基于城轨行业网络安全建设现状和国内外网络安全行业新技术应用调研，分析城轨云的网络安全风险，从城轨协会各项技术规范和“平台统保、系统自保、边界防护、等保达标、安全确保”20字方针出发，研究城轨云内云外融合网络安全纵深防御体系建设方法，提出安全能力分步建设步骤和区分网域差异化安全能力构建理念，并探讨城轨云安全运维中心安全运营成熟度模型和各阶段目标，为后续城轨行业云平台安全规划建设提供指导。通过对软件定义安全、零信任、云工作负载、安全运维中心等创新技术进行对比分析，测试验证了相关技术在城轨云的创新应用场景，分析了创新技术所带来的经济效益和技术效益。研究成果对于深化我国城轨云网络安全纵深防御体系具有很好的参考意义。

Based on the current situation of network security construction in the urban rail industry and the research on the application of new technologies in the network security industry at home and abroad, the network security risks of the urban rail cloud are analyzed. Starting from the 20-character policy of guaranteeing compliance and ensuring safety, we will study the construction method of the urban rail cloud integrated network security in-depth defense system, put forward the step-by-step construction steps of security capabilities and the concept of differentiated security capability construction in different network domains, and discuss the urban rail cloud. The security operation maturity model of the security operation and maintenance center and the goals of each stage provide guidance for the subsequent security planning and construction of the cloud platform in the urban rail industry. Through the comparative analysis of innovative technologies such as software-defined security, zero trust, cloud workload, and security operation and maintenance center, the test verifies the innovative application scenarios of related technologies in the urban rail cloud, and analyzes the economic benefits and technologies brought by the innovative technologies. benefit. The research results have good reference significance for deepening the defense-in-depth system of urban rail cloud network security in my country.