地方铁路机车智能运维系统信息安全防护体系研究——以朔黄铁路智能运维系统为例  被引量：12

作　　者：彭丽宇 张进川[1] 苟娟琼 李学伟[1] PENG Li-yu;ZHANG Jin-chuan;GOU Juan-qiong;LI Xue-wei(School of Economics and Management,Beijing Jiaotong University,Beijing 100044, China;Shuo Huang Railway Development CO.,LTD,Cangzhou Hebei 062350,China)

机构地区：[1]北京交通大学经济管理学院,北京100044 [2]朔黄铁路发展有限责任公司,河北沧州062350

出　　处：《北京交通大学学报（社会科学版）》2019年第3期111-119,共9页Journal of Beijing Jiaotong University(Social Sciences Edition)

摘　　要：随着信息化、数字化、智能化技术在现代铁路系统的广泛应用,铁路系统中包含的大量信息已经成为宝贵资产,如何保护和运用好这些信息已成为十分重要的课题。以朔黄铁路智能运维系统为例,从车载设备、网络通信、应用平台和信息数据资源方面,对地方货运铁路机车智能运维系统存在的一些安全性风险和漏洞进行分析,发现地方货运铁路机车智能运维系统信息集成融合越来越高,对外暴露的设备接口、网络设备、通信链路、数据协议等安全防护不足,大大增加了遭受恶意攻击的风险。因此,应根据系统中存在的各种风险建立有效的信息安全防护体系。针对设备、网络、应用、数据方面的风险漏洞,可通过增强固件安全、修复安全漏洞、标记设备身份、控制设备访问等措施加强车载设备安全性;通过强化网络结构、加密通信传输、安全监测审计等措施加强车载和地面内部网络以及车地传输的安全性;通过管控用户安全、加固平台安全、安全监测审计等措施加强应用平台安全性;通过数据安全存储、数据访问控制、安全数据分析等措施加强数据在采集、存储、传输和应用等多环节的安全性,从而形成完善的信息安全防护体系,以确保系统的安全高效运行。With the wide application of informatization, digitalization and intelligent technology in modern railway system, a large amount of information in the railway system has become a valuable asset and how to protect and make good use of these information has become an important subject. Taking intelligent operation & maintenance system of Shuohuang Railway as an example, this paper analyzes security risks and vulnerabilities in the intelligent operation and maintenance system of local freight railway locomotives from the aspects of in-vehicle equipment, network communication, application platform, and information data resources. It finds that the information of local freight railway locomotive intelligent operation & maintenance system is getting increasingly integrated, and the insufficiency of security protection of externally exposed device interfaces, network devices, communication links, and data protocols greatly increases the risk of malicious attack.Therefore, an effective information security protection system should be established against various risks in the system. Regarding risk vulnerabilities in aspects of equipment, network, application, and data, the following measures can be taken to set up a complete information security protection system so as to ensure a safe and efficient operation of the system: Security of in-vehicle equipment can be improved by enhancing firmware security, fixing security vulnerabilities, marking device identity, and controlling device access;Security of in-vehicle, ground internal networks and vehicle-to-ground transmission can be enhanced by strengthening network structure, encrypted communication transmission, and security monitoring and auditing;Security of application platforms can be strengthened by controlling user security, reinforcing platform security, and security monitoring and auditing;Security of data collection, storage, transmission and application can be improved by data security storage, data access control, and security data analysis.

关 键 词：地方货运铁路机车 智能运维系统 信息安全 网络 漏洞 

分 类 号：TP309[自动化与计算机技术—计算机系统结构] U29-39[自动化与计算机技术—计算机科学与技术]