《矽谷快訊》第5期：美國國防部關於網路預備人才的培養的討論

1

美國軍政要聞

1

美國國防部關於網路預備人才的培養的討論

Why DOD needs to think long term about cyber workforce

安全專家表示，創造力、敏捷性和靈活性是塑造網路戰士的關鍵技能，美國防部必須在招聘與訓練網路戰士過程中參考及採用這些品質。大量招募工作側重於「深度防禦」所需的技能，但未來需提供有效滿足行動需求的安全水平，而非深度防禦，也就是「彈性」。小組成員認為，未來最出色的網路戰士不是具備編碼這類硬性技能，而是具備創造力、敏捷性、好奇心和思考威脅的反向工程能力。 [FCW，2017年6月15日]

Creativity, agility, flexibility -- those are the critical skills needed in successful cyber warriors, and those are also the qualities the Defense Department must adopt in order to train and recruit those warriors, according to security experts. Nowadays a lot of recruitment being stuck on this notion of defense in depth. But the future for us -- being effective in providing a level of security to our own operations -- is not about defense in depth, it is about resiliency. Panelists agreed that rather than hard skills like coding, the qualities of the best future warriors will be agility, creativity, curiosity and the ability to think through the reverse engineering of threats. [FCW, 6/15/2017]

2

網路戰中「情報」的重要性凸顯：美網路司令部新設「情報/行動融合小組」

CYBERCOM defensive cyber arm adds intel/ops fusion cell

美國網路司令部下屬防禦網路部隊——國防信息網路部-聯合部隊總部（JFHQ-DoDIN）組建了一支情報與行動融合小組，其旨在為優選、協調防禦資源。國防信息系統局局長艾倫·林恩表示，他們意識到網路行動需要大量情報支持，因此需要更多情報人才。這個情報/行動融合小組會與NSA、國防情報局和其它情報機構接觸獲取信息，並從行動的角度加以審視，之後將這類信息融合，從而領先對手。[Fifthdomain Cyber，2017年6月15日]

U.S. Cyber Command』s defense cyber arm, Joint Force Headquarters-Department of Defense Information Networks(JFHQ-DoDIN), has stood up an intelligence and operations fusion cell aimed at creating better coordination for prioritizing defensive resources. 「What we realized is we need a lot more intelligence support, so we need more intelligence people, so we』re figuring out what kind of people we need,」 Lt. Gen. Alan Lynn, who also leads the Defense Information Systems Agency. This intel/ops fusion cell reaches out to the National Security Agency to bring back information that allows them to look at it from an operational standpoint and fuse that information together to get ahead of the adversary.[Fifthdomain Cyber, 6/15/2017]

2

前沿技術

1

MIT最新研究：新演算法通過學習摺紙模型，生成任意3D結構

New algorithm generates paper-folding patterns to produce any 3D structure

MIT 電氣工程和計算機科學教授 Demaine將與東京大學的Tomohiro在 7 月舉行的計算幾何學研討會上發表一篇新論文，給出一個通用的摺紙演算法，能保證最小的折縫數量。從技術上講，保證折縫數量最少意味著要保留原始紙張的「邊界」。Demaine說，「我們不知道如何在數學上量化，但它在實踐中似乎表現更好。但是我們確實發現一個數學屬性能很好地區分這兩種方法。新方法將原始紙張的邊界保留在你想要折出的表面的邊界上。我們稱這是『水密性』。」 [MIT News，2017年6月21日]

At the Symposium on Computational Geometry in July, Demaine and Tomohiro of the University of Tokyo will announce the completion of a quest: a universal algorithm for folding origami shapes that guarantees a minimum number of seams. Technically speaking, the guarantee that the folding will involve the minimum number of seams means that it preserves the 「boundaries」 of the original piece of paper. Demaine says. 「We don』t know how to quantify that mathematically, exactly, other than it seems to work much better in practice. But we do have one mathematical property that nicely distinguishes the two methods. The new method keeps the boundary of the original piece of paper on the boundary of the surface you』re trying to make. We call this watertightness.」 [MIT News, 6/21/2017]

2

火星探測器安裝AI軟體，AEGIS實現好奇號自主探索

The Mars Robot Making Decisions on Its Own

NASA的工程師在好奇號的主控計算機上遠程安裝了一套人工智慧軟體AEGIS，使得好奇號可以識別火星表面值得探測的特徵，校正激光破碎器的準星, 實現了從自動到自主的飛躍。AEGIS 調用了好奇號上的ChemCam設備，由計算機程序引導。開發人員使用火星表面的圖像，教AI 認知任務科學家想要研究的岩土特徵。AEGIS 檢查圖像並找到類似設定參數的目標，與科學家的要求進行比較，並對其進行排名。[The Atlantic，2017年6月23日]

Engineers back at NASA installed artificial-intelligence software on the rover』s main flight computer that allowed it to recognize inspection-worthy features on the Martian surface and correct the aim of its rock-zapping lasers, making the leap from automation to autonomy. AEGIS works with an instrument on Curiosity called the ChemCam, AEGIS examines the images and finds targets that resemble set parameters, ranking them by how closely they match what the scientists asked for.[The Atlantic,6/23/2017]

3

產業動態

1

全球首家認知安全分析公司 SparkCognition 獲波音參投 3250 萬美元 B 輪融資

SparkCognition raises bar for Austin venture capital in 2017 with $32.5 million haul

SparkCognition成立於2013年，使用機器學習和人工智慧技術來分析預測安全漏洞與系統故障，其客戶主要來自對網路安全需求量很大的行業，包括航空航天、國防、電信和能源等。此次投資方包括Verizon、波音公司。這家公司表示，新的融資將被用於擴大解決方案，並更深入的涉足石油、天然氣、公共事業和安全部門等行業的客戶。[Austin Business Journal, 2017年6月26日]

SparkCognition s machine-learning platform — which analyzes reams of data to predict when and where a cyber attack or IT system failure might take place — is used by the energy, manufacturing, finance, aerospace, defense, telecommunications and security sectors, according to the announcement. The investment was led by Verizon Ventures with additional funding from Boeing HorizonX. The money will support expansion and sales, to grow the departments include AI and data science, engineering and operations. [Austin Business Journal, 6/26/2017]

2

軟銀公司向網路安全初創公司Cybereason投資1億美元

SoftBank Corp invests $100 million into cybersecurity start-up Cybereason

Cybereason的技術在公司網路中對每一個數字動作和交互進行行為分析。 它可以實時處理信息，以提供網路中的安全環境的可見性，並將網路攻擊的相關元素彙集在一起。這樣IT公司的專家就可以發現並主動應對威脅。該創業公司迄今共籌集了1.89億美元的資金，其支持者還包括Charles River Ventures，洛克希德馬丁公司和Spark Capital，不過它拒絕透露估值。[CNBC, 2017年6月21日]

Cybereason s technology does behavioral analytics on every single digital action and interaction happening within a company s network. It processes information in real-time to provide visibility into the security landscape within the network and pulls together related elements of a cyberattack. This way IT specialists in companies can detect and proactively respond against threats. The start-up has raised a total of $189 million in funding to-date, and its backers also include Charles River Ventures, Lockheed Martin and Spark Capital. It declined to disclose valuation. [CNBC, 6/21/2017]

4

矽谷群英

1

亞馬遜砸137億美元收購全食買下人工智慧訓練場

Amazon just acquired a training ground for retail artificial intelligence research

亞馬遜買下老牌零售公司，並不僅僅是為了賣雜貨：全食可以立即為亞馬遜提供關於美國富人的購物行為數據，這些數據可以被用於訓練人工智慧模型，最終能讓銷售者能更好地預測需求， 並且，在將來的某一天，能將零售業中的大部分人力勞動自動化。同時，亞馬遜剛剛收購了一家可以改善其 AI 模型的公司。在全國各地建立和維護運送新鮮食品的物流並不容易，這一過程會產生大量數據，亞馬遜可以使用這些數據來改進自己的分銷策略，並為 AWS 客戶開發雲零售 AI 產品。[GeekWire，2017年6月16日]

Amazon didn』t acquire an iconic grocery store brand just for the quinoa: Whole Foods instantly gives Amazon a reliable source of the purchasing habits of well-off Americans, and that data can be used to train artificial intelligence models that will allow retailers to better predict demand and someday automate much of the labor involved in grocery retailing. At the same time, Amazon just acquired a company that can improve its AI models on both of those counts. The logistics of shipping fresh food around the country are not easy, and that generates a ton of specialized data that Amazon can use to improve its own distribution strategies as well as build a cloud retail AI product for AWS customers. [GeekWire, 6/16/2017]

2

微軟確認部分Win10源碼遭泄露

Microsoft confirms some Windows 10 source code has leaked

這批文件涉及微軟Windows 10當中的USB、存儲以及Wi-Fi驅動程序，且被統一發布在Beta Archive網站之上。微軟公司一位發言人在接受郵件採訪時回復稱：我們通過審查證實這些文件實際上屬於微軟共享源代碼項目的一部分，且本計劃主要提供給OEM廠商及各合作夥伴使用。 微軟公司通過其Insider項目允許測試人員對其操作系統的早期版本進行訪問，並藉此迴避了大部分Windows 10 build信息泄露問題。過去，微軟一直在積極追蹤Windows信息泄露狀況，甚至曾對一位博主的Hotmail帳戶進行掃描以調查Windows 8相關資訊泄露情況。[The Verge，2017年6月24日]

A portion of Microsoft』s Windows 10 source code has leaked online this week. Files related to Microsoft』s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive this week. 「Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,」 reveals a Microsoft spokesperson. Microsoft has avoided, lots of Windows 10 build leaks thanks to its Insider program that lets testers access early copies of the operating system. In the past, the software giant has aggressively pursued Windows leakers, and the company even scanned a bloggers Hotmail account to track down a Windows 8 leak once. [The Verge, 6/24/2017]

5

矽谷之聲

Gartner副總裁、接觸分析師、Gartner名譽研究院Neil MacDonald表示：2017年，企業IT的威脅級別仍然處於非常高的水平，在各種媒介中的日常賬戶遭受大量漏洞威脅和攻擊。隨著攻擊者不斷提高他們的能力，企業也必須加強他們保護訪問和防範攻擊的能力。安全和風險負責人必須評估並了解最新的技術，以防範高級攻擊，更好地實現數字業務轉型，擁抱像雲、移動和DevOps這樣的新計算類型。

「In 2017, the threat to enterprise IT continues to be at very high levels, with daily accounts in the media of large breaches and attacks. As attacks improve their capabilities, enterprises must also improve their ability to protect access and protect from attacks. Security and risks leaders must evaluate and engage with the latest technologies to protect against advanced attacks, better enable digital business transformation and embrace new computing styles such as cloud, mobile and DevOps.」 Said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus.

大家都在看

堅定不移地發展國產操作系統

維護中印邊境安寧，不是說說而已

聚焦網路空間安全學科建設和人才培養

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！