Abstract:

[Objective] To address issues such as data fragmentation, isolated defenses, and lagging responses in the cybersecurity of meteorological departments, this paper proposes the design and implementation of a collaborative national-provincial meteorological security operations platform. [Methods] The platform enables the aggregation and governance of multi-source security monitoring data and asset information, supports centralized correlation analysis of heterogeneous alerts, and facilitates event investigation and traceability. By utilizing automated orchestration and intelligent risk-aware decision-making technologies, it integrates various notification and response components to enable rapid and automated handling of security risks. Through the cascading architecture of national and provincial platforms, the system achieves real-time sharing of security alerts, asset data, and other critical information across provinces, as well as timely distribution of intelligence, early warnings, and incident notifications, thereby supporting collaborative security operations within the meteorological sector. [Results] The practical application tests show that the automatic interception rate of attack IPs reached 99.3%, with the response time reduced to minutes. [Conclusions] The meteorological cybersecurity operations platform integrates security data and capabilities, significantly improving the efficiency of handling security risks and effectively ensuring the safe and stable operation of meteorological services.

Key words: cybersecurity, security operations, risk detection, automated response