电网技术
電網技術
전망기술
POWER SYSTEM TECHNOLOGY
2013年
11期
3227-3232
,共6页
邹春明%郑志千%刘智勇%陈良汉%陈敏超
鄒春明%鄭誌韆%劉智勇%陳良漢%陳敏超
추춘명%정지천%류지용%진량한%진민초
电力二次系统%工业控制系统%协议分析%安全分区%安全管道
電力二次繫統%工業控製繫統%協議分析%安全分區%安全管道
전력이차계통%공업공제계통%협의분석%안전분구%안전관도
electrical secondary system%industrial control systems%protocol analysis%security zone%security conduit
我国电力二次系统安全防护技术已广泛应用并取得了良好的安全防护效果,通用工业控制系统与电力二次系统既有相似性,又存在行业不同的需求差异。文章根据电力二次安全防护技术成果,通过加强工控网络边界的防护强度、对工控通信协议进行深度分析、挖掘工控协议攻击特征模型、建立统一安全管理平台等技术手段,构筑具备纵深防御能力的通用工控信息安全防护系统。通过模拟工控环境和网络攻击等方法对关键部件工控防火墙进行了研究测试,结果表明在保证工控系统授权通信正常运行的前提下,成功拦截了非授权控制命令,具备深度保护工控系统信息安全的能力。因此,该系统可增强工控系统抵御黑客病毒攻击的安全防护能力,并降低由信息安全攻击带来工业设备故障损坏的风险。
我國電力二次繫統安全防護技術已廣汎應用併取得瞭良好的安全防護效果,通用工業控製繫統與電力二次繫統既有相似性,又存在行業不同的需求差異。文章根據電力二次安全防護技術成果,通過加彊工控網絡邊界的防護彊度、對工控通信協議進行深度分析、挖掘工控協議攻擊特徵模型、建立統一安全管理平檯等技術手段,構築具備縱深防禦能力的通用工控信息安全防護繫統。通過模擬工控環境和網絡攻擊等方法對關鍵部件工控防火牆進行瞭研究測試,結果錶明在保證工控繫統授權通信正常運行的前提下,成功攔截瞭非授權控製命令,具備深度保護工控繫統信息安全的能力。因此,該繫統可增彊工控繫統牴禦黑客病毒攻擊的安全防護能力,併降低由信息安全攻擊帶來工業設備故障損壞的風險。
아국전력이차계통안전방호기술이엄범응용병취득료량호적안전방호효과,통용공업공제계통여전력이차계통기유상사성,우존재행업불동적수구차이。문장근거전력이차안전방호기술성과,통과가강공공망락변계적방호강도、대공공통신협의진행심도분석、알굴공공협의공격특정모형、건립통일안전관리평태등기술수단,구축구비종심방어능력적통용공공신식안전방호계통。통과모의공공배경화망락공격등방법대관건부건공공방화장진행료연구측시,결과표명재보증공공계통수권통신정상운행적전제하,성공란절료비수권공제명령,구비심도보호공공계통신식안전적능력。인차,해계통가증강공공계통저어흑객병독공격적안전방호능력,병강저유신식안전공격대래공업설비고장손배적풍험。
Cyber security scheme is used for the secondary electrical systems of power grids in China widely and successfully and favorable security protection effects have been achieved. There is not only the similarity between general industrial control system and the secondary electrical systems in power grids and but also the difference in demand due to the differences among industrial sectors. Based on the achievements in security protection technologies for the secondary electrical systems and by means of such technological means as enhancing the protection for the border of industrial control network, analyzing communication protocols for industrial control in depth, mining attack signature models of industrial control protocol and establishing a unified security management platform and so on, a general security protection system for industrial control information, which possesses the ability of defense in depth, is constructed. Through simulating both industrial control environment and network attack, the industrial control firewall for key components is researched and tested, and the results show that under the premise of ensuring normal operation of authorized communication of industrial control system the constructed general security protection system can intercept the unauthorized control commands, so it possesses the ability of information security of industrial control systems in depth. Thus, using the constructed general security protection system the cyber security ability of industrial control system to resist the attacks from hack virus can be enhanced, and the risk in industrial equipment failure and damage due to information security attack can be reduced.
