2023年 第25卷 第6期
《中国工程科学》 >> 2023年 第25卷 第6期 doi: 10.15302/J-SSCAE-2023.06.018
内生安全赋能网络弹性的构想、方法与策略
1. 复旦大学大数据研究院,上海 200433;
2. 国家数字交换系统工程技术研究中心,郑州 450002
下一篇 上一篇
摘要
网络弹性工程是美国、欧洲等发达国家和地区针对数字化转型、新发展形势下的网络安全挑战所采取的技术性措施,旨在以网络弹性标准为依托,构建数字技术准入“壁垒”,同时从应用服务侧和设备供应侧同时发力,提高自身数字设施和数字产品的安全能力。本文着眼网络弹性工程实施对我国发展新一代网络信息技术带来的影响和挑战,递次阐述了弹性、网络弹性、网络弹性工程的概念,从网络弹性工程的政策驱动、战略考量、发展困境等方面剖析了国外网络弹性工程的应用进展;基于内生安全理论提出了一种新的动态异构冗余架构,描述了内生安全赋能网络弹性的内在机理,阐释了内生安全赋能网络弹性的基本构想与应用方法。研究建议,加快技术创新,抵消发达国家网络弹性工程的组合效应;推动建立中国特色网络弹性政策法规体系;建立相应监管体系,明确网络安全责任边界;建立可量化、可验证、具有公信力的测试评价体系;采取市场化金融手段,多路径助力网络弹性实施,以期系统性增强我国网络弹性,推动网络强国建设。
图片
图1
图2
参考文献
[ 1 ] Goldman H. Building secure, resilient architectures for cyber mission assurance [R]. McLean: MITRE Corporation, 2010.
[ 2 ] Kalutarage H, Shaikh S A, Lee B, et al. Early warning systems for cyber defence [C]. Zurich: International Workshop on Open Problems in Network Security, 2015.
[ 3 ] Holling C S. Resilience and stability of ecological systems [J]. Annual Review of Ecology and Systematics, 1973, 4: 1‒23.
[ 4 ] Pimm S L. The complexity and stability of ecosystems [J]. Nature, 1984, 307(5949): 321‒326.
[ 5 ] Gunderson L H. Ecological resilience—In theory and application [J]. Annual Review of Ecology and Systematics, 2000, 31: 425‒439.
[ 6 ] Pisano U. Resilience and Sustainable Development: Theory of resilience, systems thinking and adaptive governance [R]. Vienna: Vienna University of Economics and Business, 2012.
[ 7 ] Jhawar R, Piuri V. Fault tolerance and resilience in cloud computing environments [M]. Amsterdam: Elsevier, 2014: 1‒28.
[ 8 ] Stine K M. Framework for improving critical infrastructure cybersecurity: Version 1.0 [R]. Gaithersburg: National Institute of Standards and Technology, 2014.
[ 9 ] Colman-Meixner C, Develder C, Tornatore M, et al. A survey on resiliency techniques in cloud computing infrastructures and applications [J]. IEEE Communications Surveys & Tutorials, 2016, 18(3): 2244‒2281.
[10] Deborah J B, Richard G. Cyber resiliency engineering framework [R]. Bedford: The MITRE Corporation, 2011.
[11] Richard A C, Julia H A, David W W, et al. CERT® resilience management model, Version 1.2 [EB/OL]. (2016-02-20)[2023-02-18]. https://insights.sei.cmu.edu/documents/1629/2016_002_001_514462.pdf.
[12] Ronald S R, Victoria P, Richard G, et al. Developing cyber-resilient systems: A systems security engineering approach [R]. Gaithersburg: National Institute of Standards and Technology, 2021.
[13] Petrenko S. Cyber resilience [M]. Aalborg: River Publishers, 2019.
[14] Shifting the balance of cybersecurity risk: Principles and approaches for secure by design software [EB/OL]. [2023-10-20]. https://www.cisa.gov/sites/default/files/2023-06/principles_approaches_for_security-by-design-default_508c.pdf.
[15] Saeed S, Suayyid S A, Al-Ghamdi M S, et al. A systematic literature review on cyber threat intelligence for organizational cybersecurity resilience [J]. Sensors, 2023, 23(16): 7273.
[16] Llansó T, Hedgecock D A, Pendergrass J. The state of cyber resilience: Now and in the future [J]. Johns Hopkins APL Technical Digest, 2021, 35(4): 328‒334.
[17] Malatji M, Marnewick A L, Von Solms S. Cybersecurity capabilities for critical infrastructure resilience [J]. Information & Computer Security, 2022, 30(2): 255‒279.
[18] Yusif S, Hafeez-Baig A. A conceptual model for cybersecurity governance [J]. Journal of Applied Security Research, 2021, 16(4): 490‒513.
[19] Eckhardt P, Kotovskaia A. The EU´s cybersecurity framework: The interplay between the cyber resilience act and the NIS2 directive [J]. International Cybersecurity Law Review, 2023, 4(2): 147‒164.
[20] Cyber resilient organization study 2021 [EB/OL]. [2023-03-24]. https://www.ibm.com/resources/guides/cyber-resilient-organization-study.
[21] Pettit T J. Supply chain resilience: Development of conceptual framework, an assessment tool and an implementation process [D]. Olumbus: The Ohio State University (Doctoral dissertation), 2008.
[22] Kulugh V E, Mbanaso U M, Chukwudebe G. Cybersecurity resilience maturity assessment model for critical national information infrastructure [J]. SN Computer Science, 2022, 3(3): 217.
[23] Wu J X. Cyberspace mimic defense: Generalized robust control and endogenous security [M]. Cham: Springer International Publishing, 2020.
[24] Kelly B, Jacky F, Ryan M L, et al. How aligning security and the business creates cyber resilience [C]. Ireland: State of Cybersecurity Resilience 2021, 2021.
[25]
肖前, 李秀林, 汪永祥. 辩证唯物主义原理 [M]. 北京: 人民出版社, 1981.
Xiao Q, Li X L, Wang Y X. Basic tenets of dialectical materialism [M]. Beijing: People´s Publishing House, 1981.
[26]
邬江兴. 网络空间内生安全发展范式 [J]. 中国科学: 信息科学, 2022, 52(2): 189‒204.
Wu J X. Development paradigms of cyberspace endogenous safety and security [J]. Scientia Sinica Informationis, 2022, 52(2): 189‒204.
[27]
邬江兴. 网络空间内生安全——拟态防御与广义鲁棒控制(上册) [M]. 北京: 科学出版社, 2020.
Wu J X. Cyberspace endogenous safety and security: Mimic defense and generalized robust control (Volume I) [M]. Beijing: Science Press, 2020.
[28] Ijaz S, Hamayun M T, Yan L, et al. Adaptive fault tolerant control of dissimilar redundant actuation system of civil aircraft based on integral sliding mode control strategy [J]. Transactions of the Institute of Measurement and Control, 2019, 41(13): 3756‒3768.
[29] Ijaz S, Yan L, Hamayun M T, et al. Active fault tolerant control scheme for aircraft with dissimilar redundant actuation system subject to hydraulic failure [J]. Journal of the Franklin Institute, 2019, 356(3): 1302‒1332.
[30]
邬江兴, 季新生, 贺磊, 等. 内生安全赋能网络弹性研究 [J]. 信息通信技术, 2023, 17(4): 4‒11.
Wu J X, Ji X S, He L, et al. Research on network elasticity of endogenous security empowerment [J]. Information and Communications Technologies, 2023, 17(4): 4‒11.
[31] Ren Q, Guo Z H, Wu J X, et al. SDN-ESRC: A secure and resilient control plane for software-defined networks [J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2366‒2381.
[32] Shannon C E. Communication theory of secrecy systems [J]. The Bell System Technical Journal, 1949, 28(4): 656‒715.
[33]
邬江兴. 内生安全赋能网络弹性工程 [M]. 北京: 科学出版社, 2023.
Wu J X. Endogenous safety and security (ESS) theory enabled cyber resiliency engineering [M]. Beijing: Science Press, 2023.
[34] Wang C H, Wei S Y. Highly resilient key distribution strategy for multi-level heterogeneous sensor networks by using deployment knowledge [J]. Journal of Shanghai Jiaotong University (Science), 2011, 16(5): 593‒599.
[35] Joseph D, Franks J K, Freeman C N. Reliable and resilient end to end connectivity for heterogeneous [R]. New York: International Business Machines Corporation, 2011.
[36]
季新生, 伊鹏, 马海龙, 等. 基于系统架构评估的网络弹性度量技术白皮书 [R]. 南京: 紫金山实验室, 2023.
Ji X S, Yi P, Ma H L, et al. Measurement of cyber resiliency based on system architecture assessment [R]. Nanjing: Purple Mountain Laboratories, 2023.
[37] Alberts D, Tillman M. NEC2 effectiveness and agility: Analysis methodology, metrics, and experimental results [R]. Alexandria: Institute for Defense Analysis, 2012.
[38] Hosseini S, Barker K, Ramirez-Marquez J E. A review of definitions and measures of system resilience [J]. Reliability Engineering & System Safety, 2016, 145: 47‒61.
[39] Hausken K. Cyber resilience in firms, organizations and societies [J]. Internet of Things, 2020, 11: 100204.
京公网安备 11010502051620号
