God eftermiddag. Hvis du har fulgt de diplomatiske nyheder i de forløbne uger har du muligvis hørt om en slags krise mellem Kina og USA vedrørende cyberangreb mod det amerikanske selskab Google. Mange ting er blevet sagt om dette som nogle mennesker har kaldt en cyberkrig men faktisk bare kan være en spionageoperation-- og naturligvis en helt fejlhåndteret en. Denne episode afslører dog den voksende bekymring i den vestlige verden hvad angår disse nye cybervåben.
Good afternoon. If you have followed diplomatic news in the past weeks, you may have heard of a kind of crisis between China and the U.S. regarding cyberattacks against the American company Google. Many things have been said about this. Some people have called a cyberwar what may actually be just a spy operation -- and obviously, a quite mishandled one. However, this episode reveals the growing anxiety in the Western world regarding these emerging cyber weapons.
Det er også rigtigt at disse våben er farlige. De er af ny karakter: De kunne føre verden i en digital konflikt der kunne forvandles til en væbnet kamp. Disse virtuelle våben kan også ødelægge den fysiske verden. I 1982, midt i den kolde krig i sovjetisk Sibirien, eksploderede en pipeline med en kraft på 3 kilotons, svarende til en fjerdedel af Hiroshimabomben. Vi ved i dag -- det blev afsløret af Thomas Reed, Ronald Reagans tidligere U.S. Air Force sekretær-- at denne eksplosion faktisk var resultatet af en CIA sabotageoperation hvor de havde formået at infiltrere IT styringssystemet for denne rørledning.
It so happens that these weapons are dangerous. They're of a new nature: they could lead the world into a digital conflict that could turn into an armed struggle. These virtual weapons can also destroy the physical world. In 1982, in the middle of the Cold War in Soviet Siberia, a pipeline exploded with a burst of 3 kilotons, the equivalent of a fourth of the Hiroshima bomb. Now we know today -- this was revealed by Thomas Reed, Ronald Reagan's former U.S. Air Force Secretary -- this explosion was actually the result of a CIA sabotage operation, in which they had managed to infiltrate the IT management systems of that pipeline.
For nylig, har den amerikanske regering afsløret at i september 2008, blev mere end 3 millioner mennesker i delstaten Espirito Santo i Brasilien mørkelagt, som ofre for en afpresningsoperation udført af cyberpirater. Endnu mere bekymrende for amerikanerne, i december 2008 den helligste af hellige, IT-systemer i CENTCOM, kommandocentralen som leder krigene i Irak og Afghanistan, muligvis har været infiltreret af hackere der bruger disse almindelig men inficerede USB-nøgler. Og med disse nøgler, kan de have været stand til at komme ind i CENTCOMSs systemer, og se og høre alt, og måske endda inficere nogle af dem. Resultatet er, at amerikanerne tager truslen meget alvorligt. Jeg vil citere General James Cartwright, Næstformand Joint Chiefs of Staff, som siger i en rapport til Kongressen at cyberangreb kunne være lige så stærke som masseødelæggelsesvåben. Derudover har amerikanerne besluttet at brug over 30 milliarder dollars i de næste fem år på at opbygge deres cyberkrigskapaciteter.
More recently, the U.S. government revealed that in September 2008, more than 3 million people in the state of Espirito Santo in Brazil were plunged into darkness, victims of a blackmail operation from cyber pirates. Even more worrying for the Americans, in December 2008 the holiest of holies, the IT systems of CENTCOM, the central command managing the wars in Iraq and Afghanistan, may have been infiltrated by hackers who used these: plain but infected USB keys. And with these keys, they may have been able to get inside CENTCOM's systems, to see and hear everything, and maybe even infect some of them. As a result, the Americans take the threat very seriously. I'll quote General James Cartwright, Vice Chairman of the Joint Chiefs of Staff, who says in a report to Congress that cyberattacks could be as powerful as weapons of mass destruction. Moreover, the Americans have decided to spend over 30 billion dollars in the next five years to build up their cyberwar capabilities.
Og i hele verden i dag, ser vi en slags cybervåbenkapløb, med cyberkrigsenheder bygget op af lande som Nordkorea eller endda Iran. Endnu, hvad du aldrig vil høre fra talsmænd fra Pentagon eller det franske forsvarsministerium er, at spørgsmålet handler ikke om hvem der er fjenden, men faktisk selve karakteren af cybervåben. Og for at forstå hvorfor, må vi se på, hvordan militære teknologier gennem tiderne, har vedligeholdt eller ødelagt freden i verden. Eksempelvis Hvis vi havde haft TEDxParis for 350 år siden Ville vi have talt om datidens militære innovation -- massive Vauban befæstninger -- og vi kunne have forudset en periode med stabilitet i verden eller i Europa. der var faktisk tilfældet i Europa mellem 1650 og 1750.
And across the world today, we see a sort of cyber arms race, with cyberwar units built up by countries like North Korea or even Iran. Yet, what you'll never hear from spokespeople from the Pentagon or the French Department of Defence is that the question isn't really who's the enemy, but actually the very nature of cyber weapons. And to understand why, we must look at how, through the ages, military technologies have maintained or destroyed world peace. For example, if we'd had TEDxParis 350 years ago, we would have talked about the military innovation of the day -- the massive Vauban-style fortifications -- and we could have predicted a period of stability in the world or in Europe. which was indeed the case in Europe between 1650 and 1750.
På samme måde, hvis vi havde haft denne snak 30 eller 40 år siden, ville vi have set hvordan stigningen af atomvåben, og den trussel om gensidigt sikret udslettelse som de indebar, forhindrede en direkte kamp mellem de to supermagter. Men, hvis vi havde haft denne snak for 60 år siden, Vi ville have set hvordan fremkomsten nye luftfartøjer og kampvognsteknologier, som giver fordelen til angriberen, gøre Blitzkrieg doktrinen meget troværdig og dermed skabe muligheden for krig i Europa. Så militære teknologier kan påvirke verdens retning, kan afgøre knald eller fald for verdensfreden-- og der ligger problemet med cybervåben.
Similarly, if we'd had this talk 30 or 40 years ago, we would have seen how the rise of nuclear weapons, and the threat of mutually assured destruction they imply, prevents a direct fight between the two superpowers. However, if we'd had this talk 60 years ago, we would have seen how the emergence of new aircraft and tank technologies, which give the advantage to the attacker, make the Blitzkrieg doctrine very credible and thus create the possibility of war in Europe. So military technologies can influence the course of the world, can make or break world peace -- and there lies the issue with cyber weapons.
Det første spørgsmål: Forestil dig en potentiel fjende annoncerer at de opbygger en cyberkrigsenhed, men kun til deres lands forsvar. Okay, men hvad adskiller det fra en offensiv enhed? Det bliver endnu mere kompliceret når doktriner for brug bliver flertydige. For kun 3 år siden ville både USA og Frankrig investere militært i cyberspace, udelukkende for at forsvare deres IT-systemer. Men i dag siger begge lande det bedste forsvar er at angribe. Og så de gør som Kina, hvis doktrinen om anvendelse i 15 år har været både defensiv og offensiv.
The first issue: Imagine a potential enemy announcing they're building a cyberwar unit, but only for their country's defense. Okay, but what distinguishes it from an offensive unit? It gets even more complicated when the doctrines of use become ambiguous. Just 3 years ago, both the U.S. and France were saying they were investing militarily in cyberspace, strictly to defend their IT systems. But today both countries say the best defense is to attack. And so, they're joining China, whose doctrine of use for 15 years has been both defensive and offensive.
Det andet spørgsmål: Dit land kunne være under cyberangreb med hele regioner mørkelagt, og du kan ikke engang vide hvem der angriber dig. Cybervåben har denne ejendommelige funktion, at de kan bruges uden at efterlade spor. Dette giver en kolossal fordel til angriberen, fordi forsvaren ikke ved, hvem han skal kæmpe i mod. Og hvis forsvaren gengælder mod den forkerte modstander, risikerer de at få en fjende mere og ender diplomatisk isoleret. Dette problem er ikke blot teoretisk.
The second issue: Your country could be under cyberattack with entire regions plunged into total darkness, and you may not even know who's attacking you. Cyber weapons have this peculiar feature: they can be used without leaving traces. This gives a tremendous advantage to the attacker, because the defender doesn't know who to fight back against. And if the defender retaliates against the wrong adversary, they risk making one more enemy and ending up diplomatically isolated. This issue isn't just theoretical.
I maj 2007 var Estland offer for cyberangreb, der beskadiget deres kommunikations- og banksystemer. Estland beskyldte Rusland. Men NATO, selvom de forsvarer Estland, reagerede med forsigtighed. Hvorfor? Fordi NATO ikke kunne være 100% sikker på at Kreml faktisk stod bag disse angreb. For at opsummere, på den ene side Når en mulig fjende annoncerer de opbygger en cyberkrigsenhed, ved du ikke, om det er for angreb eller forsvar. På den anden side Vi ved, at disse våben give en fordel ved at angribe.
In May 2007, Estonia was the victim of cyberattacks, that damaged its communication and banking systems. Estonia accused Russia. But NATO, though it defends Estonia, reacted very prudently. Why? Because NATO couldn't be 100% sure that the Kremlin was indeed behind these attacks. So to sum up, on the one hand, when a possible enemy announces they're building a cyberwar unit, you don't know whether it's for attack or defense. On the other hand, we know that these weapons give an advantage to attacking.
I en større artikel offentliggjort i 1978, hvor professor Robert Jervis fra Columbia University i New York beskrev en model til at forstå hvordan konflikter kunne opstå. I denne sammenhæng når du ikke ved om den potentielle fjende forbereder sig for forsvar eller angreb, og hvis våbnene giver en fordel ved at angribe, så vil dette miljø mest sandsynligt udløse en konflikt. Dette er det miljø, som er skabt ved cybervåben i dag og historisk det var miljøet i Europa ved påbegyndelsen af første verdenskrig. Så cybervåben er farlige karakter af natur, men derudover udvikler de sig i et meget mere ustabilt miljø.
In a major article published in 1978, Professor Robert Jervis of Columbia University in New York described a model to understand how conflicts could arise. In this context, when you don't know if the potential enemy is preparing for defense or attack, and if the weapons give an advantage to attacking, then this environment is most likely to spark a conflict. This is the environment that's being created by cyber weapons today, and historically it was the environment in Europe at the onset of World War I. So cyber weapons are dangerous by nature, but in addition, they're emerging in a much more unstable environment.
Hvis du kan huske den kolde krig, Det var et meget hårdt spil, men et stabilt et spillet af kun af to aktører, hvilket tillod noget koordinering mellem de to supermagter. I dag bevæger vi os til en multipolær verden hvori koordinering er langt mere kompliceret, som vi har set i København. Og denne koordinering kan blive endnu vanskeligere med indførelsen af cybervåben. Hvorfor? Fordi ingen nation med sikkerhed ved om sin nabo er ved at angribe. Så kan nationer må leve under truslen af hvad nobelpristager Thomas Schelling kaldet "gensidighed frygt for et overraskelsesangreb" hvor jeg ikke ved om min nabo er ved at angribe mig eller ej-- Jeg kan aldrig vide-- så jeg kan udnytte fordelen ved at angribe først.
If you remember the Cold War, it was a very hard game, but a stable one played only by two players, which allowed for some coordination between the two superpowers. Today we're moving to a multipolar world in which coordination is much more complicated, as we have seen at Copenhagen. And this coordination may become even trickier with the introduction of cyber weapons. Why? Because no nation knows for sure whether its neighbor is about to attack. So nations may live under the threat of what Nobel Prize winner Thomas Schelling called the "reciprocal fear of surprise attack," as I don't know if my neighbor is about to attack me or not -- I may never know -- so I might take the upper hand and attack first.
Netop i sidste uge, i en artikel i New York Times dateret 26 januar 2010, Det blev afsløret for første gang embedsmænd på National Security Agency overvejede muligheden for forebyggende angreb i tilfælde, hvor USA risikerede at blive udsat for cyberangreb. Og disse forebyggende angreb forbliver måske ikke blot i cyberspace. I maj 2009, General Kevin Chilton, kommandør af de amerikanske atomvåbenstyrker, erklæret, at i tilfælde af et cyberangreb mod USA, ville alle muligheder være på bordet.
Just last week, in a New York Times article dated January 26, 2010, it was revealed for the first time that officials at the National Security Agency were considering the possibility of preemptive attacks in cases where the U.S. was about to be cyberattacked. And these preemptive attacks might not just remain in cyberspace. In May 2009, General Kevin Chilton, commander of the U.S. nuclear forces, stated that in the event of cyberattacks against the U.S., all options would be on the table.
Cybervåben erstatter ikke konventionelle eller nukleare våben-- de tilføje blot et nyt lag til det eksisterende trusselssystem. Men dermed de også tilføje deres egen risiko for at udløse en konflikt-- som vi netop har set, en meget vigtig risiko-- og en risiko vi kan imødegå med en kollektiv sikkerhedsløsning hvilket omfatter os alle: Europæiske allierede, NATO-medlemmer, vores Amerikanske venner og allierede, vores andre vestlige allierede, og måske ved at tvinge deres hånd lidt, vores russiske og kinesiske partnere.
Cyber weapons do not replace conventional or nuclear weapons -- they just add a new layer to the existing system of terror. But in doing so, they also add their own risk of triggering a conflict -- as we've just seen, a very important risk -- and a risk we may have to confront with a collective security solution which includes all of us: European allies, NATO members, our American friends and allies, our other Western allies, and maybe, by forcing their hand a little, our Russian and Chinese partners.
Informationsteknologierne Joël de Rosnay talte om, som historisk blev født fra militær forskning, i dag er på nippet til at udvikle en offensiv kapacitet for ødelæggelse, som i morgen, hvis vi ikke passer på, helt kan ødelægge freden i verden.
The information technologies Joël de Rosnay was talking about, which were historically born from military research, are today on the verge of developing an offensive capability of destruction, which could tomorrow, if we're not careful, completely destroy world peace.
Tak.
Thank you.
(Bifald)
(Applause)