The framework of standard system includes six parts: commonness and foundation, terminal and facility network security, network communication security, data security, application service security, security guarantee and support. In the key areas and directions, the following contents are put forward:
1, general and basic * * * criteria
General and basic standards are general, universal and guiding standards for network security and data security of vehicle networking, including terms and definitions, general architecture and password application.
Terminology and definition standards mainly regulate the main concepts of network security and data security of vehicle networking, and provide a basis for terminology and definitions in related standards.
The overall architecture standard mainly regulates the overall architecture requirements of the network security of vehicle networking, defines and defines the protection object, protection mode and protection mechanism, and guides enterprises to systematically carry out network security protection.
The password application standard mainly regulates the general requirements of password application in vehicle networking, and defines the requirements of digital certificate format, digital certificate application and device password application.
2. Network security standards for terminals and facilities.
It mainly regulates the network security requirements of vehicle networking terminals and infrastructure, including four standards: vehicle equipment network security, vehicle end network security, roadside communication equipment network security, network facilities and system security.
The network security standards for on-board equipment mainly regulate the security protection and detection requirements of key intelligent equipment and components of intelligent networked vehicles, including the security standards for automobile gateways, electronic control units, automobile security chips and on-board computing platforms.
Vehicle-side network security standards mainly regulate the safety protection and detection requirements of vehicle electronic and electrical architecture, bus architecture and system architecture.
The network security standard of roadside communication equipment mainly stipulates the security protection and detection requirements of networked roadside equipment. The safety standards of network facilities and systems mainly regulate the safety protection and detection requirements of network facilities and systems of vehicle networking.
3, network communication security standards
Network communication security standards mainly regulate the network security, identity authentication and other related security requirements of vehicle networking communication, including communication security and identity authentication. The letter security standard mainly regulates the security protection and detection requirements of cellular car networking (C-V2X), cellular mobile communication (4G/5G), satellite communication, radio frequency identification, vehicle wireless local area network, Bluetooth low energy consumption (BLE) Zigbee and ultra-wideband (UWB). Identity authentication standards mainly regulate the technical requirements related to digital identity authentication of vehicle networking, such as certificate application interface, certificate management system, security authentication technology and testing method, lightweight authentication of key components, etc.
4. Data security standards
Data security standards mainly regulate data security and personal information protection requirements of intelligent networked vehicles, vehicle networking platforms and in-vehicle application services, including general requirements, classification and grading, export security, personal information protection and application data security. The general requirements standards mainly stipulate the types, scope, quality and granularity of data that can be collected and processed by the Internet of Vehicles, including standards such as minimum data collection, secure data storage, encrypted data transmission and secure data sharing. Classification and grading standards mainly regulate the classification and grading protection requirements of vehicle networking data, formulate standards such as dimensions, methods and examples of data classification and grading, and clarify important data types and safety protection requirements. Data exit safety standards mainly regulate the implementation of data exit safety requirements in the vehicle networking industry according to laws and regulations, including the key points and methods of data exit safety assessment. Personal information protection standards mainly regulate the protection mechanism and related technical requirements of users' personal information in the Internet of Vehicles, and define the scenarios, rules and technical methods for protecting users' sensitive data and personal information, including anonymization, de-identification, data desensitization, abnormal behavior identification and other standards. The application of data security standards mainly regulates the data collection, processing and use activities of related applications of vehicle networking, including data security standards such as vehicle networking platform, network car, and vehicle applications.
5. Application of service safety standards
Application service security standards mainly regulate the security requirements of vehicle networking service platforms and applications, as well as the security requirements in typical business application service scenarios, including platform security, application security and service security. Platform safety standards mainly regulate the safety protection and detection requirements of vehicle networking information service platform, remote upgrade (OTA) service platform, edge computing platform and remote information service and management of electric vehicles. Application safety standards mainly regulate the safety protection and detection requirements of vehicle networking applications. Service safety standards mainly regulate the safety requirements in typical service scenarios of vehicle networking, including vehicle remote diagnosis, advanced assisted driving, vehicle-road coordination and other service safety requirements.
6, safety and support standards
The safety guarantee and support standards mainly regulate the safety requirements related to the safety management and support of the vehicle networking network, including risk assessment, safety monitoring and emergency management, and safety capability assessment. The risk assessment standard mainly regulates the requirements of safety risk classification and safety grade division of vehicle networking, clarifies the safety risk assessment process and method, and puts forward the relevant requirements such as vehicle networking service platform and vehicle networking safety risk assessment specification. Safety monitoring and emergency management standards mainly regulate the related requirements of vehicle networking network safety monitoring, data safety monitoring, emergency management, classification and classification of network security vulnerabilities, traceability of security incidents, and other related specifications such as safety management interface, real-name registration of vehicle networking network card, and HI interface of vehicle networking service submission gateway. The safety capability evaluation standard mainly regulates the deployment and implementation of safety protection measures such as vehicle networking service platform operators, intelligent networked automobile manufacturing enterprises and basic telecommunications enterprises, and puts forward network security maturity model, data security maturity model, safety capability maturity evaluation standard, evaluation implementation method, institutional capability identification, road vehicle information security engineering and other related requirements.