Расширенный поиск

Русско-американский словарь терминов и определений в сфере информационной безопасности

Представляем вашему вниманию Русско-американский словарь терминов и определений в сфере информационной безопасности, подготовленный совместными усилиями экспертов Института информационной безопасности при Московском Государственном Университете им. Ломоносова (Российская Федерация) и EastWest Institute (США).

Данный словарь будет полезен студентам и исследователям, изучающим актуальные проблемы в сфере информационной безопасности, а также практикующим юристам и специалистам, разрабатывающим проекты нормативно-правовых документов в сфере инфобезопасности, т.к. представленная в данном словаре терминология представляет собой согласованную позицию ведущих экспертов в сфере информационной безопасности по ключевым терминам и их толкованию на русском и английском языках.

  • Киберпространство – электронная (включая фотоэлектронные и пр.) среда, в (посредством) которой информация создаётся, передаётся, принимается, хранится, обрабатывается и уничтожается.
  • Cyberspace – is an electronic medium through which information is created, transmitted, received, stored, processed and deleted.
  • Cyber has roots in the Greek word κυβερνητικός G meaning skilled in steering or governing. The term “cybernetics” is widely recognized as being coined in the book Cybernetics or Control and Communication in the Animal and the Machine (MIT Press, 1948). The author, Norbert Wiener, applied the term in the context of the control of complex systems in the animal world and in mechanical networks. The term would later be used in the medical community in reference to the integration of humans or animals with machinery. However, since cyber has been introduced it has taken on several meanings. The term is used effectively in business, law and policy. The term currently has highly useful application in that it can readily provide a reference to the other than physical, virtual world created by the Internet and other electronic communications.

    On the other hand, cyberspace does not exist without the physical ingredients from which it is composed.

    The compound word s inclusion of the word “space” implies that it should have dimension. That is, cyberspace must occupy an expanse. In addition, cyberspace is considered by some as a new domain like land, sea, air and space. However, as these four are natural, cyber is artificial, being created by man.

    Known definitions were consulted during this process. The U.S. Department of Defense has a documented definition as “A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.” See Dictionary of Military and Associated Terms, U.S. Department of Defense, 31 January 2011, 92G93. (CJCS CMG0363G08)

  • Киберинфраструктура – совокупность людей, процессов (в том числе управляющих), и систем, составляющих киберпространство.
  • Cyber Infrastructure – is the aggregation of people, processes and systems that constitute cyberspace.
  • Important considerations for this term include the following:
    The cyber infrastructure consists of the eight essential ingredients:

    1. Environment (buildings, locations of cell towers, space where satellites orbit, sea floors where cables are laid, etc.),
    2. Power (electricity, batteries, generators, etc.),
    3. Hardware (semiconductor chips, electronic cards and circuit packs, metallic and fiber optic transmission facilities, etc.),
    4. Software (source code, complied programs, version control and management, databases, etc.),
    5. Networks (nodes, connections, topologies, etc.),
    6. Payload (information transported across the infrastructure, traffic patterns and statistics, information interception, information corruption, etc.)
    7. Human (designers, implementers, operators, maintenance staff, etc.), and
    8. Policy, or more completely Agreements, Standards, Policies and Regulations (ASPR).

    Karl Rauscher, “Protecting Communications Infrastructure,” Bell Labs Technical Journal – Special Issue: Homeland Security, Volume 9, Issue 2, 2004.

    The worldwide trend is for more and more legacy infrastructure to become reliant upon computers and networks, thus becoming more integrated with cyberspace.

    Known definitions were consulted during this process.

  • Киберсервисы (услуги, службы) – различные виды обмена данными в киберпространстве для прямой или косвенной пользы людям.
  • Cyber Services – are a range of data exchanges in cyberspace for the direct or indirect benefit of humans.
  • Important considerations for this term include the following:

    A cyber service is provided by an application. This application may be provided by processes and data that are distributed throughout cyberspace. This means that the systems can be located in a wide variety of actual geographic locations.

    Cyber services can be online or offline, performed by local or remote processing, in real time or completed by time delayed connectivity or processing.

    These cyber services must now be viewed as an open ended concept, as many new services are expected to be created (i.e. IPv6 potential to have a vastly larger number of connected entities).

    Known definitions were consulted during this process.

  • Критически важное киберпространство – часть (элементы) киберинфраструктуры и киберуслуг, которые необходимы для осуществления жизненно важных функций поддержания общественной безопасности, экономической стабильности, национальной безопасности и международной стабильности.
  • Critical Cyberspace – is cyber infrastructure and cyber services that are vital to preservation of public safety, economic stability, national security and international stability.
  • The term represents a subset of cyberspace.

    Known definitions were consulted during this process.

  • Критически важная киберинфраструктура – киберинфраструктура, которая необходима для осуществления жизненно важных функций поддержания общественной безопасности, экономической стабильности, национальной безопасности, международной стабильности, а также для поддержания работоспособности и функций эффективного восстановления критически важного киберпространства.
  • Critical Cyber Infrastructure – is the cyber infrastructure that is essential to vital services for public safety, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace.
  • Important considerations for this term include the following:

    The most critical infrastructures are often those providing communications, energy, transportation, financial services and continued governmental activities. Thus, the computers and network operations required for the basic operation of the most important aspects of these sectors are critical.

    Some countries are more fully dependent on critical cyber infrastructure than others due to increased sophistication and the loss of a low tech back up option.

    Known definitions were consulted during this process.

  • Критически важные киберсервисы (услуги, службы) – часть (элементы) киберсервисов (услуг, служб), которые необходимы для осуществления жизненно важных функций, поддержания общественной безопасности, экономической стабильности, национальной безопасности и международной стабильности.
  • Critical Cyber Infrastructure – is the cyber infrastructure that is essential to vital services for public safety, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace.
  • The term represents a subset of cyber services.

    Known definitions were consulted during this process.

  • Информационное пространство – любая среда, в которой информация создается, через которую передается, принимается, в которой хранится, обрабатывается и уничтожается.
  • Information Space – is any medium, through which information is created, transmitted, received, stored, processed or deleted.
  • Known definitions were consulted during this process.
  • Киберобъект – любой индивидуальный объект или субъект, существующий в киберинфраструктуре.
  • Cyber Entity – any distinct thing or actor that exists within the cyber infrastructure.
  • A thing can be a person, network, etc.

    Known definitions were consulted during this process.

  • Киберактив – киберобъект (киберсубъект), обладающий ценностью.
  • Cyber Asset – a cyber entity with value.
  • The owner of the asset determines its value.

    Known definitions were consulted during this process.

  • Киберсилы – киберактивы, организованные для проведения киберопераций.
  • Cyber Forces – сyber assets organized for conducting cyber operations.
  • Known definitions were consulted during this process.
  • Кибербоец – человек, обладающий специальными навыками и непосредственно вовлеченный в кибервойну.
  • Cyber Warrior – a person skilled and directly engaging in cyber warfare.
  • Known definitions were consulted during this process.
  • Киберпреступление – использование киберпространства в преступных целях, которые определяются в качестве таковых национальным или международным законодательством.
  • Cyber Crime – is the use of cyberspace for criminal purposes as defined by national or international law.
  • Important considerations for this term include the following:

    Given the established laws that define criminal activity, the cyber crime term is deliberately designed to immediately reference existing legal structures.

    It is understood that jurisdictional considerations have an integral role in application of this term. Complexities arise when activities are performed by an individual in one country, utilizing cyber resources in another (second) country, and affecting someone, organization or other entity in the third country.

    Cyber criminals are increasingly being categorized as significant non state actors.

    The Convention on Cybercrime (2001) is the first international treaty seeking to harmonize cyber crime legislations across countries.
    It was drawn up by the Council of Europe with the United States participating as an observer. The U.S. has ratified the treaty, whereas Russia has not.

    Known definitions were consulted during this process.

  • Кибертерроризм – использование киберпространства в террористических целях, которые определяются в качестве таковых национальным или международным законодательством.
  • Cyber Terrorism – is the use of cyberspace for terrorist purposes as defined by national or international law.
  • Important considerations for this term include the following:

    Given the extensive recent development of the definition of terrorism, the cyber terrorism term is deliberately designed with reliance on this existing work.

    It is understood that jurisdictional considerations have an integral role in application of this term. Complexities arise when activities are performed by an individual in one country, utilizing cyber resources in another (second) country, and affecting a person, organization or other entity in the third country.

    Known definitions were consulted during this process.

  • Киберконфликт – напряженная ситуация между и/или среди государств и/или политически организованных групп, при которой враждебные (нежелательные) кибератаки провоцируют (приводят) к ответным действиям.
  • Cyber Conflict – is a tense situation between and/or among nation-states and/or organized groups where unwelcome cyber attacks result in retaliation.
  • Important considerations for this term include the following:

    Cyber attacks could include physical attacks on cyber infrastructure.

    The attack retaliation methods may be asymmetrical (i.e. cyber, physical). Thus the response does not have to be cyber. Nor does the attack need to be cyber in order to have a cyber response.

    Cyber conflict can be a precursor to an escalated situation.

    Known definitions were consulted during this process.

  • Кибервойна – высшая степень киберконфликта между или среди государств, во время которой государства предпринимают кибератаки против киберинфраструктур противника, как часть военной кампании:
    (i) может быть объявлена формально одной (всеми) конфликтующими сторонами, или
    (ii) не объявляться формально и быть de facto.
  • Cyber War – is an escalated state of cyber conflict between or among states in which cyber attacks are carried out by state actors against cyber infrastructure as part of a military campaign:
    (i) Declared: that is formally declared by an authority of one of the parties.
    (ii) De Facto: with the absence of a declaration.
  • Important considerations for this term include the following:

    War exists as a state or condition between or among belligerent parties.

    War has usually different phases. Cyber conflict usually precedes cyber war.

    There is a tendency of conventional war to include cyber warfare.

    If there are no political actors, then this is not a war. Cyber war can be more than strictly a military activity, especially at the outset, i.e. an intelligence operation. Cyber war can be conducted in different ways by different groups. Known definitions were consulted during this process. A recent EWI Russia U.S. Bilateral on Critical Infrastructure Protection Report introduced the concept of an “Other Than War” mode [see Recommendation 5 of Karl Rauscher & Andrey Korotkov, Working Towards Rules Governing Cyber Conflict – Rendering the Geneva and Hague Conventions in Cyberspace, EastWest Institute, Russia U.S. Bilateral on Critical Infrastructure Protection, January 2011].

  • Кибербезопасность – свойство киберпространства (киберсистемы) противостоять намеренным и/или ненамеренным угрозам, а также реагировать на них и восстанавливаться после воздействия этих угроз.
  • Cybersecurity – is a property of cyberspace that is an ability to resist intentional and/or unintentional threats and respond and recover.
  • Important considerations are included in the “Discussion Disagreements: Information and Cyber” discussion presented in Section 1.

    The Russian word for “security” connotes protection. No additional meanings, such as the means to provide this protection, are implied by the Russian word for “security,” whereas the English term “security” includes such means.

    Known definitions were consulted during this process. Of interest is research that underscores the original concept of being secure is most oriented around a sense of being safe.

  • Информационная операция – организованная деятельность по сбору и накоплению, подготовке, распространению, ограничению в доступе, или обработке информации для достижения поставленной цели.
  • Information Operation – organized activities to gather, prepare, disseminate, restrict or process information to achieve a goal.
  • Known definitions were consulted during this process.
  • Информационная война – высшая степень информационного конфликта между государствами, когда информационные операции проводятся государственными структурами для достижения военно-политических целей.
  • Information War – is an escalated state of information conflict between or among states din which information operations are carried out by state actors for politico-military purposes.
  • Known definitions were consulted during this process.
  • Информационный конфликт – напряженная ситуация между государствами или организованными группами, в которой проведение информационных операций приводит к ответным действиям.
  • Information Conflict – is a tense situation between or among nation-states or organized groups where information operations result in retaliation.
  • Known definitions were consulted during this process.
  • Киберпроникновение – неавторизованный доступ к киберобъекту (киберсубъекту).
  • Cyber Penetration – unauthorized entry into a cyber entity.
  • Known definitions were consulted during this process.
  • Киберугроза – обнаруженная или установленная угроза использования киберуязвимости.
  • Cyber Threat – a danger, whether communicated or sensed, that can exercise a cyber vulnerability.
  • Known definitions were consulted during this process.
  • Киберэксфильтрация – тип кибероперации, связанный с копированием или изъятием каких-либо данных.
  • Cyber Exfiltration – а type of cyber operation that involves copying or removing any data.
  • Known definitions were consulted during this process.
  • Кибершпионаж – кибероперация по получению неавторизованного доступа к чувствительной информации скрытыми методами.
  • Cyber Espionage – a cyber operation to obtain unauthorized access to sensitive information through covert means.
  • The authorization is associated with the entity that owns the information. Espionage is potentially a crime.

    Known definitions were consulted during this process.

  • Кибероперация – организованная деятельность в киберпространстве по сбору и накоплению, подготовке, распространению, ограничению в доступе, обработке информации для достижения поставленной цели.
  • Cyber Operation – organized activities in cyberspace to gather, prepare, disseminate, restrict or process information to achieve a goal.
  • Known definitions were consulted during this process.
  • Боевые действия в киберпространстве – кибератаки, проводимые государствами (группами государств, организованными политическими группами), против киберинфраструктур и являющиеся частью военной кампании.
  • Cyber Warfare – is cyber attacks that are authorized by state actors against cyber infrastructure in conjunction with a government campaign.
  • Important considerations for this term include the following:

    Warfare refers to the acts or techniques carried out by one or more of the belligerent parties.

    Known definitions were consulted during this process.

  • Кибератака – наступательное использование кибероружия с целью нанесения вреда определенной цели.
  • Cyber Attack – is an offensive use of a cyber weapon intended to harm a designated target.
  • Important considerations for this term include the following:

    The word “harm” includes degrading, inhibiting – temporary or permanent.

    An attack is only effective if it exercises an intrinsic vulnerability.

    A cyber attack is defined by the weapon type and not the nature of the target. Thus, a cyber attack can be either as a cyber weapon against a non cyber asset or as a cyber asset. But a cyber attack is not a non cyber weapon against a non cyber asset or cyber asset (See framework on page 13). See the previous footnote for additional insights and reference material.

    The combined team could not resolve whether the following acts would constitute an attack: propaganda, website control and an email campaign.

    Known definitions were consulted during this process. The NATO Standardization Agency (NSA) has defined “computer network attack / attaque de réseaux informatiques (CNA) ”as“ action taken to disrupt, deny, degrade or destroy information resident in a computer and/or computer network, or the computer and/or computer network itself,” with a note that “A computer network attack is a type of cyber attack.” AAPG6 (2010) G NATO Glossary of Terms and Definitions (English and French), 22 January 2010, 2GCG 12. This definition is the only use of the word “cyber” in the mentioned above NATO publication. In compliance with the request of the custodian of the publication, a written notification of the use of this definition here has been provided to the NSA.

  • Киберконтратака – использование кибероружия с целью нанесения вреда определенной цели в ответ на атаку.
  • Cyber Counter-Attack – is the use of a cyber weapon intended to harm a designated target in response to an attack.
  • Important considerations for this term include the following:

    A cyber counter attack may be asymmetrical. Thus, a cyber counter6attack can be either a cyber weapon against a non cyber asset or against a cyber asset. But is not a non cyber weapon against a non cyber asset or cyber asset. Thus, like a cyber attack, a cyber counter attack is defined by a weapon type and not the nature of the target.

    Known definitions were consulted during this process.

  • Оборонительные средства противодействия в киберпространстве – развертывание особых оборонительных средств противодействия для отражения, или перенаправления кибератаки.
  • Cyber Defensive Countermeasure – is the deployment of a specific cyber defensive capability to deflect or to redirect a cyber attack.
  • Important considerations for this term include the following:

    The inclusion of this term in this initial taxonomy related to defense is important because it helps explain the legitimate interest of nation states to invest in the development of capabilities that may be needed to protect their interests.

    Cyber defensive countermeasures are actions taken by a party as a part of a defensive strategy during or after an attack on the interests of the party.

    A countermeasure may be “active” or “passive.” An active countermeasure could react to an attack by attempting to disrupt the attacker. A passive countermeasure could enhance a party’s protection level of its interests.
    Known definitions were consulted during this process.

  • Кибероборона – организованная совокупность средств и действий для защиты, смягчения и эффективного восстановления от враждебных воздействий кибератак.
  • Cyber Defense – is organized capabilities to protect against, mitigate from and rapidly recover from the effects of cyber attack.
  • Important considerations for this term include the following:

    Cyber defense refers to actions taken by a party to protect its interests in anticipation of an attack. The inclusion of this term in this initial taxonomy related to defense is important because it helps explain the legitimate interest of nation states to invest in the development of capabilities that may be needed to protect their interests.

    Effective defense in electronic systems is typically based on detection, isolation, reporting, recovery and neutralization.

    The ability to absorb an attack may be an effective defensive strategy.

    An attack is only effective if it exercises an intrinsic vulnerability.

    Known definitions were consulted during this process.

  • Оборонительные возможности в киберпространстве – возможность эффективно защитить и отразить кибератаку, предотвратить киберконфликт, предупредить использование противником преимуществ в киберпространстве, которая может быть использована в качестве средства сдерживания в киберпространстве.
  • Cyber Defensive Capability – is a capability to effectively protect and repel against a cyber exploitation or cyber attack that may be used as a cyber deterrent.
  • Important considerations for this term include the following:

    The inclusion of this term in this initial taxonomy related to defense is important because it helps explain the legitimate interest of nation states to invest in the development of capabilities that may be needed to protect their interests.

    Known definitions were consulted during this process.

  • Наступательные возможности в киберпространстве – возможность начать кибератаку, которая может быть использована в качестве средства сдерживания в киберпространстве.
  • Cyber Offensive Capability – is a capability to initiate a cyber attack that may be used as a cyber deterrent.
  • Important considerations for this term include the following:

    Known definitions were consulted during this process. The U.S. Department of Defense has a related definition: “cyberspace operations” being defined as “the employment of cyber capabilities where the primary purpose is to achieve objectives in or through cyberspace. Such operations include computer network operations and activities to operate and defend the Global Information Grid.” (JP 3G0) See Dictionary of Military and Associated Terms, U.S. Department of Defense, 31 January 2011, 92G93 (CJCS CMG0363G 08).

  • Использование преимуществ в киберпространстве – использование в своих интересах имеющихся возможностей в киберпространстве для достижения поставленной цели.
  • Cyber Exploitation – is taking advantage of an opportunity in cyberspace to achieve an objective.
  • Important considerations for this term include the following:

    The advantage here may be either the acting party’s strength or adversary’s vulnerability.

    The Russian team members indicate that this is not a term that is used in Russia.

    Known definitions were consulted during this process. The NATO Standardization Agency (NSA) has defined “computer network exploitation / exploitation de réseau informatique (CNE)” as “Action taken to make use of a computer or computer network, as well as the information hosted therein, in order to gain advantage.” AAPG6 (2010) G NATO Glossary of Terms and Definitions (English and French), 17 January 2005, 2GCG12. This definition is the only use of the word “cyber” in this NATO publication. In compliance with the request of the custodian of the publication, a written notification of the use of this definition here has been provided to the NSA.

  • Средства киберсдерживания – признанный механизм, который считается действенным для препятствования киберконфликту, или угрожающей деятельности в киберпространстве.
  • Cyber Deterrent – is a declared mechanism that is presumed effective in discouraging cyber conflict or a threatening activity in cyberspace.
  • Important considerations for this term include the following:

    The mechanisms for a cyber deterrent include policy, posture, weapon, capability or alliance.

    Known definitions were consulted during this process.

  • Информационное превосходство – обладание информацией лучшего качества, или в большем объеме.
  • Information Superiority – having better or more information.
  • Known definitions were consulted during this process.
  • Информационная операция – организованная деятельность по сбору и накоплению, подготовке, распространению, ограничению в доступе или обработке информации для достижения поставленной цели.
  • Information Operation – organized activities to gather, prepare, disseminate, restrict or process information to achieve a goal.
  • Known definitions were consulted during this process.
  • Доминирование в информационных операциях – подавляющее превосходство при проведении информационных операций, приводящее к состоянию контроля над всей ситуацией.
  • Information Operations Dominance – overwhelming capability in information operations, leading to a position of control.
  • Known definitions were consulted during this process.
  • Информационная безопасность – свойство информационного пространства противостоять угрозам, реагировать на них и восстанавливаться (после нанесения ущерба).
  • Information Security – is property of information space that is an ability to resist threats and respond and frecover.
  • This also applies to all of its subspaces as well.

    Known definitions were consulted during this process.

  • Кибероружие – программное, аппаратное обеспечение, или прошивки микросхем, разработанные или применяемые для нанесения ущерба в киберсфере.
  • Cyber Weapon – software, firmware or hardware designed or applied to cause damage through the cyber domain.
  • Consequential harm can be caused to the physical domain as well. Also see the quad chart of physical and cyber attributes (see page 13).

    Known definitions were consulted during this process.

  • Киберуязвимость – свойство киберобъекта, в которое в потенциале может быть использовано для проведения кибероперации.
  • Cyber Vulnerability – property of a cyber entity that is susceptible to exploitation.
  • Cyber vulnerability can be known or unknown.

    Known definitions were consulted during this process.

  • Киберразведка
    (i) сбор и обработка ценной информации с использованием киберопераций,
    (ii) сбор ценной информации о киберактивах другого субъекта/объекта.
  • Cyber Intelligence
    (i) information of value collected and processed through cyber operations,
    (ii) information of value collected about cyber assets of another entity.
  • Cyber intelligence can be military, political, economic, industrial, environmental, diplomatic, etc.

    Known definitions were consulted during this process.

PDF-версию Словаря можно скачать здесь.

Об авторе

Digital Report

Digital Report рассказывает о цифровой реальности, стремительно меняющей облик стран Евразии: от электронных государственных услуг и международных информационных войн до законодательных нововведений и тенденций рынка информационных технологий.

Написать ответ

Send this to a friend

Перейти к верхней панели