2011年5月16日，美国政府发布了一份《网络空间国际战略》（International Strategy for Cyberspace）。文档副标题是Prosperity, Security, and Openness
in a Networked World（构建一个繁荣、安全和开放的网络化世界）。根据中新社的报道，《网络空间国际战略》全文共25页，前言由总统奥巴马撰写，其后的正文分四个部分，分别是“制定网络空间政策”、“网络空间的未来”、“政策重点”及“继续前进”。

在“政策重点”一节，美国列出日后它将在网络世界着力推进的七大政策重点，即：

——在经济领域加强接触，确保互联网为全球繁荣和科技创新做出贡献，并加大保护知识产权；

——在网络安全领域增进合作，增强美国及全球互联网的安全性、可靠性及灵活性；

——在执法领域加强网络立法和执行力度，提高全球打击网络犯罪的能力；

——在军事领域与盟友通力合作，提高盟友应对网络威胁的能力，并确保美国军用网络的安全；

——在互联网管理领域加强各国间的沟通交流，保障全球网络系统、包括域名系统的稳定和安全；

——在国际发展领域援助合作伙伴构建“数字基础设施”，帮助他们提高抵御网络威胁的能力；

——在网络自由方面加强保护隐私，促进网络表达自由、集会自由及结社自由；

美国国务卿希拉里在发言中称，上述七大政策重点构成了美国“网络外交”的主要内容，今后美国将全力推进这些政策，并会在这些政策领域继续发挥美国的领导作用。

上文中，红色部分是我比较关注的地方，也就是跟信息安全有关的内容。

这份战略文件表述了是美国政府对于网络空间（CyberSpace，也有称网际空间）的基本国策，很明显的可以看出该政府是其现实世界的价值观的延伸。美国不仅是全球（地理上）的超级大国，也是全球（网络空间上）的超级大国。基本上，该政策阐述了美国政府对于网络空间在经济、政治、政府建设、军队建设、民众服务等方面的基本政策。

同时，还可以看出，对于Cyberspace，当前最重要的是安全问题，即Cybersecurity, 或者Cyberspace Security（网络空间安全）的问题。

这份文档也可以看作是美国网络空间安全领域的一份最新的纲领性文件。从2003年小布什政府发布《保护网络空间的国家战略》，到奥巴马政府不断深化网络空间安全策略，例如奥巴马十分重视从2001年开始搞的网络空间安全意识月活动（2009年的主题是“我们共同的责任”），支持军方搞网络战模拟演习，成立网络司令部，到2009年5月29日发布《网络空间政策评估——保障可信和强健的信息和通信基础设施》，奥巴马政府对网络空间安全十分重视。而这其中最重要的就是政府秘密进行的网络空间安全保护计划（代号NSPD54）。这个计划鲜有曝光，最多让人了解到的是2010年RSA大会上公布的一份旨在缓解民众紧张情绪的针对该计划的介绍性文档。

在《网络空间国际战略》正文的开始，引用了一句奥巴马在《网络空间政策评估——保障可信和强健的信息和通信基础设施》报告发表会上的讲话，“这个世界——网络空间——是一个我们每一天都要依靠的世界……（它）把我们比人类历史上任何时候都要更加紧密地联系在一起。”

《战略》的第二章阐述了美国政府对于网络空间的未来的观点，认为网络空间应该是

• 开放和互通的
• 安全和可靠的：着重谈及了弱点消除、风险消除、突发事件响应
• 符合规范的稳定

以下是美国政府对于在未来网络空间中担负的防卫角色的描述：

Defense: Dissuading and Deterring
The United States will defend its networks, whether the threat comes from terrorists, cybercriminals, or states and their proxies. Just as importantly, we will seek to encourage good actors and dissuade and deter those who threaten peace and stability through actions in cyberspace. We will do so with overlapping policies that combine national and international network resilience with vigilance and a range of credible response options. In all our defense endeavors, we will protect civil liberties and privacy in accordance with our laws and principles.
Defense Objective：The United States will, along with other nations, encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuading and deterring malicious actors, and reserving the right to defend these vital national assets as necessary and appropriate.

Dissuasion
Protecting networks of such great value requires robust defensive capabilities. The United States will continue to strengthen our network defenses and our ability to withstand and recover from disruptions and other attacks. For those more sophisticated attacks that do create damage, we will act on well-developed response plans to isolate and mitigate disruption to our machines, limiting effects on our networks, and potential cascade effects beyond them.
Strength at Home. Ensuring the resilience of our networks and information systems requires collective and concerted national action that spans the whole of government, in collaboration with the private sector and individual citizens. For a decade, the United States has been fostering a culture of cybersecurity and an effective apparatus for risk mitigation and incident response. We continue to emphasize that systematically adopting sound information technology practices—across the public and private sectors—will reduce our Nation’s vulnerabilities and strengthen networks and systems. We are also making steady progress towards shared situational awareness of network vulnerabilities and risks among public and private sector networks. We have built new initiatives through our national computer security incident response team to share information among government, key industries, our critical infrastructure sectors, and other stakeholders. And we continually seek new ways to strengthen our partnership with the private sector to enhance the security of the systems on which we both rely.
Strength Abroad. This model of defense has been successfully shared internationally through education, training and ongoing operational and policy relationships. Today, through existing and developing collaborations in the technical and military defense arenas, nations share an unprecedented ability to recognize and respond to incidents—a crucial step in denying would-be attackers the ability to do lasting damage to our national and international networks. However, a globally distributed network requires globally distributed early warning capabilities. We must continue to produce new computer security incident response capabilities globally, and to facilitate their interconnection and enhanced computer network defense. The United States has a shared interest in assisting less developed nations to build capacity for defense, and in collaboration with our partners, will intensify our focus on this area. Building relationships with friends and allies will increase collective security across the international community.
Deterrence
The United States will ensure that the risks associated with attacking or exploiting our networks vastly outweigh the potential benefits. We fully recognize that cyberspace activities can have effects extending beyond networks; such events may require responses in self-defense. Likewise, interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders.
In the case of criminals and other non-state actors who would threaten our national and economic security, domestic deterrence requires all states have processes that permit them to investigate, apprehend, and prosecute those who intrude or disrupt networks at home or abroad. Internationally, law enforcement organizations must work in concert with one another whenever possible to freeze perishable data vital to ongoing investigations, to work with legislatures and justice ministries to harmonize their approaches, and to promote due process and the rule of law—all key tenets of the Budapest Convention on Cybercrime.

When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners. We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.

最后，如果你要看一看该战略的中文译稿，请参考这里。

【参考】

人民日报：美国发布《网络空间国际战略》的背后

美国网络空间安全保护计划正式曝光

RSA2010: 美国网络空间安全战略

美国的网络空间安全国家战略

美国的网络空间安全国家战略补充材料

美国白宫下属委员会通过网络空间安全协调和意识法案

从网络间谍到网络战