CN110730194A - Information network protection system for gas power station of abandoned mine - Google Patents
Information network protection system for gas power station of abandoned mine Download PDFInfo
- Publication number
- CN110730194A CN110730194A CN201911189290.8A CN201911189290A CN110730194A CN 110730194 A CN110730194 A CN 110730194A CN 201911189290 A CN201911189290 A CN 201911189290A CN 110730194 A CN110730194 A CN 110730194A
- Authority
- CN
- China
- Prior art keywords
- network
- protection area
- equipment
- data
- control protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 claims abstract description 32
- 238000004519 manufacturing process Methods 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 23
- 238000012806 monitoring device Methods 0.000 claims abstract description 12
- 238000012544 monitoring process Methods 0.000 claims abstract description 12
- 230000002159 abnormal effect Effects 0.000 claims abstract description 7
- 239000002699 waste material Substances 0.000 claims abstract description 6
- 238000001914 filtration Methods 0.000 claims abstract description 4
- 241000700605 Viruses Species 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 3
- 230000009545 invasion Effects 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims 1
- 238000012423 maintenance Methods 0.000 abstract description 2
- 230000002457 bidirectional effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
An information network protection system for a waste mine gas power station comprises an equipment control protection area, an equipment non-control protection area, a corresponding transverse isolation device and an external data network; the equipment control protection area comprises an in-station layer data switch, a data processing server, a service data switch, a longitudinal encryption device and a network security monitoring device; the equipment non-control protection area comprises a data acquisition server, a service data exchanger and a longitudinal encryption device; the transverse isolation device is arranged between the control protection area and the equipment non-control protection area, and has the functions of illegal information isolation, abnormal code monitoring, filtering, access control and the like between the equipment control protection area and the equipment non-control protection area. The invention protects the information network in a subarea way according to different service characteristics, safety requirements, influence degrees, threats and risks, and realizes the centralized management, monitoring, operation and maintenance of the production network equipment of the gas power station.
Description
Technical Field
The invention relates to the field of abandoned mine gas treatment, in particular to an information network protection system for an abandoned mine gas power station.
Background
The existing information network system of the digital abandoned mine gas power station has the malicious damage and attack of hackers, viruses, malicious codes and the like to the information network system of the digital gas power station through various forms and other illegal operations, thereby leading the information network system of the abandoned mine gas power station to be paralyzed and out of control and influencing the normal and safe production of the abandoned mine gas power station.
Disclosure of Invention
The invention aims to provide an information network protection system for a waste mine gas power station, aiming at the problem of security loopholes of the existing information network system for the waste mine gas power station, and realizing an omnibearing protection strategy of carrying out partition protection, longitudinal encryption and transverse isolation on a device control area and a device non-control area so as to resist attack and damage of hackers, viruses, malicious codes and the like on a safety production system of the power station.
In order to achieve the purpose, the technical scheme of the invention is as follows: an information network protection system for a waste mine gas power station comprises an equipment control protection area, an equipment non-control protection area, a corresponding transverse isolation device and an external data network;
the equipment control protection area comprises an inner layer data switch, a data processing server, a service data switch, a longitudinal encryption device and a network safety monitoring device, wherein one end of the inner layer data switch is connected with a production equipment network, the other end of the inner layer data switch is connected with one end of the data processing server network, and the inner layer data switch is used for acquiring real-time operation information of the production equipment and transmitting the acquired real-time operation information of production to the data processing server for conversion, identification and processing and realizing unified information management; the other end of the data processing server is connected with one end of the service data exchanger through a network, the data processing server transmits the processed equipment operation information to the service data exchanger, transmits the equipment operation information to an external data network through the service data exchanger, and transmits the equipment operation information to an external platform through the external data network;
the longitudinal encryption device is arranged between the service data switch and the external data network through the network to form a linear topological structure, so that the safety and reliability of exchange and mutual access between the external network and the service data switch are ensured; the longitudinal encryption device has the functions of bidirectional identity authentication, encrypted data and password access so as to resist attack and damage of external network hackers, viruses, malicious codes and the like to power station production and a power grid system;
one end of the network safety monitoring device is connected with the in-station switch through a network, the other end of the network safety monitoring device is connected with the service switch through a network, and meanwhile, the network safety monitoring device and the data processing server form a parallel structure for acquiring, monitoring and managing uplink and downlink information of the data processing server in real time, so that the information in the data processing server is prevented from being abnormal due to illegal invasion and illegal operation of an internal network and an external network, and further production abnormity is caused.
The equipment control protection area is used for monitoring and controlling production equipment of the abandoned mine power station, so that the running states of the generator set, the gas extraction device, the auxiliary equipment, the power transformer, the switch cabinet and the power relay protection device can be monitored, and the real-time monitoring and control of the production state can be realized;
the equipment non-control protection area comprises a data acquisition server, a service data exchanger and a longitudinal encryption device; one end of the data acquisition server is connected with the metering equipment network, the other end of the data acquisition server is connected with the service data exchanger network, the data acquisition server is used for acquiring, summarizing and storing production metering data and then transmitting the production metering data to the service data exchanger, transmitting the metering and operating data to an external data network through the service data exchanger, and transmitting the equipment metering and operating data to an external platform through the external data network;
the longitudinal encryption device is arranged between the service data switch and the external data network through the network to form a linear topological structure, so that the safety and reliability of exchange and mutual access between the external network and the service data switch are ensured; the longitudinal encryption device has the functions of bidirectional identity authentication, encrypted data and password access so as to resist attack and damage of external network hackers, viruses, malicious codes and the like to power station production and a power grid system;
the equipment non-control protection area is used for collecting, metering production and equipment operation data.
The transverse isolation device is arranged between the control protection area and the equipment non-control protection area, and has the functions of illegal information isolation, abnormal code monitoring, filtering, access control and the like between the equipment control protection area and the equipment non-control protection area, so that the purpose of preventing virus propagation is achieved. The transverse isolation device is provided with a forward isolation device and a reverse isolation device, the forward isolation device is respectively connected with a data processor server of the equipment control protection area and a data acquisition server of the equipment non-control protection area through a network, so that the equipment control protection area can access the equipment non-control protection area in a one-way mode, information is only sent from the equipment control protection area, one-way data transmission is realized, and external data cannot access the equipment control protection area through the network; the reverse isolation device is respectively connected with a data processor server of the device control protection area and a data acquisition server of the device non-control protection area through a network, so that the device control protection area unidirectionally receives information of the device non-control protection area and only receives the information without accessing the outside, and the functions realize the safety isolation and control of data between the two areas of the device control protection area and the device non-control protection area.
And the external data network is respectively in network connection with the equipment control protection area and the equipment non-control protection area and is used for transmitting the real-time data of the equipment control protection area and the equipment non-control protection area to an external platform.
The invention has the beneficial effects that: according to different service characteristics, safety requirements, influence degrees, threats and risks, the method protects the information network in a subarea mode, performs zonal management and precaution, and mainly protects the gas power station production system to guarantee stable and effective operation of the gas power station production system, so that centralized management, monitoring, operation and maintenance of the gas power station production network equipment are realized, and the accident influence range is reduced.
Drawings
FIG. 1 is a schematic diagram of the information network protection system for the abandoned mine gas power station of the invention.
Detailed Description
In order to make the technical solutions in the present application better understood by those skilled in the art, the following detailed description of the present application will be given with reference to the accompanying drawings.
An information network protection system for a waste mine gas power station comprises an equipment control protection area, an equipment non-control protection area, a corresponding transverse isolation device and an external data network;
the equipment control protection area comprises a station inner layer data exchanger, a data processing server, a service data exchanger, a longitudinal encryption device and a network safety monitoring device, wherein one end of the station inner layer data exchanger is connected with production equipment in a network, and the production equipment comprises a generator set, a gas extraction device, auxiliary equipment, a power transformer, a switch cabinet and a power relay protection device. The other end of the station inner layer data exchanger is connected with one end of the data processing server through a network; the other end of the data processing server is connected with one end of the service data exchanger through a network, the data processing server transmits the processed equipment operation information to the service data exchanger, transmits the equipment operation information to an external data network through the service data exchanger, and transmits the equipment operation information to an external platform through the external data network;
the longitudinal encryption device is arranged between the service data switch and the external data network through the network to form a linear topological structure, so that the safety and reliability of exchange and mutual access between the external network and the service data switch are ensured; the longitudinal encryption device has the functions of bidirectional identity authentication, encrypted data and password access so as to resist attack and damage of external network hackers, viruses, malicious codes and the like to power station production and a power grid system;
one end of the network safety monitoring device is connected with the in-station switch through a network, the other end of the network safety monitoring device is connected with the service data switch and the in-station layer data switch through a network, and meanwhile, a parallel structure is formed with the data processing server and used for collecting, monitoring and managing uplink and downlink information of the data processing server in real time, so that illegal invasion and illegal operation of an internal network and an external network are prevented, and information in the data processing server is abnormal, and further abnormal production is caused.
The equipment non-control protection area comprises a data acquisition server, a service data exchanger and a longitudinal encryption device; one end of the data acquisition server is connected with the metering equipment network, the other end of the data acquisition server is connected with the service data exchanger network, the data acquisition server is used for acquiring, summarizing and storing production metering data and then transmitting the production metering data to the service data exchanger, transmitting the metering and operating data to an external data network through the service data exchanger, and transmitting the equipment metering and operating data to an external platform through the external data network;
the longitudinal encryption device is arranged between the service data switch and the external data network through the network to form a linear topological structure, so that the safety and reliability of exchange and mutual access between the external network and the service data switch are ensured; to achieve network isolation between the service data switch and the external data network.
The equipment non-control protection area is used for collecting and measuring production and equipment operation data and is connected with a production electricity meter, a water meter, a pressure meter, a flow meter and a gas flowmeter through a data collection server.
The transverse isolation device is arranged between the control protection area and the equipment non-control protection area, and has the functions of illegal information isolation, abnormal code monitoring, filtering, access control and the like between the equipment control protection area and the equipment non-control protection area, so that the purpose of preventing virus propagation is achieved. The transverse isolation device is provided with a forward isolation device and a reverse isolation device; the forward isolation equipment is respectively connected with a data processor server of the equipment control protection area and a data acquisition server of the equipment non-control protection area through a network, so that the equipment control protection area can access the equipment non-control protection area in a one-way mode, information is only sent from the equipment control protection area, one-way transmission of data is realized, and external data cannot access the equipment control protection area through the network; the reverse isolation device is respectively connected with a data processor server of the device control protection area and a data acquisition server of the device non-control protection area through a network, so that the device control protection area unidirectionally receives information of the device non-control protection area and only receives the information without accessing the outside, and the functions realize the safety isolation and control of data between the two areas of the device control protection area and the device non-control protection area.
And the external data network is respectively in network connection with the equipment control protection area and the equipment non-control protection area and is used for transmitting the real-time data of the equipment control protection area and the equipment non-control protection area to an external platform.
The described embodiments of the present invention are only preferred embodiments, and all other embodiments, including various changes, modifications, substitutions and alterations to the devices described in these embodiments, which would be obvious to one skilled in the art without making any creative effort, should fall within the protection scope of the present application.
Claims (3)
1. An information network protection system for a waste mine gas power station is characterized by comprising an equipment control protection area, an equipment non-control protection area, a corresponding transverse isolation device and an external data network, wherein the equipment control protection area is connected with the equipment non-control protection area; the equipment control protection area comprises an in-station layer data exchanger, a data processing server, a service data exchanger, a longitudinal encryption device and a network safety monitoring device, wherein one end of the in-station layer data exchanger is connected with the production equipment through a network, the other end of the in-station layer data exchanger is connected with one end of the data processing server through a network, and the other end of the data processing server is connected with one end of the service data exchanger through a network; the longitudinal encryption device is arranged between the service data switch and the external data network through the network to form a linear topological structure, so that the safety and reliability of exchange and mutual access between the external network and the service data switch are ensured; one end of the network safety monitoring device is connected with the in-station switch through a network, the other end of the network safety monitoring device is connected with the service switch through a network, and meanwhile, the network safety monitoring device and the data processing server form a parallel structure which is used for acquiring, monitoring and managing uplink and downlink information of the data processing server in real time, and preventing illegal invasion and illegal operation of an internal network and an external network from causing abnormality of the information in the data processing server; the equipment non-control protection area comprises a data acquisition server, a service data exchanger and a longitudinal encryption device; one end of the data acquisition server is connected with the metering equipment network, the other end of the data acquisition server is connected with the service data exchanger network, the data acquisition server is used for acquiring, summarizing and storing production metering data and then transmitting the production metering data to the service data exchanger, transmitting the metering and operating data to an external data network through the service data exchanger, and transmitting the equipment metering and operating data to an external platform through the external data network; the longitudinal encryption device is arranged between the service data exchanger and an external data network through a network to form a linear topological structure; the transverse isolation device is arranged between the control protection area and the equipment non-control protection area, and has the functions of illegal information isolation, abnormal code monitoring, filtering, access control and the like between the equipment control protection area and the equipment non-control protection area, so that the purpose of preventing virus propagation is achieved; and the external data network is respectively in network connection with the equipment control protection area and the equipment non-control protection area and is used for transmitting the real-time data of the equipment control protection area and the equipment non-control protection area to an external platform.
2. The abandoned mine gas power station information network protection system of claim 1, wherein: the equipment control protection area is used for monitoring and controlling production equipment of the abandoned mine power station and comprises a generator set, a gas extraction device, auxiliary equipment, a power transformer, a switch cabinet and a power relay protection device.
3. The abandoned mine gas power station information network protection system of claim 1, wherein: the transverse isolation device is provided with a forward isolation device and a reverse isolation device, the forward isolation device is respectively in network connection with a data processor server of the equipment control protection area and a data acquisition server of the equipment non-control protection area, the reverse isolation device is respectively in network connection with the data processor server of the equipment control protection area and the data acquisition server of the equipment non-control protection area, one-way information collection of the equipment non-control protection area is achieved in the equipment control protection area, only the information is collected and the information is not accessed to the outside, and the functions achieve safety isolation and control between two areas of data of the equipment control protection area and the equipment non-control protection area.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911189290.8A CN110730194A (en) | 2019-11-28 | 2019-11-28 | Information network protection system for gas power station of abandoned mine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911189290.8A CN110730194A (en) | 2019-11-28 | 2019-11-28 | Information network protection system for gas power station of abandoned mine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110730194A true CN110730194A (en) | 2020-01-24 |
Family
ID=69225723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911189290.8A Pending CN110730194A (en) | 2019-11-28 | 2019-11-28 | Information network protection system for gas power station of abandoned mine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110730194A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011038566A1 (en) * | 2009-09-29 | 2011-04-07 | 湖北盛佳电器设备有限公司 | Inner intelligent breaker and micro-breaker having function of automatic closing |
| CN204425396U (en) * | 2014-11-14 | 2015-06-24 | 国家电网公司 | A kind of powerline network construction system |
| CN106709580A (en) * | 2017-01-13 | 2017-05-24 | 国家电网公司 | Substation secondary system operation and maintenance cloud platform |
| CN206533391U (en) * | 2016-10-17 | 2017-09-29 | 北京国泰网信科技有限公司 | Main website type special line encryption authentication device |
| CN108964264A (en) * | 2018-06-22 | 2018-12-07 | 国电南瑞科技股份有限公司 | The wireless realization of debugging method of intelligent substation site device |
| CN110350664A (en) * | 2019-07-29 | 2019-10-18 | 云南电网有限责任公司电力科学研究院 | A kind of electric power monitoring system main station simulation system |
| CN210405367U (en) * | 2019-11-28 | 2020-04-24 | 中节能宁夏新能源股份有限公司 | Information network protection system for gas power station of abandoned mine |
-
2019
- 2019-11-28 CN CN201911189290.8A patent/CN110730194A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011038566A1 (en) * | 2009-09-29 | 2011-04-07 | 湖北盛佳电器设备有限公司 | Inner intelligent breaker and micro-breaker having function of automatic closing |
| CN204425396U (en) * | 2014-11-14 | 2015-06-24 | 国家电网公司 | A kind of powerline network construction system |
| CN206533391U (en) * | 2016-10-17 | 2017-09-29 | 北京国泰网信科技有限公司 | Main website type special line encryption authentication device |
| CN106709580A (en) * | 2017-01-13 | 2017-05-24 | 国家电网公司 | Substation secondary system operation and maintenance cloud platform |
| CN108964264A (en) * | 2018-06-22 | 2018-12-07 | 国电南瑞科技股份有限公司 | The wireless realization of debugging method of intelligent substation site device |
| CN110350664A (en) * | 2019-07-29 | 2019-10-18 | 云南电网有限责任公司电力科学研究院 | A kind of electric power monitoring system main station simulation system |
| CN210405367U (en) * | 2019-11-28 | 2020-04-24 | 中节能宁夏新能源股份有限公司 | Information network protection system for gas power station of abandoned mine |
Non-Patent Citations (2)
| Title |
|---|
| 尤小明;汤震宇;胡绍谦;林青;曹翔;: "变电站内网安全监测装置的设计与实现", 电气技术, 15 December 2018 (2018-12-15), pages 1 - 5 * |
| 王尉军;: "变电站二次安全防护应用研究", 贵州电力技术, no. 02, 29 February 2016 (2016-02-29), pages 1 - 3 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN207283594U (en) | Power transmission and transformation equipment state monitoring system based on network security subregion | |
| CN102750813A (en) | Power use information acquisition system | |
| CN115549027A (en) | Pressing plate state online monitoring system and method | |
| CN210405367U (en) | Information network protection system for gas power station of abandoned mine | |
| CN104539600A (en) | Industrial control firewall implementing method for supporting filtering IEC 104 protocol | |
| CN104333547B (en) | A kind of method for security protection of two-way interaction intelligent electric energy meter | |
| CN102904721B (en) | Signature and authentication method for information safety control of intelligent substations and device thereof | |
| CN201699728U (en) | Trusted network management system for electric power real-time system | |
| CN110730194A (en) | Information network protection system for gas power station of abandoned mine | |
| CN111314382B (en) | Network safety protection method suitable for high-frequency emergency control system | |
| CN201699742U (en) | Secure access control device of remote network | |
| CN108449331B (en) | Multistage monitoring interlocking control system of wind generating set | |
| CN203827367U (en) | Switch on-line monitoring device for digital transformer station | |
| CN105137236A (en) | Falling type lightning arrester on-line monitoring system | |
| CN205565750U (en) | Distributed system based on WIRELESS electric wire netting and HVDC network | |
| CN211567724U (en) | Personnel management and control system for subway outage and delivery operation system | |
| Lai et al. | An active security defense strategy for wind farm based on automated decision | |
| CN111935254A (en) | Remote peer-to-peer transparent transmission debugging system | |
| CN202433763U (en) | Remote monitoring system of wind turbine generator set | |
| Qassim et al. | An anomaly detection technique for deception attacks in industrial control systems | |
| CN214174880U (en) | Transmission control device for new safety partition of power plant Internet of things | |
| CN218416399U (en) | Safety device and secondary safety protection equipment of hydropower station | |
| CN202949437U (en) | Endorsing device used for intelligent transformer station information safety control | |
| Yang et al. | A Review on Cyber Security of Digital Electro-hydraulic Control System of Steam Turbine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |