Cybersecurity Situational Awareness System Applicable for Urban Rail Transit CBTC System

Objective Urban rail transit CBTC (communication-based train control) systems face complex and diverse cybersecurity challenges. Existing cybersecurity tools feature high false alarm rates and poor adaptation to CBTC systems, lacking in-depth analysis of business data and integration across multiple systems, thus uncapable to proactively detect cybersecurity threats. To enhance the cybersecurity operations of CBTC systems and ensure the continuity of CBTC system business operations, it is necessary to develop a cybersecurity situational awareness system applicable for urban rail transit CBTC systems. Method Based on general technical requirements outlined in relevant standards, a cybersecurity situational awareness system architecture tailored to urban rail transit CBTC systems is proposed. The data content from front-end data sources and the specific functions of core components in the system architecture is expounded. Key technologies, including log normalization techniques, security threat analysis methods, and situational visualization techniques for CBTC systems are introduced. Result & Conclusion The cybersecurity situational awareness system architecture applicable for urban rail transit CBTC system is highly compatible with CBTC system architecture, and its functions are deeply integrated with CBTC operational scenarios. The implementation of this system enables efficient business coordination, reduces the false alarm rates of existing cybersecurity equipment, enhances the cybersecurity levels of CBTC systems, effectively ensuring the continuity of CBTC system business operations.