“2017年12月18日,美国总统特朗普公布了其任内首份《国家安全战略报告》。此报告中列出了四大支柱,即保卫美国国土安全、促进美国繁荣、以强力捍卫和平与提升美国影响力。盘古智库摘编并翻译了报告中同“网络安全”相关的内容,供各方参考。”
前言(Introduction)
First, our fundamental responsibility is to protect the American people, the homeland, and the American way of life. …… We will protect our critical infrastructure and go after malicious cyber actors. (pp. 4)
首先,我们最基本的职责就是保卫美国人民、国土安全和捍卫美国生活方式。……我们将会保护我们的关键基础设施,并搜索、追捕哪些恶意的网络行为体
Third, we will preserve peace through strength by rebuilding our military so that it remains preeminent, deters ouradversaries, and if necessary, is able to fight and win. …… We will strengthen America’s capabilities—including in space and cyberspace—and revitalize others that have been neglected. (pp. 4)
第三,我们会以强力捍卫和平。我们将会重建我们的军队,从而让其继续保持优秀。我们会威慑我们的敌人,并在必要时同其战斗并取得胜利。我们会继续增强美国的实力,包括在太空和网络空间的实力,并去关注并增强那些过去曾被我们所忽视的方面。
第一支柱 保卫美国人民、国土安全和捍卫美国生活方式
(Pillar 1 Protect the American People, the Homeland, and the American Way of Life)
Secure U.S. Borders and Territory
State and non-state actors place the safety of the American people and the Nation’s economic vitality at risk by exploiting vulnerabilities across the land, air, maritime, space, and cyberspace domains. Adversaries constantly evolve their methods to threaten the United States andour citizens. We must be agile and adaptable. (pp. 8)
保护美国领土的安全
国家和非国家行为体通过利用美国陆、海、空、太空以及网络空间五大领域的漏洞而让美国人民的安全受到威胁。敌对势力不断采取新的手段威胁到美国及其人民的安全。对此,我们必须灵活应变。
Dismantle Transnational Criminal Organizations
The United States must devote greater resources to dismantle transnational criminal organizations (TCOs) and their subsidiary networks……. Every day they deliver drugs to American communities,fuel gang violence, and engage in cybercrime……. In addition, some state adversaries use TCOs as instruments of national power, offering them territorial sanctuary where they are free to conduct unattributable cyber intrusions, sabotage, theft, and political subversion. (pp. 11-12)
捣毁跨国犯罪组织
美国必须在捣毁跨国犯罪组织(TCOs)及其子网络方面投入更大的力度。……每一天,这些跨国犯罪组织都在向美国社区输送毒品,激化帮派冲突,并从事网络犯罪。……此外,一些对立国家也将跨国犯罪组织作为其工具,通过为这些组织提供庇护所来让其发动难以被甄别的网络攻击、破坏活动、盗窃以及政治颠覆。
Priority Actions
COUNTER CYBERCRIMINALS: We will use sophisticated investigative tools to disrupt the ability of criminals to use online marketplaces, cryptocurrencies, and other tools for illicit activities. The United States will hold countries accountable for harboring these criminals. (pp. 12)
首要对策
反网络犯罪:我们会通过精密的调查工具来阻止不法分子利用网络市场,加密货币和其他方式从事非法活动。美国将会让窝藏这些不法分子的国家负责。
Keep America Safe in the Cyber Era (pp. 12-13)
America’s response to the challenges and opportunities of the cyber era will determine our future prosperity and security. For most of our history, the United States has been able to protect the homeland by controlling its land, air, space, and maritime domains. Today, cyberspace offers state and non-stateactors the ability to wage campaigns against American political, economic, and security interests without ever physically crossing our borders. Cyberattacks offer adversaries low-cost and deniable opportunities to seriously damage or disrupt critical infrastructure, cripple American businesses, weaken our Federal networks, and attack the tools and devices that Americans use every day to communicate and conduct business.
保障美国在网络时代的安全
美国对网络时代机遇和挑战的应对将决定它未来的繁荣与安全。在过去的大部分时期,美国通过控制其陆地、空中,太空和海域来保卫国土安全。今天,网络空间为国家和非国家行为体提供了影响美国的政治、经济和安全利益的能力,而开展相关活动无需跨越美国的边界。网络攻击为(美国的)对手提供了虽然成本低廉且难以被确认,但却可以严重破坏关键的基础设施、削弱美国的商业和联邦网络、攻击美国人民日常所需设备的机会。
Critical infrastructure keeps our food fresh,our houses warm, our trade flowing, and our citizens productive and safe. The vulnerability of U.S. critical infrastructure to cyber, physical, and electromagnetic attacks means that adversaries could disrupt military command and control, banking and financial operations, the electrical grid, and means of communication.
关键的基础设施保障食物新鲜、住房温暖、贸易流动、公民安全且富有生产力。因此,美国关键基础设施面对网络、物理和电磁攻击时的脆弱性意味着对手可以(通过它)破坏军事指挥和控制、银行和金融业务以及电网和通讯工具。
Federal networks also face threats. These networks allow government agencies to carry out vital functions and provide services to the American people. The government must do a better job of protecting data to safeguard information and the privacy of the American people. Our Federal networks must be modernized and updated.
联邦网络也面临威胁。这些网络使政府机构能够履行重要职能,为美国人民提供服务。政府必须更好地保护数据,从而保护美国人民的信息和隐私。我们的联邦网络必须进行现代化,并不断更新。
In addition, the daily lives of most Americans rely on computer-driven and interconnected technologies. As our reliance on computers and connectivity increases, we become increasingly vulnerable to cyberattacks. Businesses and individuals must be able to operate securely in cyberspace.
此外,大多数美国人的日常生活依赖由计算机驱动并相互关联的技术。随着我们对计算机和互联网的依赖度的增加,我们越来越容易受到网络攻击。企业和个人必须能够在网络空间安全地运作。
Security was not a major consideration when the Internet was designed and launched. As it evolves, the government and private sector must design systems that incorporate prevention, protection, and resiliency from the start, not as an afterthought.We must do so in a way that respects free markets, private competition, and the limited but important role of government in enforcing the rule of law. As we build the next generation of digital infrastructure, we have an opportunity to put our experience into practice.
当互联网被设计和推行的时候,安全并不是主要的考虑因素。随着互联网不断发展,情势发生了改变。政府和私营部门必须一开始就设计防治结合、具有弹性的系统,而不是作为事后的补救措施。为了实现这一点,我们必须尊重自由市场、私人竞争,相信政府在法治实施方面有限但重要的作用。在构建下一代数字化基础设施的过程中,我们有机会将自身的经验付诸实践。
The Internet is an American invention, and itshould reflect our values as it continues to transform the future forall nations and all generations. A strong, defensible cyber infrastructure fosters economic growth, protects our liberties, and advancesour national security.
互联网作为美国的发明,应该反映我们的价值观,继续改变各国及后代的未来。一个强大、可靠的网络基础设施应促进经济增长、保卫自由,并保障我们的国家安全。
Priority Actions
IDENTIFY AND PRIORITIZE RISK: To improve the security andresilience of our critical infrastructure, we will assess risk across six key areas: national security, energy and power, banking and finance, health and safety, communications, and transportation. We will assess where cyberattacks could have catastrophic or cascading consequences andprioritize our protective efforts, capabilities, and defenses accordingly.
首要对策
识别和优先处理风险:为了提高关键基础设施的安全性和弹性,我们将评估六个关键领域的风险:国家安全、能源和电力、银行和金融、健康和安全、通信和运输。我们将评估网络攻击可能带来的灾难性及一系列后果,并相应地优先考虑保护工作、能力和防御措施。
BUILD DEFENSIBLE GOVERNMENT NETWORKS: We will use the latest commercial capabilities, shared services, and best practices to modernize our Federal information technology. We will improve our ability to provide uninterrupted and secure communications and services under all conditions.
建立合理的政府网络:我们将使用最新的商业能力、共享服务和最佳规范来实现联邦政府信息技术的现代化。我们将提高技能,在各种条件下提供不间断的、安全的通信和服务。
DETERAND DISRUPT MALICIOUS CYBER ACTORS: The Federal Government will ensure that those charged with securing critical infrastructure have the necessary authorities, information, and capabilities to prevent attacks before they affect or hold at risk U.S. critical infrastructure. The United States will impose swift and costly consequences on foreign governments, criminals, and other actors who undertake significant malicious cyber activities. We will work with allies and friends to expand our awareness of malicious activities. A stronger and more resilient critical infrastructure will strengthen deterrence by creating doubt in our adversaries that they can achieve their objectives.
威慑和瓦解恶意的网络行为体:联邦政府将确保负责保护关键基础设施的人员拥有必要的权威、信息和能力,以防止美国的关键基础设施受到影响或遭到威胁。美国将使从事重大恶意网络活动的外国政府、罪犯和其他行为体承受迅速且高昂的代价。我们将与盟友和朋友一道提高对该类恶意活动的警惕。一个更强大也更有弹性的关键基础设施将加强威慑力量,使我们的对手怀疑他们(的攻击)是否可以达成目标。
IMPROVE INFORMATION SHARING AND SENSING: The U.S. Government will work with our critical infrastructure partners to assess their informational needs and to reduce the barriers to information sharing, such as speed and classification levels. We will also invest in capabilities that improve the ability of the United States to attribute cyberattacks. In accordance with the protection of civil liberties and privacy, the U.S. Government will expand collaboration with the private sector so that we can better detect and attribute attacks.
提高信息共享和读出:美国政府将与关键基础设施合作伙伴一同评估信息需求、减少信息共享的障碍(如传播速度和分类等级)。我们还将投资以提高美国识别网络攻击的能力。根据保护公民自由和隐私的原则,美国政府将扩大与私营部门的合作,以便我们能够更好地检测和识别攻击。
DEPLOY LAYERED DEFENSES: Since threats transit globally, passing through communications backbones without challenge, the U.S.Government will work with the private sector to remediate known bad activities at the network level to improve the security of all customers. Malicious activity must be defeated within a network and not be passed on to its destination whenever possible.
部署分层防御:由于威胁可以在全球范围内轻松地通过主干通信网,美国政府将与私营部门合作,在网络层面修复已知的不良活动,以保障客户的安全。恶意活动必须在网络中被击败,使其无法危及美国人民。
第二支柱 促进美国繁荣
(Pillar 2 Promote American Prosperity)
Rejuventate the Domestic Economy
Economic challenges at home demand that we understand economic prosperity as a pillar of national security. …… America’sdigital infrastructure also fell behind. Improvements in bandwidth, better broadband connectivity, and protection from persistent cyberattacks are neededto support America’s future growth. (pp. 18)
复兴国内经济
国内经济挑战要求我们必须理解经济的繁荣是国家安全的一个支柱。…… 美国数字基础设施同样需要发展。带宽、更好的宽带连接以及对持续网络攻击的防护对于美国未来的发展是必不可少的。
Promote and Protect the U.S. National Security Innovation Base
Over the years, rivals have used sophisticated means to weaken our businesses and our economy as facets of cyber-enabled economic warfare and other malicious activities. (pp. 21)
推动并保护美国国家安全创新基础
近几年,美国的竞争对手通过包括网络经济战和其他不法手段在内的许多精密措施虚弱美国的商业和经济。
Embrace Energy Dominance
Priority Actions
ENSURE ENERGY SECURITY: The United States will work with allies and partners to protect global energy infrastructure from cyber and physical threats. (pp. 23)
保证在能源领域的支配地位
首要对策
保护能源安全:美国将同盟国和伙伴一道,共同保护全球能源基础设施免受网络和物理威胁。
第三支柱 以强力捍卫和平
(Pillar 3 Preserve Peace Through Strength)
A central continuity in history is the contest for power…… Russia aims to weaken U.S. influence in the world and divide us from our allies and partners. ……Russia is investing in new military capabilities, including nuclear systems that remain the most significant existential threat to the United States, and in destabilizing cyber capabilities. (pp. 25-26)
权力较量一直都是历史的中心话题。…… 俄罗斯以削弱美国的影响和分化美国及其盟国和伙伴的关系为目标。…… 俄罗斯正在投资建设新的军事力量,包括一直以来都是美国最主要外部威胁的核武器系统,以及网络力量。
Renew America’s Competitive Advantages
The United States must consider what is enduring about the problems we face, and what is new. …… The spread of accurate and inexpensive weapons and the use of cyber tools have allowed state and non-state competitors to harm the United States across various domains. Such capabilities contest what was until recently U.S. dominance across the land,air, maritime, space, and cyberspace domains. (pp. 26-27)
恢复美国的竞争优势
美国必须仔细思考当前我们所面临的问题中哪些是过去问题的延续,哪些是新的问题。…… 精确且廉价的武器的散播以及对网络工具的使用使得许多国家和非国家竞争者可以在多个领域侵害到美国。这些领域包括陆地、空中、海洋、太空以及网络空间。
Renew Capabilities
Military
Priority Actions
RETAIN AFULL-SPECTRUM FORCE: The Department of Defense must develop new operational concepts and capabilities to win without assured dominancein air, maritime, land, space, and cyberspace domains, including against those operating below the level of conventional military conflict (pp. 29)
恢复美国的实力
军事实力
首要对策
保持全方位实力:美国国防部必须发展出新的概念及能力,来保证美国能在不拥有陆、海、空、太空以及网络空间支配地位的情况下取得胜利。包括确保在哪些未到达常规军事冲突层次的冲突的胜利。
Defense Industrial Base
As America’s manufacturing base has weakened, so too have critical workforce skills ranging from industrial welding, to high-technology skills for cyber security and aerospace. (pp. 29-30)
国防工业基础
在过去的二十年间,美国的制造业基础受到了损害,同样,美国的劳动力,从基础工业劳动力到网络安全和航空航天等高技术劳动力同样受到了损害。
Cyberspace (pp. 31-32)
Malicious state and non-state actors use cyberattacks for extortion, information warfare, disinformation, and more. Such attacks have the capabilities to harm large numbers of people and institutions with comparatively minimal investmentand a troubling degree of deniability. These attacks can undermine faith and confidence in democratic institutions and the global economic system.
网络空间
一些恶意的国家和非国家行为体使用网络攻击进行勒索、信息战或伪造虚假信息等。这种攻击能利用相对少的投入损害大量的人员和机构,并且难以被查证。这类攻击可能危及人们对民主机制和全球经济体系的信心。
Many countries now view cyber capabilities as tools for projecting influence, and some use cyber tools to protect and extend their autocratic regimes. Cyberattacks have become a key feature of modern conflict. The United States will deter, defend, and when necessary defeat malicious actors who use cyberspace capabilities against the United States. When faced with the opportunity to take action against malicious actors in cyberspace, the United States will be risk informed, but not risk averse, in considering our options.
现在许多国家都把网络能力视为投射影响力的工具,有些则使用网络工具来保护和扩大专制政权。网络攻击已经成为现代冲突的一个关键特征。美国将威慑,捍卫,并在必要时打败利用网络空间攻击美国的恶意行为体。当获得对网络空间恶意行为体采取行动的机会时,在谋划行动的过程中,美国将会明确行动可能带来的风险,但不会仅因为厌恶风险而选择规避风险。
Priority Actions
IMPROVE ATTRIBUTION, ACCOUNTABILITY, AND RESPONSE: We will invest in capabilities to support and improve our ability to attribute cyberattacks, to allow for rapid response.
首要对策
改善甄别,追责和响应:我们将对能够提升甄别网络攻击能力的相关建设增大支持力度,以便快速做出反应。
ENHANCE CYBER TOOLS AND EXPERTISE: We will improve our cyber tools across the spectrum of conflict to protect U.S. Government assets and U.S. critical infrastructure, and to protect the integrity of data and information. U.S. departments and agencies will recruit, train, and retain a workforce capable of operating across this spectrum of activity.
增强网络工具和专业程度:我们将改进网络工具以应对不同层次的争端以保护美国政府资产和美国重要的基础设施,并保护数据和信息的完整性。美国的各部门和机构将招聘、培训并维持一支能够在这一系列活动中运作的人员队伍。
IMPROVE INTEGRATION AND AGILITY: We will improve the integration of authorities and procedures acrossthe U.S. Government so that cyber operations against adversaries can be conducted as required. We will work with the Congress to address the challenges that continue to hinder timely intelligence and information sharing, planning and operations, and the development of necessary cyber tools.
提高综合性和灵活度:我们将改进和整合美国政府部门与流程,从而满足美国开展网络行动的需要。我们将与国会合作,共同应对阻碍情报信息共享、规划和行动时效性以及必要网络工具发展的挑战。
Diplomacy and Statecraft
Information Statecraft
America’s competitors weaponize informationto attack the values and institutions that underpin free societies, while shielding themselves from outside information. …… Russia uses information operations as part of its offensive cyber efforts to influence public opinionacross the globe. (pp. 34-35)
外交和治国之道
信息治国之道
美国的竞争对手将信息技术武器化,从而在攻击支撑美国社会的价值观和机制的同时,保护他们自身不受外界信息得影响。…… 俄罗斯将信息技术行动作为其攻击性网络能力的一部分,对全球范围内的公众观点产生影响。
第四支柱 提升美国影响力
(Pillar 4 Advance American Influence)
Achieve Better Outcomes in Multilateral Forums
Priority Actions
ENSURE COMMON DOMAINS REMAIN FREE:The United States will provide leadership and technology to shape and govern common domains—space, cyberspace, air, and maritime—within the framework of international law. (pp. 41)
在多边论坛中取得更好的成果
首要对策
保证公共领域的自由:美国将会国际法框架内领导并提供相关技术来对公共领域进行塑造和治理。这些领域包括太空、网络空间、天空与海洋。
美国在各地区的战略
(The Strategy in a Regional Context)
Indo-Pacific
In Northeast Asia, the North Korean regime is rapidly accelerating its cyber, nuclear, and ballistic missile programs. (pp.46)
印太地区
在东北亚地区,朝鲜正在大幅加速其在网络、核武器和弹道导弹项目上的发展步伐
Europe
Priority Actions
MILITARY ANDSECURITY: The United States fulfills our defense responsibilities and expects others to do the same. ……We will increase counterterrorism and cybersecurity cooperation. (pp. 48)
欧洲地区
首要对策
军事和安全:美国将会履行自身对于欧洲的防务责任,并希望其他国家也能履行同样的责任。…… 我们会同其他国家加强在反恐和网络安全领域的合作。
Middle East
ISIS and al-Qa’ida thrive on instability and export violent jihad. Iran, the world’s leading state sponsor of terrorism, has taken advantage of instability to expand its influence through partners and proxies, weapon proliferation, and funding. It continues to develop more capable ballistic missiles and intelligence capabilities, and it undertakes malicious cyber activities. (pp. 49)
中东地区
伊斯兰国和基地组织能否发展壮大关键取决于地区的动荡局势以及伊斯兰极端注意的传播。伊朗作为世界头号“支恐”国家已经借助动荡的地区形势,通过代理人、散播武器和资金支持扩大了其影响力。伊朗会持续发展其弹道导弹和情报能力,也会不断采取非法网络行为。
|