关键基础设施，包括负责抗击2019年新冠疫情的各大机构所发起的大量攻击。尽管各国政府公开谴责了其中某些行为，但显然有必要进一步采取集体行动。

目前尚未签署有关网络事务的国际条约，而联合国大会通过的11项负责任国家网络行为非约束性规则全都存在模棱两可的表述。人们一直在试图制定新的规范，这无疑是件好事。但不应以条约的方式来对待规范，因为规范和条约是两码事。更好的选择是专注于规范所表达的精神，而不仅仅是文字。事实上，最新的黑客泄密事件恰恰表明，国际网络安全条约为什么很有可能会最终失利。

太阳风（SolarWinds）是一家领先的美国网络管理企业，其业务是搭建一个监控平台，授权IT支持人员远程访问委托其安装的各种设备。最近发生的供应链攻击事件劫持了该软件的更新功能，并以安装所谓森伯斯特恶意软件为目标。就像一家名为注册的技术刊物所报道的那样，太阳风已布署在超过425家美国财富500强企业，所有主要美国技术企业以及多数美国政府部门当中（该公司在其他发达国家占有率也基本相同。）而上周初曾报告泄密事件协助揭露此次黑客攻击的网络安全公司火眼（FireEye）也表示，全世界机构都有可能遭到损害，尽管美国政府或许才是重点目标。

We hope you're enjoying Project Syndicate.

To continue reading, subscribe now.

Already have an account? Log in

Support High-Quality Commentary

For more than 25 years, Project Syndicate has been guided by a simple credo: All people deserve access to a broad range of views by the world's foremost leaders and thinkers on the issues, events, and forces shaping their lives. At a time of unprecedented uncertainty, that mission is more important than ever – and we remain committed to fulfilling it.

But there is no doubt that we, like so many other media organizations nowadays, are under growing strain. If you are in a position to support us, please subscribe now.

As a subscriber, you will enjoy unlimited access to our On Point suite of long reads, book reviews, and insider interviews; Big Picture topical collections; Say More contributor interviews; Opinion Has It podcast features; The Year Ahead magazine, the full PS archive, and much more. You will also directly support our mission of delivering the highest-quality commentary on the world's most pressing issues to as wide an audience as possible.

By helping us to build a truly open world of ideas, every PS subscriber makes a real difference. Thank you.

Subscribe Now

new comment has been posted. new comments have been posted.

0 Comments on this paragraph, 2 Comments on this article

Gerry Hofman Dec 16, 2020

When the first tech companies started up in the US the government sought to protect their advantage by ensuring there would be no regulation to impede their development and no taxation to stop their growth. Their influence now covers every corner of the globe and the data stream they generate as plentiful as the solar wind.
To fix something that isn't right you first need to recognize what went wrong. Then you can work to find a way to correct it. To continue enforcing existing norms would seem monumentally insufficient in managing the problems associated with global data flows.
If you wouldn't want the Chinese communist party or the Russian hacker collectives to be able to trace your daily commute in the New York underground you clearly need to do better than "enforce existing norms". You would need to redesign the tech sphere from the ground up with the aim of keeping the data within a country's borders, control and monitor data flow between countries, and protect citizens privacy from snooping including your own and foreign governments. It's either that, or just give it up.
- Yaroslav Gryaznov Dec 17, 2020
  
  Problem is - they won’t be able to rebuild this industry from the ground up, because the existence of these back doors is basically - one of the main reasons for these technology to exist. We saw it really well in recent Alexey Navalny ft Bellingcat case. Personal mobile data regarding airline databases and mobile triangulation is being used both by intelligence services and can be bought for “personal use”. Hence why would they ever consider changing this? US intelligence uses these tactics just as often, as it gets attacked.
  A new reply to this comment has been posted.
A new reply to this comment has been posted.