On February 18th, the “Guidelines for the Safety of Vehicle Network Security Guide†(hereinafter referred to as “Guidelinesâ€) was officially released at the 6th Annual Conference of Automotive Information Service Industry. "China Auto News" reporter learned that in order to widely listen to the opinions and suggestions of the "Guide", supplement and improve the contents of the "Guide", make it based on reality, meet the needs, guidance, and easy to implement, and effectively help the car networking enterprises to improve Network security public work ability, reduce information security risks, improve product reliability and competitive strength of the vehicle network security rules, and promote the industry to carry out network security work in a stable and effective manner, the in-vehicle information service industry application alliance is now Industry and society publicly solicit opinions, and please submit the "Request for Comments" to the Secretariat of the In-Vehicle Information Service Industry Application Alliance before March 31, 2017, and welcome the participation of the industrial units in the preparation and implementation of the Guide.
The following is the details of the Guide.
Vehicle Network Security Protection Guide Rules (Draft for Comment)
Driven by energy conservation, environmental protection, safety and comfort, as well as vehicle networking, autonomous driving, and intelligent transportation, automobiles are rapidly becoming intelligent and networked. Compared with traditional vehicles, intelligent networked vehicles have unprecedented advantages in energy saving, safety and comfort, and are in line with the development trend of the automobile industry and transportation, but also pose great challenges to network security. Vehicle network security has an important impact on traffic safety, social security and national security. In order to promote the healthy development of the automobile industry, improve the safety level of the vehicle network, and ensure the safety of the vehicle network system, these rules are formulated.
These rules are based on the "Guidelines for Information Security Protection of Industrial Control Systems" and are refined and formulated in conjunction with the field of vehicle networking. These rules apply to enterprises and institutions operating in the vehicle network system and in the planning, design, construction, operation and maintenance, and evaluation of products related to the Internet of Vehicles system.
Vehicle network system operators should do a good job in industrial security protection from the following eleven aspects.
First, security software selection and management
(1) The vehicle end equipment security software needs to pass the authorization and safety assessment of the vehicle network operation enterprise, and select corresponding security measures (such as safe start, security upgrade, secure communication, secure storage, security monitoring, etc.) for the vehicle end equipment based on risk assessment. Security software such as malicious code protection.
(2) The vehicle terminal APP security management software needs to have security measures such as unauthorized APP installation protection, authorized APP uninstall protection, and authorized APP tamper protection; the vehicle terminal APP adopts security measures such as identity authentication, sensitive data security storage, and secure transmission. software. The relevant security software needs to pass the authorization and security assessment of the vehicle network operation enterprise itself.
(3) The mobile terminal APP adopts protection measures such as identity authentication, sensitive information input security protection, sensitive data security storage, secure transmission, code anti-tampering, anti-reverse, anti-heavy packing, anti-debugging, etc.
Security software, and related security software must pass the authorization and security assessment of the vehicle network operation enterprise itself.
(4) The service platform security software needs to pass the authorization and security assessment of the vehicle network operation enterprise itself, and has the security capability (such as key management, identity authentication management, remote upgrade management, and vehicle terminal APP) to support the security requirements of the vehicle terminal equipment and the mobile APP. Management, security monitoring, data security, malicious code protection, etc., forming an integrated defense system for vehicles, mobile APPs and service platforms.
Second, configuration and patch management
(1) Establish and maintain a configuration list of the vehicle network system, retain the access log of the network boundary equipment, and log the key business of the vehicle network for a period of not less than six months, and periodically perform configuration audit.
(2) Make a change plan for major configuration changes and conduct impact analysis, and conduct strict safety tests before the configuration changes are implemented.
(3) Pay close attention to major security vulnerabilities in the vehicle network and take timely software upgrade measures. Before the upgrade, the software needs to undergo a rigorous security assessment and test verification.
(4) If remote upgrade is required, the upgrade process must be carried out under the conditions of system security, with communication security (such as authenticity, integrity, confidentiality, etc.), as well as the ability of abnormal detection and response, and need to obtain user confirmation. And the upgrade process needs to record complete log information (including service platform, vehicle-side equipment, human-computer interaction activities, etc.).
Third, border security protection
(1) Separating the development, testing and production environment of the vehicle networking system.
(2) In the design of vehicle architecture, network segmentation and isolation techniques are adopted. Perform boundary control (such as whitelist, data flow, data content, etc.) on different network segments (such as different types of networks inside the vehicle, as well as mobile communication networks for vehicles and external communications, etc.), and data entering the vehicle's internal control bus. Safety control and safety monitoring.
(3) Vehicle-side critical network border devices (such as T-BOX, gateway, etc.) need to provide boundary security protection functions (such as firewall, intrusion detection, intrusion prevention, and limit diagnosis and other non-standard traffic).
(4) Vehicles and external communications adopt secure access methods (such as VPN), and can divide services and access the network through different secure communication subsystems.
(5) The service platform needs to have security functions such as firewall and intrusion detection.
Fourth, physical and environmental security protection
(1) The service platform computer room is located in China. The equipment room selection, design, power supply, fire protection, temperature and humidity control, etc. meet the requirements of relevant national standards, and the physical security protection measures such as access control, video surveillance, and special personnel shall be taken for the equipment room; public cloud is adopted. Service mode service platform, choose cloud service providers to meet the relevant national standards.
(2) Configuring and accessing all access points (such as Bluetooth, USB, CD, diagnostic interface, debugging interface, positioning system, TPMS radio frequency communication, car key radio frequency communication, RFID, etc.) of the vehicle end equipment (such as whitelist, Data flow, data content, etc.).
V. Identity authentication
(1) Use identity authentication management in the process of vehicle opening, mobile APP login, service platform access, etc. In key business scenarios (such as remote upgrade, remote control, etc.), multi-factor authentication is used (such as static password authentication, dynamic password authentication, key-based authentication, biometric identification, etc.).
(2) Implement real-name identity (based on name, ID number, VIN number, mobile) in the user registration process of car SIM, car networking application (mobile terminal APP, car terminal APP, etc.) in accordance with the principle of “real name in the background and voluntary at the front desk†Phone number, etc.) registration.
(3) The service platform is reasonably classified to set account rights, and the account rights are assigned in the principle of least privilege.
(4) Strengthen the login account and password of the vehicle end equipment and access points, forcibly change the default password, avoid using weak passwords, and update the password regularly.
(5) Using an identity authentication mechanism in the data communication process between the vehicle networking communication entities (such as mobile terminals, service platforms, vehicle terminals, roadside units, etc.).
Sixth, remote access security
(1) The vehicle end equipment needs to strictly control the remote access port and close unnecessary ports.
(2) Key business scenarios that require remote access (such as remote upgrade, remote control, etc.), use private line VPN for security hardening, control access time limit, and adopt mechanisms such as identity authentication, data security transmission, and access control. Â
(3) Preserving relevant access logs of the car networking system and conducting security audits on the operation process.
VII. Safety monitoring and emergency plan drills Â
(1) Establish a security monitoring and defense system in the vehicle networking system to timely discover, report and handle network attacks or abnormal behaviors.
(2) Key equipment at the vehicle end shall have functions such as package inspection and data monitoring to limit illegal operations.
(3) Formulating emergency response plans for security incidents. When a security threat threatens the abnormality or failure of the vehicle networking system, emergency protective measures should be taken immediately to prevent the situation from expanding and report to the provincial-level industrial and information administration authorities. At the same time, pay attention to the protection of the site in order to conduct investigation and evidence collection.
(4) Regularly conduct drills on the emergency response plan of the vehicle networking system and, if necessary, revise the emergency response plan.
Eight, asset security
(1) Build a list of assets of the vehicle networking system, clarify the person responsible for the assets, and the rules for the use and disposal of assets.
(2) Redundant configuration of key equipment and components.
Nine, data security
(1) Conducting risk assessments on the data collected, transmitted and stored in the vehicle networking system. Key business data and user information must use security mechanisms (such as encryption, tamper resistance, etc.) during storage and transmission, and use access control policies during use.
(2) Regularly back up key business data.
(3) The collection, storage, transmission and use of user information (including car owners, vehicle users, vehicle basic information, vehicle operating data, etc.) must be explicitly authorized by the user.
X. Supply Chain Management
(1) When selecting the planning, design, construction, operation and maintenance or evaluation, product and service providers of the vehicle networking system, the products that pass the safety assessment are preferred, and the enterprises and institutions with the experience of security services are preferred, and the suppliers are required to do Corresponding confidential work to prevent the leakage of sensitive information.
(2) Carry out safety assessment before the vehicle networking system is put into operation or when major changes occur, and conduct regular safety assessments on the vehicle networking system put into operation.
XI, implementation of responsibility
Through the establishment of the vehicle network security management mechanism and the establishment of a network security coordination group, the responsible persons of network security management are clarified, the security responsibility system is implemented, and security protection measures are deployed.
Gas valves for use with natural gas, manufactured gas, mixed gas, liquefied petroleum gas and LP gas-air mixtures.
JKLONG Gas valves are produced in modern factories used exclusively for valve manufacturing. Each phase of the manufacturing process, from selection of raw materials to casting, forging, machining, assembly and testing, has been improved with automated production facilities and unparalleled production technology. Standardization and automation yield JKLONG brass valves of superior quality and higher uniformity at competitive prices supported by incomparably prompt delivery.
Gas Valve,Brass Gas Valve,Brass Gas Ball Valve,Leak Proof Gas Valve
Ningbo Jiekelong Precision Manufacturing Co., Ltd. , http://www.jklvalve.com