【雙魚之論】英文拷到 G / D 找中文翻譯
演講的一天後,4/19,解放軍成立信息支援部隊 撤銷戰略支援部隊番號。
FBI局長在范德比爾峰會上「關於現代衝突和新威脅」演講 Director
Wray's Remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats Christopher A.
Remarks, as prepared for delivery
Thanks, Niloo, and good afternoon, everybody. It's great to be here at Vandy
and to be here with all of you and the decades of experience you represent: in academia,
national security and defense, cybersecurity, the energy sector, innovation, finance,
law. It's a really staggering array of fields. 謝謝尼洛,大家午安。很高興來到 Vandy,與你們所有人以及你們所代表的數十年經驗在一起:學術界、國家安全和國防、網路安全、能源部門、創新、金融、法律。這是一個非常驚人的領域網路。
And when you bring that many perspectives together, there's a good chance
we'll all walk away with some pretty world-shifting ideas. So thanks to the folks
at
I'm particularly grateful to be here with my counterparts from some of the FBI's closest partner agencies: CIA [Central Intelligence Agency], NSA [National Security Agency], CISA [Cybersecurity and Infrastructure Security Agency], and the DEA [Drug Enforcement Administration]. From my frequent conversations with their leadership, I know these agencies share a recognition that we're facing an evolving and unique threat landscape—something everyone here seems to agree on, too. 我特別感謝與來自 FBI 最密切合作機構的同行們在一起:CIA(中央情報局)、NSA(國家安全局)、CISA [(網路安全和基礎設施安全局)和 DEA(緝毒局)]。從我與他們領導層的頻繁交談中,我知道這些機構都認識到我們面臨著不斷變化的獨特威脅形勢,而在座的每個人似乎也都同意這一點。
So, I appreciate being able to address you alongside those agencies because,
as I'll talk about a bit later on, the way the FBI is dealing with the here-and-now
threats that make up today's landscape is, in part, through relentless partnerships
with those agencies, with you, and with others in the U.S. and around the world. 因此,我很高興能夠與這些機構一起向你們發表演講,因為正如我稍後將談到的,聯邦調查局處理構成當今形勢的此時此地威脅的方式部分是透過與這些機構、您以及美國和世界各地的其他人建立不懈的合作關係。
Wray:
Chinese Government Poses 'Broad and Unrelenting' Threat to U.S. Critical Infrastructure 雷:中國政府對美國關鍵基礎設施構成「廣泛而無情」的威脅
China Is a Singular
Threat 中國是個與眾不同的威脅
I'm talking about everything from indiscriminate hacking to economic espionage
to transnational repression to fentanyl and the precursor chemicals that are coming
out of China and ending up in our communities. What we're facing today is the CCP
[Chinese Communist Party] throwing its whole government into undermining the security
of the rule-of-law world. 我說的是所有的一切,從不分青紅皂白的駭客攻擊到經濟間諜活動,到跨國鎮壓,再到芬太尼和來自中國並最終進入我們社區的前體化學品。我們今天面臨的是中共將其整個政府投入到破壞法治世界的安全之中。
At the FBI, PRC [People's Republic of China] aggression and criminality has
required us to commit our counterintelligence, cybersecurity, and criminal investigative
resources because the Chinese government's actions have proven, again and again,
that it's a combined counterintelligence, cybersecurity, and criminal threat. Part of that threat is driven by the CCP's aspirations to
wealth and power. Through plans like "Made in China 2025" and its
series of Five-Year Plans, Beijing is seeking to seize economic development in the
areas most critical to tomorrow's economy. 在聯邦調查局,中華人民共和國的敵對和犯罪行為讓我們投入反情報、網路安全和刑事調查資源,因為中國政府的行動一次又一次證明,這是反情報、網路安全和刑事調查的綜合威脅。這種威脅的部分原因是中共對財富和權力的渴望。透過「中國製造2025」等計劃及其一系列五年計劃,北京正在尋求抓住對未來經濟最關鍵領域的經濟發展。
And they don't have any reservations about stealing their way to the top.
We've seen Beijing hit just about every industry we have—everything from biotech
to aviation, to advanced technologies like AI [artificial intelligence], to different
forms of healthcare and agriculture—to steal our intellectual property, technology,
and research. You could close your eyes and pull an industry or sector out of a
hat and, chances are, Beijing has targeted it. The PRC is engaged in the largest
and most sophisticated theft of intellectual property and expertise in the history
of the world, leveraging its most powerful weapons, starting with cyber. 他們對於毫無保留的透過偷竊登上頂峰。我們看到北京幾乎打擊了我們擁有的每一個產業——從生物技術到航空,到人工智慧等先進技術,到不同形式的醫療保健和農業——以竊取我們的智慧財產權、技術和研究成果。你可以閉上眼睛想像一個產業或部門,而北京很可能已經瞄準了它。中華人民共和國正在利用其最強大的武器(從網路開始)進行世界歷史上最大規模、最複雜的智慧財產權和專業知識盜竊活動。
To give you a sense of the scale of China’s cyber activity, if all of the
FBI’s cyber agents and cyber intelligence analysts focused exclusively on China—and
not on ransomware, Iran, or Russia—Chinese hackers would still outnumber FBI cyber
personnel by at least 50 to 1. And that's probably a conservative estimate because
the Chinese government is also showing a penchant for hiring cybercriminals to do
its bidding—in effect, cyber mercenaries—further supplementing its cyber workforce. 為了讓大家了解中國網路活動的規模,如果聯邦調查局所有只關注中國網路特工和網路情報分析師,而不是勒索軟體、伊朗或俄羅斯,那麼中國駭客的數量仍將超過聯邦調查局網路人員至少50
比 1。
One thing is clear: China’s hacking program is larger than that of every other
major nation, combined. And that size advantage is only magnified by the PRC military
and intelligence services’ growing use of artificial intelligence—built, in large
part, on innovation and data stolen from us—to enhance its hacking operations, including
to steal yet more tech and data. 有一點是明確的:中國的駭客計畫比其他所有主要國家的總和還要大。而中國的軍事和情報部門越來越使用人工智慧(很大程度上是建立在從我們這裡竊取的創新和數據的基礎上)來加強其駭客行動,包括竊取更多的技術和數據,這種規模優勢只會被放大。
And the PRC cyber threat is made vastly more harmful by the way the Chinese
government combines cyber with traditional espionage and economic espionage—and
with its efforts to export its repression and malign influence to other nations,
including our own. 由於中國政府將網路與傳統間諜活動和經濟間諜活動結合,並努力向其他國家(包括我們國家)輸出鎮壓和惡意影響,中國的網路威脅變得更加有害。
A few years ago, we might have said China represents the most significant long-term threat. That’s no
longer the best way to describe the danger. The Office of the Director of National
Intelligence assessed last year that Beijing is trying to build the capability to
deter U.S. intervention in a crisis between China and Taiwan by 2027. 幾年前,我們可能會說中國代表最重大的長期威脅。這不再是描述危險的最佳方式。美國國家情報總監辦公室去年評估稱,北京正努力在 2027 年之前建立阻止美國干預中國與台灣之間危機的能力。
2027 is not exactly long-term. In reality, it’s not even “around the corner.”
We’re feeling some of the effects today. 2027 年並不完全是長期的。事實上,它甚至還不是「指日可待」那樣久。今天我們感受到了一些影響。
In government, we’re looking at the 2024 budgets being written now as the
determinants of what resources we’ll have ready to confront China in 2027. 在政府方面,我們正在將現在正在編寫的 2024 年預算視為我們準備在 2027 年對抗中國的資源的決定因素。
In the private sector and academia, too, the investments, partnerships, security,
and capabilities you’re building today will dictate how those sectors are prepared—or
not—three short years from now. And, as we’ll discuss, we’re also already battling
today preliminary steps, which include cyber intrusions and criminal activity, that
China is already taking along their march to preparedness. 在私營部門和學術界也是如此,您今天正在建立的投資、合作夥伴關係、安全和能力將決定這些部門在短短三年內如何做好準備(或不做好準備)。而且,正如我們將要討論的,我們今天也已經採取了初步措施,其中包括網路入侵和犯罪活動,而中國已經在做好準備。
Critical Infrastructure
Threats Are Particularly Alarming 關鍵基礎設施的威脅尤其令人擔憂
The subject of the PRC’s desire to dictate America’s responses to its aggression
is a good segue to our discussion of critical infrastructure because, at the FBI,
we’re particularly concerned about the threat Beijing’s activities pose to those
sectors. 中國希望決定美國對其侵略的反應的主題是我們對關鍵基礎設施討論的一個很好的延續,因為在聯邦調查局,我們特別擔心北京的活動對這些部門構成的威脅。
And there’s no better way to close out this summit than to spend a few minutes
reflecting on this singular threat and on what
the FBI and our partners—including those here today—can do to safeguard our nation.
結束這次高峰會的最佳方法莫過於花幾分鐘思考這一獨特的威脅,以及聯邦調查局和我們的合作夥伴(包括今天在座的合作夥伴)可以採取哪些措施來保護我們的國家。
To the average person, critical infrastructure is largely invisible. These
are sectors whose existence we don’t often think about or appreciate as long as
they’re working right. But these vital sectors—everything from water-treatment facilities
and energy grids to transportation and information technology—form the backbone
of our society. 對一般人來說,關鍵基礎設施基本上是看不見的。這些部門的存在,只要它們運作正常,我們就不會經常思考或欣賞。但這些重要部門——從水處理設施、能源網到交通和資訊科技——構成了我們社會的支柱。
And what many Americans may not be tracking closely is that China is positioning
its enormous hacking enterprise—remember, 50 to 1—for more than "just"
the outrageous theft campaign I described a few minutes ago. It’s using that mass,
those numbers, to give itself the ability to physically wreak havoc on our critical
infrastructure at a time of its choosing. 許多美國人可能沒有密切關注的是,中國正在將其龐大的駭客活動(記住,50 比 1)定位為不僅僅是我幾分鐘前描述的令人髮指的盜竊活動。它利用這些品質、這些數字,讓自己有能力在其選擇的時間對我們的關鍵基礎設施造成嚴重破壞。
The PRC has made it clear that it considers every sector that makes our society
run as fair game in its bid to dominate on the world stage, and that its plan is
to land low blows against civilian infrastructure to try to induce panic and break
America’s will to resist. 中華人民共和國明確表示,它認為讓我們社會運轉的每個領域都是其在世界舞台上佔據主導地位的公平遊戲,並且它的計劃是對民用基礎設施進行低強度打擊,試圖引起恐慌並粉碎美國的意志抵抗。
We’ve been countering this growing danger for years now. China-sponsored hackers
pre-positioned for potential cyberattacks against U.S. oil and natural gas companies
way back in 2011. And while it’s often hard to tell what a hacker plans to do with
their illicit network access—that is, theft or damage—until they take the final
step and show their hand, these hackers’ behavior said a lot about their intentions. 多年來我們一直在應對這種日益嚴重的危險。早在 2011 年,中國資助的駭客就已針對美國石油和天然氣公司進行了潛在的網路攻擊。儘管往往很難判斷駭客打算利用他們非法獲得的網路入侵做些什麼——即偷竊或損害——直到他們採取最終步驟並展示他們的意圖,但這些駭客的行為已經說明了很多關於他們的意圖。
When one victim company set up a honeypot—essentially, a trap designed to
look like a legitimate part of a computer network with decoy documents—it took the
hackers all of 15 minutes to steal data related to the control and monitoring systems
while ignoring financial and business-related information, which suggests their
goals were even more sinister than stealing a leg up economically. 當一家受害公司設置了一個蜜罐——基本上是一個設計成看起來像電腦網路中合法部分的陷阱,帶有假文件——駭客只花了15分鐘就偷取了與控制和監控系統相關的數據,而忽略了財務和商業相關訊息,這表明他們的目標甚至比經濟上的優勢更陰險。
That was just one victim, and we tracked a total of 23 pipeline operators
targeted by these actors. 這只是一名受害者,我們總共追蹤了 23 家成為這些攻擊者目標的管線營運商。
More recently, you may have heard about a group of China-sponsored hackers
known as Volt Typhoon. In that case, we found persistent PRC access in our critical
telecommunications, energy, water, and other infrastructure sectors. They were hiding
inside our networks, using tactics known as “living-off-the-land"—essentially,
exploiting built-in tools that already exist on victim networks to get their sinister
job done, tools that network defenders expect to see in use and so don’t raise suspicions—while
they also operated botnets to further conceal their malicious activity and the fact
that it was coming from China. All this, with the goal of giving the Chinese government
the ability to wait for just the right moment to deal a devastating blow. 最近,您可能聽說過一個由中國資助的駭客組織,名為 Volt Typhoon。在這個案例中,我們發現在我們的關鍵電信、能源、水和其他基礎設施部門中存在持續的中國入侵。他們藏匿在我們的網路內部,使用所謂的(靠山吃山,靠海吃海)"living-off-the-land"策略——基本上是利用受害者系統中已經存在的合法工具和功能來實施攻擊,而無需下載或執行任何外部惡意軟體,這些工具是網路防禦者會看到並不會引起懷疑的,同時他們還運行著殭屍網路來進一步掩蓋他們的惡意活動以及它來自中國的事實。所有這些都是為了給中國政府能夠等待恰到好處的時機來給予毀滅性打擊的能力。
This kind of specific targeting of critical infrastructure is on top of China’s
scattershot, indiscriminate cyber campaigns that hit critical infrastructure along
with thousands of other victims. One of the most egregious examples of this in recent
memory was the 2021 Microsoft Exchange compromise. 這種針對關鍵基礎設施的特定攻擊是中國漫無目的、無差別的網路活動的基礎,這些活動襲擊了關鍵基礎設施以及數千名其他受害者。最近記憶中最令人震驚的例子之一是 2021 年
Microsoft Exchange 外洩事件。
In that case, hackers operating out of China exploited previously unknown
vulnerabilities—called “zero-day” exploits—and
compromised more than 10,000 U.S. networks, moving quickly and irresponsibly to
do so before those vulnerabilities were disclosed to the public. The hackers targeted
networks across a wide range of sectors, from infectious disease research to defense
contractors, and their method was to plant malicious code that created a back door
and gave them continued remote access to the victims’ networks. 在這情況下,在中國境外活動的駭客利用了以前未知的漏洞(稱為「零日」漏洞),並在這些漏洞向公眾披露之前迅速且不負責任地採取了行動,破壞了10,000 多個美國網路。駭客針對從傳染病研究到國防承包商等廣泛領域的網路,他們的方法是植入惡意程式碼,建立後門,使他們能夠持續遠端存取受害者的網路。
That campaign echoed earlier PRC attacks on managed-service providers, compromising
the companies that serve as gateways to thousands of others who rely on the MSPs
[managed-service providers] for data services—and then compromising those customers,
in turn.
該活動呼應了中華人民共和國早些時候對託管服務提供者的攻擊,損害了作為成千上萬其他依賴MSP(託管服務提供者)提供資料服務的其他公司的閘道公司,然後反過來損害了這些客戶。
So, while the recent Volt Typhoon story understandably caused a stir because
of the sheer magnitude of the operation, the fact is the PRC’s targeting of our
critical infrastructure is both broad and unrelenting. 因此,雖然最近的「伏特颱風」事件因其行動規模之大而引起轟動,這是可以理解的,但事實是,中華人民共和國對我們關鍵基礎設施的攻擊目標既廣泛又無情。
The FBI Is a
Defender and a Partner FBI 是捍衛者和合作夥伴
But you know what they say about the best-laid plans. At the FBI, we’ve mobilized
across the organization to thwart China’s schemes to steal and sabotage their way
to the top. And I think it’s fair to say that there are few parts of the FBI not
involved in the China fight—across our 56 field offices, at Headquarters, and in
our offices around the world. 但你知道他們怎麼說最好的計畫。在聯邦調查局,我們動員整個組織來阻止中國竊取和破壞他們登上最高層的計劃。我認為可以公平地說,FBI 的各個部門都參與了針對中國的鬥爭——無論是在我們的 56 個外地辦事處、總部還是在世界各地的辦事處。
One key to being successful in this fight is the FBI’s dual and complementary
mission: enforcing federal law and protecting national security. At the Bureau,
we’re empowered not just to collect intelligence, but to act on it, and those actions
cover a wide range of forms. 在這場鬥爭中取得成功的關鍵是聯邦調查局的雙重且互補的使命:執行聯邦法律和保護國家安全。在局裡,我們不僅有權收集情報,而且有權根據情報採取行動,而這些行動涵蓋多種形式。
To prevent cyberattacks, we can often share what we learn through our collection
with network defenders and Intelligence Community partners. 為了防止網路攻擊,我們經常可以與網路防禦者和情報社群合作夥伴分享我們從收集中學到的知識。
Last year alone, in addition to our individual warnings to potential victims,
the FBI published nearly 80 advisories on cyber threats to the private sector, arming
network defenders by highlighting new threats and describing adversary technical
indicators and tactics. We also exercise our technical capabilities to stop intrusions
and protect victims, no matter who is behind the activity. And we take other law
enforcement actions, too—steps like seizures and arrests, which are key instruments
of disruption and deterrence. 光是去年,除了我們向潛在受害者發出的單獨警告外,FBI 還發布了近 80 份有關私營部門網路威脅的公告,透過強調新威脅並描述對手的技術指標和策略來武裝網路防禦者。我們也運用我們的技術能力來阻止入侵並保護受害者,無論活動的幕後黑手是誰。我們也採取其他執法行動,例如扣押和逮捕,這是破壞和威懾的關鍵手段。
In the China context, we hardly ever take those kinds of steps by ourselves.
Our strategy is to lead joint, sequenced operations that bring to bear our authorities—and
those of our many partners—in coordinated actions for maximum effect. 在中國的背景下,我們幾乎不會獨自採取這些措施。我們的策略是領導聯合、有序的行動,讓我們的權威以及我們眾多合作夥伴的權威採取協調一致的行動,以取得最大的效果。
As part of those operations, we’re often sharing targeting and other information
with partners like U.S. Cyber Command, foreign law enforcement agencies, the CIA,
and others—and then acting as one. When it comes to both nation-state and criminal
cyber threats, we plan operations with our sights set on all the elements we know
from experience make hacking groups tick. 作為這些行動的一部分,我們經常與美國網路司令部、外國執法機構、中央情報局等合作夥伴共享目標和其他訊息,然後作為一個合作夥伴採取行動。當涉及民族國家和犯罪網路威脅時,我們的行動計畫著眼於我們從經驗中了解到的駭客組織發動的所有因素。
So, we’re going after their people—a term we define broadly to include not
just hackers and malware developers, but also the facilitators they depend on, like
bulletproof hosters and money launderers. We’re also going after their infrastructure,
like their servers and botnets. And we’re going after their money—the cryptocurrency
wallets they use to stash their ill-gotten gains or hide financial connections,
hire associates, and lease infrastructure. 因此,我們正在追捕他們的人員——這個術語我們廣泛地定義為不僅包括駭客和惡意軟體開發者,還包括他們依賴的幫助者,如防彈主機提供者和洗錢者。我們也在追捕他們的基礎設施,如他們的伺服器和殭屍網路。我們也在追捕他們的資金——他們用來隱藏非法收益或隱匿財務聯繫、聘用合夥人以及租用基礎設施的加密貨幣錢包。
So, to take the PRC’s Microsoft Exchange compromise as an example, we leaned
on our private sector partnerships, identified the vulnerable machines, and learned
the hackers had implanted webshells—malicious code that created a back door and
gave them continued remote access to the victims’ networks. We then pushed out a
joint cybersecurity advisory with CISA to give network defenders the technical information
they needed to disrupt the threat and eliminate those backdoors. 因此,以中國的Microsoft Exchange 洩漏為例,我們依靠私營部門的合作夥伴關係,識別了易受攻擊的機器,並了解到駭客植入了Webshell——創立後門並讓他們能夠持續遠端訪問受害者的惡意程式碼網路。然後,我們與 CISA 推出了聯合網路安全諮詢,為網路防禦者提供破壞威脅並消除這些後門所需的技術資訊。
But some system owners weren’t able to remove the webshells themselves, which
meant their networks remained vulnerable. So, working with Microsoft, we executed
a first-of-its-kind surgical, court-authorized operation, copying and removing the
harmful code from hundreds of vulnerable computers. 但一些系統所有者無法自行刪除 Webshell,這意味著他們的網路仍然容易受到攻擊。因此,我們與 Microsoft 合作,執行了首次經法院授權的行動,從數百台易受攻擊的電腦中複製並刪除有害程式碼。
And those backdoors the Chinese government hackers had propped open? We slammed
them shut so the cyber actors could no longer use them to access victim networks.
那麼中國政府駭客打開的那些後門呢?我們將它們關閉,以便網路攻擊者無法再使用它們來存取受害者網路。
Similarly, when we discovered Volt Typhoon’s malware being used against critical
infrastructure, we joined our U.S. and international partners last spring—and again
this February—to first author a series of joint cybersecurity advisories about what
we saw, effectively calling out the hackers and sharing technical information victims
can use to protect themselves. And then, we followed up those warnings with action
aimed at the hackers. 同樣,當我們發現Volt Typhoon 的惡意軟體被用於針對關鍵基礎設施時,我們於去年春天(以及今年二月)與我們的美國和國際合作夥伴一起,首先就我們所看到的內容撰寫了一系列聯合網路安全建議,有效地呼籲駭客並分享受害者可以用來保護自己的技術資訊。然後,我們針對這些警告採取了針對駭客的行動。
Working with our partners in the private sector, the FBI was able to identify
the threat vector and conduct a court-authorized operation—in coordination with
others—to not only remove Volt Typhoon’s malware from the routers it had infected
throughout the U.S. but also to sever their connection to that network of routers
and prevent their reinfection. 透過與私營部門合作夥伴的合作,FBI 能夠識別威脅媒介並與其他人協調執行法院授權的操作,不僅可以從其在美國各地感染的路由器中刪除 Volt Typhoon 的惡意軟體,還可以切斷他們與該路由器網路的連接並防止他們再次感染。
What We Need
From You 我們需要您做什麼
You’ve heard me say several times now this afternoon that private companies,
like those represented here, and academic institutions like Vanderbilt are exactly
the kinds of partners that have important roles to play when it comes to protecting
our most essential networks—and not just as key participants in many of those joint,
sequenced operations I mentioned. 今天下午大家已經聽我說過好幾次了,私營公司,比如在座的那些公司,以及范德比爾這樣的學術機構,正是在保護我們最重要的網路方面可以發揮重要作用的合作夥伴,而不僅僅是保護我們最重要的網路。
The private sector owns the vast majority of our critical infrastructure,
so it plays a central defensive role, and also generates vital information about
what adversaries are doing—or preparing to do—against us. 私營部門擁有我們絕大多數關鍵基礎設施,因此它發揮著核心防禦作用,並且還產生有關對手正在或準備對我們做什麼的重要資訊。
But the first thing private industry can bring to the table is vigilance because
everything we do in the government and law enforcement space has to be combined
with the public’s role in being more discerning and more cyber-literate. 但私人企業首先要保持警惕,因為我們在政府和執法領域所做的一切都必須與公眾的角色結合,以提高洞察力和網路素養。
That includes resiliency planning—things like developing an incident response
plan, actually testing and exercising that plan, and fortifying networks and devices
to make the attack surface as inhospitable as possible. Companies need to familiarize
themselves with each specific threat and its particularities, create a plan tailored
to each of those threats, and then actually run through those plans with tabletop
exercises. Most importantly, know where your crown jewels are, know how to get back
up and running in the event of a breach, and know at what point you’re going to
call the FBI for help. 這包括彈性規劃,例如制訂事件回應計劃、實際測試和執行該計劃以及強化網路和設備以使攻擊面盡可能不易被攻擊。公司需要熟悉每個特定威脅及其特殊性,針對每個威脅制訂一個計劃,然後透過沙盤演習實際運行這些計劃。最重要的是,知道您自己的軟肋在哪裡,知道在發生違規情況時如何恢復和運行,並知道什麼時候需要致電 FBI 尋求幫助。
There’s also hardware and supply chains to worry about. I’m sure many of the
folks here today are familiar with Solar Winds, the Russian SVR’s supply chain campaign
that compromised widely-used IT software and caused thousands of Solar Winds customers
to upload malicious backdoors hidden in innocuous-looking software updates. Vetting
your vendors, their security practices, and knowing who’s building the hardware
and software you’re granting access to your network is crucial, so push for transparency
into what vendors and suppliers are doing with your data and how they will maintain
it. 還有硬體和供應鏈需要擔心。我相信今天在座的許多人都熟悉Solar Winds,這是俄羅斯SVR 的供應鏈活動,該活動損害了廣泛使用的IT 軟體,並導致數千名Solar Winds 客戶上傳隱藏在看似無害的軟體更新中的惡意後門。審查您的供應商及其安全實踐,並了解誰在建立您授予網路存取權限的硬體和軟體,這一點至關重要,因此要推動供應商和供應商如何處理您的數據以及他們將如何維護數據的透明度。
That brings me to the final thing we need to build a strong defense, and that’s
solid partnerships—as we've discussed, the very foundation of our work confronting
Beijing. 這讓我想到了我們建立強大防禦所需的最後一件事,那就是牢固的夥伴關係——正如我們所討論的,這是我們對抗北京的工作的基礎。
When something goes awry, we need victims to reach out to us immediately because
that first victim who reports an intrusion can supply the key information that will
enable us not just to help them recover, but also to prevent the attack from metastasizing
to other sectors and other businesses. In fact, Volt Typhoon was taken down thanks,
in part, to help from the private sector—to companies coordinating with us. 當出現問題時,我們需要受害者立即與我們聯繫,因為報告入侵的第一個受害者可以提供關鍵訊息,使我們不僅能夠幫助他們恢復,而且還能防止攻擊轉移到其他部門和其他業務。事實上,Volt Typhoon 的被下架在某種程度上要歸功於私部門的幫助——以及與我們合作的公司。
We’ve seen the best outcomes in situations where a company made a habit of
reaching out to their local FBI field office even before there was any indication
of a problem because that put everyone on the same page and contributed to the company’s
readiness. And it’s not just companies. The FBI has long put a premium on building
relationships with academic institutions, too. 我們已經看到,如果一家公司養成了在出現任何問題跡象之前就聯繫當地FBI 外地辦事處的習慣,就會取得最好的結果,因為這讓每個人都達成共識,並有助於公司做好準備。不僅僅是公司。聯邦調查局長期以來也非常重視與學術機構建立關係。
Building those partnerships means that we can better understand the issues
academia faces every day interacting with the PRC, and academia can get a better
understanding of national security threats and make informed decisions about how
to deal with them. 建立這些夥伴關係意味著我們可以更了解學術界每天與中國互動所面臨的問題,學術界也可以更了解國家安全威脅,並就如何應對這些威脅做出明智的決定。
Speaking of academia, since I find myself here at one of the top universities
in the country, I’d be crazy not to talk a bit about the people we need to keep
hiring to do all this vital, cutting-edge work. 說到學術界,既然我發現自己在這個國家的一所頂尖大學,如果不談論我們需要繼續招募來完成所有這些重要的前沿工作的人,我就瘋了。
We need even more smart, driven, talented people in the field to keep America
safe—people with the technical skills to keep our cyber workforce world-class. 我們需要該領域更多聰明、有動力、有才華的人才來確保美國的安全——這些人才擁有使我們的網路勞動力保持世界一流的技術技能。
So, while I’m here at Vandy, among some of our nation’s best and brightest
students about to enter the workforce, here’s a plug for both them and the professors
in the audience that those students look to for guidance: We need more people to
join our elite team, determining who’s responsible for cyberattacks; planning and
running those joint, sequenced operations, to knock our adversaries back; working
with victims; and, often, doing all those things in the same day. 因此,當我在Vandy這裡,我們國家一些最優秀、最聰明的學生即將進入職場,這裡有一個為他們和觀眾中的教授提供的訊息,這些學生希望獲得指導:我們需要更多的人加入我們的精英團隊,確定誰應對網路攻擊負責;規劃和實施這些聯合、有序的行動,擊退我們的對手;與受害者一起工作;並且經常在同一天完成所有這些事情。
We need talented people on our rapid-response Cyber Action Team—deploying
across the country often within hours to respond to major incidents—and working
with international partners in our offices overseas, seeking justice for victims
of cyberattacks. 我們的快速反應網路行動團隊需要人才——通常在數小時內部署到全國各地以應對重大事件——並與我們海外辦事處的國際合作夥伴合作,為網路攻擊的受害者尋求正義。
A job with the FBI could take you anywhere, and there’s no better way to serve
a mission you’re proud of while doing work that’s the envy of your friends slogging
it out elsewhere. 在聯邦調查局的工作可以帶你去任何地方,沒有比這更好的方法來完成你引以為傲的任務,同時做讓你的朋友羨慕的工作,在其他地方辛苦工作。
The FBI doesn’t do easy. We focus on what’s hard, what no one else can do—measured
both in our own work and in the adversaries we go up against: the most dangerous
intelligence services and criminals in the world. FBI 的工作並不輕鬆。我們專注於困難的事情、其他人無法做到的事情——透過我們自己的工作和我們所面對的對手來衡量:世界上最危險的情報機構和犯罪分子。
As we’ve talked about today, the threats America faces—from the PRC and many
others besides—are immense, and we’re confronting them right now. 正如我們今天談到的,美國面臨的威脅——來自中國和其他許多國家——是巨大的,我們現在正在面對這些威脅。
Our way of life—and, in some cases, our very lives—need defending, so think
about applying to join us or sending your best and brightest our way. 我們的生活方式——在某些情況下,我們的生活本身——需要捍衛,所以考慮申請加入我們,或派遣你最優秀、最聰明的人加入我們。
In the meantime, thanks again for having me, and I look forward to our discussion. 同時,再次感謝大家的邀請,我期待我們的討論。
沒有留言:
張貼留言
請網友務必留下一致且可辨識的稱謂
顧及閱讀舒適性,段與段間請空一行