应对智能交通领域的网络安全问题

凯尔Stetar

2023年6月30日

It’s time for the ITS sector to re-think and modernize network security to protect against today’s cybersecurity threats.

The unsettling times of the past two years have highlighted the cracks in our IT networks for nefarious actors to rear their ugly heads and unleash a torrent of cyberattacks. 事实上，最近的一份报告表明，网络事件已经上升了 高达600% 在这段黑暗时期.

随着世界进入新常态, industries are being challenged to re-visit their network security strategies. 在 智能交通系统 (ITS) sector that means re-thinking and modernizing network security to guard against today’s threats.

以前, launching a cyberattack of this scale would have required significant resources only available to state actors or large organizations. However, today’s tools are more easily accessible and ready to exploit vulnerabilities. 在某种程度上，每个连接都伴随着网络安全风险. 随着交通变得更加紧密, with vehicles that exchange information in real-time with other vehicles and with infrastructure, opportunities to take down entire transportation eco系统s will only rise. With each connected 系统 and 子系统, and the proliferation of new technologies into 交通网络，对强有力的网络安全措施的需求就会增加. 提高效率和自动化程度, the convergence of Operational Technology (OT) and Information Technology (IT) will accelerate, 更多的系统将与互联道路集成在一起, 由操作控制中心(OCC)远程监督.

不要相信任何人

A solid approach to cyber defense in the transportation industry must consider the data network since that’s w在这里 most cyber exploits originate. Understanding network vulnerabilities lets IT personnel head off attacks before they can affect mission-critical 系统s and impact public safety. 例如, if a network switch is left at the default configuration a hacker only needs to download the readily available user manual to find potential security gaps and infiltrate the 系统.

另外, IT need to consider a rules-based security strategy with a layered approach to access that ensures root users, 超级管理员, 并且明确定义了管理员级用户, 并且访问控制的级别是持续执行的.

A zero trust network security strategy can safeguard the organisations’ resources, 还有网络, 通过保护对资源的访问. Zero trust assumes attackers are already present and ready to attack — t在这里 is no implicit trust. Micro- and macro-segmentation ensures access is limited to the resources needed when the request is made. Zero trust applies multiple layers of security protection equally to every internal and external person, 系统, 子系统, 应用程序, 以及试图接入网络的设备. 例如, if someone wants to connect with a camera to which they do not have access, 智能网络交换机可以检测并拒绝这种尝试. Such 系统s can also inspect within the packet to determine whether certain traffic is allowed. 另外, all network resources are continuously scanned for unusual or malicious activities.

而每个运输运营商的要求是独特的, the following five elements are critical steps for assessing and implementing a security strategy:

1. 监控: Identify data types, 应用程序s, assets, and network services to be protected

2. 验证: Assess data flows, including cloud environments and how network resources interact

3. 计划: Architect and segment the network around data types, 应用程序s, assets and services

4. 模拟: Develop and test the policies to verify they protect all network resources

5. 执行: Continuously monitor to detect violations, remediate and strengthen the policy

安全常用

At Alcatel-Lucent Enterprise we are helping transport operators modernize their ITS networking vision with built-in security protection. 我们提供可靠的, 高级功能, 通过设计提高弹性和网络安全性, 即使在最具挑战性的运输条件下. The Alcatel-Lucent OmniSwitch® family of switches takes enterprise-grade functionality from the data centre all the way to the edge with the OmniSwitch 6865 and OmniSwitch 6465 families developed to support mission-critical 应用程序s that need to operate in extreme environments. 这些开关可以承受室内/室外的挑战, 极端高温/寒冷的运输环境, 而智能软件则保证了可靠的性能和安全性. 另外, these rugged switches can be stacked to create a virtual chassis and are specifically designed for transportation and traffic control 系统s.

The ALE OmniSwitch family is field-proven and globally deployed across all industries. ALE产品经过真实世界的试验, including penetration testing to address today’s growing cyber threat. 但安全不仅仅是我们的产品. A newly formed organization within ALE is working to ensure that security is integrated and managed at the organizational level. 这种安全的文化方法使我们与竞争对手区别开来. 从设计师到开发人员, ALE在每个级别都包含安全考虑, 确保网络保护在每个阶段都是内在的, 从设计到支持.

ALE’s robust networking solutions deliver the protection needed to make ITS a reality today and help transport operators evolve toward a safer, 更安全的明天.