国外ICT供应链安全管理研究及建议

2016年第18卷第6期

摘要

关键词

图片

参考文献

相关研究

回顶部

《中国工程科学》 >> 2016年第18卷第6期 doi: 10.15302/J-SSCAE-2016.06.021

国外ICT供应链安全管理研究及建议

1. 中国科学院计算技术研究所，北京 100190；

2. 中国网络空间研究院，北京 100010；

3. 中国科学院信息工程研究所，北京 100093

资助项目：中国工程院重大咨询项目“网络空间安全战略研究”（2015-ZD-10）收稿日期： 2016-10-20 修回日期： 2016-10-25 发布日期： 2016-12-13 15:28:56.000

HTML133 PDF 94 收藏 0

摘要

鉴于国家关键基础设施和关键资源（CIKR）对信息通信技术（ICT）的依赖，识别和控制ICT供应链风险已成为保障国家安全的重要手段。美国作为ICT供应链管理的先行者，在提升战略地位、开展风险管理、确保软硬件安全、监管政府采购等方面为各国提供了丰富经验；欧盟、俄罗斯也加强了ICT供应链的安全管理。在分析上述国外情况的基础上，给出了完善我国ICT供应链安全管理的相关建议。

关键词

供应链风险管理 ; 硬件供应链 ; 软件供应链 ; 采购安全

图片

图 1

图 2

图 3

参考文献

[ 1 ] Boyson S, Rossman H. Developing a cyber-supply chain assur-ance reference model [R]. Maryland: Supply Chain Management Center (SCMC), Robert H. Smith School of Business University of Maryland, 2009.

[ 2 ] Booz Allen Hamilton. Managing risk in global ICT supply chains: Best practices and standards for acquiring ICT[R]. McLean, Vir-ginia: Booz Allen Hamilton, 2012.

[ 3 ] The comprehensive national cyber security initiative [EB/OL]. (2008-01-01) [2016-10-12].
The comprehensive national cyber security initiative [EB/OL]. (2008-01) [2016-10-12].

[ 4 ] Schmidt H A. International strategy for cyberspace [R]. Washing-ton, DC: White House, 2011.

[ 5 ] Cadzow S, Giannopoulos G, Merle A, et al. Supply chain integri-ty: An overview of the ICT supply chain risks and challenges, and vision for the way forward (2015) [R/OL].(2015-09-11) [2016-10-15].

[ 6 ] The Embassy of the People’s Republic of China in New Zealand (Cook Islands, Niue). China, Russia and other countries submit the document of international code of conduct for information security to the United Nations International code of conduct for informa-tion security [EB/OL].(2011-09-12) [2016-10-15].

[ 7 ] Boyens J, Paulsen C, Moorthy R, et al. NIST special publication 800-161: Supply chain risk management practices for federal in-formation systems and organizations [S].

[ 8 ] Ross R S. NIST special publication 800-39, managing information security risk: Organization, mission, and information system view [S] Gaithersburg: National Institute of Standards and Technology, 2011.
Ross R S. NIST special publication 800-39, managing information security risk: organization, mission, and information system view [S].

[ 9 ] Boyens J. NIST IR7622: Notional supply chain risk management 109中国工程科学 2016 年第 18 卷第 6 期practices for federal information systems [S].
Boyens J. NIST IR7622: Notional supply chain risk manage-109Strategic Study of CAE 2016 Vol. 18 No. 6ment practices for federal information systems [S].

[10] Simpson S, Reddy D, Minnis B, et al. The software supply chain integrity framework: Defining risks and responsibilities for secur-ing software in the global supply chain [S].

[11] Langevin J R, McCaul M T, Charney S, et al. Securing cyberspace for the 44th presidency: A report of the CSIS commission on cy-bersecurity for the 44th presidency [R]. Washington, DC: Center for Strategic and International Studies, 2008.

[12] Chadwick S H. Defense acquisition: Overview, issues, and options for congress [R]. Washington, DC: Congressional Research Ser-vice, the Library of Congress, 2007. 链接1