摘要
提出一种基于通用漏洞评价系统(Common Vulnerability Scoring System,CVSS)的列车车载通信系统信息安全风险评估方法,详细介绍该方法的工作流程,开展缺陷概率评估、缺陷影响评估,得出各系统缺陷的风险范围所对应的信息安全等级,并最终应用到某国外地铁车载通信系统项目的信息安全风险评估活动中,为后续开展系统优化活动以及采取优化措施后的信息安全风险再定位奠定基础。
This paper proposes a cyber security risk assessment methodology for rolling stock onboard communication systems based on the Common Vulnerability Scoring System(CVSS),introduces the workflow of the method in detail,and carries out defect probability and impact assessment,and also derives the cyber security level corresponding to the risk range of each system defect.Finally,it is applied to cyber security risk assessment activities of an overseas metro onboard communication system project,laying a foundation for the subsequent system optimization activities and cyber security risk repositioning after taking optimization measures.
作者
阎士奇
Yan Shiqi(CRRC Qingdao Sifang Rolling Stock Research Institute Co.,Ltd.,Qingdao 266000,China)
出处
《铁路通信信号工程技术》
2024年第4期57-62,95,共7页
Railway Signalling & Communication Engineering
基金
中车青岛四方车辆研究所有限公司系统研制项目(2021SRI146)。
关键词
信息安全风险
缺陷概率和影响评估
CVSS
列车车载通信系统
cyber security threat
defect probability and impact assessment
Common Vulnerability Scoring System(CVSS)
rolling stock onboard communication system