On August 25th, the Shanghai Municipal Planning and Natural Resources Bureau issued the "Shanghai Intelligent Connected Vehicle Surveying and Mapping Geographic Information Security Management Guidelines (Trial)".
Attached
Shanghai Intelligent Connected Vehicle Surveying and Mapping Geographic Information Security
Management Guidelines (Trial)
The new format and application of intelligent connected vehicles involve multiple entities such as "vehicles, roads, clouds, networks, and maps", and the requirements for surveying and mapping geographic information security run through the entire process. To further encourage and support the application of surveying and mapping geographic information security, focusing on the compliance of intelligent connected vehicle surveying activities and the demand for geographic information security applications, combined with the work experience of pilot cities, a compliance path for surveying and mapping geographic information security is proposed, promoting the formation of a new pattern of secure development that involves multi-party collaboration, layer by layer compaction, joint construction of red lines, and joint promotion of development.
1、 Scope of application
This guideline applies to the surveying and mapping geographic information security work involved in the pilot application of high-precision maps for intelligent connected vehicles and the pilot application of "vehicle road cloud integration" in this city. Other intelligent connected vehicle related work in this city shall refer to and apply this Guideline.
The content not covered in this guideline shall be implemented in accordance with the current relevant policies, regulations, and standards of the country and this city.
2、 Main Responsibility
(1) Implement the main responsibility
In the multi-party collaboration of "vehicle, road, cloud, network, and map" in intelligent connected vehicles, units that have obtained the qualification for navigation electronic map production and surveying in accordance with the law (hereinafter referred to as map merchants) are the main implementers of surveying activities and are responsible for the security of surveying and mapping geographic information. In specific business, the funding party should obtain the qualification to produce navigation electronic maps or entrust map vendors to lead the process. The agreement should form a multi-party cooperation framework for "vehicle, road, cloud, network, and map" surveying and mapping geographic information, and carry out safe and compliant intelligent connected vehicle surveying activities and geographic information applications.
Image merchants should combine their own business characteristics in the field of intelligent connected vehicles, solidly carry out the construction of safety and compliance capabilities, actively undertake the coordination of surveying and mapping geographic information security through multi-party cooperation architecture, pay attention to possible security risks, and ensure the continuous improvement of risk prevention and control measures. As the main body of the multi-party cooperation architecture for surveying and mapping geographic information, map vendors should maintain necessary communication with the competent authorities and proactively inform them of the surveying and mapping activities involved in intelligent connected vehicles in a timely manner.
Car companies, service providers, and intelligent driving software providers who carry out intelligent connected vehicle surveying activities or utilize geographic information data results should establish and improve a comprehensive security management system for geographic information data throughout the entire process. They should actively cooperate with map vendors in terms of vehicle, cloud, network, and application aspects, and promote the sustainable and healthy development of the autonomous driving industry on the basis of ensuring the security of surveying and mapping geographic information.
(2) Supervisory subject responsibility
The municipal planning and resources department is responsible for the supervision of geographic information security in intelligent connected vehicle surveying and mapping, focusing on improving the risk prevention and control system of geographic information security in intelligent connected vehicle surveying and mapping, establishing and improving management systems such as classification and grading, security risk assessment, and geographic information security risk monitoring and early warning mechanisms. Carry out geographic information security risk monitoring and full cycle tracking, and investigate and deal with relevant cases in accordance with the law.
The municipal planning and resource department, as well as the local government of the pilot testing area and other departments, support enterprises in exploring safety and compliance technology routes such as intelligent connected vehicle geographic information data collection, real-time updates, online distribution, and secure transmission, while ensuring safety and compliance. They accelerate the development of standard specifications and promote the establishment of a standard system, organize and carry out geographic information services and testing required for high-level autonomous driving, and promote the development and promotion of new geographic information formats and applications.
3、 Guarantee system
(1) Implement subject capacity building
In the multi-party cooperation framework, each enterprise should adapt to its own business scenario and enhance its ability to ensure the security of surveying and mapping geographic information in the following four aspects. Image vendors should take the lead in providing solutions and assist other relevant enterprises in establishing comprehensive security measures for surveying and mapping geographic information in the multi-party cooperation framework.
1. Organizational building capacity
Establish a suitable organizational structure, clarify personnel composition and division of responsibilities, set up key positions for cooperation and coordination, ensure that decision-making, management, and execution levels all pay attention to and implement surveying and mapping compliance, and ensure the security of surveying and mapping geographic information.
2. Institutional building capacity
Establish and improve the security mechanism of surveying and mapping geographic information in the enterprise management system, implement security requirements at different levels through institutional documents, from top to bottom, from summary to specific, and implement security requirements at different levels. The enterprise management system should implement geographic information security requirements throughout the entire data lifecycle.
3. Technical application capability
Build a risk prevention and control technology system by integrating identity authentication, access control, security auditing, data encryption transmission, decryption and desensitization algorithms, data security publishing, and other technologies. Map vendors should strengthen research and innovation, actively provide surveying and mapping geographic information security technology tools, and apply them in multi-party cooperation frameworks.
4. Personnel business capability
Continuously improving personnel's business capabilities, while ensuring the security of surveying and mapping geographic information, continuously enhancing the quality of data services. Map vendors should focus on the cooperation of "vehicles, roads, clouds, networks, and maps" to cultivate comprehensive technical talents in surveying and mapping geographic information security.
(2) Construction of supervisory subject mechanism
The municipal planning and resources department, together with relevant competent departments such as cyberspace, economy and information technology, transportation, and public security, will establish and improve a coordinated supervision system for intelligent connected vehicle surveying and mapping geographic information "before, during, and after the event", and carry out full chain supervision and management of pre notification, risk prevention and control during the event, and post event supervision and inspection.
1. Prior notice
Before conducting intelligent connected vehicle surveying and mapping activities in this city, map vendors should inform the city's planning and resource department of their business form, technical conditions, collection targets, data scale, triggering strategies, route planning, data applications, and other relevant information.
2. Risk prevention and control during the event
Image vendors should establish an enterprise level surveying and mapping geographic information security risk prevention and control system in the vehicle and cloud, and carry out risk warning monitoring and full cycle data tracking through methods such as geofencing, data auditing, and situational awareness, leaving data review and reporting interfaces for regulatory authorities.
The municipal planning and resources department takes the lead in establishing a sound review mechanism, building automated, online, and embedded review platforms and tools, and exploring the security assessment of dataset content. Each supervisory department can carry out in-process supervision through the "Vehicle Road Cloud Integration" cloud control platform and high-precision map platform. Those who violate regulations shall be investigated and dealt with in accordance with the law, and emergency plans shall be activated in case of safety accidents.
3. Post supervision and inspection
The municipal planning and resources department, in conjunction with relevant supervisory departments, regularly conducts "double random, one public" supervision and inspection of intelligent connected vehicle surveying and mapping activities. Referring to relevant technical specifications, combined with the maturity of surveying and mapping geographic information security capabilities in the risk assessment multi-party cooperation framework, the inspection results disclosure mechanism is improved, and enterprise credit linkage is established.
(3) Application of Security Prevention and Control Technology
The application scenarios of intelligent connected vehicles involve the full process closed-loop of intelligent connected vehicle data. In the multi-party cooperation architecture, each enterprise should combine the security requirements of surveying and mapping geographic information and use advanced security prevention and control technologies to provide necessary guarantees.
1. Overall strategy
(1) Instant secure processing of data sources
Intelligent connected vehicle surveying activities are accompanied by vehicle driving behavior, with high difficulty in data management and potential risks to surveying geographic information security. Necessary and timely security measures must be taken for the data source to ensure the security of subsequent data.
(2) Minimum necessary for data collection
The collection, collection, storage, and transmission of data shall comply with necessity limitations, and the necessary data for autonomous driving research and development functions, optimization performance, and map updates shall be collected and processed to ensure the minimization of the dataset.
(3) Geographic information decryption and desensitization
According to relevant national requirements, geographic information data should be declassified and anonymized at different processing stages to ensure the use of non sensitive and classified data during the application phase.
(4) Data classification and grading management
Carry out classification and grading management of geographic information data for intelligent connected vehicles in accordance with relevant requirements such as the "Management Measures for Data Security in the Field of Natural Resources".
(5) Controllable guarantee of data security
Take data security and network security measures to prevent data from being tampered with, destroyed, leaked, illegally obtained, or exploited in various aspects such as the vehicle, network, and cloud. Take measures such as access control, data leakage prevention, operational auditing, and critical node monitoring to ensure data security, compliance, controllability, auditability, and traceability throughout the entire lifecycle.
(6) Immediate emergency response to accidents
When the facilities or processes of "vehicles, roads, clouds, networks, and maps" are maliciously invaded and illegally controlled, resulting in data tampering, leakage, and threats to the security of surveying and mapping geographic information, the alarm program is immediately activated and reported to the competent department, the risks are disclosed, and measures are taken to make up for them in a timely manner.
2. Data lifecycle security
(1) Collecting
The collection and transmission of geographic information data for intelligent connected vehicles should follow the trigger based principle, and be executed only in specific strategies such as traffic safety incidents, autonomous driving takeover incidents, and changes in map elements within the geographical fence range, to ensure the necessity and minimization of data collection. The data results come from multiple sensors and should be decoupled and visualized, and can be reviewed if necessary.
The storage, transmission, and processing of geographic information data on the vehicle side should be set with parameters and executed in accordance with relevant technical standards. Before the geographic information data is sent out of the vehicle, it should be securely processed according to the nationally recognized geographic information confidentiality processing technology, and encrypted with commercial passwords for transmission outside the vehicle.
(2) Transmission
The geographic information data of intelligent connected vehicles should establish a secure transmission link based on national security algorithms and be directly transmitted to the data center or cloud server managed by the image supplier. The transmission link should be verifiable. A location determination service should be set up, and only data covering non classified and sensitive areas can be transmitted back.
When transmitting to roadside equipment, necessary transmission should be carried out according to the minimum dataset, minimum spatial range, and shortest duration.
(3) Storage
Data centers or cloud servers must meet the requirements of at least the third level of network security protection and obtain corresponding certifications. The business system used for storing and processing geographic information data needs to undergo a commercial password application security assessment to ensure the secure processing of data. When conducting cross cloud and multi cloud interoperability, firewall configuration should follow the principle of minimum necessity, only opening necessary IP/domain names and ports to reduce potential security risks.
Data centers or cloud servers are divided into secure proprietary cloud areas used by image vendors and compliant cloud areas used by application providers such as automotive companies.
Secure proprietary cloud is a data center or cloud server fully controlled by image vendors, and is the first point of data transmission for intelligent connected vehicle surveying and mapping activities. Image vendors should bear full management and operational responsibility for secure proprietary clouds, with full control over the construction process, cloud resource allocation, and various gateway situations, and have complete and independent control to ensure the ability to resist malicious attacks and early warning and handling of data incidents. The image merchant reviews, verifies, cleans, and filters the data in this area to ensure compliance and security before one-way transmission to the compliant cloud area. Secure proprietary clouds generally do not store, aggregate, or apply large amounts of data.
Compliance cloud is a compliance space for the application of data results, supervised by image vendors. Map vendors should establish a comprehensive monitoring and auditing system to grasp the flow of data in and out of the area, the allocation of computing power resources, data access permissions, data application business, and other data injections. They should pay attention to the security risks of surveying and mapping geographic information in various applications and prevent overseas access and transmission. In the compliance cloud, geographic information data that has been securely processed can be stored, aggregated, and applied, and should not be transmitted externally in principle. If data needs to be migrated to the cloud, the principle should be to ensure that the data is always secure, and handover, storage, and application should be carried out under the security management environment provided by image vendors.
(4) Processing and Application
The data results of intelligent connected vehicle surveying activities generally include location, point cloud, image, inertial navigation, composition, etc. Formally integrated with other data, security processing should be carried out according to the principle of "strictness based on height".
Image vendors perform secure processing on datasets (data streams) within a secure proprietary cloud, including but not limited to key content obfuscation, data slicing, data extraction, etc. Image vendors should improve processing efficiency and shorten the storage period of data in secure proprietary clouds while ensuring the quality of secure processing.
Other data application providers such as image merchants and car companies carry out various applications in the compliance cloud area. The application of data results mainly includes navigation electronic maps, data annotation, artificial intelligence algorithm training, twin simulation, simulation testing, etc. When creating and updating navigation electronic maps, the composition should be based on securely processed data to ensure the expression of geographic information that meets regulatory requirements. When applying data annotation, images, point clouds, and other data should be sliced, extracted, and published online. The annotation team should not directly access the entire dataset. When training autonomous driving models, algorithm training should not be conducted for sensitive target recognition involving classified information. When testing applications for digital twins, a scenario library should be established based on securely processed data.
(5) Publish
At present, geographic information data should be released to the vehicle end in the form of navigation electronic maps. Map vendors should establish and improve their internal map security review system, and use technological tools to generate review reports. Before release, the map should be submitted for review, and only after obtaining the review number can it be released for use.
