网络安全战略与方法发展现状、趋势及展望  

作　　者：邬江兴[1] 季新生[1] 贺磊 谢宇 牛玉坤 张帆[3] Wu Jiangxing;Ji Xinsheng;He Lei;Xie Yu;Niu Yukun;Zhang Fan(National Digital Switching System Engineering&Technological R&D Center,Zhengzhou 450002,China;Purple Mountain Laboratories,Nanjing 211111,China;School of Electrical and Information Engineering,Zhengzhou University,Zhengzhou 450001,China)

机构地区：[1]国家数字交换系统工程技术研究中心,郑州450002 [2]紫金山实验室,南京211111 [3]郑州大学电气与信息工程学院,郑州450001

出　　处：《中国工程科学》2025年第1期14-27,共14页Strategic Study of CAE

基　　金：中国工程院咨询项目“国家数据空间发展路径与技术体系研究”(2024-XBZD-05),“国家数据空间发展战略研究”(2023-XBZD-16)。

摘　　要：在全球数字生态系统底层驱动范式转型的推动下,网络安全已成为一个至关重要的议题,其重要性与日俱增。本文深入分析了当前网络安全战略与方法的发展现状和未来发展趋势,全面评估了全球网络安全格局的变化,详细介绍了国外网络安全战略的发展现状,重点分析了美国和欧盟的相关政策;探讨了网络弹性、设计安全和零信任等国际主流网络安全方法,以及我国原创的内生安全理论和拟态构造技术;在此基础上指出我国网络安全发展具有庞大的市场应用前景、完整的信息产业链、系统化的人才培养体系和原创技术理论等优势,但在安全责任分配机制、法律法规体系完善度以及安全标准建设等方面仍存在提升空间;研究建议,加快制定中国特色网络安全政策法规,构建基于内生安全的网络安全架构,推动网络安全责任从用户侧向制造侧转移,为建立全面的网络安全责任和质量控制体系提供有力支撑,提升数字产品的整体安全性。Under the impetus of the paradigm shift driven by the global digital ecosystem,cybersecurity has become a critical issue of ever-increasing importance.This study provides an in-depth analysis of the current state and future trends of cybersecurity strategies and methods,offering a comprehensive assessment of the changes in the global cybersecurity landscape.It details the development of international cybersecurity strategies,with a focus on the policies of the United States and the European Union.The study also explores mainstream cybersecurity methods such as cyber resilience,security by design,and zero trust,as well as China’s original theories on endogenous safety and security and the mimic defense technology.Based on this,this study points out that the cybersecurity development in China has advantages such as a vast-market application scenario,a complete information industry chain,a systematic talent training system,and original technical theories.However,there is still room for improvement in security responsibility allocation mechanisms,legal system completeness,and security standards development.The study recommends accelerating the formulation of cybersecurity policies and regulations with Chinese characteristics,constructing a cybersecurity architecture based ons endogenous safety and security,and shifting cybersecurity responsibilities from the user side to the manufacturing side.These measures aim to provide strong support for establishing a comprehensive cybersecurity responsibility and quality control system,enhancing the overall security of digital products.

关 键 词：网络安全战略 网络安全方法 内生安全 网络安全责任转移 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]