找回密码
 注册
搜索
热搜: 超星 读书 找书
查看: 237|回复: 2

[【其它】] google也能爬到暗网?

[复制链接]
发表于 2017-5-18 13:52:54 | 显示全部楼层 |阅读模式
本帖最后由 energy118 于 2017-5-18 13:54 编辑

这是 Google 对 http://torwebpkoepvlojp.onion.rip/331.html 的缓存

The UK Government published the first annual report on the implementation of the 2015 National Security Strategy.

英国政府公布了2015年国家安全战略实施的第一个年度报告。

The strategy considers cyber security a top priority alongside the resurgence of state-based threats (Russia’s actions in Syria and Ukraine) and the terrorism (extremism and instability).

该战略考虑网络安全的重中之重沿着基于状态的威胁(俄罗斯在叙利亚和乌克兰的行动)和死灰复燃恐怖(极端主义和不稳定)。

When dealing with the impact of technology, especially cyber threats the report states:

当处理技术的影响,特别是网络威胁时,报告说:

“The range of cyber threats and cyber actors threatening the UK has grown significantly – both from state and non-state actors. The UK increasingly relies on networked technology in all areas of society, business and government. This means that we could be vulnerable to attacks on parts of networks that are essential for the day-to-day running of the country and the economy.” reads the “National Security Strategy and Strategic Defence and Security Review 2015 First Annual Report 2016“

“威胁英国的网络威胁和网络威胁的范围显着扩大 – 无论是来自国家还是非国家。 英国越来越依赖网络技术在社会,商业和政府的所有领域。 这意味着我们可能容易受到对国家和经济日常运行至关重要的网络部分的攻击。“”国家安全战略和战略防御与安全审查2015年第一次年度报告2016“

The Government is working with private industry in order to prevent and reduce the effects of cyber attacks against its infrastructure. Communications service providers, for example, are crucial partners for threat intelligence activities that is one of the main activities of the National Cyber Security Centre.

政府正在与私营企业合作,以防止和减少网络攻击其基础设施的影响。 例如,通信服务提供商是威胁情报活动的关键合作伙伴,这是国家网络安全中心的主要活动之一。

According to the updates for the National Cyber Security Strategy in November 2016, the PM Theresa May’s administration will increase focus on investment in automated detection systems and active cyber defence (response).

根据2016年11月国家网络安全战略的更新,PM Theresa May的管理将增加对自动化检测系统和主动网络防御(响应)投资的重视。

“We continue to invest in cyber detection and response, as attacks against the UK continue to rise. Over the last year, we have developed new technical capabilities to improve our ability to detect and analyse sophisticated cyber threats.” continues the report. “Law enforcement continues to work with industry partners to increase specialist capability and expertise, as well as providing additional training in digital forensics. We are also continuing to progress our Active Cyber Defence measures against high-level threats, by strengthening UK networks against high volume/ low sophistication malware.”

“我们继续投资于网络检测和响应,因为对英国的攻击持续上升。 在过去一年中,我们开发了新的技术功能,以提高我们检测和分析复杂的网络威胁的能力。 “执法部门继续与行业合作伙伴合作,提高专家能力和专业知识,以及提供额外的数字取证培训。 我们还继续通过加强英国网络防范高容量/低复杂度恶意软件,继续推进我们的主动网络防御措施,应对高层威胁。

The UK National Cyber Security Strategy also highlights a skill shortage in cyber security, for this reason, the UK government wants to launch a cyber security education program that will involve also teenagers in schools and university.

英国国家网络安全战略也突出了网络安全方面的技能短缺,因此,英国政府希望推出一个网络安全教育计划,也将涉及学校和大学的青少年。

“A new Cyber Security Skills Strategy is now under development, which will set out how we will work with industry and academic providers to secure a pipeline of competent cyber security professionals.” states the report. “The first cohort of 14-17 year olds will begin training under this programme in 2017.”

“一项新的网络安全技能战略正在制定中,该战略将阐明我们将如何与行业和学术供应商合作,确保一支有能力的网络安全专业人员。 “14-17岁的第一批人将在2017年开始接受这个计划的培训。”

The UK Government is working with industry to establish specific cyber apprenticeships for three critical national infrastructure sectors, the energy, finance and transport.

英国政府正在与业界合作,为三个关键的国家基础设施部门(能源,金融和运输)建立具体的网络学徒制度。

The National Cyber Security Strategy includes a specific session that addresses the cyber crime. Law enforcement bodies are working with the private industry actors to increase the efficiency of their action against the cyber crime. To tackle

国家网络安全战略包括针对网络犯罪的特定会议。 执法机构正在与私营行业参与者合作,以提高其对网络犯罪行动的效率。 解决

The UK Government intends to tackle abuses in the ‘dark web‘, announcing new Dark Web Intelligence Unit within the NCA.

英国政府打算在“暗网”中解决滥用,在NCA内宣布新的黑暗网络信息单位。

The UK Government is also investing in regional cyber crime prevention coordinators, who “engage with SMEs and the public to provide bespoke cyber security advice”.

英国政府还投资于区域网络犯罪预防协调员,他们“与中小企业和公众接触,提供定制的网络安全建议”。

Many other information related to the UK National Security Strategy is included in the report, enjoy it.

有关英国国家安全战略的许多其他信息包括在报告中,享受它。

回复

使用道具 举报

 楼主| 发表于 2017-5-18 13:57:35 | 显示全部楼层
Experts at the Nuclear Industry Summit (NIT) explained how to reduce the risk of damaging cyberattacks at nuclear facilities.

在核工业峰会(NIT)专家解释如何减少核设施的破坏性网络攻击的风险。

The threat of cyber attacks on nuclear power plants and other nuclear facilities is substantial and on the increase, according to experts at the Nuclear Industry Summit, held earlier in the year. Hackers are becoming more skillful and dangerous in a way that could have a devastating impact on nuclear facilities and grids.

对网络攻击的威胁核电站和其他核设施是巨大的,并在不断增加,根据在核工业峰会专家介绍,在今年早些时候举行。黑客正在成为可能产生破坏性的方式更加纯熟和危险的影响,对核设施和电网。

It is imperative that businesses, governments, and regulators make cybersecurity an industry-wide priority. Experts at the Nuclear Industry Summit (NIT) emphasized that hackers have turned their focus on these systems because therein lies the key to causing massive chaos and damage.

当务之急是企业,政府和监管机构使网络安全行业范围内的优先级。专家们在核工业峰会(NIT)强调说,黑客已经把他们专注于这些系统,因为其中存在的关键,造成巨大的混乱和损害

The most successful publicly known cyberattack on a nuclear facility utilized malware which caused serious damage to production equipment at an Iranian plant that was enriching nuclear materials. That virus was the infamous Stuxnet, which was able to induce the facility’s centrifuges to spin out of control and break down.

在核设施中最成功的公众所知的网络攻击利用的恶意软件造成以生产设备造成严重损害伊朗的工厂被充实核材料。这是病毒臭名昭著的Stuxnet蠕虫,它能够诱导设施的离心机失控和崩溃。

Potential attacks on non-nuclear, major industrial sites is also gravely concerning. For instance, an attack on Ukraine’s electrical grid left thousands of people without power. The attackers used a program called BlackEnergy which targets industrial control systems. According to RegBlog, “cybersecurity threats are an all-too-real risk for many buildings and electric grids connected to the Internet. According to a U.S. Department of Homeland Security report, although ‘the energy sector only represents 5-6 percent of U.S. GDP, the energy industry is subject to roughly 32 percent of all cyberattacks.”

对非核武器,主要的工业基地潜在的攻击还严重有关。例如,在乌克兰的电网攻击造成数千人无动力。攻击者使用了一种名为BlackEnergy程序,针对工业控制系统。据RegBlog,“网络安全威胁是许多建筑和电网连接到互联网的所有太真正的风险。据国土安全部报告的美国能源部,尽管“能源行业仅代表美国国内生产总值的5%-6%,能源行业受到网络攻击的所有大约32%。”

In October, Yukiya Amano, Director-General of the International Atomic Energy Agency (IAEA), United Nations (UN) nuclear watchdog, a nuclear power plant in Germany was hit by a “disruptive” cyber attack two to three years ago.

10月,国际原子能机构(原子能机构)总干事,联合国核监督机构(德国一家核电站)的Yukiya Amano在两三年前遭受了一次“破坏性”网络攻击。

At that time, Security Affairs noted that it was not the first time that news of a cyber attack on a nuclear plant had been announced. There had already been three publicly known attacks against nuclear plants:

当时,安全事务指出,这不是第一次,在核电厂网络攻击的消息已经公布。已出现反对核电站3公众所知的攻击:

Monju NPP (Japan 2014)
Korea Hydro and Nuclear Power plant (S.Korea 2014)
Gundremmingen NPP (Germany 2016).
To make matters worse, it is also believed that ISIS hackers could target European nuclear po.wer stations. This warning was issued by the UN in October. The organization’s nuclear watchdog group indicated that cyber cyberjihadis will attempt to hack into any vulnerable installations in their quest to commit large-scale acts of terrorism

To make matters worse, it is also believed that ISIS hackers could target European nuclear power stations. This warning was issued by the UN in October. The organization’s nuclear watchdog group indicated that cyber cyberjihadis will attempt to hack into any vulnerable installations in their quest to commit large-scale acts of terrorism.

According to The Sun, the Brussels bombers had previously researched attacking a Belgian power plant prior to their deadly suicide attack on the capital’s airport and metro.

根据太阳报道,布鲁塞尔轰炸机先前研究攻击一个比利时电厂之前对首都的机场和地铁的致命自杀攻击。

“International security experts have warned that as their territorial dominance abates, they will focus more of their attention on cyber terror.

“国际安全专家警告说,当他们的领土优势减弱时,他们将更多地注意网络恐怖。

Though blowing up a nuclear power station is still thought to be beyond the capabilities of most militant groups at present some vulnerabilities could still be exploited, boffins warned.

虽然炸毁核电站仍然被认为超出了大多数好战组织的能力,目前一些漏洞仍然可以利用,boffins警告。

Belgium’s nuclear plants are a potential target, according to European Union officials. But, countries are not prepared to handle nuclear facility attacks and the nuclear industry continues to underestimates cyber security risk–the components of a recipe for a nuclear disaster.

根据欧盟官员的数据,比利时的核电站是一个潜在的目标。 但是,各国不准备处理核设施攻击,核工业继续低估网络安全风险 – 核灾难配方的组成部分。

A report published this week, by the Nuclear Threat Initiative (NTI), outlines a set of recommendations for improving cyber security at nuclear facilities. The recommendations are based on 12-months of analysis by an international group of technical and operational experts.

本周由“核威胁倡议”(NTI)发布的报告概述了一系列关于提高核设施网络安全的建议。 这些建议是基于一个国际技术和操作专家组进行的12个月的分析。

One of the most crucial recommendations involves efforts to essentially institutionalize cybersecurity. Nuclear facilities would need to learn from their safety and physical security programs, as well as integrate these methods into their cybersecurity programs.

最关键的建议之一是努力实质上使网络安全制度化。 核设施需要从其安全和物理安全计划中学习,并将这些方法纳入其网络安全计划。

In addition to institutionalizing cybersecurity, the following was also recommended:

除了将网络安全制度化外,还建议如下:

Governments and regulators are encouraged to assist by prioritizing the development and implementation of regulatory frameworks, in addition to attracting skilled people into this field.


鼓励各国政府和监管机构协助制定和执行监管框架的优先次序,同时吸引技术人员进入这一领域。
Employ active defenses. Experts caution that a determined adversary will likely be capable of breaching the systems of a nuclear facility, so organizations must be prepared and capable of responding to such incidents.
采用主动防御。 专家警告,确定的对手可能有能力违反核设施的系统,因此组织必须准备并能够应对此类事件。


Threat information should be shared, incidence response exercises conducted, more resources obtained from governments and active defense capabilities developed.
应共享威胁信息,进行发生反应练习,从政府获得更多的资源和开发主动防御能力。


Digital systems should be designed with less complexity.
数字系统应设计为较少的复杂性。


Engage in research which will lead to the development of difficult to hack systems. Ideally, this would include governments “investing in transformative research, the nuclear industry supporting the cybersecurity efforts of relevant organizations, and international organizations encouraging creativity for mitigating cyber threats.”
参与研究,将导致难以攻击的系统的发展。 理想情况下,这将包括政府“投资转型研究,核工业支持相关组织的网络安全努力,国际组织鼓励创造力以减轻网络威胁。
While these recommendations are being carried out, emphasis should be placed on the human element. The Stuxnet incident demonstrates how a tenacious hacker can overcome cyber protection efforts simply by targeting vulnerable employees.

在执行这些建议的同时,应强调人的因素。 Stuxnet事件演示了一个顽强的黑客如何通过针对弱势员工来克服网络保护的努力。

Ryan Kalember, of Proofpoint, a cybersecurity firm, has remarked that, “the lesson from that is that people are always the weak link in the [cybersecurity] chain.”

网络安全公司Proofpoint的Ryan Kalember指出,“人们总是网络安全链中的薄弱环节。

回复

使用道具 举报

发表于 2017-5-18 18:03:40 | 显示全部楼层
太可怕太可怕太可怕太可怕
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|网上读书园地

GMT+8, 2024-3-29 15:25 , Processed in 0.436122 second(s), 5 queries , Redis On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表