首页科技娱乐体育干货女人设计时尚旅游美食语录健康

从美国白宫相关文件的解读cyberspace

2016-01-08 22:53:00来源:20区编辑:转角遇见你

从美国白宫相关文件的解读cyberspace

Cyberspace——对美国白宫相关文件的解读

Big Data之后,第二周情报分析的讨论主题是:cyberspace。这次,我选择以美国白宫的相关文件为切入点,对Cyberspace进行解读。

本周的讨论思路如下:

  • Cyberspace的定义讨论,提出问题

  • The white house file “international strategy for cyberspace”

  • "national cybersecurity center policy capture" and "commenrical/civil cyber community snapshot"

  • 四个问题的提出

Big Data之后,第二周情报分析的讨论主题是:cyberspace。这次,我选择以美国白宫的相关文件为切入点,对Cyberspace进行解读。

本周的讨论思路如下:

  • Cyberspace的定义讨论,提出问题

  • The white house file “international strategy for cyberspace”

  • "national cybersecurity center policy capture" and "commenrical/civil cyber community snapshot"

  • 四个问题的提出

一、cyberspace的定义讨论

首先,我们来看看维基百科、百度百科对于cyberspace的定义(学界比较认可的翻译为:赛博空间)

维基百科:“Cyberspace is the electronic medium ofcomputer networks, in which online communication takes place.”

百度百科:赛博空间(Cyberspace)是哲学和计算机领域中的一个抽象概念,指在计算机以及计算机网络里的虚拟现实"

利用CNKI学术定义工具,我们可以直观的看到,目前中国学界对于赛博空间的认识,主要有四点:

1.“赛博空间是指屏幕后的由互联网络所构成的特殊宇宙空间.由干成千上万电脑通过互联网而实现实时联接,全世界的人们可以在这一虚拟社会VinualCommunication)中,进行相互之间的通讯、贸易、科研等交往;

2、因此有人甚至说人类现今生存在虚拟的数字空间内(也称为赛博空间).也有一些学者将这一虚拟空间称为领陆、领空、领水、浮动领土以外的第五领域或第五空间;

3、因此与与现实社会中人们的交往相比,网络交往具有无限广阔的空间(现在人们把网络的空间称为赛博空间,即网络交往在广度和深度上,都是现实社会中的交往所无法比拟的;

4、现在,人们把计算机数字化信息储存和处理能力通过现代通讯网络技术联结起来络技术联结起来所造就的一个崭新的社会生活和交流的空间(与IT产业相关)称为赛博空间”;

可以看出,wiki和百度都倾向于把赛博空间定义为一种虚拟的社区,这种网络则是由电脑网络构成的。而学界对于此的看法也基本一致,也有学者总结除了cyberspace的四大特性:虚拟性、潜在性、互动性和共享性,在这里,我们不做深入讨论。

基于此,我们可以达成一些共识:

§ cyberspace是基于computer networks

§ cyberspace是虚拟的

§ cyberspace既可以理解为一种网络空间,也可以更细致的理解为一种新的交流方式

本文提出的第一个问题,为何美国白宫要将cyberspace引入到国家战略层次?

要提到上一次美国人在此领域引入的国家战略还是著名的信息高速公路计划,现在回过头去看,信息高速路不仅仅是指建设一批信息基础设施,更是美国政府的长远眼光,从战略的角度对未来的世界进行了清楚的剖析。我们说,凡是被上升到国家战略层次的东西,都不会是看起来那么简单,它一定涉及到国家的长远发展、民生的重大保障等切身利益。

二、 The white house file “international strategy forcyberspace”

在美国白宫的网站(http://www.whitehouse.gov/cyberreview/documents/),有一页专门叫做cyberspace Policy Review,基本上,你可以在上面找到所有美国白宫有关Cyberspace的文件。从2003年开始,美国政府就开始关注cyberspace的有关发展,并出台了一些政策。国内这一方面的研究,根据CNKI的数据,最早从事cyberspace的研究的是清华大学科学技术与社会研究所的曾国屏,而国内的关于cyberspace的政策研究则一直处于迟缓状态。

在上面的cyberspace Policy Review中,我从美国总统办公室20115月发布的一个法令来看。法令的PDF可以在网上下载(http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf

2.1 introduce

在法令的序言中,奥巴马向我们展示了Cyberspace时代带给我们的繁荣,交流的便利和合作的机制,也警告我们警惕又cyberspace引发的安全问题(cybersecurity),最后向全世界所有国家提出倡议,一起来,更精彩(尼玛,我头脑里是怎么蹦出这个词来的?)

我们重点分析几句话:

“Cybersecurity is not an end untoitself….to ensure that innovation continues to flourish, drive markets, andimprove lives…free speech and association, privacy, and the free flow ofinformation.”

这是第一次,该法令中向我们表达的美国政府对于cyberspace的立场,他们希望cyberspace蓬勃的发展,任何理由,包括cybersecurity都不能成为阻碍它发展的理由,为什么?这个后面会详细提到。同时,他们也希望维护他们的信仰:演讲与结社的自由,隐私权,和信息流动的自由等。

Thisis not the first time my Administration has addressed the policy challengessurrounding these technologies, but it is the first time that our nation haslaid out an approach that unifies our engagement with international partners onthe full range of cyber issues. And so this strategy outlines not only avision for the future of cyberspace, but an agenda for realizing it.

这是极其重要的一段话,它表明,这并不是美国政府第一次表明他们应对技术挑战的立场,但这确是他们第一次以国家的姿态,联合他们国际上的伙伴,对所有范围内的网络问题提出的解决方案。这并不是纸上谈兵。

Together, we can work together to build afuture for cyberspace that is open, interoperable, secure, and reliable.

最后,奥巴马政府向全世界的国家发出号召:一起来,更精彩!并且描绘了未来cyberspace的美好画面,也可以说是美国政府对未来的憧憬和努力方向:开放、合作、安全、可靠。这也是这篇法案的核心之核心。

2.2 Table of contents

目录是看待整个问题的框架,以及美国政府对待此问题的逻辑,从目录中,我们能看到很多东西。

Table of Contents

I. Building Cyberspace Policy

Strategic Approach

Building on Successes

Recognizing the Challenges

Grounded in Principle

II. Cyberspace’s Future

The Future We Seek

Open and Interoperable: A Cyberspace ThatEmpowers

Secure and Reliable: A Cyberspace ThatEndures

Stability Through Norms

Our Role in Cyberspace’s Future

Diplomacy: Strengthening Partnerships

Defense: Dissuading and Deterring

Development: Building Prosperity andSecurity

III. PolicyPriorities

Economy: Promoting International Standards andInnovative, Open Markets

Protecting Our Networks: Enhancing Security,Reliability, and Resiliency

Law Enforcement: Extending Collaboration and the Ruleof Law

Military: Preparing for 21st Century SecurityChallenges

Internet Governance: Promoting Effective and InclusiveStructures

International Development: Building Capacity,Security, and Prosperity

Internet Freedom: Supporting Fundamental Freedoms andPrivacy

IV. Moving Forward

首先,我不得不说米国佬对于国家战略层面的事是极其认真的,并且毫无纸上谈兵之势,从最开始的Strategic Approach开始,句句真刀真枪,既然我推出了,我就要这么做。

其次,全文很简短,整篇法令不过30页,但就是这30页,美国政府向我们描述了一副未来的宏图,一副看起来真的很好的宏图,并且详细的谈了美国在这计划中应该做些什么?扮演怎样的角色?

最后,政策的优先事项,从现在的实际情况出发,对七个部门进行了决策上的建议和指导。

整篇文章毫无拖沓,也没有务虚,而是实实在在的在把cyberspace当成一件事业在做,并且,要做就要竭力做好。

2.3 BuildingCyberspace Policy

从数字基础设施谈起,讲到总有一天,数字基础设施会成为全球性的,并且任何一个国家是不可能对其进行单独管理的。接着谈到我们需要的网络科技必须是可以信赖的和安全的,前者是用户的信赖,后者是网络本身必须安全。目前,全球已经有超过三分之一的人口每天都会和英特网发生直接的接触,由互联网形成的社区也越来越大,并且已经发展成为了全球性的。最后,他还强调,物理世界的变化会影响到cyberspace,而cyberspace的变化,也会影响到物理世界的发展。

接着,他讲了美国对于该事件的战略途径,这篇文章从以下三个方面来谈:

  • Building on success

    • The United States is committed to preserving and enhancing the benefits of digital networks to our societies and economies.

  • Recognizing the challenges

    • The United States acknowledges that the growth of these networks brings with it new challenges for our national and economic security and that of the global community.

  • Grounded in principle

    • The United States will confront these challenges—while preserving our core principles.

我们重点分析该段文章的以下几段话:

The reach of networked technology is pervasive andglobal. For all nations, the underlying digital infrastructure is or willsoon become a national asset.

这句话可以看成本篇文章的逻辑出发点,即:网络基础设施,包括互谅网本省,将会很快成为所有国家的资产,而这种资产是全球性的,是我们必须采取措施进行管理和保护的,才能使其健康的发展。

To realize fully the benefits that network technologypromises the world, these system must function reliable and securely.

这是美国政府对cyberspace提出的第一个,个人认为也是最为重要的要求:可靠,必须安全。这两者其实是相互依靠的,可靠是用户对cyberspace的信息,如果他不安全,比如经常发生欺诈、盗窃等现象,那么我们认为他就是不安全的,所以,可靠性必须建立在安全至上,但安全并不能保证可靠,我们还需要相关的法律和标准化的流程对cyberspace进行保护。

It must retain the opennessand interoperability that have characterized its explosive growth.

这是美国政府对cyberspace提出的第二个要求:开放、合作。这是美国人赖以生存与与生俱来的意识,他们的国家制度建立在开放和自由至上,所以对cyberspace提出这些要求也是在情理中的。美国人通过自己的研究发现,开放和合作是互联网的根本属性,也是互联网赖以发展的要素,所以,任何cyberspace的政策和要求,不能破坏cyberspace的开放与合作性。这一点,在后面还会讲到。

The future of an open,interoperable, secure and reliable cyberspace depends on nations recognizingand safeguarding that which should endure, which confronting those who woulddestabilize or undermine our increasingly networked world.

最后,美国政府总结说,未来开放、合作、安全、可信的cyberspace是建立在国家意识与维护意识之上的,我们必须认识到问题的长久性和艰巨性,要下极大的决心为网络世界做努力。这里也暗含了美国政府要寻求盟友和合作者的愿望。

In this work, we are grounded inprincipals essential not just to American foreign policy, but to the futureof the Internet itself.

这句话是在谈到strategy approach的第一句话。这句话本身可能有点冠冕堂皇,但是,的却,我认为人类社会是需要一批人为这样一件事去努力,这是值得的。我一直也认为,做一件事得抱着信念,正确的价值导向是信念很重要的标准。

在谈到基本原则的时候,美国政府提到了一下三点:

  • Fundamental Freedoms

  • Privacy

  • Free Flow of Information

下面三句话是基本自由原则下面最重要的三句话:

our commitment to freedom ofexpression and association is abiding, but does not come at the expense ofpublic safety or the protection of our citizens.

Fundamental freedoms is theability to seek, receive and impart information and ideas through anymedium and regardless of frontiers has never been more relevant.

As a nation, we are not blind tothose Internet users with malevolent intentions, but recognize that exceptionsto free speech in cyberspace must also be narrowly tailored

我们可以看到美国人对于自由的底线,言论和结社的自由是必须保障的,但有些时候对于公共安全的保护以及对于公民自身的保护则被排除在外,这也是911之后美国的热点话题。之后对cyberspace的基本自由给出了具体的定义,它是一种在任何媒介、并且跨越国界的对信息和想法的获取、接受的能力。

在具体的做法上,美国的做法很令人深思,他们不能盲目的屏蔽到有害的思想和言论,但是他们能通过其他的方法,对这些恶毒的、有害的言论进行限制。(作为天朝人躺着中枪呀)

这里还能看出另外一点:可否理解为,美国人在这份文件中在向国际表达自己的立场的同时,也在寻找对话(或是在输出思想),建立针对cyberspace的国际共识。

Privacy没有什么好说的,就目前而言,信息公开与隐私权边界是说不清道不明的,而且在信息技术的发展下,这样的情况会引起越来越多的争议。在free flow of information上,我们重点关注下面三句话:

The best cybersecuritysolutions are dynamic and adaptable, with minimal impact on networkperformance.

States do not, and should nothave to choose between the free flow of information and the security of theirnetworks.

Both supports our nationalsecurity and advances our common values.

在这一段,文件围绕free flow of information,谈了他们认为cyberspace最佳的解决方法,他们认为这种方法应该是动态性和适应性的,并且能用最小的影响换来网络的最佳表现。在这里,他谈到了国家不能以任何理由在信息的免费流通和安全上做选择,因为前者是最基本的原则,并且把目前天朝的GFW的象限称之为illusionof security,现实证明,这可能真的是一种幻觉。最后,美国人表达了他们的决心,希望在安全和普世价值上找到能相互包容的解决方法。

2.3 Cyberspace’s Future

这一章,文件在反复的对美国政府所主导的理念进行深化,包括前面提到的,安全、可靠、自由与协作这些特性等,在此基础上,该文件明确的提出了他们所期望的未来:

The United States will work internationally topromote an open, interoperable, secure, and reliable informationand communications infrastructure that supports international trade andcommerce, strengthens international security, and fosters free expressionand innovation. To achieve that goal, we will build and sustain anenvironment in which norms of responsible behavior guidestates’ actions, sustain partnerships, and support the rule of law incyberspace.

接下来,文件又对他们所期望的目标进行了详细的解释,重点集中在:Open and Interoperable: A Cyberspace That EmpowersSecure and Reliable: A Cyberspace That EnduresStability Through Norms

在提到Openand Interoperable: A Cyberspace That Empowers时,文件提到:

The collaborative development ofconsensus-based international standards for information and communicationtechnology is a key part of preserving openness and interoperability, growingour digital economies, and moving our societies forward.

可以看出,美国人在这次事件中是极其强调合作的。在谈到Secure and Reliable: A Cyberspace That Endures时,文件从Economically, politically, socially全方面的解释了为什么未来的cyberspace要安全并且可靠。

接着,在谈到Stabilitythrough norms时,文件首先强调了范式的作用,然后阐述了美国在建设未来cyberspace时的基本范式——upholdingfundamental freedoms, respect for property, valuing privacy, protection forcrime, right of self-defense.

下面我们重点来研究两句话:

The development of norms forstate conduct in cyberspace does not require a reinvention of customary internationallaw, nor does it render existing international norms obsolete Long-standing international norms guiding state behavior—in times of peace andconflict—also apply in cyberspace.

这说明美国政府既不主张新建法,也不主张照搬,而是按照一般的国际惯例来引导政府行为。我想这与目前美国在此方面拥有较强的国际优势有关。

In designing the next generationof these systems, we must advance the common interest by supporting thesoundest technical standards and governance structures, rather thanthose that will simply enhance national prestige or political control.

这句话也很有意思,美国人希望从技术和政府构架来解决问题,而不是加强国家的特权和政府控制。这是理念的差别,很难说谁好谁坏,但开放一定是今后的趋势。

接下来,文件重点从外交、防御、发展三个方面阐述了美国政府在建设cyberspace的角色。

Diplomacy: Strengthening Partnerships

Diplomatic Objective: The UnitedStates will work to create incentives for, and build consensus around, aninternational environment in which states—recognizing the intrinsic value of anopen, interoperable, secure, and reliable cyberspace—work together and act asresponsible stakeholders.

Defense: Dissuading and Deterring

Defense Objective: The UnitedStates will, along with other nations, encourage responsible behavior andoppose those who would seek to disrupt networks and systems, dissuading anddeterring malicious actors, and reserving the right to defend these vitalnational assets as necessary and appropriate.

Development: Building Prosperityand Security

Development Objective: The UnitedStates will facilitate cybersecurity capacity-building abroad, bilaterally andthrough multilateral organizations, so that each country has the means toprotect its digital infrastructure, strengthen global networks, and buildcloser partnerships in the consensus for open, interoperable, secure, and reliablenetworks

这里我就不多谈了,文件中写的十分详细。

2.4 Policy Priorities

文章的最后一部分讲了政策的优先事项,从经济、保护、法律、军队、国际组织、互联网自由等多方面谈来在最近几年,我们应该优先解决什么问题。我对这些问题进行了总结,详见下:

Economy: Promoting InternationalStandards and Innovative, Open Markets

l Sustain a free-trade environment thatencourages technological innovation on accessible, globally linked networks.

l Sustain a free-trade environment thatencourages technological innovation on accessible, globally linked networks.

l Ensure the primacy of interoperable and securetechnical standards, determined by technical experts.

Protecting Our Networks:Enhancing Security, Reliability, and Resiliency

l Promote cyberspace cooperation, particularlyon norms of behavior for states and cybersecurity, bilaterally and in a rangeof multilateral organizations and multinational partnerships.

l Reduce intrusions into and disruptions of U.S.networks.

l Ensure robust incident management, resiliency,and recovery capabilities for information infrastructure

l Improve the security of the high-tech supplychain, in consultation with industry.

Law Enforcement: ExtendingCollaboration and the Rule of Law

l Participate fully in international cybercrimepolicy development

l Harmonize cybercrime laws internationally byexpanding accession to the Budapest Convention

l Focus cybercrime laws on combating illegalactivities, not restricting access to the Internet

l Deny terrorists and other criminals theability to exploit the Internet for operational planning, financing, orattacks.

Military: Preparing for 21stCentury Security Challenges

l Recognize and adapt to the military’sincreasing need for reliable and secure networks.

l Build and enhance existing military alliancesto confront potential threats in cyberspace.

l Expand cyberspace cooperation with allies andpartners to increase collective security.

Internet Governance: PromotingEffective and Inclusive Structures

l Prioritize openness and innovation on the Internet.

l Preserve global network security andstability, including the domain name system(DNS)

l Promote and enhance multi-stakeholder venuesfor the discussion of Internet governance issues

International Development:Building Capacity, Security, and Prosperity

l International Development: Building Capacity,Security, and Prosperity

l Continually develop and regularly shareinternational cybersecurity best practices.

l Enhance states’ ability to fightcybercrime—including training for law enforcement, forensic specialists,jurists, and legislators.

l Develop relationships with policymakers toenhance technical capacity building, providing regular and ongoing contact withexperts and their United States Government counterparts.

Internet Freedom: SupportingFundamental Freedoms and Privacy

l Support civil society actors in achievingreliable, secure, and safe platforms for freedoms of expression andassociation.

l Collaborate with civil society andnongovernment organizations to establish safeguards protecting their Internetactivity from unlawful digital intrusions.

l Encourage international cooperation foreffective commercial data privacy protections.

l Ensure the end-to-end interoperability of anInternet accessible to all.

3. "national cybersecurity center policycapture" and "commenrical/civil cyber community snapshot"

前面讲到,美国任何一个上升到国家战略角度的概念提出,都是多个部门协同合作,并且是一整套的解决方案。下面,我们来看两个图:

这张很容易看懂,讲的是美国国家赛博空间安全中心是如何合作的,并且他们的核心策略是什么。这里就不仔细讲了,主要是看他们的战略是一体系的,是一整套的解决方案。

这张要看懂就难一点,但和上一张的意思差不多,上面黄色的部分是公共的和私人的伙伴,主要是一些机构和论坛,中部红色的是一些股份公司,你会看到熟悉的MSAT&T等,第三排紫色部分是学术机构和智库,主要是大学里面的一些团队和研究所,蓝色的是社会上的一些社团,最下面的绿色的是国际组织。

可以看出,无论从政府角度还是商业角度,美国政府在cyberspace上都有一整套合作的解决方案。

4. 四个问题的提出

文章的最后,我在白宫的网站上看到四个问题,关于cyberspace的四个问题,写在结尾。其实很多东西看上去很好,但实际实施起来,还是有相当多的问题。

1. What should be thefederal government’s role in protecting critical infrastructure from cyber attacksfrom nation-state/non-nation-state actors?

2. What are the thresholds atwhich businesses/organizations report cyber security incidents to governmententities like US-CERT (ostensibly beyond what’s legally mandated, such as statelaws on reporting data breaches)?

3. What specific changesare needed to make public-private partnerships more effective and workable? What measures are necessary to ensure an approach where “action plans”are employed which businesses/government can effectively measure progresstoward a cyberspace that is “assured, reliable, and survivable”? (What are industry roles and responsibilities? How should wethink about private sector accountability?)

微信原文