Cyberspace美国白宫解读编辑本段回目录
Cyberspace美国白宫解读
继Big Data之后,第二周情报分析的讨论主题是:cyberspace。这次,我选择以美国白宫的相关文件为切入点,对Cyberspace进行解读。
本周的讨论思路如下:
Cyberspace的定义讨论,提出问题
The white house file “international strategy for cyberspace”
"national cybersecurity center policy capture" and "commenrical/civil cyber community snapshot"
四个问题的提出
一、cyberspace的定义讨论
首先,我们来看看维基百科、百度百科对于cyberspace的定义(学界比较认可的翻译为:赛博空间)
维基百科:“Cyberspace is the electronic medium of computer networks, in which online communication takes place.”
百度百科:“赛博空间(Cyberspace)是哲学和计算机领域中的一个抽象概念,指在计算机以及计算机网络里的虚拟现实"
利用CNKI学术定义工具,我们可以直观的看到,目前中国学界对于赛博空间的认识,主要有四点:
1.“赛博空间”是指屏幕后的由互联网络所构成的特殊宇宙空间.由干成千上万电脑通过互联网而实现实时联接,全世界的人们可以在这一“虚拟社会”(VinualCommunication)中,进行相互之间的通讯、贸易、科研等交往;
2、因此有人甚至说人类现今生存在虚拟的数字空间内(也称为赛博空间).也有一些学者将这一虚拟空间称为领陆、领空、领水、浮动领土以外的第五领域或第五空间;
3、因此与与现实社会中人们的交往相比,网络交往具有无限广阔的空间(现在人们把网络的空间称为“赛博空间”),即网络交往在广度和深度上,都是现实社会中的交往所无法比拟的;
4、现在,人们把计算机数字化信息储存和处理能力通过现代通讯网络技术联结起来络技术联结起来所造就的一个崭新的社会生活和交流的空间(与IT产业相关)称为“赛博空间”;
可以看出,wiki和百度都倾向于把赛博空间定义为一种虚拟的社区,这种网络则是由电脑网络构成的。而学界对于此的看法也基本一致,也有学者总结除了cyberspace的四大特性:虚拟性、潜在性、互动性和共享性,在这里,我们不做深入讨论。
基于此,我们可以达成一些共识:
cyberspace是基于computer networks
cyberspace是虚拟的
cyberspace既可以理解为一种网络空间,也可以更细致的理解为一种新的交流方式
本文提出的第一个问题,为何美国白宫要将cyberspace引入到国家战略层次?
要提到上一次美国人在此领域引入的国家战略还是著名的“信息高速公路计划”,现在回过头去看,信息高速路不仅仅是指建设一批信息基础设施,更是美国政府的长远眼光,从战略的角度对未来的世界进行了清楚的剖析。我们说,凡是被上升到国家战略层次的东西,都不会是看起来那么简单,它一定涉及到国家的长远发展、民生的重大保障等切身利益。
二、 The white house file “international strategy for cyberspace”
在美国白宫的网站(http://www.whitehouse.gov/cyberreview/documents/),有一页专门叫做cyberspace Policy Review,基本上,你可以在上面找到所有美国白宫有关Cyberspace的文件。从2003年开始,美国政府就开始关注cyberspace的有关发展,并出台了一些政策。国内这一方面的研究,根据CNKI的数据,最早从事cyberspace的研究的是清华大学科学技术与社会研究所的曾国屏,而国内的关于cyberspace的政策研究则一直处于迟缓状态。
在上面的cyberspace Policy Review中,我从美国总统办公室2011年5月发布的一个法令来看。法令的PDF可以在网上下载
(http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf)
2.1 introduce
在法令的序言中,奥巴马向我们展示了Cyberspace时代带给我们的繁荣,交流的便利和合作的机制,也警告我们警惕又cyberspace引发的安全问题(cybersecurity),最后向全世界所有国家提出倡议,一起来,更精彩(尼玛,我头脑里是怎么蹦出这个词来的?)
我们重点分析几句话:
“Cybersecurity is not an end unto itself….to ensure that innovation continues to flourish, drive markets, and improve lives…free speech and association, privacy, and the free flow of information.”
这是第一次,该法令中向我们表达的美国政府对于cyberspace的立场,他们希望cyberspace蓬勃的发展,任何理由,包括cybersecurity都不能成为阻碍它发展的理由,为什么?这个后面会详细提到。同时,他们也希望维护他们的信仰:演讲与结社的自由,隐私权,和信息流动的自由等。
This is not the first time my Administration has addressed the policy challenges surrounding these technologies, but it is the first time that our nation has laid out an approach that unifies our engagement with international partners on the full range of cyber issues. And so this strategy outlines not only a vision for the future of cyberspace, but an agenda for realizing it.
这是极其重要的一段话,它表明,这并不是美国政府第一次表明他们应对技术挑战的立场,但这确是他们第一次以国家的姿态,联合他们国际上的伙伴,对所有范围内的网络问题提出的解决方案。这并不是纸上谈兵。
Together, we can work together to build a future for cyberspace that is open, interoperable, secure, and reliable.
最后,奥巴马政府向全世界的国家发出号召:一起来,更精彩!并且描绘了未来cyberspace的美好画面,也可以说是美国政府对未来的憧憬和努力方向:开放、合作、安全、可靠。这也是这篇法案的核心之核心。
2.2 Table of contents
目录是看待整个问题的框架,以及美国政府对待此问题的逻辑,从目录中,我们能看到很多东西。
Table of Contents
I. Building Cyberspace Policy
Strategic Approach
Building on Successes
Recognizing the Challenges
Grounded in Principle
II. Cyberspace’s Future
The Future We Seek
Open and Interoperable: A Cyberspace That Empowers
Secure and Reliable: A Cyberspace That Endures
Stability Through Norms
Our Role in Cyberspace’s Future
Diplomacy: Strengthening Partnerships
Defense: Dissuading and Deterring
Development: Building Prosperity and Security
III. Policy Priorities
Economy: Promoting International Standards and Innovative, Open Markets
Protecting Our Networks: Enhancing Security, Reliability, and Resiliency
Law Enforcement: Extending Collaboration and the Rule of Law
Military: Preparing for 21st Century Security Challenges
Internet Governance: Promoting Effective and Inclusive Structures
International Development: Building Capacity, Security, and Prosperity
Internet Freedom: Supporting Fundamental Freedoms and Privacy
IV. Moving Forward
首先,我不得不说米国佬对于国家战略层面的事是极其认真的,并且毫无纸上谈兵之势,从最开始的Strategic Approach开始,句句真刀真枪,既然我推出了,我就要这么做。
其次,全文很简短,整篇法令不过30页,但就是这30页,美国政府向我们描述了一副未来的宏图,一副看起来真的很好的宏图,并且详细的谈了美国在这计划中应该做些什么?扮演怎样的角色?
最后,政策的优先事项,从现在的实际情况出发,对七个部门进行了决策上的建议和指导。
整篇文章毫无拖沓,也没有务虚,而是实实在在的在把cyberspace当成一件事业在做,并且,要做就要竭力做好。
2.3 Building Cyberspace Policy
从数字基础设施谈起,讲到总有一天,数字基础设施会成为全球性的,并且任何一个国家是不可能对其进行单独管理的。接着谈到我们需要的网络科技必须是可以信赖的和安全的,前者是用户的信赖,后者是网络本身必须安全。目前,全球已经有超过三分之一的人口每天都会和英特网发生直接的接触,由互联网形成的社区也越来越大,并且已经发展成为了全球性的。最后,他还强调,物理世界的变化会影响到cyberspace,而cyberspace的变化,也会影响到物理世界的发展。
接着,他讲了美国对于该事件的战略途径,这篇文章从以下三个方面来谈:
Building on success
The United States is committed to preserving and enhancing the benefits of digital networks to our societies and economies.
Recognizing the challenges
The United States acknowledges that the growth of these networks brings with it new challenges for our national and economic security and that of the global community.
Grounded in principle
The United States will confront these challenges—while preserving our core principles.
我们重点分析该段文章的以下几段话:
The reach of networked technology is pervasive and global. For all nations, the underlying digital infrastructure is or will soon become a national asset.
这句话可以看成本篇文章的逻辑出发点,即:网络基础设施,包括互谅网本省,将会很快成为所有国家的资产,而这种资产是全球性的,是我们必须采取措施进行管理和保护的,才能使其健康的发展。
To realize fully the benefits that network technology promises the world, these system must function reliable and securely.
这是美国政府对cyberspace提出的第一个,个人认为也是最为重要的要求:可靠,必须安全。这两者其实是相互依靠的,可靠是用户对cyberspace的信息,如果他不安全,比如经常发生欺诈、盗窃等现象,那么我们认为他就是不安全的,所以,可靠性必须建立在安全至上,但安全并不能保证可靠,我们还需要相关的法律和标准化的流程对cyberspace进行保护。
It must retain the openness and interoperability that have characterized its explosive growth.
这是美国政府对cyberspace提出的第二个要求:开放、合作。这是美国人赖以生存与与生俱来的意识,他们的国家制度建立在开放和自由至上,所以对cyberspace提出这些要求也是在情理中的。美国人通过自己的研究发现,开放和合作是互联网的根本属性,也是互联网赖以发展的要素,所以,任何cyberspace的政策和要求,不能破坏cyberspace的开放与合作性。这一点,在后面还会讲到。
The future of an open, interoperable, secure and reliable cyberspace depends on nations recognizing and safeguarding that which should endure, which confronting those who would destabilize or undermine our increasingly networked world.
最后,美国政府总结说,未来开放、合作、安全、可信的cyberspace是建立在国家意识与维护意识之上的,我们必须认识到问题的长久性和艰巨性,要下极大的决心为网络世界做努力。这里也暗含了美国政府要寻求盟友和合作者的愿望。
In this work, we are grounded in principals essential not just to American foreign policy, but to the future of the Internet itself.
这句话是在谈到strategy approach的第一句话。这句话本身可能有点冠冕堂皇,但是,的却,我认为人类社会是需要一批人为这样一件事去努力,这是值得的。我一直也认为,做一件事得抱着信念,正确的价值导向是信念很重要的标准。
在谈到基本原则的时候,美国政府提到了一下三点:
Fundamental Freedoms
Privacy
Free Flow of Information
下面三句话是基本自由原则下面最重要的三句话:
our commitment to freedom of expression and association is abiding, but does not come at the expense of public safety or the protection of our citizens.
Fundamental freedoms is the ability to seek, receive and impart information and ideas through any medium and regardless of frontiers has never been more relevant.
As a nation, we are not blind to those Internet users with malevolent intentions, but recognize that exceptions to free speech in cyberspace must also be narrowly tailored
我们可以看到美国人对于自由的底线,言论和结社的自由是必须保障的,但有些时候对于公共安全的保护以及对于公民自身的保护则被排除在外,这也是911之后美国的热点话题。之后对cyberspace的基本自由给出了具体的定义,它是一种在任何媒介、并且跨越国界的对信息和想法的获取、接受的能力。
在具体的做法上,美国的做法很令人深思,他们不能盲目的屏蔽到有害的思想和言论,但是他们能通过其他的方法,对这些恶毒的、有害的言论进行限制。(作为天朝人躺着中枪呀)
这里还能看出另外一点:可否理解为,美国人在这份文件中在向国际表达自己的立场的同时,也在寻找对话(或是在输出思想),建立针对cyberspace的国际共识。
Privacy没有什么好说的,就目前而言,信息公开与隐私权边界是说不清道不明的,而且在信息技术的发展下,这样的情况会引起越来越多的争议。在free flow of information上,我们重点关注下面三句话:
The best cybersecurity solutions are dynamic and adaptable, with minimal impact on network performance.
States do not, and should not have to choose between the free flow of information and the security of their networks.
Both supports our national security and advances our common values.
在这一段,文件围绕free flow of information,谈了他们认为cyberspace最佳的解决方法,他们认为这种方法应该是动态性和适应性的,并且能用最小的影响换来网络的最佳表现。在这里,他谈到了国家不能以任何理由在信息的免费流通和安全上做选择,因为前者是最基本的原则,并且把目前天朝的GFW的象限称之为illusion of security,现实证明,这可能真的是一种幻觉。最后,美国人表达了他们的决心,希望在安全和普世价值上找到能相互包容的解决方法。
2.3 Cyberspace’s Future
这一章,文件在反复的对美国政府所主导的理念进行深化,包括前面提到的,安全、可靠、自由与协作这些特性等,在此基础上,该文件明确的提出了他们所期望的未来:
The United States will work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation. To achieve that goal, we will build and sustain an environment in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace.
接下来,文件又对他们所期望的目标进行了详细的解释,重点集中在:Open and Interoperable: A Cyberspace That Empowers;Secure and Reliable: A Cyberspace That Endures;Stability Through Norms。
在提到Open and Interoperable: A Cyberspace That Empowers时,文件提到:
The collaborative development of consensus-based international standards for information and communication technology is a key part of preserving openness and interoperability, growing our digital economies, and moving our societies forward.
可以看出,美国人在这次事件中是极其强调合作的。在谈到Secure and Reliable: A Cyberspace That Endures时,文件从Economically, politically, socially全方面的解释了为什么未来的cyberspace要安全并且可靠。
接着,在谈到Stability through norms时,文件首先强调了范式的作用,然后阐述了美国在建设未来cyberspace时的基本范式——upholding fundamental freedoms, respect for property, valuing privacy, protection for crime, right of self-defense.
下面我们重点来研究两句话:
The development of norms for state conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete Long-standing international norms guiding state behavior—in times of peace and conflict—also apply in cyberspace.
这说明美国政府既不主张新建法,也不主张照搬,而是按照一般的国际惯例来引导政府行为。我想这与目前美国在此方面拥有较强的国际优势有关。
In designing the next generation of these systems, we must advance the common interest by supporting the soundest technical standards and governance structures, rather than those that will simply enhance national prestige or political control.
这句话也很有意思,美国人希望从技术和政府构架来解决问题,而不是加强国家的特权和政府控制。这是理念的差别,很难说谁好谁坏,但开放一定是今后的趋势。
接下来,文件重点从外交、防御、发展三个方面阐述了美国政府在建设cyberspace的角色。
Diplomacy: Strengthening Partnerships
Diplomatic Objective: The United States will work to create incentives for, and build consensus around, an international environment in which states—recognizing the intrinsic value of an open, interoperable, secure, and reliable cyberspace—work together and act as responsible stakeholders.
Defense: Dissuading and Deterring
Defense Objective: The United States will, along with other nations, encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuading and deterring malicious actors, and reserving the right to defend these vital national assets as necessary and appropriate.
Development: Building Prosperity and Security
Development Objective: The United States will facilitate cybersecurity capacity-building abroad, bilaterally and through multilateral organizations, so that each country has the means to protect its digital infrastructure, strengthen global networks, and build closer partnerships in the consensus for open, interoperable, secure, and reliable networks
这里我就不多谈了,文件中写的十分详细。
2.4 Policy Priorities
文章的最后一部分讲了政策的优先事项,从经济、保护、法律、军队、国际组织、互联网自由等多方面谈来在最近几年,我们应该优先解决什么问题。我对这些问题进行了总结,详见下:
Economy: Promoting International Standards and Innovative, Open Markets
l Sustain a free-trade environment that encourages technological innovation on accessible, globally linked networks.
l Sustain a free-trade environment that encourages technological innovation on accessible, globally linked networks.
l Ensure the primacy of interoperable and secure technical standards, determined by technical experts.
Protecting Our Networks: Enhancing Security, Reliability, and Resiliency
l Promote cyberspace cooperation, particularly on norms of behavior for states and cybersecurity, bilaterally and in a range of multilateral organizations and multinational partnerships.
l Reduce intrusions into and disruptions of U.S. networks.
l Ensure robust incident management, resiliency, and recovery capabilities for information infrastructure
l Improve the security of the high-tech supply chain, in consultation with industry.
Law Enforcement: Extending Collaboration and the Rule of Law
l Participate fully in international cybercrime policy development
l Harmonize cybercrime laws internationally by expanding accession to the Budapest Convention
l Focus cybercrime laws on combating illegal activities, not restricting access to the Internet
l Deny terrorists and other criminals the ability to exploit the Internet for operational planning, financing, or attacks.
Military: Preparing for 21st Century Security Challenges
l Recognize and adapt to the military’s increasing need for reliable and secure networks.
l Build and enhance existing military alliances to confront potential threats in cyberspace.
l Expand cyberspace cooperation with allies and partners to increase collective security.
Internet Governance: Promoting Effective and Inclusive Structures
l Prioritize openness and innovation on the Internet.
l Preserve global network security and stability, including the domain name system(DNS)
l Promote and enhance multi-stakeholder venues for the discussion of Internet governance issues
International Development: Building Capacity, Security, and Prosperity
l International Development: Building Capacity, Security, and Prosperity
l Continually develop and regularly share international cybersecurity best practices.
l Enhance states’ ability to fight cybercrime—including training for law enforcement, forensic specialists, jurists, and legislators.
l Develop relationships with policymakers to enhance technical capacity building, providing regular and ongoing contact with experts and their United States Government counterparts.
Internet Freedom: Supporting Fundamental Freedoms and Privacy
l Support civil society actors in achieving reliable, secure, and safe platforms for freedoms of expression and association.
l Collaborate with civil society and nongovernment organizations to establish safeguards protecting their Internet activity from unlawful digital intrusions.
l Encourage international cooperation for effective commercial data privacy protections.
l Ensure the end-to-end interoperability of an Internet accessible to all.
3. "national cybersecurity center policy capture" and "commenrical/civil cyber community snapshot"
前面讲到,美国任何一个上升到国家战略角度的概念提出,都是多个部门协同合作,并且是一整套的解决方案。下面,我们来看两个图:
这张很容易看懂,讲的是美国国家赛博空间安全中心是如何合作的,并且他们的核心策略是什么。这里就不仔细讲了,主要是看他们的战略是一体系的,是一整套的解决方案。
这张要看懂就难一点,但和上一张的意思差不多,上面黄色的部分是公共的和私人的伙伴,主要是一些机构和论坛,中部红色的是一些股份公司,你会看到熟悉的MS,AT&T等,第三排紫色部分是学术机构和智库,主要是大学里面的一些团队和研究所,蓝色的是社会上的一些社团,最下面的绿色的是国际组织。
可以看出,无论从政府角度还是商业角度,美国政府在cyberspace上都有一整套合作的解决方案。
4. 四个问题的提出
文章的最后,我在白宫的网站上看到四个问题,关于cyberspace的四个问题,写在结尾。其实很多东西看上去很好,但实际实施起来,还是有相当多的问题。
1. What should be the federal government’s role in protecting critical infrastructure from cyber attacks from nation-state/non-nation-state actors?
2. What are the thresholds at which businesses/organizations report cyber security incidents to government entities like US-CERT (ostensibly beyond what’s legally mandated, such as state laws on reporting data breaches)?
3. What specific changes are needed to make public-private partnerships more effective and workable? What measures are necessary to ensure an approach where “action plans” are employed which businesses/government can effectively measure progress toward a cyberspace that is “assured, reliable, and survivable”? (What are industry roles and responsibilities? How should we think about private sector accountability?)
4. How can industry and government achieve a national cyber security posture which encourages innovation and prosperity? (How do we amplify both security and economic prosperity? Are current government structures effective? How can we create and maintain security in cyberspace while balancing the need for economic growth, privacy, etc.?)
参考文献编辑本段回目录
http://choijun.blog.163.com/blog/static/11332624920128213291946/
