地球人阻止不了黑客了 金融业须构筑网络防线
日期:2014-09-28 14:16


Western investors have largely shrugged off the military conflict in Ukraine, pushing global markets higher. But, deep inside some financial institutions and intelligence services, a debate is bubbling that investors should watch. This revolves not around boots and tanks but the cyber world.

A couple of weeks ago JPMorgan Chase disclosed that it had been the victim of a big cyber attack, and was now co-operating with US government agencies over this (presumed to include the Federal Bureau of Investigation, the Central Intelligence Agency and the National Security Agency).
几周前,摩根大通(JPMorgan Chase)披露其遭受了一次大规模网络攻击,眼下正配合美国政府部门(想必包括联邦调查局(FBI)、中央情报局(CIA)和美国国家安全局(NSA))调查此事。
The details of the incident are mysterious and JPMorgan has refused to elaborate in public. But it appears the attacks emanated from Russia, that they were exceptionally sophisticated and that they affected other institutions, too. And they have consequently left executives in London and New York asking: could the next phase in the Ukrainian conflict be a wave of cyber attacks on western finance – either to retaliate against sanctions or to spark fear?
In some senses, such concerns are not new. Western corporations have faced escalating cyber assaults in recent years: last year, for example, Jamie Dimon, JPMorgan chief executive, revealed the bank was experiencing “tens of thousands” attacks each day. Though many seem to come from China, others come from criminal networks in Russia, the only country considered to have cyber capabilities equal to those of America.
在某种意义上,这种担忧并非新鲜事儿。近年来,西方公司遭受的网络攻击在不断升级:去年,摩根大通首席执行官杰米•戴蒙(Jamie Dimon)披露,该行每天遭到攻击的攻击多达“数万次”。尽管许多攻击似乎来自中国,但其他攻击来自俄罗斯的犯罪网络。俄罗斯被认为是唯一在网络能力上能与美国媲美的国家。
Cyber experts now fear the combination of incentives and skill behind such attacks could shift. To date they have taken (modest) comfort from the fact that the truly malicious attacks against western financial groups – or those aimed at causing lasting damage or panic by sparking a market crash – seem to have come from groups without highly sophisticated capabilities. Islamic terrorist groups, for example, grab headlines but they have not yet brought down an exchange.
Meanwhile, the really sophisticated cyber attacks on western financial groups have hitherto emanated from groups or states that “only” want to steal intelligence or money, not destroy entire systems or even reveal themselves. After all, Russian oligarchs and Chinese officials have money in western banks and markets so it is presumed they want to keep them intact.
But in some financial groups and intelligence forums, the big question is what might happen if Russian hackers (or any that are similarly sophisticated) ever stop feeling they have a stake in global finance or a shared interest in maintaining market stability. “It’s a huge concern,” one New York-based chief executive says.
Right now, there is little evidence that any such shift has occurred. And the Financial Services Information Sharing and Analysis Center, an industry body recently created by the banks to discuss cyber attacks, last week pointedly told its members there was no need to panic. It sent an email insisting that, notwithstanding the JPMorgan incident, nothing significant had changed in the cyber landscape.
But some western public and private sector groups are quietly stepping up their defences. Nato announced last week that it had decided for the first time to classify a cyber attack as the type of event that could trigger a joint alliance response.
The US Securities and Exchange Commission is implementing a system to examine financial firms’ cyber defences. And the big banks and exchanges are increasingly trying to share information with each other and the government via the FS-ISAC.
In many respects, this is good news: until recently, the level of collaboration between the public and private sector in America was woefully low, compared with places such as Australia.
But these steps are still far from comprehensive, let alone foolproof. In particular, the asset management world lags behind well behind the banks and exchanges. This sector is “just not as involved because it is so fragmented – you have billion-dollar hedge funds that don’t even know what the FS-ISAC is”, observes Eldon Sprickerhoff, co-founder of eSentire, an advisory group.
但这些措施仍远远算不上完善,更谈不上保证万无一失。尤其是,资产管理行业远远落在银行和交易所的后面。咨询集团eSentire的联合创始人埃尔登•施普里克尔霍夫(Eldon Sprickerhoff)评论道,这个行业“对网络安全的参与度不高,因为该行业太过分散——有些十亿美元级的对冲基金竟然不知道FS-ISAC是什么。”
Until recently, many experts presumed that the main focus of a malicious cyber attack would be an exchange or a bank. But if there is one thing that a decade of geopolitical turbulence has shown, it is that shocks have a nasty habit of coming from unwatched places. And if there was an attack on, say, money market funds, this could have wide repercussions.
The real message from the JPMorgan rumours, then, is that western governments need to keep up the pressure on financial companies to improve their cyber defence plans across the industry and to provide tangible assistance.
And, of course, keep hoping that geopolitical tensions do not escalate or move from the old-fashioned real world into cyber space.

  • lastingadj. 永久的,永恒的 动词last的现在分词
  • foolproofadj. 极简单的,傻瓜式的
  • revealvt. 显示,透露 n. (外墙与门或窗之间的)窗侧,门
  • debaten. 辩论,讨论 vt. 争论,思考 vi. 商讨,辩论
  • hedgen. 树篱,篱笆,障碍,防护物,套期保值,推诿 v. 用
  • retaliatev. 报复,报仇,回敬
  • executiveadj. 行政的,决策的,经营的,[计算机]执行指令 n
  • jointadj. 联合的,共同的,合资的,连带的 n. 关节,接
  • evidencen. 根据,证据 v. 证实,证明
  • staken. 桩,赌注,利害关系 v. 下注,用桩支撑