互联网环境下铁路信息安全等级保护设计方案研究
Proposal of railway information security level protection on Internet
-
摘要: 信息安全是铁路信息系统建设的一个重要问题,目前我国铁路缺少统一、标准化的信息安全等级保护解决方案,伴随互联网发展,铁路出现一批面向互联网提供服务的信息系统,该类信息系统的上线应用,生产系统不可避免与外网互联,信息安全受到威胁日益加大。本文提出了互联网接入管理中心支持下的安全计算环境子系统、安全区域边界子系统、安全通信网络子系统保护三重防护技术体系结构,形成纵深防御体系。基于该体系并结合互联网信息系统的特点,对安全方案设计开展了研究,可为相关部门采取相应的防护技术和管理措施提供理论依据和参考。Abstract: Information security was an important issue for the construction of Railway Information System. There was a lack of standardized solutions for information security level protection in railway industry. With the development of Internet, a number of service-oriented information systems on the Internet were developed, manufacturing system was connected with internet inescapability and the security threat was increased. Treble Defense-in-depth System supported by security management center was proposed in the paper which was consisted of safe compute environment, border protection and communication network protection. Combined with the characteristics of Information Systems on Internet, security program was designed in this paper. The proposed program could provide references for relevant departments.