作者/Author(s): Morgan Pierce 

網站來源/Source: Just Security 

日期/Date: 07/15/2025 

關鍵字/Keywords: 網路作戰鹽颱風、資安、駭客 


摘要:
美方於近一年前發現中國秘密支持的駭客行動「鹽颱風」(Salt Typhoon),但川普政府迄今尚未擬定針對未來類似網路攻擊的因應對策。如今當務之急是必須解決美國在網路領域的弱點,以修補關鍵基礎設施的漏洞 
  • 川普政府雖聲稱正著手因應中國網路威脅,卻於近期解散「資安審查委員會」(Cyber Safety Review Board, CSRB),延宕「鹽颱風」事件的調查程序,亦削弱了早期修補既有漏洞的付出 
  • 美國政府已啟動了一些措施,但這不足以對抗大規模的威脅,有的更是適得其反。有些措施破壞了先前的防護機制,將美國置於更危險的境地 
  • 多數與網路防禦相關之聯邦機構目前仍面臨資訊系統老舊、預算資源不足、供應鏈受限,以及資安人才短缺的問題。在中國網路威脅日益增加的情況下,川普政府削減資安預算可能會加劇美國的網路弱點。 
  • 為扭轉現況,川普政府可採取綜合防禦策略,主要聚焦下列四個面向
  1. 支持國會努力在關鍵基礎設施部門引入基本網路安全措施。實施和強制執行基本網路安全措施等作法,有助於解決一些漏洞,讓網路系統未來更難被攻擊。 
  2. 加強聯邦層級的協調,並釐清政府機構、行政機關和國會的任務。  
  3. 改善與私部門的夥伴關係,促進資安領域的資訊共享與合作 
  4. 加速實施「零信任架構」(Zero-Trust Architecture, ZTA)。該機制以系統已遭滲透為前提,要求網路中每位使用者在存取敏感基礎設施時皆須進行身分驗證,以期降低損害程度 
Summary: 
Despite identifying "Salt Typhoon," a PRC-backed hacking operation, nearly one year ago, the Trump administration has yet to devise countermeasures against future cyber operations. The administration must urgently address its vulnerabilities in the cyber realm to mend loopholes in its critical infrastructure. 
  • The Trump administration claimed it is working on addressing PRC cyber threats. However, its dismissal of the entire Cyber Safety Review Board (CSRB) delayed the investigation into the Salt Typhoon incident and impeded early efforts to address known vulnerabilities. 
  • The administration has initiated some measures, but they are insufficient or counterproductive against the large-scale threat. Some measures even undermined previous guardrails that put the U.S. in more danger. 
  • Most cyber defense-related agencies also faced outdated IT systems, resource shortages, supply chain constraints, and a lack of cybersecurity professionals. The administration's budget cuts risk exacerbating U.S. cyber vulnerabilities amid rising Chinese cyber threats.
  • To reverse course, the Trump administration could adopt an integrated defense strategy that rests on four key aspects. 
  1. The administration must support congressional efforts to introduce basic cybersecurity measures across critical infrastructure sectors. Implementing and mandating basic cybersecurity measures could help address some loopholes and make future cyberattacks more challenging. 
  2. The administration must bolster coordination at the federal level and clarify the mandates of government agencies, the executive branch, and Congress. 
  3. The administration should improve its partnership with the private sector to promote information sharing and operational cooperation in cyber defense. 
  4. The administration must hasten the implementation of Zero-Trust Architecture (ZTA). This mechanism mitigates damage by assuming infiltration has already occurred and requires every user within the network to verify their identity when accessing sensitive infrastructure. 
 
回上層