|
|
- 2016
威胁态势感知视域下国家网络安全审查法律制度的塑造
|
Abstract:
国家网络安全审查制度必须正视“风险残余”的棘手问题,尽管各国为实现信息技术产品和服务安全均建立了相对完备的审查制度或过程,但网络安全的改善状况却并不乐观;指出造成国家网络安全审查效用低下的根本原因是安全风险的“泛在化”,需要国家网络安全审查制度改变目前“节点控制”的审查方法,强调国家保有对风险的实时感知和应对能力;威胁态势感知可以作为理念引入到国家网络安全审查法律制度的塑造过程中,国家网络安全审查应确立“风险控制”的制度价值,采用“动态监测”的审查方式,明确“IT供应链”的审查范围。
The national cyber security review system must face the thorny issue of "risk residual", because the improvement of cyber security situation is not optimistic though most countries have alredy established review system or process in order to make the information technology products and services safe. The root cause of the low utility of cyber security review is that the risk is ubiquitous. On the basis of the above anaysis, this paper suggests that the national cyber security review system should change the current "node control" review method, and emphasizes that the state retain the ability to perceive and respond to the risks in real time. In this case, the threat situation awareness can be used as a concept in the process of model of national cyber security review legal system, which requires to establish the system value of "risk control", to use the dynamic monitoring review mode, and to make the "IT supply chain" review scope clear
| [1] | [26]MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY. Department of electronics and information technology, national cyber security policy[R].India,2013:8-9. |
| [2] | [27]THE WHITE HOUSE. The Comprehensive National Cybersecurity Initiative[R].US,2008:5. |
| [3] | [3]李双元、蒋新苗、沈红宇.法律理念的内涵与功能初探[J].湖南师范大学社会科学学报,1997(4):53-55. |
| [4] | [8]刘超.网络安全态势感知在网络安全监控中的作用[J].信息安全与技术,2011(12):30-32. |
| [5] | [9]MICHAEL LEE.Australian Defence White Paper emphasises need for cybersecurity[EB/OL].[2015-12-02].http://www.zdnet.com/article/australian-defence-white-paper-emphasises-need-for-cybersecurity |
| [6] | [11]MINISTRY OF COMMUNICATION AND INFORMATION TECHNOLOGY. Department of electronics and information technology, national cyber security policy[R].India,2013:9. |
| [7] | [12]庞德.通过法律的社会控制[M].北京:商务印书馆,1984:55. |
| [8] | [13]U,S. House of Representatives. Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE[R]. 112th Congress,2012:5. |
| [9] | [6]ENDSLEY MR. Design and evaluation for situation awareness enhancement[M]. Human Factors Society 32nd Annual Meeting. Santa Monica, California; 1988: 97-101. |
| [10] | [14]THE CABINET OFFICE. The UK Cyber Security Strategy Protecting and promoting the UK in a digital world[R].UK,2011:15. |
| [11] | [21]STACY SIMPSON.The Software Supply Chain Integrity Framework:Defining Risks and Responsibilities for Securing Software in the Global Supply Chain[R].Safecode,2009:6. |
| [12] | [7]ARNBORG S, ARTMAN H, BRYNIELSSON J, WALLENIUS K. Information awareness in command and control: precision, quality, utility [EB/OL].[2015-12-10]. <a href="http://www.csc.kth.se/~joel/iq.pdf">http://www.csc.kth.se/~joel/iq.pdf</a>. |
| [13] | [10]PRIME MINISTER. Cyber Security Strategy of the United Kingdom safety, security and resilience in cyber space[R].UK,2009:5. |
| [14] | [15]GAO. Information security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk[R].GAO,2009:2. |
| [15] | [22]HELEN PECK. Drivers of supply chain vulnerability: an integrated framework[J].International Journal of Physical Distribution & Logistics Management, 2005(4):210-232. |
| [16] | [1]左晓栋.近年中美网络安全贸易纠纷回顾及其对网络安全审查制度的启示[J].中国信息安全,2014(8):69-72. |
| [17] | [2]马民虎,李江鸿.我国信息安全法的法理念探析[J]. 西安交通大学学报(社会科学版),2007(5):74-80. |
| [18] | [4]左晓栋.以务实态度对待网络安全审查制度[J].中国信息安全,2015(5):88-89. |
| [19] | [5]PETER SWIRE, KENESA AHMAD. Encryption and globalization[M]. The Columbia Science & technology law review, spring 2012:416-481. |
| [20] | [16]陈月华,冯伟.来自安全审查的网络风险整治力量[J]. 信息安全与通信保密,2014(9):33-34. |
| [21] | [17]李雪,杨晨.对话专家,建言审查[J]. 信息安全与通信保密,2014(8):27-33. |
| [22] | [18]P BARFORD, M DACIER, T G.Dietterich. Cyber SA: Situational Awareness for Cyber Defense[J]. the series Advances in Information Security ,2009(9):3-4. |
| [23] | [19]ANGELA MOSCARITOLO. Obama orders 60-day cybersecurity review[EB/OL]. [2015-12-04]. <a href="http://www.scmagazine.com/obama-orders-60-day-cybersecurity-review/article/127141/">http://www.scmagazine.com/obama-orders-60-day-cybersecurity-review/article/127141/</a> |
| [24] | [20]SIMON SHARWOOD. Australia to conduct national cyber-security review[EB/OL]. [2015-12-04]. <a href="http://www.theregister.co.uk/2014/11/27/australia_to_conduct_national_cybersecurity_review/">http://www.theregister.co.uk/2014/11/27/australia_to_conduct_national_cybersecurity_review/</a> |
| [25] | [23]SCOTT CHARNEY,ERIC T WERNER. Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust[R].Microsoft,2011:1. |
| [26] | [24]CERT-UK.Cyber-security risks in the supply chain[R].UK,2015:3. |
| [27] | [25]GAO. IT Supply Chain National Security-Related Agencies Need to Better Address Risks[R]. USA, 2012:6. |
