Recently, the Ministry of Industry and Information Technology issued the "Guidelines for the Construction of The Network of Vehicle Network Network Security and Data Security Standard System", aiming to initially build a network security and data security standard system for the Internet of Vehicles by the end of 2023. Focus on basic commonality, terminal and facility network security, network communication security, data security, application service security, security assurance and support and other standards, and complete the development of more than 50 urgently needed standards. By 2025, a relatively complete network security and data security standard system for the Internet of Vehicles will be formed. Complete the development of more than 100 standards, improve the coverage of standards in subdivisions, strengthen standard service capabilities, improve the level of standard application, and support the safe and healthy development of the Internet of Vehicles industry.
The standard system framework includes six parts: overall and basic commonality, terminal and facility network security, network communication security, data security, application service security, and security assurance and support. In the focus areas and directions, the following are proposed:
1. General and basic commonality standards
The overall and basic common standards are the overall, universal and guiding standards for the network security and data security of the Internet of Vehicles, including three types of standards, such as terms and definitions, overall architecture, and password application.
Terminology and definition standards mainly regulate the main concepts of vehicle network security and data security, and provide basis support for terms and definitions in related standards.
The overall architecture standard mainly regulates the overall architecture requirements of the network security of the Internet of Vehicles, clarifies and defines the protection objects, protection methods, and protection mechanisms, and guides enterprises to systematically carry out network security protection work.
The password application standard mainly regulates the general requirements for the application of passwords for the Internet of Vehicles, and clarifies the requirements for digital certificate formats, digital certificate applications, and device password applications.
2. Terminal and facility network security standards Terminal and facility network security standards
It mainly regulates the relevant network security requirements such as vehicle networking terminals and infrastructure, including four types of standards, such as vehicle equipment network security, vehicle-side network security, roadside communication equipment network security, and network facility and system security.
The on-board equipment network security standard mainly regulates the safety protection and detection requirements of key intelligent equipment and components of intelligent and connected vehicles, including safety standards such as automotive gateways, electronic control units, automotive security chips, and in-vehicle computing platforms.
The vehicle-side network security standard mainly regulates the safety protection and detection requirements of the vehicle's electronic and electrical architecture, bus architecture, system architecture, etc.
The network security standard for roadside communication equipment mainly regulates the security protection and detection requirements of networked roadside equipment. The security standards for network facilities and systems mainly regulate the security protection and detection requirements of network facilities and systems of the Internet of Vehicles.
3. Network communication security standards
The network communication security standard mainly regulates the relevant security requirements such as network security and identity authentication of the Internet of Vehicles, including communication security, identity authentication and other two types of standards. The information security standard mainly regulates the cellular internet of vehicles (C-V2X), as well as the cellular mobile communication (4G/5G), satellite communication, radio frequency identification, in-vehicle wireless LAN, Bluetooth low energy consumption (BLE), purple bee (Zigbee), ultra-broadband (UWB) and other security protection and detection requirements. Identity authentication standards mainly regulate the certificate application interface, certificate management system, security certification technology and test methods, and lightweight certification of key components related to digital identity authentication of the Internet of Vehicles.
4. Data security standards
Data security standards mainly regulate data security and personal information protection requirements such as intelligent networked vehicles, vehicle networking platforms, and in-vehicle application services, including five types of standards, such as general requirements, classification and grading, outbound security, personal information protection, and application data security. The general requirements standard mainly regulates the data types, scope, quality, granularity, etc. that can be collected and processed by the Internet of Vehicles, including standards such as data minimization collection, data security storage, data encryption transmission, and data security sharing. Classification and grading standards mainly regulate the classification and protection requirements of Vehicle Networking data, formulate standards such as dimensions, methods, and examples of data classification and classification, and clarify important data types and security protection requirements. The data export security standards mainly regulate the implementation of data export security requirements in accordance with laws and regulations in the Internet of Vehicles industry, including the key points of data export security assessment, assessment methods and other standards. Personal information protection standards mainly regulate the personal information protection mechanism and related technical requirements of Vehicle Network users, clarifying the scenarios, rules, and technical methods for the protection of users' sensitive data and personal information, including standards such as anonymization, de-identification, data desensitization, and abnormal behavior identification. Application data security standards mainly regulate data collection and processing and use activities carried out by applications related to the Internet of Vehicles, including data security standards such as Internet of Vehicles platforms, online ride-hailing, and in-vehicle applications.
5. Application service security standards
The application service security standard mainly regulates the security requirements of the Internet of Vehicle Service Platform and application, as well as the security requirements of typical business application service scenarios, including three types of standards, such as platform security, application security and service security. Platform security standards mainly regulate security protection and detection requirements such as the Internet of Vehicles information service platform, remote upgrade (OTA) service platform, edge computing platform, and electric vehicle telematics service and management. Application security standards mainly regulate security protection and detection requirements such as Internet of Vehicles applications. Service safety standards mainly regulate the safety requirements under the typical business service scenarios of the Internet of Vehicles, including service safety requirements such as remote diagnosis of automobiles, advanced assisted driving, and vehicle-road collaboration.
6. Safety assurance and support standards
The security assurance and support standards mainly regulate the security requirements related to the network security management and support of the Internet of Vehicles, including three types of standards, such as risk assessment, security monitoring and emergency management, and security capability assessment. The risk assessment standards mainly regulate the requirements for the classification of network security risks and the classification of security levels of the Internet of Vehicles, clarify the security risk assessment processes and methods, and put forward relevant requirements such as the Internet of Vehicle Service Platform and the Vehicle Network Security Risk Assessment Specifications. The security monitoring and emergency management standards mainly regulate the relevant requirements such as network security monitoring, data security monitoring, emergency management, network security vulnerability classification and grading, security incident tracking and traceability, as well as relevant specifications such as security management interface, real-name registration of vehicle networking cards, and vehicle networking service submission gateway (HI) interface. The security capability assessment standards mainly regulate the deployment of security services for the operation enterprises of the Internet of Vehicle Service Platform, the intelligent networked vehicle production enterprises, the basic telecommunications enterprises and other security protection measures, and put forward the relevant requirements of the network security maturity model, the data security maturity model, the security capability maturity evaluation criteria, the assessment implementation method, the institutional capability identification, and the road vehicle information security project.
![In the era of big data, who is in charge of my personal privacy information?[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)