Chính phủ Mỹ vừa công bố một tập tài liệu đề xuất các chính sách nhằm đảm bảo một mạng Internet mở và an toàn.
An ninh mạng là một trong những mối quan tâm hàng đầu của nhiều quốc gia.
“Cùng với nhau, chúng ta có thể hợp tác để xây dựng tương lai cho không gian mạng mở, tương thích, an toàn và đáng tin cậy”, bài diễn văn giới thiệu tập tài liệu dày 25 trang mang tên “Chiến lược quốc tế cho không gian ảo” của Tổng thống Obama có đoạn.
Bộ tài liệu không nói nhiều đến các kế hoạch cụ thể, nhưng đề ra các mục tiêu và phạm vi hợp tác quốc tế nhằm đạt được tầm nhìn của Mỹ về không gian mạng, trong đó có 7 lĩnh vực ưu tiên.
Điều phối viên an ninh mạng của Nhà Trắng Howard Schmidt cho biết: “Tài liệu này giải thích những quan điểm, lập trường của Mỹ trong không gian mạng. Làm thế nào để chúng ta có kế hoạch xây dựng sự thịnh vượng, tăng cường an ninh và bảo vệ sự cởi mở trong một thế giới mà kết nối mạng ngày một gia tăng”.
Ngoại trưởng Hillary Clinton cũng cho hay 7 chính sách ưu tiên của chiến lược không gian ảo bao gồm quyền tự do Internet, thúc đẩy, khuyến khích sự liên kết kinh tế và đổi mới thương mại điện tử, đồng thời tăng cường bảo vệ sở hữu trí tuệ.
Các ưu tiên khác bao gồm, tăng cường khả năng thực thi pháp luật để đối phó với tội phạm mạng, tăng cường hợp tác quân sự, giúp đỡ các liên minh của Mỹ trong việc đương đầu với các mối đe dọa từ không gian mạng, theo Defense News.
James Lewis, một chuyên gia về an ninh mạng tại Trung tâm nghiên cứu chiến lược quốc tế, nhận định: “Đây không phải là một tài liệu đặc biệt táo bạo, nhưng là một bước khởi đầu tốt đẹp”.
Thứ trưởng Bộ Quốc phòng William Lynn cho biết: “Thống kê mạng của Lầu Năm Góc tiết lộ mỗi ngày có hàng triệu cá nhân và hơn 100 cơ quan tình báo nước ngoài cố gắng thâm nhập vào mạng lưới của chúng tôi hoặc các đối tác công nghiệp của chúng tôi”.
An ninh không gian mạng đang là một thách thức mang tính toàn cầu. Nhiều ý kiến nhận định cho rằng các cuộc tấn công từ không gian mạng là một mối nguy cơ mới đối với an ninh quốc gia của tất cả các nước trên thế giới. Bởi giờ đây Internet đã là một phần không thể thiếu của xã hội loài người. Tất cả mọi thứ đều được đưa lên Internet, những lợi ích mà Internet mang lại rõ ràng là rất lớn, cùng với đó là nguy cơ cũng rất lớn bắt đầu từ đây.
The Administration Unveils its Cybersecurity Legislative Proposal
Posted by Howard A. Schmidt on May 12, 2011
Today I am happy to announce that the Administration has transmitted a cybersecurity legislative proposal to Capitol Hill in response to Congress’ call for assistance on how best to address the cybersecurity needs of our Nation. This is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government; fundamentally, this proposal strikes a critical balance between maintaining the government’s role and providing industry with the capacity to innovatively tackle threats to national cybersecurity. Just as importantly, it does so while providing a robust framework to protect civil liberties and privacy.
When the President released his Cyberspace Policy Review (pdf) almost two years ago, he declared cyberspace as a key strategic asset for the United States and its security just as vital. This legislative proposal is the latest achievement in the steady stream of progress we are making in securing cyberspace and completes another near-term action item (pdf) identified in the Cyberspace Policy Review.
The Administration proposal helps safeguard your personal data and enhances your right to know when it has been compromised. In addition to educating you on how to protect yourself from cyber threats with the Stop. Think. Connect. campaign, we believe organizations should inform you when your sensitive personal information may have been compromised. This notice not only helps you to protect yourself against harms like identity theft, but also incentivizes organizations to have better data security in the first place. Today, our country has a patchwork of 47 state notification laws. Our proposal simplifies and strengthens this reporting requirement and reaches all Americans.
It helps protect our national security by addressing threats to our power grids, water systems, and other critical infrastructure. These systems are the backbone of our modern economy; many are privately owned, but all merit our support in protecting them. The Administration proposal advances the security of our increasingly “wired” critical infrastructure, strengthens the criminal penalties for hacking into the systems that control these vital resources, and clarifies the ability of companies and the government to voluntarily share information about cybersecurity threats and incidents in a privacy-protective manner. This is behavior we want and need to promote.
It helps the U.S. government protect our federal networks, while creating stronger privacy and civil liberties protections that keep pace with technology. Since our Federal systems are under constant pressure by hackers, criminals and other threats, the government needs better tools to detect and prevent those threats. Part of cybersecurity is about finding malicious programs, and stopping their spread before they have any impact. This proposal allows the Department of Homeland Security (DHS) to implement intrusion detection and prevention systems that can help speed our response to these incidents. The Administration proposal also designs a framework for protecting privacy and civil liberties that includes new oversight, reporting requirements, and annual certification to ensure that cybersecurity technologies are used for their intended purpose and nothing more.
The Administration’s proposal is one of a number of important steps we are taking towards achieving better cybersecurity. We look forward to working with Congress as it moves forward on this issue. Together, with a shared responsibility to enhance online safety and security, we can ensure cyberspace continues to be an area defined by growth and innovation.
Howard A. Schmidt, Cybersecurity Coordinator and Special Assistant to the President
•Read the fact sheet (pdf).
•Read about the Administration’s Cybersecurity Accomplishments (pdf).
•Read the text of the legislative proposal.
Deputy Defense Secretary William J. Lynn III Urges Partnership Against Cyber Threat
Government and industry must work more closely together to counter the growing threat to the nation’s cyber networks, Deputy Defense Secretary William J. Lynn III told information technology professionals here today.
The Defense Department and other federal departments and agencies need to pursue or expand avenues in information sharing, strengthening network architecture, and extending government’s network defenses to private networks key to national security and the economy, he said during a keynote speech at the annual RSA Conference for Internet security.
Lynn told thousands gathered for the conference that the private sector’s role in defending the cyber domain is critical. Unlike the sea, air, land and space domains, cyber is not an area where military power alone can dominate, he said.
“The overwhelming percentage of our nation’s critical [information] infrastructure, including the Internet itself, is in private hands,” Lynn noted. It will take the country’s “vast technological and human resources to ensure the United States retains its preeminent capabilities in cyberspace, as it does in all the other domains,” he said.
Telecommunications providers have “unparalleled visibility” into global networks and often possess the best operational capacity to respond to system assaults, Lynn said. “They can detect attacks transiting their systems, and in many cases, alert customers,” he added.
Information-sharing efforts are well underway, with industry and government executives meeting regularly as part of a partnership known as the Enduring Security Framework, Lynn said. The framework “not only helps identify vulnerabilities, it also mobilizes government and industry expertise to address security risks before harm is done,” he said.
More work is needed, the deputy secretary said, because network attackers have an inherent advantage. Because the Internet was designed to be open and interoperable, security and identity management were secondary in its design.
“You can see just how significant this advantage is by comparing anti-virus software to the malware it’s designed to defeat,” Lynn said. “Sophisticated anti-virus suites now run on about 10 million lines of code … up from one million lines in only a decade. Yet malware written with as little as 125 lines of code has remained able to penetrate anti-virus software across this same period.”
Government agencies need the scientific community to help strengthen network architecture, he said.
“We must embed higher levels of security and authentication in hardware, operating systems, and network protocols,” Lynn said. The National Strategy for Trusted Identities in Cyberspace, a White House initiative, “will lay one building block of this more secure future,” he said. “It will take the course of a generation to have a real opportunity to engineer our way out of some of the most problematic vulnerabilities of today’s technology,” he said.
To spur security improvements, the Defense Department is adding $500 million for new research in cyber technologies, with a focus on areas like cloud computing, virtualization, and encrypted processing, Lynn said. The department also is providing seed capital to companies through its “Cyber Accelerator” pilot program to produce dual-use technologies that address cyber security needs, he said.
The department must speed its adoption of these new technologies, Lynn said.
“It currently takes the Pentagon 81 months to field a new information technology system. The iPhone was developed in just 24 months,” he said. “We have to close this gap, and Silicon Valley can help us.”
The Pentagon will expand its Information Technology Exchange Program, which manages temporary “job-swaps” between the department and industry IT experts, he announced.
“We want senior IT managers in the department to incorporate more commercial practices,” he said. “And we want seasoned industry professionals to experience, first-hand, the unique challenges we face at DOD.”
Lynn also announced that DOD is beginning a program to maximize its use of cyber expertise within the National Guard and Reserve.
Many reservists have a high level of IT knowledge they use in their civilian jobs, Lynn said. To make better use of those skills, he added, DOD will increase the number of Guard and Reserve units dedicated to cyber missions.
At the same time, the department is working to extend its expertise to industry.
“Because of our intelligence capabilities, government has a deep and unique awareness of certain cyber threats,” he said. “Through classified threat-based information, and the technology we have developed to employ it in network defense, we can significantly increase the effectiveness of cyber security practices that industry is already carrying out.”
The department already shares some unclassified threat information with defense companies that have networks containing sensitive information, Lynn said. He added that a pressing policy question remains as to whether classified signatures and their supporting technology should be shared across the full range of industrial sectors supporting the military and the economy.
“The real challenge, at this point, is developing the legal and policy framework to do so,” he said.
Securing the nation’s networks will require unprecedented industry and government cooperation, Lynn said.
“With the threats we face, working together is not only a national imperative,” he said. “It is also one of the great technical challenges of our time.