城市轨道交通综合监控系统和FAS信息安全技术网络安全等级保护定级与方案研究

Urbanrail transit integrated monitoring system and FAS information security technology network security level protection grading and scheme

随着信息安全技术网络安全等级保护进入2.0时代,城市轨道交通综合监控系统和FAS信息安全技术网络安全渐渐引起建设运营管理单位、参建单位等各方关注。依据规范和国内轨道交通建设经验,综合监控系统一般按照等级保护第三级进行建设。若将FEP纳入防火墙保护范围,将会使接口繁多的FEP又增加一倍的接口,这增加了综合监控系统故障点和集成建设难度。因FAS通信协议、工作站软件等导致FAS无法安装防火墙、无法,上传及下发相关数据日志等问题,同时单独组网的FAS安全风险相对可控,城市轨道交通一般不针对FAS进行等级保护备案,亦可不进行第三方等级保护测评,可参照等级保护测评单位专家指导建议,加强系统边界保护、物理机房安全、授权访问机制建设,制定有效可行的安全管理制度并严格执行。

With the information security technology and cybersecurity for classified protection going into the 2.0 era,the construction operation management department,construction participating department and other department are gradually paying close attention to the classified protection for ISCS and FAS.According to the design code and domestic rail transit construction experience,the integrated supervisory control system is generally constructed according to the third level of classified protection.If FEP is in the protection scope of the firewall,it will double the interfaces number of FEP which already have numerous interfaces.It will increase failure points and the difficulty of integration construction for integrated supervisory control system.Due to the communication protocol and software in workstation,FAS cannot install a firewall and upload or send data logs.For FAS deploying independent network,the safety risk is relatively controllable.In urban rail transit,it generally does not put on records for FAS classified protection,nor does it carry out third-party classified protection evaluation.Refering to the guidance and suggestions of experts from hird-party classified protection evaluation companies,it can strengthen the construction of system boundary protection,physical room security and authorized access mechanism,also formulate effective and feasible safety management system which should be strictly implemented.