研究生: |
黃俊泰 Jiun-Tai Huang |
---|---|
論文名稱: |
美國關鍵基礎設施防護(CIP)建構資訊共享環境之研究 A study on the Construction of Information Sharing Environment for Critical Infrastructure Protection (CIP) in the U.S. |
指導教授: |
李國光
Gwo-Guang Lee |
口試委員: |
周子銓
Tzu-Chuan Chou 黃世禎 Shih-Chen Huang |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2017 |
畢業學年度: | 105 |
語文別: | 中文 |
論文頁數: | 155 |
中文關鍵詞: | 國土安全 、關鍵基礎設施防護 、資訊共享 、情報戰略 |
外文關鍵詞: | homeland security, critical infrastructure protection, information sharing, intelligence strategy |
相關次數: | 點閱:175 下載:7 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
冷戰結束後,隨著安全威脅情勢的轉變,以及資訊科技的快速發展,美國於1995年開始以資訊安全的角度,關注關鍵基礎設施保護(Critical Infrastructure Protection, CIP)的重要性,鑒於美國關鍵基礎設施高達85%屬私部門擁有,美國政府早已體認其成功要素在於公、私部門能否充分協力、分享資訊,尤其經過九一一恐怖攻擊事件的打擊,檢討發現各級政府未能有效共享資訊,是導致無法快速應變的主因,資訊共享的政策更成為國土安全戰略不可或缺的目標。
如今歷經將近二十年的調整與演進,公、私部門合作建立夥伴關係、資訊共享機制立法、政府組織功能優化、資訊共享環境的建構、各種網路平台的開發與工具運用,以及資訊共享標準的建立,已使得美國在國土安全資訊共享制度上累積不少寶貴經驗,值得各國取經,本研究藉由文獻之蒐集,分析美國歷年來關鍵基礎設施資訊分享的政策目標,歸納出四個政策面向,是政策成功的關鍵因素:1.強化夥伴關係,健全合作模式;2.明確機關權責與分工合作:3.建構分享平台,改善分享流程 ;4.消除法律障礙,保障隱私,提升互信。因此分別於第三章至第六章探討這四個面向的背景、演變過程及反映之問題。
研究發現在國家安全的領域裡,美國民眾對於隱私及自由被侵犯的疑慮,經常因洩密事件而擺盪不安,但是在保護關鍵基礎設施的領域裡,藉由將資訊分類分級的保護,分享管道漸趨多元便利,有助於及時獲得警訊,降低威脅,及早因應,因此能有效消除資訊分享的障礙,私部門共享資訊的意願不斷提升,但各機關仍存在管理機制及機關文化之差異,且由於網路安全議題日趨嚴峻,仍須不斷努力建立互信而穩固的夥伴關係,所以非常依賴權責分明的組織、一致的流程標準、多元而友善的分享管道。來促進資訊共享。
After the cold war, the situation of homeland security threat changed significantly. In addition to the rapid development of information technology, the United States began to promote the critical infrastructure protection (CIP) in 1995 from the point of view of information security. In view of the key infrastructure of the United States as high as 85% owned by the private sector, the US government has long recognized its success factor as the coordination between the public and private sectors for information sharing. In particular, the 9/11 Commission claimed that the failure of all levels of government to share information effectively was the main cause of the inability to respond quickly after reviewing the contingency situation of the September 11 terrorist attacks. Information sharing has become an indispensable goal of homeland security strategy.
In the United States today, after nearly 20 years of adjustment and evolution, cooperation between public and private sectors have increased, partnerships have improved, information sharing mechanism had been legislated, government organizational function had been optimized, information sharing environment and standard had been stablished, and various information sharing network platforms and tools have been developed. They helped the United States accumulate a lot of valuable experience making it an exemplary case study for homeland security information sharing system.
This study summarizes four policy orientations by analyzing the policy objectives of key US infrastructure information sharing over the years. They are the key factors to the success of the policy: 1. Strengthen partnerships, and improve the mode of cooperation; 2. Establish clear authority and division of labor cooperation; 3. Construct and Information sharing platforms to improve the sharing process; 4. Eliminate legal barriers to protect privacy and enhance mutual trust. The third chapter to the sixth chapter of the thesis explore the backgrounds, the evolution process, and the problems reflected in those 4 factors.
The study found that in the area of national security, the American people are concerned that privacy and freedom are violated and are often more disturbed by leaks of intelligence. However, in the area of protecting critical infrastructure, it is effective to eliminate barriers to information sharing due the protection of information classification and the increasing convenience of sharing of processes. The timely warning will help reduce threats and prompt early response. It has increased the willingness of private sector to share information and cooperation is on the rise. However, there are still differences in the management mechanism and the culture between government agencies. As network security issues become more and more serious, building a trustworthy and stable partnership has become more urgent. Therefore, we are very rely on well-defined organizations, consistent process standards and friendly sharing platforms to promote information sharing.
英文文獻
(有關與本論文相關的美國法令、情報戰略、資訊分享策略、計畫等文獻另整理如論文第二章,本參考書目不另列入)
1. Greenwald, G. (2014). No Place to Hide: Edward Snowden, the NSA and the Surveillance State [Kindle Edition]. Penguin.
2. Handeyside, H. (2014, 8 6). Numbers Tell the Story of Our Government's Watchlisting Binge. Retrieved 2 17, 2015, from ACLU: https://www.aclu.org/blog/national-security-technology-and-liberty/numbers-tell-story-our-governments-watchlisting-binge
3. Kincaid, C. (2015). Blood on His Hands: The True Story of Edward Snowden [Kindle Edition]. Owings, MD, USA: America's Survival, Inc.
4. Mejia , P. (2014, 7 15). Here's How You End Up on the U.S. Watchlist for Terrorists. Retrieved 2 17, 2015, from Newsweek: http://www.newsweek.com/you-could-be-next-top-secret-rulebook-labeling-terrorists-leaked-261236
5. Piehota, C. M. (2014, 9 18). Testimony : TSC's Role in the Interagency Watchlisting and Screening Process. Retrieved 2 17, 2015, from FBI: http://www.fbi.gov/news/testimony/tscs-role-in-the-interagency-watchlisting-and-screening-process
6. (2015). 2014 National Network of Fusion Centers Final Report. Department of Homeland Security,.
7. (2015). A Brief History of the Information Sharing Enviroment. Information Sharing Enviroment.
8. Access California Services, Advocacy for Principled Action in Government, American Civil Liberties Union, American Muslim Alliance, American Muslims for Palestine, American-Arab Anti-Discrimination Committee, et al. (2014, 10 15). Joint-letter calls for reform of government watchlisting. Retrieved 2 17, 2015, from Human Rights Watch: http://www.hrw.org/news/2014/10/17/joint-letter-calls-reform-government-watchlisting
9. Background and Authorities. (2013年1月11日). 2015年7月2日 擷取自 ISE: http://www.ise.gov/background-and-authorities
10. Bjelopera, J. P. (2011). Terrorism Information Sharing and the Nationwide Suspicious Activity Report Initiative: Background and Issues for Congress [Kindle Edition]. Congressional Research Service.
11. Chris Johnson; Lee Badger; David Waltermire. (2016). Guide to Cyber Threat Information Sharing. Washington, D.C.: National Institute of Standards and Technology.
12. Critical Infrastructure Information Regulations Issued by DHS. (2004). Retrieved 7 6, 2015, from United States Department of Justice, Office of Information and Privacy, FOIA Post: http://www.justice.gov/archive/oip/foiapost/2004foiapost6.htm
13. FarmerL.Thomas. (2015). Testimony of thomas l. farmer chair cross-sector council Partnership for Critical Infrastructure Security (PCIS). Washington D.C.: U.S.. Senate Committee on Homeland Security and Governmental Affairs.
14. Final Report of the National Commission on Terrorist Attacks Upon the United States. (2004年7月22日). 2015年8月1日 擷取自 National Commission on Terrorist Attacks Upon the United States: http://govinfo.library.unt.edu/911/report/911Report.pdf
15. Gallagher, S., & Neugebauer, M. (2004). Critical infrastructure information sharing. Critical Infrastructure in America, Information Sharing and Homeland Security Seminar (pp. 1-27). New York: Syracuse University.
16. GAO. (2001). Information Sharing - Practics that can Benefit Critical Infrastructure. United States General Accounting Office.
17. GAO. (2002). Federal Efforts Require a More Coordinated and Comprehensive Approach for Protecting Information Systems. United States General Accounting Office.
18. Gurnow, M. (2014). The Edward Snowden Affair: Exposing the Politics and Media Behind the NSA Scandal [Kindle Edition]. Indianapolis, USA: Blue River Press.
19. Harold C. Relyea & Jeffrey W. Seifert. (2005). Information Sharing for Homeland Security - A Brief Overview. Congressional Research Service.
20. HarrisAustin. (2011年8月12日). Square Information, Round Categorization: Executive Order 13556 and Its Implementation Challenges. 2017年4月26日 擷取自 University of Miami National Security and Armed Conflict Law Review: http://nsac.law.miami.edu/wp-content/uploads/2011/08/article_harris_081211.pdf
21. Information Sharing and Analysis Centers (ISACS) and Their Role in Critical Infrastructure Protectiom. (2016年1月). 2016年7月26日 擷取自 National Council of ISACs: http://media.wix.com/ugd/416668_2e3fd9c55185490abcf2d7828abfc4ca.pdf
22. ISE-PM. (2014). ISE Information Interoperability Framework(I2F). Washington D.C.: Information Sharing Environment.
23. Jr.B. DixRobert. (2015年7月1日). Blog: Leverage the Long-Standing Public-Private Partnership for Critical Infrastructure Protection. 2017年1月20日 擷取自 AFCEA: http://www.afcea.org/content/?q=Blog-leverage-long-standing-public-private-partnership-critical-infrastructure-protection
24. Lazari, A. (2014). European Critical Infrastructure Protection. Springer.
25. LibertiesPrivacy Office and the Office for Civil Rights and CivilThe. (2014,2015,2016). Executive Order 13636 Privacy and Civil Liberties Assessment Report. Washington, D.C.
26. Lukasik, S. J. (1998). Review and Analysis of the Report of the President’s Commission on Critical Infrastructure Protection. Center for International Security and Arms Control, Stanford University.
27. Lukasik, S. L. (1998). Review and Analysis of the Report of the President's Commission on Critical Infrastructure Protection. Center for International Security and Arms Control, Stanford University.
28. MaurerTim. (2013). Public-Private Partnerships for Critical Infrastructure Protection. Center for Strategic & International Studies.
29. McGowan , M. L. (2013, 5 22). 15 Years After Presidential Decision Directive (PDD) 63. Retrieved 7 5, 2015, from Booz Allen Hamilton: http://www.boozallen.com/media-center/company-news/2013/05/15-years-after-pdd63-blog-post
30. Moteff, J. D. (2015). Critical Infrastructures -- Background, Policy, and Implementation. Congressional Research Service.
31. Nelson, R. ". (2011, 9 16). The Challenge of Balancing Sharing with Security. Retrieved 7 5, 2015, from Center for Strategic & International Studies: http://csis.org/publication/information-sharing-security-and-counterterrorism
32. OHS. (2002). National Strategy for Homeland Security. Homeland Security Office.
33. OHS. (2002). National Strategy for Homeland Security. Office of Homeland Security.
34. O'Keefe, E. (2012, 8 2). Cybersecurity bill fails in the Senate. Retrieved 7 1, 2015, from The Washington post: http://www.washingtonpost.com/blogs/2chambers/post/cybersecurity-bill-fails-in-the-senate/2012/08/02/gJQABofxRX_blog.html
35. Program Manager, Information Sharing Environment. (2014). Information Sharing Environment Annual Report to the Congress - National Security Through Responsible Information Sharing. Office of the Information Sharing Environment.
36. School, N. P. (2014). Information Sharing from 9-1-1 Centers (Defense) [Kindle Edition].
37. Securityof HomelandDepartment. (2016). Critical Infrastructure Threat Information Sharing Framework. Washington, D.C.: Department of Homeland Security.
38. Testimony for the record of Denise Anderson On Behalf of the The Financial Services Information Sharing & Analysis Center and the National Council of Information Sharing and Analysis Centers. (2015年3月4日). 2016年7月22日 擷取自 National Council of ISACs: http://media.wix.com/ugd/416668_c3bc869e9fef48cfb0c039be5173c2bf.pdf
39. TeufelHugo. (2014年4月). The privacy civil liberties assessment report what does it really tell us a chief privacy officer's perspective. 2017年2月6日 擷取自 The Government Technology & Services Coalition (GTSC): http://www.gtscoalition.com/the-privacy-civil-liberties-assessment-report-what-does-it-really-tell-us-a-chief-privacy-officers-perspective/
40. The Reach of Information Sharing and Analysis Centers. (2016). 2016年7月26日 擷取自 National Council of ISACs: http://media.wix.com/ugd/416668_2c6d85d4964743f8b4d3470b860f6e3b.pdf
41. Union, A. C. (2014, 3). U.S. Government Watchlisting: Unfair Process and Devastating Consequences. Retrieved 2 17, 2015, from ACLU: https://www.aclu.org/sites/default/files/assets/watchlist_briefing_paper_v3.pdf
中文文獻
1. 王政. (2013年11月). 美國情資融合中心的發展與評估. 國防雜誌, 28(6), 頁 23-46.
2. 左曉棟. (2013年3月). 立法困境下的戰略新部署-美國關鍵基礎設施保護行政令評述. 中國信息安全(39), 頁 74-75.
3. 曲立全、林文程、林正義、林俊全、張中勇、張善政、陳偉華、劉孟俊、劉一強、劉廣華、鄭善印、樊國禎. (2005). 台灣安全戰略評估. (丁渝洲、丁樹範、張榮豐、張錫模, 編者) 台北市: 財團法人兩岸交流遠景基金會.
4. 行政院科技顧問組. (2011). 關鍵資訊基礎建設保護政策指引. 台北: 行政院科技顧問組.
5. 汪毓瑋. (2013). 國土安全 (第 一 版). 台北市: 元照出版社.
6. 姚祖德. (2012). 美國國家安全暨情報機制:911後之興革. 台北市: 時英出版社.
7. 柯宏叡. (2014). 赴美國參訪華盛頓州情資整合中心暨參與國際犯罪分析師研討會考察報告. 彰化縣: 彰化縣警察局.
8. 胡曉輝. (2009). 當前國際反恐情報工作所面臨的困境. 鐵道警官高等專科學校學報, 19卷(2009年第4期, 總第82期), 頁 78-80頁.
9. 孫小寧, 張麗, & 石瑾. (2015). 美國國家網絡安全戰略研究. 北京: 電子工業出版社.
10. 孫寶雲. (2015). 論美國“敏感信息”管理过程的公開化及啟示. 情報雜誌, 150-154.
11. 陳明傳, & 駱平沂. (2011年4月). 情報與國土安全、國家安全之關係. 臺灣警察專科學校警專學報, 第五卷(第一期), 頁 91-114.
12. 程法彰, & 洪嫈媛. (2013年11月). 美國在資訊時代中對關鍵基礎設施保護架構與資訊分享議題初探及我國的借鏡. 前瞻科技與管理, 3(2), 頁 119-137.
13. 菊池浩. (2014). 防衛関連企業等の レジリエンス基盤確保ための情報共有について. 日本東京: 公益財団法人防衛基盤整備協会.
14. 黃俊能、章光明. (2013). 美國國土安全策略與相關法案--探討國家關鍵基礎設施防護. 102年度國土安全論壇 (頁 109-139). 台北市: 行政院國土安全辦公室.
15. 樊國楨, & 韓宜蓁. (2014). 關鍵基礎設施防護法案與標準化初論:根基於美國及國際標準組織之進程. 2014年第3及4季資訊安全管理系統標準化系列研討會. 台北市.
16. 鍾易晉. (2015). 後911 時期美國反恐怖主義的情報創新研究. 國防大學政治作戰學院政治學系政治研究碩士班.
17. 行政院國土安全辦公室(2012). 關鍵基礎設施資訊平台期末報告. 台北: 101 年國家關鍵基礎設施安全防護專業服務委外研究案第4 階段.