刘国柱.零信任战略与美国网络安全的现代化[J].国际安全研究,2023,(6):3-28 |
零信任战略与美国网络安全的现代化 |
Zero Trust Strategy and Modernization of U.S. Cybersecurity |
修订日期:2023-10-15 |
DOI:10.14093/j.cnki.cn10-1132/d.2023.06.001 |
中文关键词: 零信任 关键基础设施 网络安全 数据战略 |
英文关键词: Zero Trust, key infrastructure, cybersecurity, data strategy |
基金项目: |
|
摘要点击次数: 887 |
全文下载次数: 744 |
中文摘要: |
零信任是一种专注于资源保护的网络安全范式,其前提是信任永远不会隐式授予,而是必须持续评估。这一安全范式是随着互联网、物联网、大数据、云计算等数字应用场景的拓展而产生的。零信任架构的核心原则是通用身份验证、访问分割、最小信任授权、加密无处不在以及持续监控和调整。美国政府加速推进零信任战略,既是美国传统网络安全系统失能、网络安全理念和技术迭代的要求,也是数字时代大国竞争的组成部分,同时还是美国国防数字战略现代化的需要。美国政府加强基于顶层设计的网络安全宏观布局,明确实施零信任战略的关键事项,并确立了联邦政府推动零信任安全体系的基本原则。零信任安全框架的核心领域是关键基础设施、国家安全系统和国防系统,美国确立了以网络安全和基础设施安全局为轴心的推动零信任布局的“全政府”架构。零信任不仅仅是技术的转变,还是一种文化。零信任架构从以网络安全为中心转向以数据安全为中心。零信任不仅是网络安全防御战略,也是进攻战略,即在稳固自身安全的同时,无所顾忌地向对手发起攻击。美国在网络安全领域攻击性的增强,将给包括中国在内的世界其他国家的网络安全带来更大的压力。在这种情势下,中国政府机构、企业、网络安全工作人员须共同努力,打造中国自主可控、安全便捷的现代化网络安全体系。 |
英文摘要: |
Zero Trust is a cybersecurity paradigm based on the premise that trust is never implicitly granted but must be continuously validated. This security paradigm that focuses on resource protection has emerged with the expansion of digital applications such as the Internet, Internet of Things, big data and cloud computing. The core principles of Zero Trust architecture include universal identity verification, access segmentation, least trust authorization, pervasive encryption, continuous monitoring, and adaptation. Identity, devices, networks, applications and workloads, as well as data constitute the pillars of Zero Trust architecture. The U.S. government is accelerating the implementation of distinct Zero Trust capabilities and activities, driven by the need to modernize its traditional cybersecurity systems, adapt to evolving cybersecurity concepts and technologies, and compete as a major player in the digital age. Zero Trust architecture is also crucial for the modernization and informatization of the U.S. defense digital strategy. The U.S. government has strengthened its top-level cybersecurity layout, outlined key initiatives for implementing its Zero Trust strategy, and highlighted basic principles in advancing its Zero Trust security system at the federal government level. As a result, key infrastructure projects, national security systems and defense systems are regarded as core areas for the implementation of Zero Trust architecture, which has contributed much to the establishment of a “whole-of-government” framework with the Cybersecurity and Infrastructure Security Agency as the pivot. Giving more attention to data security than cybersecurity, Zero Trust is not only a technology issue, but also a matter of culture concerning the shift in cybersecurity design approaches. At the same time, Zero Trust is both a cybersecurity defensive strategy and an offensive one, allowing organizations to secure themselves and launch attacks against their adversaries without hesitation. The United States is greatly enhancing its offensive capabilities in the field of cybersecurity, which will put greater pressure on other countries. Against this backdrop, collaborative efforts are called for from Chinese government agencies, enterprises, and cybersecurity professionals to build a modern, autonomous, and secure cybersecurity system in China. |
查看全文
查看/发表评论 下载PDF阅读器 |
关闭 |
|
|
|