2025年美國大學生數學建模競賽F題中英版

中文賽題：網絡強國？

情境

現代技術的奇跡使我們(men) 的世界越來越緊密地連接在一起。這種在線的互聯性在提高全球生產(chan) 力的同時，也讓世界變得更小。然而，它也通過網絡犯罪增加了我們(men) 個(ge) 人和集體(ti) 的脆弱性。網絡犯罪因多種原因難以應對。許多網絡安全事件跨越國界，導致調查和起訴這些犯罪的管轄權問題變得複雜。此外，許多機構（例如投資公司）不願報告被黑客入侵的事件，而是傾(qing) 向於(yu) 悄悄支付贖金，而不是讓客戶和潛在客戶知道他們(men) 成為(wei) 了安全漏洞的受害者。為(wei) 應對日益增長的網絡犯罪成本和風險，許多國家製定了國家網絡安全政策，這些政策可以在其政府網站上公開查閱。國際電信聯盟（ITU）是聯合國專(zhuan) 注於(yu) 信息和通信技術的專(zhuan) 門機構，負責製定國際標準、促進國際合作以及開發評估工具，以幫助衡量全球和國家網絡安全的現狀。

要求

在本問題中，您被要求幫助識別可為(wei) 基於(yu) 數據的國家網絡安全政策和法律的發展和優(you) 化提供信息的模式，重點是那些已被證明有效的政策和法律。為(wei) 強有力的國家網絡安全政策提出一個(ge) 理論，並通過數據驅動的分析支持您的理論。在開發和驗證您的理論時，您可能需要考慮以下內(nei) 容：

• 網絡犯罪在全球的分布情況如何？哪些國家是網絡犯罪的高發目標？哪些國家的網絡犯罪成功率高？哪些國家的網絡犯罪被阻止？哪些國家的網絡犯罪被報告或起訴？您是否發現了任何模式？
• 分析各國公開發布的國家安全政策，並將其與網絡犯罪的分布情況進行比較。這種分析可以幫助您識別政策或法律中在應對網絡犯罪（包括預防、起訴或其他緩解措施）方麵特別有效（或特別無效）的部分。根據您的分析方法，政策采用的時間可能具有相關性。
• 哪些國家人口統計特征（例如互聯網接入、財富、教育水平等）與您的網絡犯罪分布分析相關？這些特征如何支持（或混淆）您的理論？

根據您收集和使用的數據的數量、質量和可靠性，分享任何國家政策製定者在依賴您的工作開發或優(you) 化其國家網絡安全政策時應該考慮的局限性和/或問題。

您不需要創建新的網絡安全衡量標準，因為(wei) 已有如ITU的全球網絡安全指數（GCI）等指標。^[1] GCI根據五個(ge) 支柱對每個(ge) 國家的網絡安全水平進行評分：法律、技術、組織、能力建設和合作。相反，您需要尋找國家網絡安全政策和/或法律在其實施的國家背景下有效性的有意義(yi) 模式。GCI或類似的現有研究可能對驗證您的工作有用。此外，可能有用的資源包括收集網絡犯罪數據的網站，特別是使用VERIS框架的網站，該框架嚐試標準化網絡犯罪數據的收集和報告，^[2] 包括VERIS社區數據庫（VCDB）。^[3] 鼓勵您查找其他數據來源，但請注意這些來源的真實性和完整性。

分享您的見解

利用您的工作為(wei) 參加即將召開的ITU網絡安全峰會(hui) 的國家領導人（非技術性政策專(zhuan) 家）創建一份一頁的備忘錄。該備忘錄應提供您的工作的非技術性概述，包括目標和背景摘要、您的理論，以及對這群國家政策製定者最相關(guan) 的發現。

您的 PDF 解決(jue) 方案總頁數不得超過25頁，包括：

• 一頁摘要頁。
• 目錄。
• 完整解決方案。
• 一封給交通官員的信（一頁）。
• 參考文獻列表。
• AI使用報告（如果使用不計入 25 頁總限製）。

注意：完整的 MCM 提交文件沒有特定的最低頁數要求。您最多可使用 25 頁來包含您的所有解決(jue) 方案內(nei) 容及其他補充信息（例如圖紙、圖表、計算和表格）。允許提交部分解決(jue) 方案。我們(men) 允許謹慎使用 AI 工具（例如 ChatGPT），但完成本問題並不一定需要使用 AI 工具。如果您選擇使用生成式 AI 工具，必須遵循 COMAP 的 AI使用政策。此政策要求您在解決(jue) 方案文件的最後額外添加一份 AI 使用報告，不計入 25 頁的總限製。

全新 MCM/ICM：在線提交流程

本文旨在協助和指導參加 MCM/ICM 的學生和顧問。在文章中，COMAP 提供了有關(guan) 使用新在線提交頁麵的新在線提交流程的信息：

https://forms.comap.org/241335097294056

您需要團隊的控製號、顧問 ID 號和問題選擇才能完成提交。

術語表

（以下定義(yi) 來源於(yu) 多個(ge) 國際組織的定義(yi) ，包括ISO、ITU和INTERPOL。）

網絡犯罪：網絡犯罪包括利用數字設備和/或網絡實施的廣泛犯罪活動。

網絡安全事件：單個(ge) （或一係列）不受歡迎或意外的計算機安全事件，這些事件具有顯著可能性危害業(ye) 務運營並威脅網絡安全。

網絡安全：網絡安全是指可用於(yu) 保護網絡環境及組織和個(ge) 人資產(chan) 的工具、政策、安全概念、安全防護措施、指南、風險管理方法、行動、培訓、最佳實踐、保障和技術的集合。

Problem: Cyber Strong?

Background

More and more of our world has become connected through the wonders of modern technology. While this online connectedness has increased global productivity and made the world smaller, it has also increased our individual and collective vulnerability via cybercrime. Cybercrime is difficult to counter for a variety of reasons. Many cybersecurity incidents cross national borders, complicating issues of jurisdiction for both the investigation and the prosecution of these crimes. Additionally, many institutions, such as investment firms, are unwilling to report a hack, preferring to quietly pay a ransom demand than to let their clients and potential clients know that they were the victim of a security breach. To address the growing cost and risk of cybercrime, many countries have developed national cybersecurity policies, publicly available on their government websites. The International Telecommunication Union (ITU) is the specialized agency of the United Nations focused on information and communication technology; as such, they play a leading role in setting international standards, facilitating international cooperation, and developing assessments to help measure the status of global and national cybersecurity.

Requirements

In this problem, you are asked to help identify patterns that could inform the data-driven development and refinement of national cybersecurity policies and laws based on those that have demonstrated effectiveness. Develop a theory for what makes a strong national cybersecurity policy and present a data-driven analysis to support your theory. In developing and validating your theory, things you may wish to consider include:

• How is cybercrime distributed across the globe? Which countries are disproportionately high targets of cybercrimes, where are cybercrimes successful, where are cybercrimes thwarted, where are cybercrimes reported, where are cybercrimes prosecuted? Do you notice any patterns?
• As you explore the published national security policies of various countries and compare these with the distribution of cybercrimes, what patterns emerge that would help you identify parts of a policy or law that are particularly effective (or particularly ineffective) in addressing cybercrime (through prevention, prosecution, or other mitigation efforts)? Depending on your analytical approach, it may be relevant to consider when each policy was adopted.
• What national demographics (e.g., access to internet, wealth, education levels, etc.) correlate with your cybercrime distribution analysis? And how might these support (or conflate with) your theory?

Based on the quantity, quality, and reliability of the data you collected and used for your analysis, share any limitations and/or concerns that national policy makers should consider when relying on your work to develop and/or refine their national cybersecurity policies.

Your work should not seek to create a new measure of cybersecurity, as there are existing measures such as ITU's Global Cybersecurity Index (GCI),^[1] which assigns a score to each country based on their level of cybersecurity as assessed through five pillars: legal, technical, organizational, capacity building, and cooperation. Instead, you have been asked to seek meaningful patterns in the effectiveness of national cybersecurity policies and/or laws with respect to the national contexts in which those policies were enacted. The GCI or similar existing research may be useful in validating your work. Additional resources that could be useful include websites that collect cybercrime data, particularly those leveraging the VERIS framework, which attempts to standardize how cybercrime data is collected and reported,^[2] including the VERIS Community Database (VCDB). ^[3] You are encouraged to find other data sources but be mindful of the veracity and completeness of those sources.

Share Your Insights

Use your work to create a 1-page memo to country leaders (nontechnical policy experts) attending an upcoming ITU Summit on Cybersecurity. This memo should provide a nontechnical overview of your work, including a summary of the objective and context, your theory, and the most pressing findings that would be relevant to this audience of national policy-makers.

Your PDF solution of no more than 25 total pages should include:

• One-page Summary Sheet.
• Table of Contents.
• Your complete solution.
• One-page letter to the transportation officials.
• References list.
• AI Use Report (If used does not count toward the 25-page limit.)

Note: There is no specific required minimum page length for a complete MCM submission. You may use up to 25 total pages for all your solution work and any additional information you want to include (for example: drawings, diagrams, calculations, tables). Partial solutions are accepted. We permit the careful use of AI such as ChatGPT, although it is not necessary to create a solution to this problem. If you choose to utilize a generative AI, you must follow the COMAP AI use policy. This will result in an additional AI use report that you must add to the end of your PDF solution file and does not count toward the 25 total page limit for your solution.

NEW MCM/ICM: Online Submission Process

The purpose of this article is to assist and guide students and advisors participating in MCM/ICM. In the article, COMAP, provides information about the new online submission process using the new online submission page:

https://forms.comap.org/241335097294056

You will need your team's control number, advisor id number and your problem choice to complete your submission.

Glossary

(The following definitions are derived from definitions provided by multiple International Organizations, including ISO, ITU, and INTERPOL.)

Cybercrime: Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks.

Cybersecurity Incident: A single (or a series of) unwanted or unexpected computer security events that have a significant probability of compromising business operations and threatening cybersecurity.

Cybersecurity: Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment as well as organizational and individual assets.

參考資料[1]

https://www.itu.int/epublications/publication/global-cybersecurity-index-2024

[2]

https://verisframework.org/index.html

[3]https://verisframework.org/vcdb.html