Infrastructure Armageddon
美基礎設施 抗駭客大作戰
By Nicole Perlroth

Over the last four years, foreign hackers have stolen source code and blueprints to the oil and water pipelines and power grid of the United States and have infiltrated the Department of Energy’s networks 150 times.
過去四年來，外國駭客竊取了美國油管、水管與電網的原始碼和分布圖，並滲透美國能源部網路150次。

So what’s stopping them from shutting us down?
那麼，是什麼因素阻擋了他們，以致他們還沒有把我們的基礎設施搞到癱瘓？

The phrase “cyber-Pearl Harbor” first appeared in the 1990s. For the last 20 years, policymakers have predicted catastrophic situations in which hackers blow up oil pipelines, contaminate the water supply, open the nation’s floodgates and send airplanes on collision courses by hacking air traffic control systems.
「網路珍珠港奇襲」一詞首見於1990年代。過去20年間，決策者曾一再預測大難將要臨頭：駭客炸掉油管、汙染自來水、開啟美國的防洪閘門，並駭進航管系統，使飛機互撞。

“They could, for example, derail passenger trains or, even more dangerous, derail trains loaded with lethal chemicals,” former Defense Secretary Leon Panetta warned in 2012. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
美國國防部前部長潘內達2012年警告：「舉例來說，駭客能使載客火車出軌，或者更危險的，能讓裝有致命化學物的火車出軌。他們可以汙染美國各大城的自來水，或讓美國大半地區停電。」

It is getting harder to write off such predictions as fearmongering. The number of attacks against industrial control systems more than doubled to 675,186 in January 2014 from 163,228 in January 2013, according to Dell Security – most of those in the United States, Britain and Finland.
要把這類預測指斥為危言聳聽愈來愈難了。根據戴爾安全中心的資料，針對產業控制系統的攻擊案件2013年1月有16萬3228件，2014年1月為67萬5186件，激增一倍以上，大多數發生在美國、英國與芬蘭。

And in many cases, outages at airports and financial exchanges – like a computer outage that took down computers at airports across the country late Wednesday, including Kennedy International Airport in New York and Logan Airport in Boston – are never tied to hacks.
機場與金融交易所停電－就像周三（10月14日）晚間，電腦停電導致全美各地機場電腦停擺，包括紐約甘迺迪國際機場與波士頓洛根機場，往往根本與駭客無關。

But it’s clear hackers are trying.
不過很明顯地，駭客正試著這麼做。

Last year, the Department of Homeland Security announced that it was investigating an attack against 1,000 energy companies across Europe and North America. In 2012, 23 gas pipeline companies were hacked by online spies, according to a Homeland Security report. Private investigators later linked the attack to China.
去年美國國土安全部宣布，正在調查一件針對歐洲與北美1000家能源公司的駭客攻擊案。根據國土安全部的報告，2012年，23家天然氣管線公司遭網路間諜入侵。後來民間調查人員指出，這起案件與中國大陸有關。

Last year, in a disclosure overshadowed by the news of the attack on Sony, a German federal agency said that in an attack at an unnamed steel mill, hackers had managed to jump from the company’s corporate network to its production systems, causing significant damage to a blast furnace.
去年德國聯邦政府一個單位透露，駭客攻擊德國一家名稱未公布的鋼鐵廠，從公司內部網路跳到其生產系統，導致一個高爐嚴重損壞。這件事當時被索尼公司遭駭的大新聞掩蓋而未受注意。

And in an extensive attack at Telvent, an information technology and industrial automation company now owned by Schneider Electric, Chinese hackers made off with its product source code and blueprints to facilities operated by its customers, which include 60 percent of the pipeline operators in North America.
此外，大陸駭客曾大肆攻擊資訊科技與產業自動化公司Telvent（目前為施耐德電機公司所有），取得產品原始碼和該公司客戶營運設施的規劃圖，北美管線營運商多達60%是該公司客戶。

For now, dire predictions of destructive online attacks on U.S. targets ignore the fact that the actors with the ability to cause the gravest harm to America’s critical infrastructure – China and Russia and allies like Israel and Britain – are sufficiently deterred from doing so by fear of retaliation or because of long-standing trade and diplomatic relationships. And attacks by those aggressively trying to get such a capability – Iran, North Korea and Islamic militant groups – are still several years off.
就當下而言，有關美國目標可能遭受毀滅性網路攻擊的可怕預測，都忽略了一個事實：有能力對美國重大基礎設施造成最嚴重破壞者，如中國大陸、俄國和以色列、英國等美國盟邦，因為害怕報復或長年與美國保有貿易和外交關係，而有充分的理由不這麼做；而積極嘗試取得這種能力者，如伊朗、北韓與伊斯蘭教民兵團體，還需多年才能發動這類攻擊。

“Despite all the talks of a cyber-Pearl Harbor, I am not really worried about a state competitor like China doing catastrophic damage to infrastructure,” said Michael Hayden, former head of the National Security Agency. “It’s the attack from renegade, lower-tier nation-states that have nothing to lose.”
美國國家安全局前局長麥可．海登說：「雖然有不少人談論網路的珍珠港奇襲，但我並不真擔心像中國這樣的競爭對手會對美國基礎設施造成重大損害。我擔心的是由乖僻、發展程度較低且一無所有、不怕損失的民族國家發動的攻擊。」

Just how far off are they? That is the question troubling policymakers at the National Security Council and intelligence and law enforcement agencies. Federal officials have repeatedly warned that Islamic State militants have been exploiting social media for recruitment, and are developing tools to break into their enemies’ systems.
網路奇襲距離美國有多遠？這正是美國國家安全會議、情報與執法單位決策者煩惱的問題。聯邦政府官員曾多次警告道，激進組織「伊斯蘭國」民兵一直用社群媒體招募新血，並正在開發能侵入敵方系統的軟體。

Those capabilities were sufficient to prompt the assassination of Junaid Hussain, the chief of the Islamic State’s cyberarmy, who was killed by an airstrike in Syria in August. But for now, federal officials say, the Islamic State does not have a significant ability to cause damage through online attacks.
伊斯蘭國擁有的能力足以讓美國決定暗殺它的網軍首腦哈山。哈山八月在敘利亞境內一場空襲中被炸死。但美國聯邦官員說，目前伊斯蘭國並沒能力透過網攻造成損害。

“It’s not easy to pull off a spectacular attack,” said James A. Lewis, a security expert at the Center for Strategic and International Studies in Washington. “People are always saying in theory they can do something, but it’s not at the level of a Pearl Harbor or a 9/11.”
華府智庫戰略暨國際研究中心安全專家劉易士說：「要犯下一場驚天動地的攻擊案並不容易。大家總愛說，理論上他們做得到，但不會是珍珠港或911事件那種規模。」

原文參照：
http://bits.blogs.nytimes.com/2015/10/14/online-attacks-on-infrastructure-are-increasing-at-a-worrying-pace

2015-11-15/聯合報/D2版/紐約時報賞析 李京倫譯

說文解字看新聞 張佑生

姑且不論宗教信仰，《聖經》（Holy Bible, the Bible）是學習英文的利器，因為許多英文單字源自聖經，了解典故有助於理解單字的含義。以本文標題中的Armageddon為例，語出聖經當中的《啟示錄》（Revelation），意指世界末日善惡決戰的場地，中譯為「哈米吉多頓」，如今泛指毀天滅地的大決戰或大規模戰爭，像是nuclear Armageddon。1998年好萊塢電影Armageddon描述彗星撞地球，中文片名譯成「世界末日」。搖滾歌曲Armageddon It是英國搖滾團體Def Leppard的作品，但歌詞內容與世界末日無關。

聖經和世界末日有關的英文單字還有Apocalypse，引申為大災難。

巴黎遭恐攻，媒體用scene of horror and apocalypse或apocalyptic scenes描述宛如末日的現場慘狀。這個字也來自《啟示錄》，1979年的好萊塢電影Apocalypse Now有個響噹噹的中文片名：現代啟示錄。

另一個與大災難有關的字是catastrophic，名詞catastrophe，源自希臘文，意指突然的大變動、大禍、大敗、尤指悲劇的結局，例如《哈姆雷特》最後，王子總算完成復仇，自己也賠上性命。也指令特定個人或群體難以承受的事件，例如，中華隊假如無法打進12強（Premier 12）棒球賽的前八強，對關心棒球的國人可說是個catastrophe。無論是catastrophe還是Armageddon或者Apocalypse，都是偏難的英文字彙（big word）。

標題的infrastructure意指基礎建設，像是道路、港口、發電廠、通訊設施、飛機場、軍事基地等，字首infra意指「在下位的」。馬克思的唯物史觀主張，社會下層結構 (infrastructure)決定其上層結構 (superstructure)。「下層結構」指所有的經濟活動，包括生產力和生產關係，所反射產生的通稱為「上層結構」，泛指文化及意識形態的活動，包括政治、文藝、法律、哲學等。馬克思的經濟決定論引起許多批判。