Private Companies Could Play Role in Cyberwarfare Under New U.S. Plan

美國擬擴大民企網路戰角色

The Trump administration is weighing a substantial shift in its cyberstrategy, including by enlisting private companies to assist with offensive cyberattacks, according to four former senior U.S. officials familiar with the administration’s thinking.

4位熟悉政府構想的美國前高級官員透露，川普政府正考慮大幅調整其網路戰略，包括徵召民營企業協助執行網路攻擊。

The proposals have been included in drafts of the administration’s coming National Cybersecurity Strategy, which will set out general priorities and be accompanied by a plan to carry out the policies, said the former officials, who spoke on the condition of anonymity to discuss a document that was not yet public.

這些提案已納入政府即將發布的《國家網路安全戰略》草案，該戰略將列出整體優先事項，並附上執行政策的計畫，前述官員要求匿名，以討論尚未公開的文件。

The government can currently contract private companies to develop elements of its cyberoperations. But the initiative would drastically expand the role of private companies in cyberwarfare, raising a host of questions about the legality and practicality of their involvement.

美國政府目前可委託民間業者開發網路作戰的部分元件。但這項倡議將大幅擴大民間業者在網路戰爭中的角色，引發外界對其參與的合法性與可行性的諸多疑慮。

It would be a more aggressive approach that was the subject of a confirmation hearing Thursday for President Donald Trump’s nominee to lead U.S. Cyber Command and the National Security Agency, Lt. Gen. Joshua M. Rudd.

周四任命聽證會審查川普提名的美國網路司令部和國家安全局局長魯德中將，這種更激進的作法成為審查主題之一。

Under the law, private companies are prohibited from conducting offensive campaigns online, which can range from the breach that paralyzed Britain’s largest carmaker to persistent assaults targeting an opponent.

依據現行法律，民營企業不得在網路上進行攻擊行動，此類行動範圍從癱瘓英國最大汽車製造商的駭客入侵，到針對敵手的持續攻擊。

Changing the law to permit private companies to execute offensive cyberattacks would require congressional approval. In the past, representatives in Congress have proposed legislation that would do just that.Recently, those proposals have reemerged. Some lawmakers have called for private companies to be allowed to “hack back” when they come under attack.

修法允許民營公司執行網路攻擊，需要國會批准。國會議員曾提過類似法案。這些提案最近重新出現。有些國會議員呼籲允許民營公司遭受攻擊時「反擊」。

But the measures raise the specter of U.S.-approved piracy in cyberspace, said Lt. Gen. Charles L. Moore Jr., a retired deputy commander of U.S. Cyber Command and an author of a recent report about the role private companies could play in U.S. cyberoperations.

然而，美國網路司令部退役副司令摩爾中將表示，這些措施可能引發美國政府批准網路駭客的問題。他也是近期一份民營公司在美國網路行動可能發揮作用報告的作者。

Moore and his co-author, Brett Goldstein, a cybersecurity expert who held senior positions in the Defense Department, pointed to those potential complications in their report, published by Vanderbilt University’s Institute of National Security.

摩爾和報告共同作者、曾於美國國防部擔任資深職務的網路安全專家戈德斯坦在他們撰寫的報告中，提出這些潛在問題。這份報告由范德比大學國家安全研究所發布。

Without Cyber Command overseeing all operations, Moore said, “you’re going to have actions that take place by private companies against nation-states that believe that was the formal position of the United States, and now you see escalation, and potentially even kinetic conflict come of that. You’re going to see chaos.”

摩爾表示，如果沒有網路司令部監管所有行動，「就會出現民營公司對國家採取行動的狀況，而這會被認為是美國的正式立場，就會導致局勢升高，甚至可能引發實際衝突。你會看到混亂發生」。

文／Adam Sella，譯／羅方妤

說文解字看新聞 【張佑生】 相較於槍林彈雨，網路作戰(cyberwarfare)少了煙硝味，但同樣凶險。這是國家或組織利用網路手段進行情報蒐集、破壞、影響的武裝衝突形式，包括offensive cyberattacks(進攻性網路攻擊)和hack back(主動反擊或網路反制)。 Kinetic conflict(動能衝突)是常見的軍事用詞，就是傳統武裝衝突。國防安全研究院報告中出現「實體作戰(Kinetic operations)」與「非實體作戰(Non-Kinetic operations)」，區分傳統武力(動能)與網路/電磁(非動能)。 軍方警告，開放民間企業對敵國直行網攻，若無統一指揮，對手會視為「美國正式行動」，從網路戰升級至外交危機甚至動武衝突，如導彈報復、軍事衝突。網路是否為「第五作戰領域」（陸海空天網）已是熱門議題，延伸出「域際連動」(Cross-Domain Synergy)或稱「多領域作戰概念」。 此為美軍核心作戰概念，指陸、海、空、天、網、電磁六大軍事域間無縫整合，透過跨域能力組合產生「1+1>2」效果。單域優勢(如網路癱瘓敵指揮)擴展為多域整體打擊(如同時導彈+電子戰)。