美國政府公佈《網絡空間國際戰略》

時間 2020-01-16

原文原文鏈接

2011年5月16日，美國政府發佈了一份《網絡空間國際戰略》（International Strategy for Cyberspace）。文檔副標題是Prosperity, Security, and Openness
in a Networked World（構建一個繁榮、安全和開放的網絡化世界）。根據中新社的報道，《網絡空間國際戰略》全文共25頁，前言由總統奧巴馬撰寫，其後的正文分四個部分，分別是「制定網絡空間政策」、「網絡空間的將來」、「政策重點」及「繼續前進」。php

在「政策重點」一節，美國列出往後它將在網絡世界着力推動的七大政策重點，即：git

——在經濟領域增強接觸，確保互聯網爲全球繁榮和科技創新作出貢獻，並加大保護知識產權；安全

——在網絡安全領域增進合做，加強美國及全球互聯網的安全性、可靠性及靈活性；網絡

——在執法領域增強網絡立法和執行力度，提升全球打擊網絡犯罪的能力；session

——在軍事領域與盟友通力合做，提升盟友應對網絡威脅的能力，並確保美國軍用網絡的安全；app

——在互聯網管理領域增強各國間的溝通交流，保障全球網絡系統、包括域名系統的穩定和安全；less

——在國際發展領域援助合做夥伴構建「數字基礎設施」，幫助他們提升抵禦網絡威脅的能力；dom

——在網絡自由方面增強保護隱私，促進網絡表達自由、集會自由及結社自由；ide

美國國務卿希拉里在發言中稱，上述七大政策重點構成了美國「網絡外交」的主要內容，從此美國將全力推動這些政策，並會在這些政策領域繼續發揮美國的領導做用。ui

上文中，紅色部分是我比較關注的地方，也就是跟信息安全有關的內容。

這份戰略文件表述了是美國政府對於網絡空間（CyberSpace，也有稱網際空間）的基本國策，很明顯的能夠看出該政府是其現實世界的價值觀的延伸。美國不只是全球（地理上）的超級大國，也是全球（網絡空間上）的超級大國。基本上，該政策闡述了美國政府對於網絡空間在經濟、政治、政府建設、軍隊建設、民衆服務等方面的基本政策。

同時，還能夠看出，對於Cyberspace，當前最重要的是安全問題，即Cybersecurity, 或者Cyberspace Security（網絡空間安全）的問題。

這份文檔也能夠看做是美國網絡空間安全領域的一份最新的綱領性文件。從2003年小布什政府發佈《保護網絡空間的國家戰略》，到奧巴馬政府不斷深化網絡空間安全策略，例如奧巴馬十分重視從2001年開始搞的網絡空間安全意識月活動（2009年的主題是「咱們共同的責任」），支持軍方搞網絡戰模擬演習，成立網絡司令部，到2009年5月29日發佈《網絡空間政策評估——保障可信和強健的信息和通訊基礎設施》，奧巴馬政府對網絡空間安全十分重視。而這其中最重要的就是政府祕密進行的網絡空間安全保護計劃（代號NSPD54）。這個計劃鮮有曝光，最多讓人瞭解到的是2010年RSA大會上公佈的一份旨在緩解民衆緊張情緒的針對該計劃的介紹性文檔。

在《網絡空間國際戰略》正文的開始，引用了一句奧巴馬在《網絡空間政策評估——保障可信和強健的信息和通訊基礎設施》報告發表會上的講話，「這個世界——網絡空間——是一個咱們每一天都要依靠的世界……（它）把咱們比人類歷史上任什麼時候候都要更加緊密地聯繫在一塊兒。」

《戰略》的第二章闡述了美國政府對於網絡空間的將來的觀點，認爲網絡空間應該是

開放和互通的
安全和可靠的：着重談及了弱點消除、風險消除、突發事件響應
符合規範的穩定

如下是美國政府對於在將來網絡空間中擔負的防衛角色的描述：

Defense: Dissuading and Deterring
The United States will defend its networks, whether the threat comes from terrorists, cybercriminals, or states and their proxies. Just as importantly, we will seek to encourage good actors and dissuade and deter those who threaten peace and stability through actions in cyberspace. We will do so with overlapping policies that combine national and international network resilience with vigilance and a range of credible response options. In all our defense endeavors, we will protect civil liberties and privacy in accordance with our laws and principles.
Defense Objective：The United States will, along with other nations, encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuading and deterring malicious actors, and reserving the right to defend these vital national assets as necessary and appropriate.

Dissuasion
Protecting networks of such great value requires robust defensive capabilities. The United States will continue to strengthen our network defenses and our ability to withstand and recover from disruptions and other attacks. For those more sophisticated attacks that do create damage, we will act on well-developed response plans to isolate and mitigate disruption to our machines, limiting effects on our networks, and potential cascade effects beyond them.
Strength at Home. Ensuring the resilience of our networks and information systems requires collective and concerted national action that spans the whole of government, in collaboration with the private sector and individual citizens. For a decade, the United States has been fostering a culture of cybersecurity and an effective apparatus for risk mitigation and incident response. We continue to emphasize that systematically adopting sound information technology practices—across the public and private sectors—will reduce our Nation’s vulnerabilities and strengthen networks and systems. We are also making steady progress towards shared situational awareness of network vulnerabilities and risks among public and private sector networks. We have built new initiatives through our national computer security incident response team to share information among government, key industries, our critical infrastructure sectors, and other stakeholders. And we continually seek new ways to strengthen our partnership with the private sector to enhance the security of the systems on which we both rely.
Strength Abroad. This model of defense has been successfully shared internationally through education, training and ongoing operational and policy relationships. Today, through existing and developing collaborations in the technical and military defense arenas, nations share an unprecedented ability to recognize and respond to incidents—a crucial step in denying would-be attackers the ability to do lasting damage to our national and international networks. However, a globally distributed network requires globally distributed early warning capabilities. We must continue to produce new computer security incident response capabilities globally, and to facilitate their interconnection and enhanced computer network defense. The United States has a shared interest in assisting less developed nations to build capacity for defense, and in collaboration with our partners, will intensify our focus on this area. Building relationships with friends and allies will increase collective security across the international community.
Deterrence
The United States will ensure that the risks associated with attacking or exploiting our networks vastly outweigh the potential benefits. We fully recognize that cyberspace activities can have effects extending beyond networks; such events may require responses in self-defense. Likewise, interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders.
In the case of criminals and other non-state actors who would threaten our national and economic security, domestic deterrence requires all states have processes that permit them to investigate, apprehend, and prosecute those who intrude or disrupt networks at home or abroad. Internationally, law enforcement organizations must work in concert with one another whenever possible to freeze perishable data vital to ongoing investigations, to work with legislatures and justice ministries to harmonize their approaches, and to promote due process and the rule of law—all key tenets of the Budapest Convention on Cybercrime.

When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners. We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.

最後，若是你要看一看該戰略的中文譯稿，請參考這裏。

【參考】

人民日報：美國發布《網絡空間國際戰略》的背後

美國白宮下屬委員會經過網絡空間安全協調和意識法案

從網絡間諜到網絡戰