Loading

中共通过其掌控的科技公司在世界网络留下后门和漏洞 【中英对照翻译】

新闻来源:《Pointe Bello》;作者:Robert O’Brien/罗伯特·奥布赖恩

翻译:沐子璐璐 & TCC;简评:TCC;校对:TCC & 沐子璐璐;审核:InAHurry;Page:拱卒

简评:

这篇文章是由美国国家安全顾问奥布赖恩所写有关中共对基础及通讯设施所埋下的’后门’的隐忧。他以电动汽车先驱Tesla为实例,并明白地指出这些所谓的’后门’,其实是为其情报单位不论在私人或公家机关所留的讯息通道。他同时提供应对之道。

原文:

Beijing’s backdoors into infrastructure and technology have a name…and a far-reaching purpose

北京对基础设施和技术留有的后门不但有个名字。。。且意义深远

U.S. national security advisor Robert O’Brien 美国国家安全顾问罗伯特·奥布赖恩

U.S. national security advisor Robert O’Brien recently sought to shut down debate about whether China tech giant Huawei installs “backdoors” in its gear. “We have evidence,” O’Brien announced on February 11, 2020, that wireless networks around the world have been compromised with access points that Beijing mandates. Well known are the concerns this raises for sensitive public and private sector data. Less understood is just how comprehensive Beijing’s strategy is—and how extensive its reach.

美国国家安全顾问罗伯特·奥布赖恩(Robert O’Brien)最近力求停止关于中共国科技巨头华为是否在其设备上安装后门的争论。奥布莱恩在2020年2月11日已宣布‘我们有证据’证明遍布世界的无线网络都因有北京规定的(网络)接入点而受到严重损害。无疑,这引起了公共和私营部门对其敏感数据的担忧,但人们对北京的战略是如何地居心叵测以及其影响有多深远还完全不了解。

Issue

The Communist Party of China (CPC) directs the insertion of economy-wide commercial and communication infrastructure with “embedded and reserved interfaces [内部嵌入和预留接口]” that wire the world for access by PRC intelligence and security forces in service of Beijing’s technological and geostrategic goals.

问题

中共国共产党 (又名CCP) 指示(如华为这样的公司)在整个经济范围内插入带有“内部嵌入和预留接口”的商业和通讯基础设施,为中共国(PRC)的情报和安全部门进入全世界铺设网络,从而实现北京的科技和地缘战略目标。

Implications

Beijing’s potential to command and control key economic and information flows compromises public and private sectors and alters the character and trajectory of open markets and honest global governance. Beijing’s backdoors into infrastructure and technology have a name…and a far-reaching purpose

影响

北京指挥和控制关键经济和信息流的潜力危及公共和私营部门,并改变了开放市场和诚实的全球治理的特点和轨迹。北京对基础设施和技术的后门有一个名字......和一个深远的目的。

Actions

Commercial entities need to assess their connectivity to PRC entities from a continuity of operations perspective and for information security purposes. Governments need to illuminate and effectively communicate CCP disruptive capabilities to the private sector, forging opportunities to act on shared interests.

行动

商业实体要从运营连续性和信息安全性的角度,来评估与中共国实体的连通. 而政府需要阐释并与私营部门有效地沟通关于中共可以对其产生的危害,并且政府与私营部门要创造互利的合作机会。

WE SAY BACKDOORS, BEIJING SAYS RESERVED INTERFACES

我们说那是后门,而北京却坚称是预留端口

The CPC is using internal government directives to mandate that Peoples Republic of China (PRC) manufacturers of information and communication hardware embed and reserve access for CPC agents at times of its choosing into a wide swath of sectors, including major infrastructure, industrial, and service systems. “Backdoors” is the common parlance in English. The CPC refers more explicitly to “embedded and reserved interfaces [内部嵌入和预留接口],” or close derivative terms, which likely include other vulnerabilities beyond backdoors that can be inserted and exploited by CPC actors.

中共通过(中共国)政府内部指令规定中共人民解放军信息和通讯硬件生产商(在硬件)内部嵌入和预留端口,以便中共特工在需要时可以进入广泛的领域,这些领域包括主要基础设施,工业和服务行业。‘后门’是英语常用语,而中共使用更为明确的‘内部嵌入和预留接口‘或其它一些衍生用词。这些衍生用词(暗含的技术)可能是指可供中共特工插入和使用的,后门以外的其他漏洞。

These interfaces hard wire an information-technology dependent world for seamless access and abuse by PRC intelligence and security forces. Here’s what we know:

这些(内部嵌入和预留) 接口的连接融于一个互相依存的信息技术世界,以供中共国情报和安全部门无缝式地造访和滥用。 以下是我们的实证:

  • Since about 2015 and in conjunction with CPC General Secretary Xi Jinping’s Military Civil Fusion (MCF) program to make PRC defense and intelligence an all-of-society enterprise, Beijing’s central and provincial commissions and military commands have issued directives mandating the structural tapping of devices and systems across economic sectors.

从2015年以来,中共总书记习近平的军民融合(MCF)项目,使中共国的国防和情报部门成为一个全社会参与的企业。同时,北京中央,省级委员会以及军事司令部已经发布了指示,要求对整个经济领域的设备和系统进行结构性窃听。

  • The CPC’s official daily from March 2015 calls for “the implementation of defense requirements through embedded and reserved interfaces” [内部嵌入和预留接口]. This report follows remarks that month by Xi to a PLA delegation at the National People’s Congress where he called for the in-depth implementation of MCF strategy in the interest of building a strong and resurgent military.

中共的官方日报从2015年3月开始呼吁通过‘内部嵌入和预留接口’的方式执行国防要求。 该报告遵循的是当月习近平在全国人民代表大会上对一个解放军代表团发表的讲话,习呼吁要深入实施军民融合战略,以建立一支强大茁壯的军事力量。

  • “Reserved interfaces” or “interfaces” are common terms in computing and IT literature, but here the term defies the common technical engineering objective of assuring interoperability. The backdoors Xi mandates must grant CPC agents convenient future data collection and operational access across transportation, information and communication, Internet of Things (IoT), and other “smart” infrastructure.

‘ 预留端口’或者‘端口’是电脑信息技术领域的常用语,但中共的端口术语有悖于通常技术工程行业指的确保互通性。习所要求的后门是必须让中共特工未来可以便捷地采集数据,并在运输业,信息和通讯业,物联网(IoT)和其他“智能”基础设施中便利地操作访问。

ECONOMIC, NATIONAL SECURITY IMPLICATIONS FOR THE U.S. AND OTHERS

对美国和其他国家的经济和国家安全的影响

“Reserved interfaces” provide Beijing with global capabilities to command and control key economic and information flows. They also allow for penetration of U.S. and allied systems and institutions to collect intelligence, disrupt operations, steal economic advantage, and co-opt them for the PLA’s operational purposes whenever requested. A raft of PRC laws and strategies—like MCF, which also includes relevant economic mobilization for defense plans, and Made in China 2025–require it.

“预留端口”为北京提供了指挥和控制关键经济和信息流的全球性能力。它们还能渗透美国及相关系统的机构,以收集情报,破坏运作,窃取经济利益,并在任何情况下可将这些用于解放军的行动部署。中共国的解放军法律和战略 - 诸如军民融合项目,国防计划的相关经济动员和《中国制造2025》等战略活动要求必须这么做。

These actions and laws in turn facilitate Beijing’s economic development and geostrategic strategies. For example, the “Innovation Driven Development Strategy,” a keystone PRC plan to boost China’s status as a technological superpower, benefits from industrial-scale acquisition of foreign technology and know-how, by any and all means.

这些行动和法律反过来促进了北京的经济发展和地缘战略。例如,‘以创新带动发展战略’是中共国提升技术超级大国地位的重要计划,它通过不择手段地以工业级般的规模收购外国技术,从中获取巨大利益。

Embedded and reserved interfaces threaten the United States and the global economy much more than simply providing the CPC additional espionage and data accumulation opportunities. Intent is also a significant factor. Recall in 2019 when electric vehicle pioneer Tesla, a commercially resourced company, remotely added battery capability to cars in Hurricane Dorian’s path. But imagine what a state-resourced actor with malevolent intent could accomplish. With backdoors, for example, the CPC now has the capability to attenuate systems that connect to a wide range of remote controllers.

嵌入式和预留接口不仅给中共国提供更多的间谍活动和数据积累机会,而且巨大地威胁着美国和全球经济。另外,(如何使用这些接口的)意图也是一个重要因素。回想一下在2019年电动汽车先驱Tesla(一家商业公司)可以如飓风Dorian似的速度向汽车远程地添加电池,想像一下一个有恶意的且有国家支持的公司可以(对类似技术)做哪些(破坏性的)事情?有了后门,中共国可以进行的操作之一就是有能力连接到各种遥控器来减弱各种系统。(以下例举)

  • Through embedded interfaces a remote actor could stop a ship bridge from raising as ocean traffic approaches and cause a collision that catastrophically interrupts ocean to river or port traffic.

通过嵌入式接口,远程参与者可能会阻止海上交通接近时升起的船桥,并造成碰撞,从而灾难性地中断海洋到河流或港口的交通。

  • Remote controllers could cause engines in power plants to overspeed, overheat, and damage their capability to generate electricity for hospitals, factories, storage facilities, server farms, offices, and neighborhoods.

遥控器可能会导致发电厂的发动机超速,过热,并破坏其为医院,工厂,存储设施,服务器场房,办公室和附近地区发电的能力。

  • Potentially fatal catastrophes attach to systems that manage access to traffic lights, tunnels and bridges, airports, and dams.

可能致命的灾难会附加到管理操作交通信号灯,隧道和桥梁,机场以及大坝的系统上。

NEXT STEPS FOR PRIVATE, PUBLIC SECTORS

私营和公共部门的下一步措施

All of this puts the reported security vulnerabilities in Huawei gear in a new light.

所有这些都使私营和公共部门对华为设备中已知的安全漏洞有了新的认识。

For example, in a 2019 report, the UK’s Huawei Cyber Security Evaluation Centre warned that Huawei had failed to address concerns about its software development and engineering practices. It also noted that the country’s National Cyber Security Centre did not “believe that the defects identified are a result of Chinese state interference.”

例如,英国华为网络安全评估中心在2019年的一份报告中警告说,华为未能消除我们对其软件开发和工程实践的担忧。它还指出,英国网络安全中心“难以相信发现的缺陷竟然是中共国政府干预的结果。”

“Believing” is no longer good enough. Both business and government should revisit assessments like this given what we now know about “reserved interfaces.”

目前仅“知道了”是不够的。鉴于我们现在对“保留接口”的了解,企业和政府都应对此重新评估。

And until further information comes to light on the extent the CPC has succeeded in implementing its plans, any PRC part, product, firm, subsidiary, or partner should be viewed as a potential vector, wittingly or not.

并且,在进一步掌握中共在顺利地实施其计划上已经达到什么样的程度之前,任何中共国的零件,产品,公司,子公司或合作伙伴都应被视为有意或无意的潜在媒介。

So where to focus efforts and what to do?

那么,应该针对哪里下手並该怎么做呢?

  • Companies should review the extent they are dependent on PRC firms, not only for supply chain risks but also for vulnerabilities in their command and control, economic, technology, and information security.

公司应复查其对中共国公司的依赖程度,不仅要考虑供应链风险,还应检查其指挥与控制,经济,技术和信息安全方面的漏洞。

  • Traditional infrastructure like ports and associated logistics operations should review and address vulnerabilities in sensitive transportation information, to include U.S. military movements.

港口和相关物流运作等传统基础设施应复审并解决敏感运输信息中的漏洞。这包括美国军事的行动。

  • Infrastructure operations—airports, power plants, subways, bridges, financial exchanges, etc.—could suffer annoying to catastrophic impairments due to foreign sovereign interference. They must balance hardening systems with assuring resilience as well.

由于外国势力介入,基础设施运营(飞机场,发电厂,地铁,铁路,金融交易所等)可能会遭受灾难性损害。这些运营必须在增强其系统同时兼顾可持续性。

  • Both private and public sectors must increasingly engage with each other constructively to understand and respond to this shared risk.

私有和公共部门都必须增加具有建设性的互动,以掌握和应对这种共同的风险。

编辑:【喜马拉雅战鹰团】Edited by:【Himalaya Hawk Squad】