智能充电桩信息安全风险评估流程研究  被引量：3

作　　者：忻奕敏 叶琼瑜 任悦 张倩 XIN Yimin;YE Qiongyu;REN Yue;ZHANG Qian(Shanghai Testing&Inspection Institute for Electrical Equipment Co.,Ltd.,Shanghai 200063,China)

机构地区：[1]上海电器设备检测所有限公司,上海200063

出　　处：《自动化仪表》2022年第7期91-95,共5页Process Automation Instrumentation

摘　　要：随着新能源汽车的普及,智能充电桩也越来越多地出现在人们的日常生活中。它们不仅具有充电功能,还可以与管理平台进行交互,从而实现用户的认证、充电计费、用户信息收集等功能。在这些信息交互的过程中,信息安全的问题也随之而来。如果不加以重视,会造成巨大的财产损失。信息安全问题的发现依靠周期性的风险评估。它是系统信息安全评估的重要环节之一,包括以下四个方面:资产评估、威胁评估、脆弱性评估和保障能力评估。在研究智能充电桩具体应用场景,并且参考大量风险评估相关的文献内容后,基于前述的四个方面,可以归纳出一种针对智能充电桩信息安全风险评估的实施方法。该研究旨在对智能充电桩信息安全风险评估流程提供一套切合实际应用场景、规范化的方法,对于推动智能充电桩应用场景下信息安全技术要求的落地具有重要意义。Along with the popularity of new energy vehicles, intelligent charging piles are increasingly appearing in people’s daily life. They not only have charging functions, but also can interact with the management platform, to realize user authentication, charging billing, user information collection and other functions. In the process of these information interactions, the problem of information security comes along, which can cause huge property losses if not taken seriously. The discovery of information security issues relies on periodic risk assessment, which is one of the important aspects of system information security assessment, including the following four aspects: asset assessment, threat assessment, vulnerability assessment and assurance capability assessment. After studying the specific application scenarios of intelligent charging piles and referring to a large amount of literature content related to risk assessment, an implementation method for information security risk assessment of intelligent charging piles can be summarized based on the four aspects. This research aims to provide a set of standardized methods for the information security risk assessment process of intelligent charging piles to meet the actual application scenarios, which is of great significance to promote the implementation of information security technical requirements in the application scenarios of intelligent charging piles.

关 键 词：信息安全 风险评估 智能充电桩 资产评估 威胁评估 脆弱性评估 保障能力 数据交互 

分 类 号：TH-39[机械工程]