(单词翻译:单击)
Western investors have largely shrugged off the military conflict in Ukraine, pushing global markets higher. But, deep inside some financial institutions and intelligence services, a debate is bubbling that investors should watch. This revolves not around boots and tanks but the cyber world.
西方投资者迄今基本上对乌克兰军事冲突满不在乎,把全球市场价格推得更高。但在一些金融机构和情报部门内部正在进行的一场不断升温的辩论,值得投资者关注。辩论主题不是军靴和坦克,而是网络世界。
A couple of weeks ago JPMorgan Chase disclosed that it had been the victim of a big cyber attack, and was now co-operating with US government agencies over this (presumed to include the Federal Bureau of Investigation, the Central Intelligence Agency and the National Security Agency).
几周前,摩根大通(JPMorgan Chase)披露其遭受了一次大规模网络攻击,眼下正配合美国政府部门(想必包括联邦调查局(FBI)、中央情报局(CIA)和美国国家安全局(NSA))调查此事。
The details of the incident are mysterious and JPMorgan has refused to elaborate in public. But it appears the attacks emanated from Russia, that they were exceptionally sophisticated and that they affected other institutions, too. And they have consequently left executives in London and New York asking: could the next phase in the Ukrainian conflict be a wave of cyber attacks on western finance – either to retaliate against sanctions or to spark fear?
此事的细节是个谜,摩根大通拒绝详细公开。但攻击似乎源自俄罗斯,而且手段出奇地高明,还影响到其他机构。这些攻击让伦敦和纽约的高管发问:乌克兰冲突的下一阶段可能是对西方金融业的一波网络攻击吗(旨在报复对俄制裁或引发恐慌)?
In some senses, such concerns are not new. Western corporations have faced escalating cyber assaults in recent years: last year, for example, Jamie Dimon, JPMorgan chief executive, revealed the bank was experiencing “tens of thousands” attacks each day. Though many seem to come from China, others come from criminal networks in Russia, the only country considered to have cyber capabilities equal to those of America.
在某种意义上,这种担忧并非新鲜事儿。近年来,西方公司遭受的网络攻击在不断升级:去年,摩根大通首席执行官杰米•戴蒙(Jamie Dimon)披露,该行每天遭到攻击的攻击多达“数万次”。尽管许多攻击似乎来自中国,但其他攻击来自俄罗斯的犯罪网络。俄罗斯被认为是唯一在网络能力上能与美国媲美的国家。
Cyber experts now fear the combination of incentives and skill behind such attacks could shift. To date they have taken (modest) comfort from the fact that the truly malicious attacks against western financial groups – or those aimed at causing lasting damage or panic by sparking a market crash – seem to have come from groups without highly sophisticated capabilities. Islamic terrorist groups, for example, grab headlines but they have not yet brought down an exchange.
如今,网络专家担心,这些攻击背后的激励和技能组合可能发生改变。迄今令他们感到(一定)安慰的是,针对西方金融集团的真正恶意攻击——即那些意在引发市场崩溃,以制造持续损害或恐慌的攻击——似乎源自不具备很高技术含量的团伙。例如,伊斯兰主义恐怖集团占据过媒体头条,但他们还没有搞垮过一家交易所。
Meanwhile, the really sophisticated cyber attacks on western financial groups have hitherto emanated from groups or states that “only” want to steal intelligence or money, not destroy entire systems or even reveal themselves. After all, Russian oligarchs and Chinese officials have money in western banks and markets so it is presumed they want to keep them intact.
另一方面,迄今对西方金融集团发起的真正手段高超的网络攻击,来自那些“仅仅”想要盗取情报或金钱、而不想摧毁整个体系或甚至暴露自己的团体或政府。毕竟,俄罗斯寡头和中国官员有钱存在西方银行和市场,想必他们不想搞垮这些西方机构。
But in some financial groups and intelligence forums, the big question is what might happen if Russian hackers (or any that are similarly sophisticated) ever stop feeling they have a stake in global finance or a shared interest in maintaining market stability. “It’s a huge concern,” one New York-based chief executive says.
但在一些金融机构和情报论坛,目前的大问题是:如果俄罗斯黑客(或任何具有技术含量的人)认为,全球金融体系对他们已无关紧要,或者他们对维持市场稳定不再有共同利益,那可能会发生什么情况?“这是一个非常令人担心的问题,”一位常驻纽约的首席执行官表示。
Right now, there is little evidence that any such shift has occurred. And the Financial Services Information Sharing and Analysis Center, an industry body recently created by the banks to discuss cyber attacks, last week pointedly told its members there was no need to panic. It sent an email insisting that, notwithstanding the JPMorgan incident, nothing significant had changed in the cyber landscape.
眼下没有什么证据表明这样的转变已经发生。金融部门信息共享与分析中心(FS-ISAC)是最近一家由银行创立的讨论网络攻击的行业机构。上周,该中心意有所指地告诉其会员,没有恐慌的必要。它发出了一封电邮,坚称虽然发生摩根大通被攻击事件,但网络环境没有发生重大变化。
But some western public and private sector groups are quietly stepping up their defences. Nato announced last week that it had decided for the first time to classify a cyber attack as the type of event that could trigger a joint alliance response.
但西方公共和私人部门的一些团体正在悄悄地加大防范力度。北约(Nato)上周宣布,其首次决定把网络攻击归为可能引发集体回应的事件类型。
The US Securities and Exchange Commission is implementing a system to examine financial firms’ cyber defences. And the big banks and exchanges are increasingly trying to share information with each other and the government via the FS-ISAC.
美国证交会(SEC)正在执行一项检查金融公司网络防范措施的制度。大型银行和交易所越来越多地努力通过FS-ISAC在彼此间、以及跟政府分享信息。
In many respects, this is good news: until recently, the level of collaboration between the public and private sector in America was woefully low, compared with places such as Australia.
从许多方面来看,这都是一则好消息:直到不久以前,美国公共与私人部门之间的协作水平与澳大利亚等国相比极其低下。
But these steps are still far from comprehensive, let alone foolproof. In particular, the asset management world lags behind well behind the banks and exchanges. This sector is “just not as involved because it is so fragmented – you have billion-dollar hedge funds that don’t even know what the FS-ISAC is”, observes Eldon Sprickerhoff, co-founder of eSentire, an advisory group.
但这些措施仍远远算不上完善,更谈不上保证万无一失。尤其是,资产管理行业远远落在银行和交易所的后面。咨询集团eSentire的联合创始人埃尔登•施普里克尔霍夫(Eldon Sprickerhoff)评论道,这个行业“对网络安全的参与度不高,因为该行业太过分散——有些十亿美元级的对冲基金竟然不知道FS-ISAC是什么。”
Until recently, many experts presumed that the main focus of a malicious cyber attack would be an exchange or a bank. But if there is one thing that a decade of geopolitical turbulence has shown, it is that shocks have a nasty habit of coming from unwatched places. And if there was an attack on, say, money market funds, this could have wide repercussions.
直到不久以前,许多专家认为,恶性网络攻击的主要目标将是交易所或银行。但如果说十年的地缘政治动荡说明了什么,那就是冲击经常来自未注意到的领域。如果出现一次针对货币市场基金的攻击,那可能引发波及面很大的冲击波。
The real message from the JPMorgan rumours, then, is that western governments need to keep up the pressure on financial companies to improve their cyber defence plans across the industry and to provide tangible assistance.
因此,有关摩根大通的传闻传递出来的真正信息是,西方国家政府需要持续对金融企业施加压力,确保它们完善全行业的网络防御方案,并向行业提供实实在在的协助。
And, of course, keep hoping that geopolitical tensions do not escalate or move from the old-fashioned real world into cyber space.
当然,让我们继续祈祷,但愿地缘政治紧张局势不会升级,或者从老式的实体世界挪进网络空间。