2023, Volume 25, Issue 6
Strategic Study of CAE >> 2023, Volume 25, Issue 6 doi: 10.15302/J-SSCAE-2023.06.009
Cyberspace Security Models and Systematic Development from Multiple Perspectives
1. Zhongguancun Laboratory, Beijing 100094, China;
2. Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
Next Previous
Abstract
As cyberspace technologies advance rapidly, cyberspace security risks derived from new applications and technologies are becoming more complex and hidden. Establishing a unique cyberspace security model is a common practice to deal with complex security threats in China and abroad. However, existing cyberspace security models have problems such as unclear development directions, insufficient ability to analyze risks derived from new technologies, and lack of security capabilities required for cyberspace security defense assessment. This study evaluates existing cyberspace security models from the perspectives of technology, discipline, and industry, sorts out the characteristics and development context of the cyberspace security technology system, and clarifies the urgent problems existing in cybersecurity applications. Focusing on the perspective of cyberspace security technology, this study proposes a cyberspace security model system framework based on technical elements, using existing security technologies and emerging technologies to verify the security analysis capabilities of the system framework. This study further proposes the following development suggestions: (1) improving the core framework of the cyberspace security technology system, (2) promoting the industryuniversity-research integration in the field of cyberspace security, (3) promoting the formulation of core technology standards regarding cyberspace security, and (4) addressing AI security threats, thus to effectively deal with cyberspace security threats and enhance the cyberspace security capabilities of China.
Keywords
cyberspace ; security model ; security capability ; derivative risk
Figures
图1
图2
图3
图4
References
[ 1 ]
冯登国. 准确把握网络空间安全技术发展的新特征 全力助推国家安全体系和能力现代化 [J]. 中国科学院院刊, 2022, 37(11): 1539‒1542.
Feng D G. Accurately grasp the new features of cybersecurity technology development and fully promote the modernization of national security system and capabilities [J]. Bulletin of Chinese Academy of Sciences, 2022, 37(11): 1539‒1542.
[ 2 ]
方滨兴, 杜阿宁, 张熙, 等. 国家网络空间安全国际战略研究 [J]. 中国工程科学, 2016, 18(6): 13‒16.
Fang B X, Du A N, Zhang X, et al. Research on the international strategy for national cyberspace security [J]. Strategic Study of CAE, 2016, 18(6): 13‒16.
[ 3 ] International Telecommunication Union. Toolkit for cybercrime legislation [EB/OL]. (2010-07-31)[2023-10-20]. https://www.itu.int/ITU-D/cyb/cybersecurity/docs/flyer-regulatory-resources.pdf.
[ 4 ]
崔保国. 世界网络空间的格局与变局 [J]. 新闻与写作, 2015 (9): 25‒31.
Cui B G. The pattern and change of the world cyberspace [J]. News and Writing, 2015 (9): 25‒31.
[ 5 ]
王文杰. 跨国网络空间安全治理的困境与中国对策研究 [D]. 济南: 山东大学 (硕士学位论文), 2019.
Wang W J. The research on the dilemmas of multinational cyberspace security governance and China´s countermeasures [D]. Jinan: Shandong University (Master´s thesis), 2019.
[ 6 ]
周文. 关键信息基础设施整体安全保障思路 [J]. 信息安全研究, 2016, 2(10): 946‒951.
Zhou W. The totlal solution of cyber security in critical information infrastructure [J]. Journal of Information Security Research, 2016, 2(10): 946‒951.
[ 7 ]
吕欣. 网络空间安全保障体系研究 [J]. 信息安全研究, 2015, 1(1): 37‒43.
Lyu X. Studies on cybersecurity assurance system [J]. Journal of Information Security Research, 2015, 1(1): 37‒43.
[ 8 ]
张军. 网络空间安全体系与关键技术分析 [J]. 中国新通信, 2021, 23(14): 129‒130.
Zhang J. Analysis of cyberspace security system and key technologies [J]. China New Telecommunications, 2021, 23(14): 129‒130.
[ 9 ]
谭可, 马清勇, 谢曦, 等. 网络空间安全体系与关键技术分析 [J]. 通讯世界, 2020, 27(6): 133, 135.
Tan K, Ma Q Y, Xie X, et al. Analysis of cyberspace security system and key technologies [J]. Telecom World, 2020, 27(6): 133, 135.
[10]
罗军舟, 杨明, 凌振, 等. 网络空间安全体系与关键技术 [J]. 中国科学: 信息科学, 2016, 46(8): 939‒968.
Luo J Z, Yang M, Ling Z, et al. Architecture and key technologies of cyberspace security [J]. Scientia Sinica Informationis, 2016, 46(8): 939‒968.
[11]
张弛, 左晓栋. 美国2019联邦网络安全研发战略计划解读 [J]. 网络空间安全, 2020, 11(3): 90‒95.
Zhang C, Zuo X D. Analysis of U.S. 2019 federal cybersecurity research and development strategic plan [J]. Cyberspace Security, 2020, 11(3): 90‒95.
[12]
熊小兵. 一种基于PDRR模型的静态数据完整性保护方案 [J]. 计算机与信息技术, 2006 (11): 51‒52, 55.
Xiong X B. A static data integrity protection scheme based on PDRR model [J] Computer and Information Technology, 2006 (11): 51‒52, 55.
[13]
刘峰, 林东岱, 等. 美国网络空间安全体系 [M]. 北京: 科学出版社, 2015.
Liu F, Lin D D, et al. Overview of the cybersecurity system in USA [M]. Beijing: Science Press, 2015.
[14]
王妍, 孙德刚, 卢丹. 美国网络安全体系架构 [J]. 信息安全研究, 2019, 5(7): 582‒585.
Wang Y, Sun D G, Lu D. American network security architecture [J]. Journal of Information Security Research, 2019, 5(7): 582‒585.
[15]
贾浩淼, 王石. NIST《改进关键基础设施网络安全框架》分析 [J]. 信息技术与标准化, 2014 (4): 47‒50, 73.
Jia H M, Wang S. Analyzing on NIST framework for critical infrastructure cyber security [J]. Information Technology & Standardization, 2014 (4): 47‒50, 73.
[16] TIRPAK J A. Find, fix, track, target, engage, assess [J]. Air Force Magazine, 2000, 83(7): 24‒29.
[17] Hutchins E, Cloppert M, Amin R. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains [C]. Washington DC: 6th International Conference on Information Warfare and Security (ICIW 2011), 2011.
[18] Strom B E, Applebaum A, Miller D P, et al. MITRE ATT&CK: design and philosophy [EB/OL]. (2018-07-20)[2023-11-20]. https://pdfslide.net/documents/mitre-attcka-design-and-philosophy-attck-was-created-out-of-a-need.html?page=1.
[19]
江欣. 基于EDR与CARTA模型的动态主机安全防护平台研究 [J]. 网络安全技术与应用, 2020 (9): 47‒48.
Jiang X. Research on dynamic host security protection platform based on EDR and CARTA model [J]. Network Security Technology & Application, 2020 (9): 47‒48.
[20] Fowler C, Goffin M, Hill B, et al. An introduction to MITRE shield [EB/OL]. (2020-08-26)[2023-11-20]. https://shield.mitre.org/resources/downloads/Introduction_to_MITRE_Shield.pdf.
[21]
张大伟, 沈昌祥, 刘吉强, 等. 基于主动防御的网络安全基础设施可信技术保障体系 [J]. 中国工程科学, 2016, 18(6): 58‒61.
Zhang D W, Shen C X, Liu J Q, et al. TC assurance architecture for cybersecurity infrastructure based on active defense [J]. Strategic Study of CAE, 2016, 18(6): 58‒61.
[22] Brook D A, King C L. Civil service reform as national security: The homeland security act of 2002 [J]. Public Administration Review, 2007, 67(3): 399‒407.
[23]
孔勇, 范佳雪. 美国《国家基础设施保护计划》2013更新版解读 [J]. 中国信息化, 2023 (1): 49‒52.
Kong Y, Fan J X. Interpretation of the 2013 update of the national infrastructure protection plan of the United States [J]. Zhongguo Xinxihua, 2023 (1): 49‒52.
[24]
李留英. 美国网络威胁情报共享实践研究 [J]. 信息安全研究, 2020, 6(10): 941‒946.
Li L Y. Research on the practice of cyber threat intelligence sharing in the United States [J]. Journal of Information Security Research, 2020, 6(10): 941‒946.
[25] Krumay B, Bernroider E W N, Walser R. Evaluation of cybersecurity management controls and metrics of critical infrastructures: A literature review considering the NIST cybersecurity framework [C]//Gruschka N. Nordic Conference on Secure IT Systems. Cham: Springer, 2018: 369‒384.
[26] National Institute of Standards and Technology of US Department of Commerce. Public draft: The NIST cybersecurity framework 2.0 [EB/OL]. (2023-08-08)[2023-11-20]. https://www.nist.gov/system/files/documents/2023/11/17/11032023%20CSA%20Public%20Draft_%20The%20NIST%20Cybersecurity%20Framework%202%20CSA%20Comments.pdf.
[27] STAFFORD V. Zero trust architecture [R]. Gaithersburg: The National Institute of Standards and Technology of US Department of Commerce, 2020.
[28] Sabnis S, Verbruggen M, Hickey J, et al. Intrinsically secure next-generation networks [J]. Bell Labs Technical Journal, 2012, 17(3): 17‒36.
[29]
邬江兴. 网络空间拟态安全防御 [J]. 保密科学技术, 2014 (10): 1, 4‒9.
Wu J X. Cyberspace mimicry security defense [J]. Secrecy Science and Technology, 2014 (10): 1, 4‒9.
[30]
康友春. 网络空间安全创新理论——拟态防御 [J]. 智能建筑, 2018 (6): 54‒59.
Kang Y C. The innovated theory of network space security—Mimicry defense [J]. Intelligent Building, 2018 (6): 54‒59.
[31]
沈昌祥, 张焕国, 王怀民, 等. 可信计算的研究与发展 [J]. 中国科学: 信息科学, 2010, 40(2): 139‒166.
Shen C X, Zhang H G, Wang H M, et al. Research and development of trusted computing [J]. Scientia Sinica Informations, 2010, 40(2): 139‒166.
[32]
李建华, 邱卫东, 孟魁, 等. 网络空间安全一级学科内涵建设和人才培养思考 [J]. 信息安全研究, 2015, 1(2): 149‒154.
Li J H, Qiu W D, Meng K, et al. Discipline construction and talents training of cyberspace security [J]. Journal of Information Security Research, 2015, 1(2): 149‒154.
[33]
中国网络安全产业创新发展联盟, 中国信息通信研究院.中国网络安全产业研究报告(2022年) [R]. 北京: 中国信息通信研究院, 2023.
China CybersecurityIndustry Alliance of Innovation and Development (CIIDAlliance), China Academy of Information and Communications Technology. Research report on China´s cybersecurity industry (2022) [R]. Beijing: China Academy of Information and Communication Technology, 2023.
[34]
王吉. 基于计算机防火墙安全屏障的网路防范技术 [J]. 信息与电脑(理论版), 2014 (1): 132‒133.
Wang J. Network prevention technology based on computer firewall security barrier [J]. China Computer & Communication, 2014 (1): 132‒133.
[35]
方自远, 王栋. 网络防火墙技术 [J]. 电脑知识与技术, 2018, 14(32): 30‒32.
Fang Z Y, Wang D. Network firewall technology [J]. Computer Knowledge and Technology, 2018, 14(32): 30‒32.
[36]
方滨兴, 时金桥, 王忠儒, 等. 人工智能赋能网络攻击的安全威胁及应对策略 [J]. 中国工程科学, 2021, 23(3): 60‒66.
Fang B X, Shi J Q, Wang Z R, et al. AI-enabled cyberspace attacks: Security risks and countermeasures [J]. Strategic Study of CAE, 2021, 23(3): 60‒66.
京公网安备 11010502051620号
