轨道交通车辆通信网络系统的安全纵深防御策略
马法运徐东超徐燕芬
In-depth Security Defense Strategy for Rail Transit Vehicle Communication Network System
MA FayunXU DongchaoXU Yanfen
-
作者信息:中车青岛四方车辆研究所有限公司,266001,青岛
-
Affiliation:CRRC Qingdao Sifang Rolling Stock Research Institute Co.,Ltd.,266001,Tsingtao,China
-
关键词:
-
Key words:
-
DOI:10.16037/j.1007-869x.2024.09.038
-
中图分类号/CLCN:U283.2
-
栏目/Col:研究报告
摘要:
[目的]车辆通信网络系统具有种类繁多、数量庞大的内外网通信接口,使得车辆信息安全风险持续攀升。传统的物理隔离已不能满足高等级的车辆通信网络安全要求,应采用多层次防护的设计方法,以提升车辆通信网络的安全防护等级。[方法]分析了车辆通信网络外部和内部的安全风险。提出建立轨道交通车辆通信网络系统的安全纵深防御策略,并在安全准则、安全要求规范、安全设计、安全实施、安全认证和确认测试5个方面,建立了该策略的“安全技术+安全管理措施”防护体系。[结果及结论]该策略可实现车辆通信网络系统从安全需求到系统设计、从安全产品开发到运营维护全生命周期的管理,可全面提升车辆通信网络系统的安全防护能力,满足信息安全要求。
Abstracts:
[Objective] The vehicle communication network contains a wide variety and a large quantity of internal and external network communication interfaces, resulting in continuous rising of the vehicle information security risks. As the traditional physical isolation can′t meet the high-level security requirements of the vehicle communication network, a multi-level protection design method should be adopted to upgrade the security protection level of this network. [Method] The external and internal security risks in the vehicle communication network are analyzed. Establishing an in-depth security defense strategy for the communication network system of the rail transit vehicle is proposed. A security protection system of the strategy based on security technology and security management measures is established from five aspects, i.e. security criteria, security requirement specification, security design, security implementation, security certification, and confirmation testing. [Result & Conclusion] The proposed strategy can achieve the whole life cycle management of the vehicle communication network system from security requirements to system design, from secure product development to operation and maintenance. It can comprehensively enhance the security protection capability of the vehicle communication network system, meeting the information security requirements.
- 上一篇: 高铁物流运输模式及其可行性
- 下一篇: 数字化转型难在转型
过刊浏览
资料下载
友情链接