PDF(1256 KB)
PDF(1256 KB)
PDF(1256 KB)
内生安全赋能网络弹性的构想、方法与策略
Cyber Resilience Enabled by Endogenous Safety and Security: Vision, Techniques, and Strategies
网络弹性工程是美国、欧洲等发达国家和地区针对数字化转型、新发展形势下的网络安全挑战所采取的技术性措施,旨在以网络弹性标准为依托,构建数字技术准入“壁垒”,同时从应用服务侧和设备供应侧同时发力,提高自身数字设施和数字产品的安全能力。本文着眼网络弹性工程实施对我国发展新一代网络信息技术带来的影响和挑战,递次阐述了弹性、网络弹性、网络弹性工程的概念,从网络弹性工程的政策驱动、战略考量、发展困境等方面剖析了国外网络弹性工程的应用进展;基于内生安全理论提出了一种新的动态异构冗余架构,描述了内生安全赋能网络弹性的内在机理,阐释了内生安全赋能网络弹性的基本构想与应用方法。研究建议,加快技术创新,抵消发达国家网络弹性工程的组合效应;推动建立中国特色网络弹性政策法规体系;建立相应监管体系,明确网络安全责任边界;建立可量化、可验证、具有公信力的测试评价体系;采取市场化金融手段,多路径助力网络弹性实施,以期系统性增强我国网络弹性,推动网络强国建设。
Cyber resiliency engineering is a technical approach embraced by countries and regions such as the United States and Europe to implement digital transformation and address network security challenges under new circumstances. It aims to keep the barriers to entry high for digital technologies based on the cyber resilience standard and to improve the digital infrastructure security capability of China from both the application service and device supply sides. This study focuses on the impact and challenges brought by the initiatives of cyber resiliency engineering in the United States and Europe on the development of new-generation network information technology in China. It starts from a concept introduction of resilience, cyber resilience, and cyber resiliency engineering. Subsequently, it elaborates on the application progress of cyber resiliency engineering in the United States and Europe in terms of policy drivers, strategic considerations, and development dilemmas. Moreover, the study goes further to propose a dynamic heterogeneous redundancy architecture based on an endogenous security and safety (ESS) theory. It describes and illustrates the intrinsic mechanism, basic concepts, and application methods of cyber resilience empowered by ESS. Furthermore, we propose that China should accelerate innovation to offset the combined effects of cyber resiliency engineering in developed countries, introduce a cyber resilience policy and law system with Chinese characteristics, establish corresponding regulatory systems to clarify the network security responsibilities, establish a quantifiable, verifiable, and credible testing and evaluation system, and boost the holistic implementation of cyber resilience with a multi-pronged approach including financial marketization, hoping to ystematically enhance the cyber resilience and strength of China.
网络空间 / 内生安全 / 网络弹性 / 结构加密 / 动态异构冗余架构
cyberspace / endogenous safety and security / cyber resilience / structure encryption / dynamic heterogeneous redundancy architecture
| [1] |
Goldman H. Building secure, resilient architectures for cyber mission assurance [R]. McLean: MITRE Corporation, 2010.
|
| [2] |
Kalutarage H, Shaikh S A, Lee B, et al. Early warning systems for cyber defence [C]. Zurich: International Workshop on Open Problems in Network Security, 2015.
|
| [3] |
Holling C S. Resilience and stability of ecological systems [J]. Annual Review of Ecology and Systematics, 1973, 4: 1‒23.
|
| [4] |
Pimm S L. The complexity and stability of ecosystems [J]. Nature, 1984, 307(5949): 321‒326.
|
| [5] |
Gunderson L H. Ecological resilience—In theory and application [J]. Annual Review of Ecology and Systematics, 2000, 31: 425‒439.
|
| [6] |
Pisano U. Resilience and Sustainable Development: Theory of resilience, systems thinking and adaptive governance [R]. Vienna: Vienna University of Economics and Business, 2012.
|
| [7] |
Jhawar R, Piuri V. Fault tolerance and resilience in cloud computing environments [M]. Amsterdam: Elsevier, 2014: 1‒28.
|
| [8] |
Stine K M. Framework for improving critical infrastructure cybersecurity: Version 1.0 [R]. Gaithersburg: National Institute of Standards and Technology, 2014.
|
| [9] |
Colman-Meixner C, Develder C, Tornatore M, et al. A survey on resiliency techniques in cloud computing infrastructures and applications [J]. IEEE Communications Surveys & Tutorials, 2016, 18(3): 2244‒2281.
|
| [10] |
Deborah J B, Richard G. Cyber resiliency engineering framework [R]. Bedford: The MITRE Corporation, 2011.
|
| [11] |
Richard A C, Julia H A, David W W, et al. CERT® resilience management model, Version 1.2 [EB/OL]. (2016-02-20)[2023-02-18]. https://insights.sei.cmu.edu/documents/1629/2016_002_001_514462.pdf.
|
| [12] |
Ronald S R, Victoria P, Richard G, et al. Developing cyber-resilient systems: A systems security engineering approach [R]. Gaithersburg: National Institute of Standards and Technology, 2021.
|
| [13] |
Petrenko S. Cyber resilience [M]. Aalborg: River Publishers, 2019.
|
| [14] |
Shifting the balance of cybersecurity risk: Principles and approaches for secure by design software [EB/OL]. [2023-10-20]. https://www.cisa.gov/sites/default/files/2023-06/principles_approaches_for_security-by-design-default_508c.pdf.
|
| [15] |
Saeed S, Suayyid S A, Al-Ghamdi M S, et al. A systematic literature review on cyber threat intelligence for organizational cybersecurity resilience [J]. Sensors, 2023, 23(16): 7273.
|
| [16] |
Llansó T, Hedgecock D A, Pendergrass J. The state of cyber resilience: Now and in the future [J]. Johns Hopkins APL Technical Digest, 2021, 35(4): 328‒334.
|
| [17] |
Malatji M, Marnewick A L, Von Solms S. Cybersecurity capabilities for critical infrastructure resilience [J]. Information & Computer Security, 2022, 30(2): 255‒279.
|
| [18] |
Yusif S, Hafeez-Baig A. A conceptual model for cybersecurity governance [J]. Journal of Applied Security Research, 2021, 16(4): 490‒513.
|
| [19] |
Eckhardt P, Kotovskaia A. The EU´s cybersecurity framework: The interplay between the cyber resilience act and the NIS2 directive [J]. International Cybersecurity Law Review, 2023, 4(2): 147‒164.
|
| [20] |
Cyber resilient organization study 2021 [EB/OL]. [2023-03-24]. https://www.ibm.com/resources/guides/cyber-resilient-organization-study.
|
| [21] |
Pettit T J. Supply chain resilience: Development of conceptual framework, an assessment tool and an implementation process [D]. Olumbus: The Ohio State University (Doctoral dissertation), 2008.
|
| [22] |
Kulugh V E, Mbanaso U M, Chukwudebe G. Cybersecurity resilience maturity assessment model for critical national information infrastructure [J]. SN Computer Science, 2022, 3(3): 217.
|
| [23] |
Wu J X. Cyberspace mimic defense: Generalized robust control and endogenous security [M]. Cham: Springer International Publishing, 2020.
|
| [24] |
Kelly B, Jacky F, Ryan M L, et al. How aligning security and the business creates cyber resilience [C]. Ireland: State of Cybersecurity Resilience 2021, 2021.
|
| [25] |
肖前, 李秀林, 汪永祥. 辩证唯物主义原理 [M]. 北京: 人民出版社, 1981.
|
| [26] |
邬江兴. 网络空间内生安全发展范式 [J]. 中国科学: 信息科学, 2022, 52(2): 189‒204.
|
| [27] |
邬江兴. 网络空间内生安全——拟态防御与广义鲁棒控制(上册) [M]. 北京: 科学出版社, 2020.
|
| [28] |
Ijaz S, Hamayun M T, Yan L, et al. Adaptive fault tolerant control of dissimilar redundant actuation system of civil aircraft based on integral sliding mode control strategy [J]. Transactions of the Institute of Measurement and Control, 2019, 41(13): 3756‒3768.
|
| [29] |
Ijaz S, Yan L, Hamayun M T, et al. Active fault tolerant control scheme for aircraft with dissimilar redundant actuation system subject to hydraulic failure [J]. Journal of the Franklin Institute, 2019, 356(3): 1302‒1332.
|
| [30] |
邬江兴, 季新生, 贺磊, 等. 内生安全赋能网络弹性研究 [J]. 信息通信技术, 2023, 17(4): 4‒11.
|
| [31] |
Ren Q, Guo Z H, Wu J X, et al. SDN-ESRC: A secure and resilient control plane for software-defined networks [J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2366‒2381.
|
| [32] |
Shannon C E. Communication theory of secrecy systems [J]. The Bell System Technical Journal, 1949, 28(4): 656‒715.
|
| [33] |
邬江兴. 内生安全赋能网络弹性工程 [M]. 北京: 科学出版社, 2023.
|
| [34] |
Wang C H, Wei S Y. Highly resilient key distribution strategy for multi-level heterogeneous sensor networks by using deployment knowledge [J]. Journal of Shanghai Jiaotong University (Science), 2011, 16(5): 593‒599.
|
| [35] |
Joseph D, Franks J K, Freeman C N. Reliable and resilient end to end connectivity for heterogeneous [R]. New York: International Business Machines Corporation, 2011.
|
| [36] |
季新生, 伊鹏, 马海龙, 等. 基于系统架构评估的网络弹性度量技术白皮书 [R]. 南京: 紫金山实验室, 2023.
|
| [37] |
Alberts D, Tillman M. NEC2 effectiveness and agility: Analysis methodology, metrics, and experimental results [R]. Alexandria: Institute for Defense Analysis, 2012.
|
| [38] |
Hosseini S, Barker K, Ramirez-Marquez J E. A review of definitions and measures of system resilience [J]. Reliability Engineering & System Safety, 2016, 145: 47‒61.
|
| [39] |
Hausken K. Cyber resilience in firms, organizations and societies [J]. Internet of Things, 2020, 11: 100204.
|
/
| 〈 |
|
〉 |
