从“人、财、物”视角出发,提升网络空间的安全态势
Improving Cyberspace Security Situation from Perspective of “Talent, Finance and Infrastructure”
Improving Cyberspace Security Situation from Perspective of “Talent, Finance and Infrastructure”
作者
方滨兴(哈尔滨工业大学(深圳) 深圳 518055)
中文关键词
安全态势;人才认定;网络保险;网络靶场;众测
英文关键词
security situation;talent certification;network security insurance;cyber range;public testing
中文摘要
网络安全已经成为保障经济发展、支撑现代科技进步的一个重要环节。随着万物依赖信息技术的应用,提升网络空间的安全态势变得愈发重要。如何采取有力的手段,切实提升网络空间的安全态势,是文章的核心命题。文章提出要从“人、财、物”的角度出发:(1)解决在网络安全人才供应不足的前提下,重点关注从其他信息技术领域平移过来的人才的能力认证问题,旨在向社会供应有细分领域才能的网络安全人才。(2)通过网络安全保险来解决残余风险的转移问题,以便解决在确定的网络安全态势前提下的成本控制问题;同时,通过网络安全保险来提升企业的风险管控水平,降低社会应对网络安全的总成本,树立企业网络安全应对能力的标杆,为企业的社会责任提供有效的应对工具,为网络安全产品提供能力背书。(3)通过“外打内”模式的网络靶场来提升信息技术产品的抗攻击能力,即通过构建符合系统孪生特性的影子系统来承受持续不断的众测,以强化相应系统的安全抗打击能力。通过这3种方式,达到大幅度提升网络安全态势的目标。
英文摘要
Cyberspace security has been an important part in ensuring economic development and supporting the progress of modern science and technology. As more and more applications are relying on information technology (IT), it becomes very important to improve the security situation of cyberspace. How to take effective measures to practically improve the cyberspace security situation has become the core problem disscussed in this paper. This paper addresses it from the perspectives of "talent, finance and infrastructure". First, on the premise of insufficient supply of cyberspace security talents, this paper proposes to establish the ability certification of talents transferred from other IT fields, in order to provide cyberspace security talents in many subdivided fields. Second, this paper proposes to solve the financial cost control problem under the determined cyberspace security situation through network security insurance, so as to improve the risk control level of enterprises, reduce the cost of social response to cyberspace security, establish the benchmark of response ability, and provide capability endorsement for security products. Third, this paper proposes to improve the anti-attack capability of IT products through the cyber range infrastructure with the "external attack internal" mode, which builds a shadow system to withstand continuous public testing, so as to strengthen the anti-attack capability of the corresponding system. Through the above three ways, the cyberspace security situation can be greatly improved.
DOI10.16418/j.issn.1000-3045.20211117006
作者简介
方滨兴 中国工程院院士。哈尔滨工业大学(深圳)计算机科学与技术学院教授、首席学术顾问。信息内容安全技术国家工程实验室主任,中国中文信息学会理事长,中国网络空间安全人才教育论坛理事长,中国网络空间新兴技术安全创新论坛理事长。主要研究领域包括网络靶场、网络空间新技术安全等。
E-mail:fangbx@cae.cn
FANG Binxing Academician of Chinese Academy of Engineering. He is the chief academic consultant of College of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), and the director of National Engineering Laboratory for Information Security Technologies. He is also the president of Chinese Information Processing Society of China, the Cyberspace Security Talent Education Forum, and China Cyberspace Security Innovation Alliance on Emerging Technology. His main research interests include cyber range, cyberspace security of emerging technologies, etc.
E-mail:fangbx@cae.cn
E-mail:fangbx@cae.cn
FANG Binxing Academician of Chinese Academy of Engineering. He is the chief academic consultant of College of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), and the director of National Engineering Laboratory for Information Security Technologies. He is also the president of Chinese Information Processing Society of China, the Cyberspace Security Talent Education Forum, and China Cyberspace Security Innovation Alliance on Emerging Technology. His main research interests include cyber range, cyberspace security of emerging technologies, etc.
E-mail:fangbx@cae.cn
