The great significance and function of cyberspace mapping in network National Defense

Guide: since 2013, the United States, Russia, Japan, South Korea and other countries have set up cyber warfare command and supporting operational regulations. NATO excellent cooperative Cyber Defense Center has developed a series of cyberspace behavior (cyber warfare) guidelines, such as Tallinn manual, quasi cyber warfare behaviors represented by earthquake network events, and promoted the establishment of a strategic support force for China's cyberspace defense tasks. The generation image of national defense deterrence output has been likened to four stages: a (atom, atomic weapons), B (biology, biological weapons), C (Chemistry, chemical weapons), D (Digital weapons). Rand Corporation, an American think-tank, once asserted that the strategic war in the industrial age is nuclear war, and the strategic war in the information age is mainly network war. Network defense is a defense system which is based on the virtual network world, through the establishment of a professional network army, and by means of constantly changing high-tech information to protect national interests and sovereignty. In this constantly changing high-tech information means, "cyberspace mapping" plays an important role.

On March 1, 2017, China's cyberspace international cooperation strategy (hereinafter referred to as the strategy) was released. In the first of the six strategic objectives of "safeguarding sovereignty and security", the strategy clearly states: "the construction of national defense forces in cyberspace is an important part of the modernization of China's national defense and military, and follows the consistent strategic policy of active defense. China will play an important role in safeguarding national cyberspace sovereignty, security and development interests, accelerate the construction of cyberspace forces, improve cyberspace situational awareness, Cyber Defense, support national cyberspace operations and participate in international cooperation, curb major cyberspace crises, safeguard national cyberspace security and maintain national security and social stability. "

This is the country's first strategic statement of "cyberspace defense force" and requires that it play an important role in safeguarding cyberspace sovereignty, which also defines the strategic tasks of the Chinese army in cyberspace defense.

The logical starting point of the concepts of "network sovereignty", "network frontier" and "network national defense" is to recognize the existence of network space. Its logical relationship is that there must be sovereignty division problems in the existence of network space. To recognize the network sovereignty, we need to use the network frontier to display, and to establish the network national defense with the network frontier. In the information age, network sovereignty is the new "commanding point" of national sovereignty, network frontier is the necessary "warning line" of national security, network defense is the "new Great Wall" of national defense, and it is necessary to practically incorporate "network defense" into the overall framework of national defense.

To carry out the construction of network national defense, first of all, we should break through the traditional concept of "fighting alone" in the army, seriously study two new forms of operation in cyberspace: "non war military action" and "non military action war", and the army and the people share the defense mission in cyberspace. Relying on the organic cooperation of military and government enterprises, we will gradually build a network space defense system with complete system, clear division of labor and commensurate with China's status as a great power. We should firmly integrate the development and construction principle of "military civilian integration" with the active national defense principle of "deterrence defense", open the game, stop the war with deterrence, and effectively safeguard the national network sovereignty.

The United States has three plans in the field of cyberspace mapping: 1. The treasuremap plan of the National Security Agency (NSA), 2. The X plan of the Advanced Research Projects Agency (dapra), 3. The shine plan of DHS. In addition, the CAIDA project is also a basic research project for cyberspace mapping. It is a research plan launched by the Internet data analysis Association in 1997. It is a research project for collecting and analyzing basic data such as routing, network topology, DNS, as, etc.

1. The US National Security Agency (NSA) - driven treasuremap program aims to improve the intelligence production capacity of the country. Through the capture and rapid analysis of data in multiple layers of Cyberspace (Geographic layer, physical layer, logical layer and social layer), it can form large-scale intelligence production capacity and provide intelligence support for its "five eyes" partners.

• Introduction: through the capture and rapid analysis of multi-layer data in the Internet space (geography, physics, logic and social layers), a large-scale intelligence production capacity is formed, and intelligence support is provided for its "five eyes" partners.

Introduction: through the capture and rapid analysis of multi-layer data in the Internet space (geography, physics, logic and social layers), a large-scale intelligence production capacity is formed, and intelligence support is provided for its "five eyes" partners.

• Undertaking unit: NSA (national network security aggregation)

Undertaker: NSA (national network security aggregation)

• Project users: "five eyes" & jwics (global joint information exchange system)

Project users: "five eyes" & jwics (global joint information exchange system)

• Data source:

Data source:

• BGP, as information

BGP, as information

• Route information (tracking routes, 1800W entries per day)

Route information (tracking routes, 1800W entries per day)

• Whois information (registration information, DNS information)

Whois information (registration information, DNS information)

• Fingerprint information (operating system & software features, collect 3-5kw IP information every day)

Fingerprint information (operating system & software features, collect 3-5kw IP information every day)

• Update frequency: deliver new features every 90 days & update 30g + data every day

Update frequency: deliver new features every 90 days & update 30g + data every day

2. DARPA x plan:

Brief introduction: through the rapid description of the network battlefield map, the operation plan can be generated and the network operation task can be promoted efficiently.

ü undertaking unit: dapra & I2O (Information Innovation Office)

ü project name: basic cyberwar (plan x)

ü application time: February 25, 2013

ü project cycle: 4 1-year development stages, each stage contains 4 development spirals (each spiral contains 6 weeks of development & 1 week of audit)

3. Shine extraction:

The Department of land and resources (DHS) driven shine program aims to monitor the security status of key infrastructure network components in the United States, conduct security situational awareness of relevant address lists in the United States through the Internet space scanning engine (Shodan), and regularly push security notices to its owners by ics-cert to ensure the network security of key infrastructure.

ü Project Leader: Bob radvanovsky and Jake Brodsky

ü project time: April 2012 -? （6 month？）

ü target database: 460000 - - 98000 - - 7200 IPS

By studying the relevant reports of the above three projects, we can find that their data sources will have a wide range of reusability. It is speculated that the three projects share the underlying perception and detection engine to some extent, which is only driven by the business characteristics of different users, as shown in the following figure:

To map land and resources, satellites are needed. Satellites can wear different types of sensors, such as visible light, infrared, magnetic field induction, etc., to continuously map the ground. Through further analysis of the obtained mapping image, we can identify the airport, reservoir, school, hospital, military base and other facilities; by comparing the two image changes of the same place at different times before and after, we can see the trend, such as the change of tank number, the change of fighter training times, etc. For specific tasks, in addition to using satellites, we will also use reconnaissance aircraft, for example, to observe the nuclear weapon test launch of the enemy. We can fly to the vicinity of the suspicious location by wearing a special radiation test sensor to detect and obtain more professional and accurate data.

Similar to the above, various monitoring devices and probes are also needed for the mapping of cyberspace. Some similar commercial satellites publicly conduct basic global census (such as Shodan, zoomeye and other platforms, i.e. shine plan), and some similar reconnaissance aircraft and other equipment for approaching and unauthorized reconnaissance (such as several unauthorized data acquisition means included in the treasuremap plan). These include Some similar military spy satellites monitor key parts of the world and support the generation of battle command and control system (compared with the X plan project promoted by DARPA).

Under the background of big power game, whether to follow the principle of cyberspace sovereignty in cyberspace governance is one of the main debates between China and the United States. In view of this situation, China should firmly improve the legal basis of "cyberspace sovereignty governance". The improvement of "cyberspace mapping infrastructure" is a very important basic work, which can not only serve as the technical support of cyberspace governance, but also promote the rapid improvement of the legal basis related to cyberspace sovereignty.

Text /DustinW

The army and the people build the network national defense and defend the common online home