Ministry of Industry and Information Technology: Guidelines for the Construction of Network Security and Data Security Standard System for Internet of Vehicles released

2025年6月30日 | admin | D4

Yichexun Recently, the Ministry of Industry and Information Technology issued the "Guidelines for the Construction of Network Security and Data Security Standard System for the Internet of Vehicles", aiming to initially build a network security and data security standard system for the Internet of Vehicles by the end of 2023. Focus on basic commonness, terminal and facility network security, network communication security, data security, application service security, security guarantee and support, and complete the development of more than 50 urgently needed standards. By 2025, a relatively complete network security and data security standard system for the Internet of Vehicles will be formed. Complete the development of more than 100 standards, improve the coverage of standards in sub-sectors, strengthen the service capacity of standards, improve the application level of standards, and support the safe and healthy development of the car networking industry.

The framework of standard system includes six parts: general and basic commonness, terminal and facility network security, network communication security, data security, application service security, security guarantee and support. In key areas and directions, the following contents are put forward:

1, the overall and basic common standards

The general and basic common standards are the general, universal and guiding standards for network security and data security of vehicle networking, including terms and definitions, general architecture and password application.

Terminology and definition standards mainly regulate the main concepts of vehicle networking network security and data security, and provide basis for terminology and definitions in related standards.

The overall architecture standard mainly regulates the overall architecture requirements of vehicle networking network security, clarifies and defines the protection objects, protection methods and protection mechanisms, and guides enterprises to systematically carry out network security protection.

The password application standard mainly regulates the general requirements of password application in vehicle networking, and defines the requirements of digital certificate format, digital certificate application and device password application.

2. Network security standards for terminals and facilities.

It mainly regulates the network security requirements of vehicle networking terminals and infrastructure, including four types of standards: vehicle equipment network security, vehicle end network security, roadside communication equipment network security, network facilities and system security.

The network security standards for on-board equipment mainly regulate the security protection and detection requirements of key intelligent equipment and components of intelligent networked vehicles, including the security standards for automobile gateways, electronic control units, automotive security chips, and on-board computing platforms.

Vehicle-side network security standards mainly regulate the safety protection and detection requirements of vehicle electronic and electrical architecture, bus architecture, system architecture and so on.

The network security standard of roadside communication equipment mainly regulates the security protection and detection requirements of networked roadside equipment. The safety standards of network facilities and systems mainly regulate the safety protection and detection requirements of network facilities and systems of vehicle networking.

3, network communication safety standards

Network communication security standards mainly regulate the related security requirements such as network security and identity authentication of vehicle networking communication, including two types of standards such as communication security and identity authentication. The letter safety standard mainly regulates the cellular car networking (C-V2X), and the safety protection and detection requirements of cellular mobile communication (4G/5G), satellite communication, radio frequency identification, in-vehicle wireless local area network, Bluetooth low energy consumption (BLE) Zigbee, ultra-wideband (UWB) and so on. Identity authentication standards mainly regulate the technical requirements related to digital identity authentication of vehicle networking, such as certificate application interface, certificate management system, security authentication technology and test method, lightweight authentication of key components, etc.

4. Data security standards

Data security standards mainly regulate data security and personal information protection requirements such as intelligent networked cars, car networking platforms and in-vehicle application services, including five types of standards: general requirements, classification and grading, exit security, personal information protection and application data security. The general requirements standards mainly regulate the types, scope, quality and granularity of data that can be collected and processed by the Internet of Vehicles, including standards such as data minimum collection, data safe storage, data encrypted transmission and data safe sharing. Classification and grading standards mainly regulate the classification and grading protection requirements of vehicle networking data, formulate standards such as dimensions, methods and examples of data classification and grading, and clarify important data types and safety protection requirements. Data exit safety standards mainly regulate the vehicle networking industry to implement data exit safety requirements according to laws and regulations, including standards such as key points and methods of data exit safety assessment. The personal information protection standard mainly regulates the personal information protection mechanism and related technical requirements of users in the Internet of Vehicles, and defines the scenarios, rules and technical methods for protecting users’ sensitive data and personal information, including anonymization, de-identification, data desensitization, abnormal behavior identification and other standards. The application of data security standards mainly regulates the activities of data collection, processing and use carried out by related applications of vehicle networking, including data security standards such as vehicle networking platform, network car, and vehicle applications.

5, the application of service safety standards

Application service security standards mainly regulate the security requirements of vehicle networking service platforms and applications, as well as the security requirements in typical business application service scenarios, including platform security, application security and service security. Platform safety standards mainly regulate the safety protection and detection requirements of vehicle networking information service platform, remote upgrade (OTA) service platform, edge computing platform and remote information service and management of electric vehicles. Application safety standards mainly regulate the safety protection and detection requirements of vehicle networking applications. Service safety standards mainly regulate the safety requirements in typical service scenarios of vehicle networking, including remote diagnosis of vehicles, advanced assisted driving, vehicle-road coordination and other service safety requirements.

6, security and support standards

Safety guarantee and support standards mainly regulate the safety requirements related to safety management and support of vehicle networking network, including risk assessment, safety monitoring and emergency management and safety capability assessment. The risk assessment standard mainly regulates the requirements of safety risk classification and safety grade division of vehicle networking network, clarifies the safety risk assessment process and method, and puts forward the relevant requirements such as vehicle networking service platform and vehicle network safety risk assessment specification. Safety monitoring and emergency management standards mainly regulate the related requirements of vehicle networking network safety monitoring, data safety monitoring, emergency management, classification and classification of network security vulnerabilities, traceability of security incidents, and other related specifications, such as safety management interface, real-name registration of vehicle networking cards, and HI interface of vehicle networking business submission gateway. The safety capability evaluation standard mainly regulates the deployment and implementation of safety protection measures such as vehicle networking service platform operating enterprises, intelligent networked automobile manufacturing enterprises and basic telecommunications enterprises, and puts forward the network security maturity model, data security maturity model, safety capability maturity evaluation criteria, evaluation implementation methods, institutional capability identification, road vehicle information security engineering and other related requirements.