Research on the Risk Assessment System for Data Security in the Transportation Industry#br#

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (11): 1064-.

Research on the Risk Assessment System for Data Security in the Transportation Industry#br#

Yang Honglu1, Chen Zhigang2, Lu Yanhui3, Shao Zhengda4, Guo Ruiling5, and Hu Yong5

1(China Academy of Transportation Science, Beijing 100029)
2(Guizhou Qiantong Zhilian Technology Co., Ltd., Guiyang 550081)
3(Hebei Jixiangtong Electronic Technology Co., Shijiazhuang 050081)
4(Highway Monitoring & Response Center, Ministry of Transport of PRC, Beijing 100029)
5(School of Cyber Science and Engineering, Sichuan University, Chengdu 610207)

Online:2025-11-27 Published:2025-11-27

交通运输行业数据安全风险评估体系研究

杨洪路1陈志钢2卢妍辉3邵征达4郭睿玲5胡勇5

1(交通运输部科学研究院北京100029)
2(贵州黔通智联科技股份有限公司贵阳550081)
3(河北冀翔通电子科技有限公司石家庄050081)
4(交通运输部路网监测与应急处置中心北京100029)
5(四川大学网络空间安全学院成都610207)

通讯作者: 胡勇博士，教授.主要研究方向为代码安全、数据安全和内容安全. huyong@scu.edu.cn
作者简介:杨洪路博士，高级工程师.主要研究方向为交通信息化、数据安全. yanghl@163.com 陈志钢硕士，高级工程师.主要研究方向为交通信息化. 3274694602@qq.com 卢妍辉高级工程师.主要研究方向为交通工程(机电工程). 85586366@qq.com 邵征达硕士，高级工程师.主要研究方向为智能交通. 491325295@qq.com 郭睿玲硕士研究生.主要研究方向为数据安全和内容安全. guoruiling@stu.scu.edu.cn 胡勇博士，教授.主要研究方向为代码安全、数据安全和内容安全. huyong@scu.edu.cn

Abstract

Abstract: The transportation information system is not only a critical component of the national key information infrastructure, but also an important industry of the 2+8+N system, in which is crucial to the nation’s economy and people’s livelihood. With the continuous advancement of smart transportation construction, the volume of traffic data is growing rapidly. The position of data as a production factor highlights its importance and value, and also induces higher demands for data security. The transportation industry pays close attention to data security, and based on national policies, laws, regulations, and standards, the competent transportation authorities have issued a series of industry standards and regulations to guide the security of transportation data. However, the transportation industry covers a wide range of business areas, and its data has characteristics such as multisource, heterogeneity, partiality, spatiotemporal correlation, asynchronicity, information sparsity, and concurrency. Moreover, the data has a high degree of mobility, and the operational conditions and flow are complex, making data surveillance a large range and great difficulty, which brings a series of challenges to the protection of data security. Based on existing laws, regulations, and standards, and deeply integrating the characteristics of transportation industry data, this research on the data security risk assessment system provides a reference for the construction of transportation data security protection.

Key words: smart transportation, data security, data asset identification, data classification and grading, risk assessment, risk level

摘要： 交通运输既是国家关键信息基础设施，也是信创2+8+N体系的重要行业，对于国计民生至关重要.随着智慧交通建设工作持续推进，各类交通运输数据飞速增长，加之数据要素的提出，凸显数据的重要性和价值，也对数据安全提出更高的要求.交通运输行业对数据安全工作高度关注，基于国家相关政策和法律法规、标准规范，交通运输主管部门出台了一系列的行业标准、规章，为交通运输数据安全提供指引.但是交通运输行业业务涉及范围广，其数据具有多源、异质、局部性、时空关联、异步性、信息稀疏性和并发性等特点，同时，数据流动性极大，运行情况与流向复杂，监管范围与难度很大，给数据安全保护工作带来一系列挑战.以现有的法律法规和标准规范为基础，深度结合交通运输行业数据特点，对其数据安全风险评估体系进行研究，为交通运输数据安全保护建设工作提供参考.

关键词: 智慧交通, 数据安全, 数据资产识别, 数据分类分级, 风险评估, 风险等级

CLC Number:

TP309.2

杨洪路, 陈志钢, 卢妍辉, 邵征达, 郭睿玲, 胡勇, . 交通运输行业数据安全风险评估体系研究[J]. 信息安全研究, 2025, 11(11): 1064-.

References

［1］蒋梦雪. 交通运输行业数据泄露现状［NOL］. 中国交通报, 20180416 ［20240725］. https:www.szw.org.cn201804163407.html［2］秦安战略. 盘点: 2020年轨道交通典型网络攻击事件［EBOL］. (20201221) ［20240725］. https:new.qq.comraina20201221A05VWX00［3］国务院规划司. “十四五”现代综合交通运输体系发展规划［EBOL］. (20220228) ［20240725］. https:www.ndrc.gov.cnfzggwjgsjghssjdt202202t20220228_1317663.html［4］全国信息安全标准化技术委员会. 信息安全技术数据安全风险评估方法(征求意见稿)［EBOL］. (20230821) ［20240725］. https:www.tc260.org.cnfrontbzzqyjDetail.html?id=20230822155039&norm_id=20221102153104&recode_id=52641［5］全国网络安全标准化技术委员会. GBT 43697—2024 数据安全技术数据分类分级规则［S］. 北京: 中国标准出版社, 2024［6］中国信息产业商会. 数字技术数据交通数据要素规范［S］. 北京: 中国信息产业商会, 2022［7］交通运输部办公厅. 交通运输政务信息资源目录编制指南(试行)［EBOL］. (20170825) ［20240725］. https:xxgk.mot.gov.cn2020jigoukjs202006t20200623_3317080.html［8］交通运输信息通信及导航标准化技术委员会. JTT 747.4—2020 交通运输信息资源目录体系第4部分: 公路水路信息资源分类［S］. 北京: 交通运输出版社, 2020［9］熊刚, 董西松, 朱凤华, 等. 城市交通大数据技术及智能应用系统［J］. 大数据, 2015, 4(2): 116［10］白紫秀, 王涛, 郭明多, 等. 交通运输政务数据分类分级方法研究［J］. 信息安全研究, 2023, 9(8): 808813［11］安华金和. 数据库安全关键技术之敏感数据梳理技术［EBOL］. ［20240725］. https:www.dbsec.cn［12］王峰. 基于数据安全的风险评估［EBOL］. 202003 ［20240725］. https:cloud.tencent.comdeveloperarticle1597435［13］腾讯云数据安全中心. DSGC功能总览［EBOL］. ［20240725］. https:www.yun88.comproduct6428.html［14］交通运输部科学研究院. JTT 1522—2021 交通运输数据安全分级和管控要求［S］. 北京: 人民交通出版社, 2024［15］黄式敏, 马勇, 杨忠鹏, 等. 民航数据安全风险评估体系探讨［J］. 信息安全与通信保密, 2023 (10): 7585［16］王继晔. 基于深度学习的交通运输行业数据自动分级方法研究［J］. 应用科技, 2024, 51(2): 145150［17］全国网络安全标准化技术委员会. GBT 20984—2022 信息安全技术信息安全风险评估方法［S］. 北京: 中国标准出版社, 2022［18］中国通信标准化协会. YDT 3801—2020 电信网和互联网数据安全风险评估实施方法［S］. 北京: 中国标准出版社, 2020

[1]	. Design of a Large Model Data Supervision System Based on Blockchain [J]. Journal of Information Security Reserach, 2025, 11(8): 682-.
[2]	. Application Research of Differential Privacy Shuffle Model in Range Query [J]. Journal of Information Security Reserach, 2025, 11(8): 736-.
[3]	. Industrial Internet Data Sharing Scheme with Attributebased #br# Proxy Reencryption in Cloudchain Collaboration#br# [J]. Journal of Information Security Reserach, 2025, 11(5): 427-.
[4]	. Highutility Time Series Data Generation Method Combining Sequence #br# Correlation Graph and GAN#br# [J]. Journal of Information Security Reserach, 2025, 11(4): 351-.
[5]	. A Federated Learning Method Resistant to Label Flip Attack [J]. Journal of Information Security Reserach, 2025, 11(3): 205-.
[6]	. Overview of Regulation of Crossborder Data Flow [J]. Journal of Information Security Reserach, 2025, 11(2): 164-.
[7]	. Research and Application of Trusted Data Security Management #br# Technology Based on Chameleon Hash#br# [J]. Journal of Information Security Reserach, 2025, 11(2): 189-.
[8]	. Analysis and Security System Design for the Open Sharing Mode of Public Data [J]. Journal of Information Security Reserach, 2024, 10(9): 870-.
[9]	. Design and Implementation of Quantum Software Cryptography Module [J]. Journal of Information Security Reserach, 2024, 10(8): 760-.
[10]	. Baseline Evaluation of Financial Data Security Based on Combined WeightingTOPSIS Method [J]. Journal of Information Security Reserach, 2024, 10(7): 634-.
[11]	. Design of Diversity Data Security Compliance Detection System [J]. Journal of Information Security Reserach, 2024, 10(7): 658-.
[12]	. Research on Science and Technology Management Information Security Guarantee System [J]. Journal of Information Security Reserach, 2024, 10(7): 675-.
[13]	. Analysis of Special Protection Mechanisms in the USEU Crossborder Data Transfer Agreement#br# [J]. Journal of Information Security Reserach, 2024, 10(5): 462-.
[14]	. Information Security Risk Assessment Based on TOPSIS and GRA [J]. Journal of Information Security Reserach, 2024, 10(5): 474-.
[15]	. Research on Data Reuse Model of Classified Protection of Cybersecurity Based on Data Mining [J]. Journal of Information Security Reserach, 2024, 10(4): 353-.