Zero Trust Strategy released by US Department of Defense on November 22, 2022 (Source: CDSTIC)

The US Department of Defense (DoD) released the Department Zero Trust Strategy, a cyber protection program, on November 22, 2022.

2022年11月22日，美國國防部制訂了網絡保護計劃——《國防部零信任戰略》。

According to military observer Shao Yongling, the DoD believes traditional cybersecurity approachesare no longer able to cope with current and future cybersecurity threats, so it launched the “Zero Trust” cyber protection program to create a “never trust, always verify” mechanism to fortify its cybersecurity.

軍事觀察員邵永靈介紹，美國國防部認為傳統的網絡安全手段已經無法應對當前和未來的網絡安全威脅，推出“零信任”網絡保護計劃，就是要建立一種“永不信任、始終驗證”的機制，以強化自身網絡安全。

The US military holds that the progress of technology enables perpetrators to extract sensitive data from the DoD and the national security system more easily. The “castle-and-moat” security approachesbased on conventional authentication and authorization models donot work effectively to thwart current and future cyber-attack vectors, and a coordinated,defensive response that is adaptive, flexible, and agile is urgently needed. This change of concept requires everyone to ensure the security of equipment, procedures, assets and services in a “never trust, always verify” spirit, and users will only be allowed to access the truly needed data when necessary.

美國軍方認為，技術的進步使惡意行為者更易于從國防部和國家安全系統提取敏感數據。以往基于傳統認證和授權模式的“城堡”和“護城河”安全方法，已經不能有效阻止當前和未來的網絡攻擊，亟需一種可自適應、靈活、可捷變的協調一致的防御響應。這一理念的轉變就是要求所有人都要以“永不信任、始終驗證”的心態保證設備、程序、資產和服務安全，并且只允許用戶在必要時訪問確實需要的數據。

Abandoning the traditional cyber security concept to build a brand-new architecture faces many technical challenges, said Shao, and the US has just started and is still testing the water.

邵永靈認為，拋棄傳統網絡安全理念構建全新的網絡安全架構，面臨很多技術難題，美國也是剛剛起步，處于試水階段。

The “zero trust” security concept turns from the traditional approach to “multi-attribute-based confidencelevels” and the authentication and authorization strategy based on “minimal access”. Zero Trust uses continuous multi-factor authentication, micro-segmentation, advanced encryption,endpoint security, analytics, and robust auditing, among other capabilities, to fortify data,applications, assets, and services to deliver cyber resilience.

“零信任”安全理念架構拋棄了傳統思路，轉而采用“基于多屬性的可信度”思路，在“最低訪問權限”概念的基礎上制定認證與授權策略。為了提升網絡彈性，“零信任”理念采用了連續多重認證、微隔離、高級加密、端點安全、分析和穩健審計等能力，強化數據、應用程序、資產和服務。

Shao also pointed out that while stressing what cyber security threats it is facing and rolling out the Zero Trust program, the US feels no qualms about attacking its rivals’ or even allies’ network to steal secrets, which is typical double standards. It is the US that’s the biggest threat and destroyer of global cybersecurity.

邵永靈還指出，美國一方面強調自己的網絡安全受到威脅，要推行“零信任”網絡保護計劃，一方面又肆無忌憚地攻擊對手甚至盟友的網絡獲取機密，這是典型的雙重標準，美國是全球網絡安全的最大威脅和破壞者。

For a long time, the US has been tapping its rivals and allies in various ways and leaving “backdoor” in the hardware and software it sells in order to gain access to intelligence and secrets.

長期以來，美國對自己的對手、盟友搞各種各樣的竊聽，還在其出售的硬件、軟件里留“后門”，為獲取情報、套取機密做足了準備。

What the so-called “zero trust strategy” really means is that the US will fortify its own “moat” to protect the “castle” while feeling comfortable about jeopardizing the network of other countries. It should have the capability to stop other countries from accessing American network at will while ensuring its own access to other countries’ network anytime, anyway it wants.

美國實行的所謂“零信任戰略”，就是要做好己方“護城河”以保護“城堡”，并且不排斥對他國網絡進行破壞；要有能力阻止他國在美國的網絡隨意進出，同時保證美國隨意進出他國網絡。

“Double standards” is the keyword of American’s strategy in any domain.

“雙重標準”，是美國在所有領域的戰略核心。

Editor's note:Originally published on military.cnr.cn, this article is translated from Chinese into English and edited by the China Military Online. The information and opinions in this article do not necessarily reflect the views of eng.chinamil.com.cn.

(責任編輯：娛樂)