Zero Trust Strategy released by US Department of Defense on November 22, 2022 (Source: CDSTIC)
The US Department of Defense (DoD) released the Department Zero Trust Strategy, a cyber protection program, on November 22, 2022.
2022年11月22日,美国国防部制订了网络保护计划——《国防部零信任战略》。
According to military observer Shao Yongling, the DoD believes traditional cybersecurity approachesare no longer able to cope with current and future cybersecurity threats, so it launched the “Zero Trust” cyber protection program to create a “never trust, always verify” mechanism to fortify its cybersecurity.
军事观察员邵永灵介绍,美国国防部认为传统的网络安全手段已经无法应对当前和未来的网络安全威胁,推出“零信任”网络保护计划,就是要建立一种“永不信任、始终验证”的机制,以强化自身网络安全。
The US military holds that the progress of technology enables perpetrators to extract sensitive data from the DoD and the national security system more easily. The “castle-and-moat” security approachesbased on conventional authentication and authorization models donot work effectively to thwart current and future cyber-attack vectors, and a coordinated,defensive response that is adaptive, flexible, and agile is urgently needed. This change of concept requires everyone to ensure the security of equipment, procedures, assets and services in a “never trust, always verify” spirit, and users will only be allowed to access the truly needed data when necessary.
美国军方认为,技术的进步使恶意行为者更易于从国防部和国家安全系统提取敏感数据。以往基于传统认证和授权模式的“城堡”和“护城河”安全方法,已经不能有效阻止当前和未来的网络攻击,亟需一种可自适应、灵活、可捷变的协调一致的防御响应。这一理念的转变就是要求所有人都要以“永不信任、始终验证”的心态保证设备、程序、资产和服务安全,并且只允许用户在必要时访问确实需要的数据。
Abandoning the traditional cyber security concept to build a brand-new architecture faces many technical challenges, said Shao, and the US has just started and is still testing the water.
邵永灵认为,抛弃传统网络安全理念构建全新的网络安全架构,面临很多技术难题,美国也是刚刚起步,处于试水阶段。
The “zero trust” security concept turns from the traditional approach to “multi-attribute-based confidencelevels” and the authentication and authorization strategy based on “minimal access”. Zero Trust uses continuous multi-factor authentication, micro-segmentation, advanced encryption,endpoint security, analytics, and robust auditing, among other capabilities, to fortify data,applications, assets, and services to deliver cyber resilience.
“零信任”安全理念架构抛弃了传统思路,转而采用“基于多属性的可信度”思路,在“最低访问权限”概念的基础上制定认证与授权策略。为了提升网络弹性,“零信任”理念采用了连续多重认证、微隔离、高级加密、端点安全、分析和稳健审计等能力,强化数据、应用程序、资产和服务。
Shao also pointed out that while stressing what cyber security threats it is facing and rolling out the Zero Trust program, the US feels no qualms about attacking its rivals’ or even allies’ network to steal secrets, which is typical double standards. It is the US that’s the biggest threat and destroyer of global cybersecurity.
邵永灵还指出,美国一方面强调自己的网络安全受到威胁,要推行“零信任”网络保护计划,一方面又肆无忌惮地攻击对手甚至盟友的网络获取机密,这是典型的双重标准,美国是全球网络安全的最大威胁和破坏者。
For a long time, the US has been tapping its rivals and allies in various ways and leaving “backdoor” in the hardware and software it sells in order to gain access to intelligence and secrets.
长期以来,美国对自己的对手、盟友搞各种各样的窃听,还在其出售的硬件、软件里留“后门”,为获取情报、套取机密做足了准备。
What the so-called “zero trust strategy” really means is that the US will fortify its own “moat” to protect the “castle” while feeling comfortable about jeopardizing the network of other countries. It should have the capability to stop other countries from accessing American network at will while ensuring its own access to other countries’ network anytime, anyway it wants.
美国实行的所谓“零信任战略”,就是要做好己方“护城河”以保护“城堡”,并且不排斥对他国网络进行破坏;要有能力阻止他国在美国的网络随意进出,同时保证美国随意进出他国网络。
“Double standards” is the keyword of American’s strategy in any domain.
“双重标准”,是美国在所有领域的战略核心。
Editor's note: Originally published on military.cnr.cn, this article is translated from Chinese into English and edited by the China Military Online. The information and opinions in this article do not necessarily reflect the views of eng.chinamil.com.cn.
