PDF(316 KB)
PDF(316 KB)
PDF(316 KB)
国外ICT供应链安全管理研究及建议
Research on Foreign ICT Supply Chain Security Management with Suggestions
鉴于国家关键基础设施和关键资源(CIKR)对信息通信技术(ICT)的依赖,识别和控制ICT供应链风险已成为保障国家安全的重要手段。美国作为ICT供应链管理的先行者,在提升战略地位、开展风险管理、确保软硬件安全、监管政府采购等方面为各国提供了丰富经验;欧盟、俄罗斯也加强了ICT供应链的安全管理。在分析上述国外情况的基础上,给出了完善我国ICT供应链安全管理的相关建议。
Given the nation’s critical infrastructure and key resources (CIKR) reliance on information and communication technology (ICT), identifying and controlling the ICT supply chain risk has become an important factor when protecting national security. As the forerunner of ICT supply chain management, the US provides rich experience in enhancing the strategic position of the ICT supply chain, establishing the standards of ICT supply chain management, ensuring the security of software and hardware in the ICT supply chain, and supervising the procurement of ICT supply chains. In addition, the EU and Russia also specifically strengthen the security management of the ICT supply chain. Based on the above research, this paper provides some suggestions on the security management of the ICT supply chain in China.
供应链风险管理 / 硬件供应链 / 软件供应链 / 采购安全
supply chain risk management / hardware supply chain / software supply chain / procurement security
| [1] |
Boyson S, Rossman H. Developing a cyber-supply chain assur-ance reference model [R]. Maryland: Supply Chain Management Center (SCMC), Robert H. Smith School of Business University of Maryland, 2009.
|
| [2] |
Booz Allen Hamilton. Managing risk in global ICT supply chains: Best practices and standards for acquiring ICT[R]. McLean, Vir-ginia: Booz Allen Hamilton, 2012.
|
| [3] |
The comprehensive national cyber security initiative [EB/OL]. (2008-01-01) [2016-10-12].
|
| [4] |
Schmidt H A. International strategy for cyberspace [R]. Washing-ton, DC: White House, 2011.
|
| [5] |
Cadzow S, Giannopoulos G, Merle A, et al. Supply chain integri-ty: An overview of the ICT supply chain risks and challenges, and vision for the way forward (2015) [R/OL].(2015-09-11) [2016-10-15].
|
| [6] |
The Embassy of the People’s Republic of China in New Zealand (Cook Islands, Niue). China, Russia and other countries submit the document of international code of conduct for information security to the United Nations International code of conduct for informa-tion security [EB/OL].(2011-09-12) [2016-10-15].
|
| [7] |
Boyens J, Paulsen C, Moorthy R, et al. NIST special publication 800-161: Supply chain risk management practices for federal in-formation systems and organizations [S].
|
| [8] |
Ross R S. NIST special publication 800-39, managing information security risk: Organization, mission, and information system view [S] Gaithersburg: National Institute of Standards and Technology, 2011.
|
| [9] |
Boyens J. NIST IR7622: Notional supply chain risk management 109中国工程科学 2016 年 第 18 卷 第 6 期practices for federal information systems [S].
|
| [10] |
Simpson S, Reddy D, Minnis B, et al. The software supply chain integrity framework: Defining risks and responsibilities for secur-ing software in the global supply chain [S].
|
| [11] |
Langevin J R, McCaul M T, Charney S, et al. Securing cyberspace for the 44th presidency: A report of the CSIS commission on cy-bersecurity for the 44th presidency [R]. Washington, DC: Center for Strategic and International Studies, 2008.
|
| [12] |
Chadwick S H. Defense acquisition: Overview, issues, and options for congress [R]. Washington, DC: Congressional Research Ser-vice, the Library of Congress, 2007.
|
/
| 〈 |
|
〉 |
