随着计算机和网络的发展，信息安全越来越受到关注，越来越多的城市在城市轨道交通信号工程招标文件中对列车自动控制（ATC）系统提出了需满足信息安全等级三级的要求。以目前城市轨道交通ATC系统中主流的CBTC系统为研究对象，按照信息安全标准分析物理安全、网络安全、主机安全、应用安全及数据安全等方面的要求。根据分析结果，对系统中较薄弱的网络安全、主机安全等环节通过增加安全审计、边界防护、入侵防护的方式进行改进。

With the development of computer and Internet technology, information security has attracted more and more attention, so has the ATC (automatic train control) system of urban rail transit. More and more cities have specified in their invitation of tender that signaling system shall meet Level-3 requirements for information security. The paper analyzes the physical security, network security, host security, application security and data security according to the criteria for evaluation of information security, taking CBTC (communications-based train control) system, which is currently used in most urban rail transit projects, as the subject. The analysis results indicate that the vulnerable network security and host security could be improved by strengthening security audit, border protection and intrusion prevention. These findings may be used as references for the information security for ATC system.

U231