PDF(13252 KB)
PDF(13252 KB)
PDF(13252 KB)
多视角下的网络空间安全模型与体系化发展
Cyberspace Security Models and Systematic Development from Multiple Perspectives
网络空间技术发展迅速,新应用、新技术衍生的网络空间安全风险趋于复杂化和隐蔽化;建立特有的网络空间安全模型是国内外应对复杂安全威胁的常规做法,但现有的网络空间安全模型存在未来发展方向不明确、新技术衍生风险分析能力不足、网络空间安全防御评估所需的安全能力缺失等问题。本文从技术、学科、产业等视角入手,开展了现有的网络空间安全模型评估,梳理了网络空间安全技术体系的自身特点及其发展脉络,阐明了网络安全应用存在的迫切问题;着重从网络空间安全技术视角出发,提出了一种基于技术要素的网络空间安全模型体系框架,并利用已有安全技术和新兴技术验证了体系框架的安全分析能力。从完善网络空间安全技术体系核心框架、促进网络空间安全领域“产学研”协同、推进网络空间安全核心技术标准制定、体系化解决人工智能安全威胁等方面提出了发展建议,以期高效应对网络空间安全威胁、提升我国网络空间安全保障能力。
As cyberspace technologies advance rapidly, cyberspace security risks derived from new applications and technologies are becoming more complex and hidden. Establishing a unique cyberspace security model is a common practice to deal with complex security threats in China and abroad. However, existing cyberspace security models have problems such as unclear development directions, insufficient ability to analyze risks derived from new technologies, and lack of security capabilities required for cyberspace security defense assessment. This study evaluates existing cyberspace security models from the perspectives of technology, discipline, and industry, sorts out the characteristics and development context of the cyberspace security technology system, and clarifies the urgent problems existing in cybersecurity applications. Focusing on the perspective of cyberspace security technology, this study proposes a cyberspace security model system framework based on technical elements, using existing security technologies and emerging technologies to verify the security analysis capabilities of the system framework. This study further proposes the following development suggestions: (1) improving the core framework of the cyberspace security technology system, (2) promoting the industryuniversity-research integration in the field of cyberspace security, (3) promoting the formulation of core technology standards regarding cyberspace security, and (4) addressing AI security threats, thus to effectively deal with cyberspace security threats and enhance the cyberspace security capabilities of China.
cyberspace / security model / security capability / derivative risk
| [1] |
冯登国. 准确把握网络空间安全技术发展的新特征 全力助推国家安全体系和能力现代化 [J]. 中国科学院院刊, 2022, 37(11): 1539‒1542.
|
| [2] |
方滨兴, 杜阿宁, 张熙, 等. 国家网络空间安全国际战略研究 [J]. 中国工程科学, 2016, 18(6): 13‒16.
|
| [3] |
International Telecommunication Union. Toolkit for cybercrime legislation [EB/OL]. (2010-07-31)[2023-10-20]. https://www.itu.int/ITU-D/cyb/cybersecurity/docs/flyer-regulatory-resources.pdf.
|
| [4] |
崔保国. 世界网络空间的格局与变局 [J]. 新闻与写作, 2015 (9): 25‒31.
|
| [5] |
王文杰. 跨国网络空间安全治理的困境与中国对策研究 [D]. 济南: 山东大学 (硕士学位论文), 2019.
|
| [6] |
周文. 关键信息基础设施整体安全保障思路 [J]. 信息安全研究, 2016, 2(10): 946‒951.
|
| [7] |
吕欣. 网络空间安全保障体系研究 [J]. 信息安全研究, 2015, 1(1): 37‒43.
|
| [8] |
张军. 网络空间安全体系与关键技术分析 [J]. 中国新通信, 2021, 23(14): 129‒130.
|
| [9] |
谭可, 马清勇, 谢曦, 等. 网络空间安全体系与关键技术分析 [J]. 通讯世界, 2020, 27(6): 133, 135.
|
| [10] |
罗军舟, 杨明, 凌振, 等. 网络空间安全体系与关键技术 [J]. 中国科学: 信息科学, 2016, 46(8): 939‒968.
|
| [11] |
张弛, 左晓栋. 美国2019联邦网络安全研发战略计划解读 [J]. 网络空间安全, 2020, 11(3): 90‒95.
|
| [12] |
熊小兵. 一种基于PDRR模型的静态数据完整性保护方案 [J]. 计算机与信息技术, 2006 (11): 51‒52, 55.
|
| [13] |
刘峰, 林东岱, 等. 美国网络空间安全体系 [M]. 北京: 科学出版社, 2015.
|
| [14] |
王妍, 孙德刚, 卢丹. 美国网络安全体系架构 [J]. 信息安全研究, 2019, 5(7): 582‒585.
|
| [15] |
贾浩淼, 王石. NIST《改进关键基础设施网络安全框架》分析 [J]. 信息技术与标准化, 2014 (4): 47‒50, 73.
|
| [16] |
TIRPAK J A. Find, fix, track, target, engage, assess [J]. Air Force Magazine, 2000, 83(7): 24‒29.
|
| [17] |
Hutchins E, Cloppert M, Amin R. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains [C]. Washington DC: 6th International Conference on Information Warfare and Security (ICIW 2011), 2011.
|
| [18] |
Strom B E, Applebaum A, Miller D P, et al. MITRE ATT&CK: design and philosophy [EB/OL]. (2018-07-20)[2023-11-20]. https://pdfslide.net/documents/mitre-attcka-design-and-philosophy-attck-was-created-out-of-a-need.html?page=1.
|
| [19] |
江欣. 基于EDR与CARTA模型的动态主机安全防护平台研究 [J]. 网络安全技术与应用, 2020 (9): 47‒48.
|
| [20] |
Fowler C, Goffin M, Hill B, et al. An introduction to MITRE shield [EB/OL]. (2020-08-26)[2023-11-20]. https://shield.mitre.org/resources/downloads/Introduction_to_MITRE_Shield.pdf.
|
| [21] |
张大伟, 沈昌祥, 刘吉强, 等. 基于主动防御的网络安全基础设施可信技术保障体系 [J]. 中国工程科学, 2016, 18(6): 58‒61.
|
| [22] |
Brook D A, King C L. Civil service reform as national security: The homeland security act of 2002 [J]. Public Administration Review, 2007, 67(3): 399‒407.
|
| [23] |
孔勇, 范佳雪. 美国《国家基础设施保护计划》2013更新版解读 [J]. 中国信息化, 2023 (1): 49‒52.
|
| [24] |
李留英. 美国网络威胁情报共享实践研究 [J]. 信息安全研究, 2020, 6(10): 941‒946.
|
| [25] |
Krumay B, Bernroider E W N, Walser R. Evaluation of cybersecurity management controls and metrics of critical infrastructures: A literature review considering the NIST cybersecurity framework [C]//Gruschka N. Nordic Conference on Secure IT Systems. Cham: Springer, 2018: 369‒384.
|
| [26] |
National Institute of Standards and Technology of US Department of Commerce. Public draft: The NIST cybersecurity framework 2.0 [EB/OL]. (2023-08-08)[2023-11-20]. https://www.nist.gov/system/files/documents/2023/11/17/11032023%20CSA%20Public%20Draft_%20The%20NIST%20Cybersecurity%20Framework%202%20CSA%20Comments.pdf.
|
| [27] |
STAFFORD V. Zero trust architecture [R]. Gaithersburg: The National Institute of Standards and Technology of US Department of Commerce, 2020.
|
| [28] |
Sabnis S, Verbruggen M, Hickey J, et al. Intrinsically secure next-generation networks [J]. Bell Labs Technical Journal, 2012, 17(3): 17‒36.
|
| [29] |
邬江兴. 网络空间拟态安全防御 [J]. 保密科学技术, 2014 (10): 1, 4‒9.
|
| [30] |
康友春. 网络空间安全创新理论——拟态防御 [J]. 智能建筑, 2018 (6): 54‒59.
|
| [31] |
沈昌祥, 张焕国, 王怀民, 等. 可信计算的研究与发展 [J]. 中国科学: 信息科学, 2010, 40(2): 139‒166.
|
| [32] |
李建华, 邱卫东, 孟魁, 等. 网络空间安全一级学科内涵建设和人才培养思考 [J]. 信息安全研究, 2015, 1(2): 149‒154.
|
| [33] |
中国网络安全产业创新发展联盟, 中国信息通信研究院.中国网络安全产业研究报告(2022年) [R]. 北京: 中国信息通信研究院, 2023.
|
| [34] |
王吉. 基于计算机防火墙安全屏障的网路防范技术 [J]. 信息与电脑(理论版), 2014 (1): 132‒133.
|
| [35] |
方自远, 王栋. 网络防火墙技术 [J]. 电脑知识与技术, 2018, 14(32): 30‒32.
|
| [36] |
方滨兴, 时金桥, 王忠儒, 等. 人工智能赋能网络攻击的安全威胁及应对策略 [J]. 中国工程科学, 2021, 23(3): 60‒66.
|
/
| 〈 |
|
〉 |
