摘要
在经历SolarWinds供应链攻击、Microsoft Exchange攻击及Log4j漏洞等重大网络事件后,零信任已成为美国政府及国防部公认的应对网络攻击的安全架构。美国防部于2022年11月发布《零信任战略》,全面阐述战略目标、实施路径及实施方法,提出围绕零信任7大支柱设定的45项独立能力,旨在增强美国防部网络安全能力并保持美军在数字战场上的信息优势。通过该战略,明晰美军零信任行动计划、能力及相关活动,以期为我军筹划实施具有自身特色的安全模式提供参考。
After major cyber incidents such as the SolarWinds supply chain attack,the Microsoft Exchange attack,and the Log4j vulnerability,zero trust has become a security framework recognized by the U.S.government and the Department of Defense(DoD)to deal with cyber attacks.The U.S.Department of Defense released the Zero Trust Strategy in November 2022,which comprehensively expounds the strategic goals,implementation paths,and implementation methods,and proposing 45 independent capabilities around the seven pillars of zero trust,aimed at enhancing U.S.DoD cybersecurity capabilities and maintaining U.S.military information superiority on the digital battlefield.Through this strategy,the U.S.military’s zero trust operation plan,capabilities,and related activities are clarified,in order to provide a reference for China’s military to plan and implement a security model with its own characteristics.
作者
李祯静
张小军
郝志超
LI Zhenjing;ZHANG Xiaojun;HAO Zhichao(China Academy of Electronic and Information Technology,Beijing 100041,China;CETC Research Center for Development and Strategy,Beijing 100041,China;No.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《信息安全与通信保密》
2023年第1期10-15,共6页
Information Security and Communications Privacy
关键词
零信任
网络安全
信息环境
安全防护
zero trust
cyber security
information environment
security protection
