收藏本站   设为首页
当前位置:国外标准化动态 > 中美 > 正文

提交反馈:DOC/DHS发布关于加强联邦网络安全和关键基础设施网络安全的报告草案

发布时间: 2018-03-12 14:21:48   审校:睿智  

美国国家标准协会(ANSI)鼓励其会员和利益相关方对美国商务部(DOC)和美国国土安全部(DHS)新近发布的报告草案进行回应。该草案是对2017年5月11日颁布的关于加强联邦网络安全和关键基础设施网络安全的行政命令的回应。报告草案强调了全球相关标准在加强世界网络安全方面的作用。。

回应请于美国东部时间 2018年2月12日下午5点前发送至     Counter_Botnet@list.commerce.gov。

行政命令呼吁“应对僵尸网络及其它自动且分散的威胁”,指导各部门“公开透明地确定并推广由适当的利益相关方所开展的行动”,目标是“大大降低自动且分散的攻击造成的威胁(例如僵尸网络)”。

DOC 和 DHS确立了五个可以提高生态系统弹力的补充目标:

 

1.  确立一条通往适应性强、可持续和安全的技术市场的明确途径

2.  推动基础设施领域的创新,以适应不断变化的威胁

3.  促进网络边缘的创新,阻止、探测和减少不良行为

4.  在本国和全世界各个安全、基础设施和可操作性技术社区之间建立联盟关系

5.  提高整个生态系统内的意识和教育

 

该报告草案强调指出,需要加强标准以提高生态系统的恢复力。根据该文件,“美国政府和行业也应该与国际标准和规范的制定者联合起来以在全球范围内制定相关标准,如:国际互联网工程任务组(IETF)以及国际标准组织(ISO)和国际电工委员会(IEC)的联合技术委员会1(ISO/IEC JTC 1)。随着这些标准的发展,应对联邦文件应进行重新修订或替换。”

关于ISO/IEC JTC 1

ISO 和IEC的联合技术委员会,简称ISO/IEC JTC 1信息技术,是一个以协商一致为基础、自愿性国际标准工作组。它是ISO 和IEC之间的合作成果,颇为高产。来自32个成员国3700余名专家聚集在JTC 1,制定促进全球贸易的互利标准同时也保护知识产权。美国在ISO/IEC JTC 1中起带头作用,ANSI担任秘书处工作,英特尔公司的Phil Wennblom(美国)担任JTC 1的主席。

希望得到大众意见的报告全文请见:增强互联网和通信系统抵御僵尸网络及其它自动且分散的威胁的能力。

提交的细节请见Commerce.gov.。评议期结束后,DOC将会于2月28日和3月1日在马里兰州罗克维尔市的 国家标准技术研究院(NIST) 国家网络安全中心举行为期两天的研讨会。包括评议和其它所收反馈的最终版报告将于2018年5月11日上交总统。

 

Submit Feedback: DOC/DHS Draft Report on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

The American National Standards Institute (ANSI) encourages its members and stakeholders to respond to a newly released draft report by the U.S. Department of Commerce (DOC) and the U.S. Department of Homeland Security (DHS), issued as a response to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The draft report highlights the role of globally relevant standards in strengthening cybersecurity worldwide.

Responses are due to DOC at Counter_Botnet@list.commerce.gov by 5 p.m. ET on February 12, 2018.

The Executive Order called for "resilience against botnets and other automated, distributed threats," directing the departments to "lead an open and transparent process to identify and promote action by appropriate stakeholders" with the goal of "dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets)."

DOC and DHS identified five complementary goals that would improve the resilience of the ecosystem:

1.    Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace

2.    Promote innovation in the infrastructure for dynamic adaptation to evolving threats

3.    Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior

4.    Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world

5.    Increase awareness and education across the ecosystem

The draft report emphasizes the need to augment standards to improve the resilience of the ecosystem. According to the document, "the U.S. government and industry should also jointly engage with developers of international standards and specifications, such as the IETF and the Joint Technical Committee 1 of the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (ISO/IEC JTC 1), to establish globally relevant standards. As these standards evolve, federal profiles should be re-aligned or replaced as appropriate."

About ISO/IEC JTC 1

The joint technical committee of ISO and IEC, ISO/IEC JTC 1Information technology, is a consensus-based, voluntary international standards group that works as a highly productive collaboration between ISO and IEC. More than 3,700 experts from 32 participant member countries come together in JTC 1 to develop mutually beneficial standards that enhance global trade while protecting intellectual property. The U.S. plays a leading role in ISO/IEC JTC 1, with ANSI holding the secretariat and Phil Wennblom (U.S.) of Intel serving as the JTC 1 Chair.

Read the full report for public comment: Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats.

Submission details are available on Commerce.gov. Following the comment period, DOC will host a two-day workshop on February 28 and March 1 at the National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence in Rockville, MD. A final report, incorporating comments and other feedback received, is due to the President on May 11, 2018.


来源: ANSI 官网
京ICP备09001239号
网站管理:国家标准化管理委员会标准信息中心
地址:北京海淀区马甸东路9号 邮编:100088 邮箱:info@sac.gov.cn
客服热线:010-82261056 QQ号:3433774297
  • 版权所有 侵权必究
  • 主管:国家标准化管理委员会
  • 主办:国家标准化管理委员会标准信息中心
  • 运营:北京中标赛宇科技有限公司
  • 经营许可证编号 京ICP证 号
  • 盗版侵权 举报热线:400-650-6190
  • 关于我们
  • 技术团队
  • 合作伙伴
  • 法律声明
  • 知识产权