数据与计算发展前沿 ›› 2025, Vol. 7 ›› Issue (4): 208-218.

CSTR: 32002.14.jfdc.CN10-1649/TP.2025.04.017

doi: 10.11871/jfdc.issn.2096-742X.2025.04.017

• 技术与应用 • 上一篇    

气象网络安全运营平台设计与实践

田征(),邓鑫,酆薇*(),赵立成,陈欣,钟磊,潘雨婷   

  1. 国家气象信息中心北京 100081
  • 收稿日期:2025-05-29 出版日期:2025-08-20 发布日期:2025-08-21
  • 通讯作者: 酆薇
  • 作者简介:田征,国家气象信息中心,高级工程师,长期从事气象网络与信息安全工作,主要研究方向为网络安全、安全运营等。
    本文中负责论文初稿撰写。
    TIAN Zheng is a senior engineer of the National Meteorological Information Centre. She has long been engaged in the meteorological network and information security. Her research interests include cybersecurity and security operations.
    In this paper, she is responsible for drafting the paper.
    E-mail: tianzh0203@163.com|酆薇,国家气象信息中心信息安全室,主任,高级工程师,长期从事气象网络与信息安全工作,主要研究方向为网络安全、数据安全、安全运营等。
    本文中负责制定论文框架,撰写“1.1架构设计”,论文修改、审定。
    FENG Wei, is a senior engineer and the director of the Information Security Office, National Meteorological Information Center. She has long been engaged in the meteorological network and information security. Her research interests include cybersecurity, data security, and security operations.
    In this paper, she is responsible for drawing up the paper framework, writing“1.1 Architecture Design”, and paper revision and approval.
    E-mail: fengw2012@sohu.com
  • 基金资助:
    气象信息化系统工程(发改农经[2019]1987号);海洋气象综合保障二期工程(发改农经[2022]226号);中国气象局创新发展专项(CXFZ2025J080);中国气象局青年创新团队项目(CMA2024QN07);国家气象信息中心青年创新团队项目(NMIC-2024-QN05)

Design and Practice of Meteorological Cybersecurity Operations Platform

TIAN Zheng(),DENG Xin,FENG Wei*(),ZHAO Licheng,CHEN Xin,ZHONG Lei,PAN Yuting   

  1. National Meteorological Information Centre, Beijing 100081, China
  • Received:2025-05-29 Online:2025-08-20 Published:2025-08-21
  • Contact: FENG Wei

RichHTML

2

PDF

4

摘要:

【目的】针对气象部门网络安全中的数据碎片化、防御孤岛化和响应滞后等问题,本文提出了一个国省协同的气象网络安全运营平台设计与建设方案。【方法】该平台通过汇聚并治理多源安全监测数据和资产信息,进行集中式的多源告警关联分析和事件研判溯源。利用自动化编排和风险智能决策技术,联动各类通知和处置设施,支撑安全风险的快速自动处理。通过国省两级平台的级联,实现了各省安全告警、资产信息等数据的实时共享,以及情报、预警、通报信息的及时传递,从而支持气象部门开展协同化的安全运营工作。【结果】经过实际应用测试,攻击IP自动拦截率达到了99.3%,处置时间缩短至分钟级别。【结论】气象网络安全运营平台整合了安全数据和安全能力,提高了安全风险的处理效率,有效保障了气象业务的安全稳定运行。

关键词: 网络安全, 安全运营, 风险检测, 自动化处置

Abstract:

[Objective] To address issues such as data fragmentation, isolated defenses, and lagging responses in the cybersecurity of meteorological departments, this paper proposes the design and implementation of a collaborative national-provincial meteorological security operations platform. [Methods] The platform enables the aggregation and governance of multi-source security monitoring data and asset information, supports centralized correlation analysis of heterogeneous alerts, and facilitates event investigation and traceability. By utilizing automated orchestration and intelligent risk-aware decision-making technologies, it integrates various notification and response components to enable rapid and automated handling of security risks. Through the cascading architecture of national and provincial platforms, the system achieves real-time sharing of security alerts, asset data, and other critical information across provinces, as well as timely distribution of intelligence, early warnings, and incident notifications, thereby supporting collaborative security operations within the meteorological sector. [Results] The practical application tests show that the automatic interception rate of attack IPs reached 99.3%, with the response time reduced to minutes. [Conclusions] The meteorological cybersecurity operations platform integrates security data and capabilities, significantly improving the efficiency of handling security risks and effectively ensuring the safe and stable operation of meteorological services.

Key words: cybersecurity, security operations, risk detection, automated response