CN111107045A - Safety baseline of power monitoring system of hydraulic power plant - Google Patents
Safety baseline of power monitoring system of hydraulic power plant Download PDFInfo
- Publication number
- CN111107045A CN111107045A CN201811265265.9A CN201811265265A CN111107045A CN 111107045 A CN111107045 A CN 111107045A CN 201811265265 A CN201811265265 A CN 201811265265A CN 111107045 A CN111107045 A CN 111107045A
- Authority
- CN
- China
- Prior art keywords
- domain
- safety
- monitoring system
- power plant
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 46
- 238000012423 maintenance Methods 0.000 claims abstract description 33
- 238000007726 management method Methods 0.000 claims description 47
- 238000012550 audit Methods 0.000 claims description 13
- 230000002265 prevention Effects 0.000 claims description 8
- 238000011084 recovery Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 claims description 5
- 238000011981 development test Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 18
- 230000006399 behavior Effects 0.000 description 6
- 230000002787 reinforcement Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000009545 invasion Effects 0.000 description 3
- 238000000034 method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses a safety baseline of a hydroelectric power plant electric power monitoring system, which comprises a business application domain (1), wherein the business application domain (1) is respectively connected with an internet service domain (2), an internal interconnection domain (3), an external interconnection domain (4), an employee access domain (5), a safety management domain (6) and a third party access domain (7), the internet service domain (2), the employee access domain (5) and the third party access domain (7) are respectively connected with the safety management domain (6), the outer side of the safety management domain (6) is connected with a maintenance management domain (8), one side of the external interconnection domain (4) is connected with a wireless access domain (9), and one sides of the internet service domain (2), the external interconnection domain (4) and the wireless access domain (9) are respectively connected with a boundary protection domain (10). The invention has the characteristics of high integrity and applicability and good safety.
Description
Technical Field
The invention relates to a hydraulic power plant electric power monitoring system, in particular to a hydraulic power plant electric power monitoring system safety baseline.
Background
Information security reinforcement is to improve the standardability, security and anti-attack ability of network and host system by means of certain technology and management standard, and is a key link for guaranteeing the information security of the power system. Information system security often requires a balance between security effort costs and the security risks that can be tolerated, and a security baseline is just a reasonable line of demarcation for this balance. Therefore, the security baseline is the minimum security guarantee of an information system, and is the most basic security requirement to be met by the information system.
However, the existing power monitoring systems used in the hydraulic power plants all adopt systems and devices delivered by default delivery configurations by system integrators or developers, and users do not have perfect and applicable security reinforcement strategies, so that the management system has the problems of poor integrity and applicability when in use, functional modules of the system cannot completely correspond to the current physical environment of the hydraulic power plant, and the requirements of users on different functions of the system and the complete monitoring of the power system cannot be met. In addition, because the security of the management system is low, the system has poor effects on user authentication, access control, auditing strategy and malicious code prevention, and risks of invasion and damage exist. Therefore, the existing power monitoring system for the hydraulic power plant has the problems of low integrity and applicability and poor safety.
Disclosure of Invention
The invention aims to provide a safety baseline of a hydraulic power plant electric power monitoring system. It has the characteristics of high integrity and applicability and good safety.
The technical scheme of the invention is as follows: the utility model provides a power plant electric power monitored control system safety baseline, includes the business application domain, and the business application domain is connected with internet service domain, inside interconnected domain, outside interconnected domain, staff's access domain, safety control territory and third party access domain respectively, internet service domain, staff's access domain and third party access domain are connected with safety control territory interconnect respectively, and the safety control territory outside is connected with maintains the management domain, outside interconnected domain one side is connected with wireless access domain, internet service domain, outside interconnected domain and wireless access domain one side all are connected with the boundary protection domain.
In the safety baseline of the power monitoring system of the hydraulic power plant, the service application domain, the internal interconnection domain, the safety management domain, the internet service domain and the external interconnection domain are all provided with the firewall.
In the safety baseline of the power monitoring system of the hydraulic power plant, the boundary protection domain comprises an intrusion detection system, an intrusion prevention system, a log audit system, an operation and maintenance audit system and an application firewall.
In the safety baseline of the hydraulic power plant electric power monitoring system, the management range of the safety management domain includes user and account naming, information system and equipment logic naming, network safety region division, network remote access, network terminal access, internet behavior management, machine room operation monitoring, administrator behavior audit and terminal and medium protection.
In the safety baseline of the hydraulic power plant electric power monitoring system, the maintenance management domain includes a network operation maintenance module, an application system operation maintenance module, a host database system operation maintenance module and a machine room operation maintenance module.
In the safety baseline of the hydroelectric power plant electric power monitoring system, the service application domain comprises a dam monitoring system, a site control system, a comprehensive monitoring system and a water condition forecasting system.
In the safety baseline of the power monitoring system of the hydraulic power plant, both the service application domain and the safety management domain are connected with the disaster recovery system domain.
In the safety baseline of the power monitoring system of the hydraulic power plant, a development test domain is connected to the outer side of the safety management domain.
In the safety baseline of the hydroelectric power plant electric power monitoring system, different domains are connected with each other through Huacheng routers or Cisco routers.
Compared with the prior art, the invention has the advantages that through the interconnection of the Internet service domain, the internal interconnection domain, the external interconnection domain and the employee access domain with the business application domain, users in different areas and in different demands can respectively enter the business application domain from different access domains, so that the completeness and the applicability of the invention are improved, and the system can conveniently divide and limit the management authority of network equipment and accounts through dividing each access domain, thereby improving the safety and the working stability of the invention; the safety management domain can respectively close unsafe services in the network equipment and realize access limitation aiming at different access domains, ensure that the network equipment only bears the network services required by the service, and provide safety mechanism guarantee for users with different IP addresses; the boundary protection domain can further protect and monitor accounts entering the system from the Internet service domain, the external interconnection domain and the wireless access domain, so that damage of external users to the system through malicious codes is reduced, and the safety of the system is further improved; the system can be matched with each physical environment in a hydraulic power plant through a service application domain consisting of a dam monitoring system, a site control system, a comprehensive monitoring system and a water condition forecasting system, so that the complete monitoring of the electric power of the hydraulic power plant is realized; the maintenance management domain composed of the network operation maintenance module, the application system operation maintenance module, the host database system operation maintenance module and the machine room operation maintenance module can respectively maintain and manage each system and access domain, thereby further improving the applicability and integrity of the invention; disaster recovery monitoring can be respectively carried out on each monitoring system in the hydraulic power plant through the disaster recovery system domain, and the monitoring systems can find and process in time through the disaster recovery system domain when monitoring that the numerical value is abnormal, so that the safety of the monitoring system is improved; the firewall arranged in different domains can further play roles of account authority reinforcement and malicious code prevention, so that the protection effect of the whole system on invasion or malicious damage behaviors is improved. Therefore, the method has the characteristics of high integrity and applicability and good safety.
Drawings
Fig. 1 is a schematic diagram of the connection of the present invention.
The labels in the figures are: the method comprises the following steps of 1-a business application domain, 2-an internet service domain, 3-an internal interconnection domain, 4-an external interconnection domain, 5-an employee access domain, 6-a security management domain, 7-a third party access domain, 8-a maintenance management domain, 9-a wireless access domain, 10-a boundary protection domain, 11-a disaster recovery system domain and 12-a development test domain.
Detailed Description
The invention is further illustrated by the following figures and examples, which are not to be construed as limiting the invention.
Examples are given. A safety baseline of a hydroelectric power plant electric power monitoring system is shown in figure 1 and comprises a business application domain 1, wherein the business application domain 1 is respectively connected with an internet service domain 2, an internal interconnection domain 3, an external interconnection domain 4, an employee access domain 5, a safety management domain 6 and a third party access domain 7, the internet service domain 2, the employee access domain 5 and the third party access domain 7 are respectively connected with the safety management domain 6, the outer side of the safety management domain 6 is connected with a maintenance management domain 8, one side of the external interconnection domain 4 is connected with a wireless access domain 9, and one side of the internet service domain 2, one side of the external interconnection domain 4 and one side of the wireless access domain 9 are respectively connected with a boundary protection domain 10.
Firewalls are arranged in the business application domain 1, the internal interconnection domain 3, the security management domain 6, the internet service domain 2 and the external interconnection domain 4, and can be selected from an NX3-G2000 firewall of the green alliance technology, an SG-6000-E2300 firewall of the mountain stone network communication technology company Limited or an FW5120 firewall of the DongSoft group.
The boundary protection domain 10 comprises an intrusion detection system, an intrusion prevention system, a log audit system, an operation and maintenance audit system and an application firewall; the intrusion detection system can be an NIDS-NX600 network intrusion detection system of green alliance science and technology, the intrusion prevention system can be an NIPS600D intrusion detection prevention system of a star-star information technology group, the log audit system can be a CA2300 network security audit system of the star-star information technology group, the operation and maintenance audit system can be a USM-200 operation and maintenance audit and risk control system of Hangzhou Anheng information technology Limited, and the WAG-WAF110 application security gateway of the star-star information technology group can be selected by applying a firewall.
The management range of the safety management domain 6 comprises user and account naming, information system and equipment logic naming, network safety region division, network remote access, network terminal access, internet behavior management, machine room operation monitoring, administrator behavior audit and terminal and medium protection.
The maintenance management domain 8 comprises a network operation maintenance module, an application system operation maintenance module, a host database system operation maintenance module and a machine room operation maintenance module.
The business application domain 1 comprises a dam monitoring system, a site control system, a comprehensive monitoring system and a water condition forecasting system.
The business application domain 1 and the safety management domain 6 are both connected with a disaster recovery system domain 11.
And a development test domain 12 is connected outside the security management domain 6.
Different domains are interconnected via Huacheng AP3010 router or Cisco's AIR-CT2500 router.
The working principle of the invention is as follows: according to the invention, through the interconnection of the Internet service domain 2, the internal interconnection domain 3, the external interconnection domain 4 and the employee access domain 5 with the business application domain 1, users in different areas and with different requirements can respectively enter the business application domain 1 from different access domains; the system can conveniently divide and limit the management authority of the network equipment and the account number by dividing each access domain; the safety management domain 6 can respectively close unsafe services in the network equipment and realize access limitation aiming at different access domains, ensure that the network equipment only bears the network services required by the service, and provide safety mechanism guarantee for users with different IP addresses; the boundary protection domain 10 can further protect and monitor accounts entering the system from the internet service domain 2, the external interconnection domain 4 and the wireless access domain 9, so that damage to the system caused by malicious codes of external users is reduced; the service application domain 1 consisting of a dam monitoring system, a site control system, a comprehensive monitoring system and a water condition forecasting system can enable each system and each physical environment in a hydraulic power plant to be mutually matched, so that the complete monitoring of the electric power of the hydraulic power plant is realized; the maintenance management domain 8 composed of a network operation maintenance module, an application system operation maintenance module, a host database system operation maintenance module and a machine room operation maintenance module can respectively maintain and manage each system and access domain. The firewall arranged in different domains can further play roles of account authority reinforcement and malicious code prevention, so that the protection effect of the whole system on invasion or malicious damage behaviors is improved. The invention can play the roles of information security organization, information security inspection development, security management system implementation, technical protection means construction, emergency treatment work, information technology product use, information security education training and potential safety hazard investigation and rectification through each application function module in the service application domain 1, thereby conforming to the completeness and applicability required by the hydraulic power plant. The security management domain 6 can play a role in network technology management, server technology management, storage system technology management, database system technology management, production application system technology management, anti-virus system technology management, office system technology management, personal computer technology management and machine room technology management, thereby ensuring the stable operation of the system and further improving the completeness and the security of the system.
Claims (9)
1. The utility model provides a power plant electric power monitored control system safety baseline which characterized in that: including business application domain (1), business application domain (1) is connected with internet service domain (2), inside interconnected domain (3), outside interconnected domain (4), staff access domain (5), safety control domain (6) and third party access domain (7) respectively, internet service domain (2), staff access domain (5) and third party access domain (7) respectively with safety control domain (6) interconnect, the safety control domain (6) outside is connected with maintains management domain (8), outside interconnected domain (4) one side is connected with wireless access domain (9), internet service domain (2), outside interconnected domain (4) and wireless access domain (9) one side all are connected with boundary protection domain (10).
2. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: and fire walls are arranged in the business application domain (1), the internal interconnection domain (3), the security management domain (6), the Internet service domain (2) and the external interconnection domain (4).
3. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: the boundary protection domain (10) comprises an intrusion detection system, an intrusion prevention system, a log audit system, an operation and maintenance audit system and an application firewall.
4. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: the management range of the safety management domain (6) comprises user and account naming, information system and equipment logic naming, network safety region division, network remote access, network terminal access, internet behavior management, machine room operation monitoring, administrator behavior audit and terminal and medium protection.
5. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: the maintenance management domain (8) comprises a network operation maintenance module, an application system operation maintenance module, a host database system operation maintenance module and a machine room operation maintenance module.
6. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: the business application domain (1) comprises a dam monitoring system, a site control system, a comprehensive monitoring system and a water condition forecasting system.
7. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: the business application domain (1) and the safety management domain (6) are both connected with a disaster recovery system domain (11).
8. A hydroelectric power plant power monitoring system safety baseline of claim 1, wherein: the outer side of the security management domain (6) is connected with a development test domain (12).
9. A hydroelectric power plant power monitoring system safety baseline according to claim 1, 7 or 8, wherein: different domains are interconnected via Huawei routers or Cisco routers.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811265265.9A CN111107045A (en) | 2018-10-29 | 2018-10-29 | Safety baseline of power monitoring system of hydraulic power plant |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811265265.9A CN111107045A (en) | 2018-10-29 | 2018-10-29 | Safety baseline of power monitoring system of hydraulic power plant |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111107045A true CN111107045A (en) | 2020-05-05 |
Family
ID=70420161
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811265265.9A Pending CN111107045A (en) | 2018-10-29 | 2018-10-29 | Safety baseline of power monitoring system of hydraulic power plant |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111107045A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227797A (en) * | 2013-05-08 | 2013-07-31 | 上海电机学院 | Distributive management system of information network security for power enterprises |
CN103296752A (en) * | 2013-04-26 | 2013-09-11 | 国家电网公司 | Small hydropower station safety monitoring system for grid safe and stable operation and monitoring method for small hydropower station safety |
CN106878466A (en) * | 2017-04-07 | 2017-06-20 | 贵州黔源电力股份有限公司 | A kind of Hydropower Unit data management and equipment control unified platform |
CN107231371A (en) * | 2017-06-23 | 2017-10-03 | 国家电网公司 | The safety protecting method of Electricity Information Network, device and system |
CN207354339U (en) * | 2017-09-30 | 2018-05-11 | 国电大渡河瀑布沟发电有限公司 | A kind of power station integrated data processing system |
CN108063751A (en) * | 2017-10-20 | 2018-05-22 | 国网宁夏电力有限公司 | A kind of public network safety access method for new energy power plant |
-
2018
- 2018-10-29 CN CN201811265265.9A patent/CN111107045A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103296752A (en) * | 2013-04-26 | 2013-09-11 | 国家电网公司 | Small hydropower station safety monitoring system for grid safe and stable operation and monitoring method for small hydropower station safety |
CN103227797A (en) * | 2013-05-08 | 2013-07-31 | 上海电机学院 | Distributive management system of information network security for power enterprises |
CN106878466A (en) * | 2017-04-07 | 2017-06-20 | 贵州黔源电力股份有限公司 | A kind of Hydropower Unit data management and equipment control unified platform |
CN107231371A (en) * | 2017-06-23 | 2017-10-03 | 国家电网公司 | The safety protecting method of Electricity Information Network, device and system |
CN207354339U (en) * | 2017-09-30 | 2018-05-11 | 国电大渡河瀑布沟发电有限公司 | A kind of power station integrated data processing system |
CN108063751A (en) * | 2017-10-20 | 2018-05-22 | 国网宁夏电力有限公司 | A kind of public network safety access method for new energy power plant |
Non-Patent Citations (1)
Title |
---|
解俊峰: "水电厂信息网络安全防护探究", 《电脑知识与技术》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yang et al. | Impact of cyber-security issues on smart grid | |
Cho et al. | Cyberphysical security and dependability analysis of digital control systems in nuclear power plants | |
Bessani et al. | The CRUTIAL way of critical infrastructure protection | |
Hong et al. | An intrusion and defense testbed in a cyber-power system environment | |
CN104184735A (en) | Electric marketing mobile application safe protection system | |
Piggin | Cyber security trends: What should keep CEOs awake at night. | |
Shehod | Ukraine power grid cyberattack and US susceptibility: Cybersecurity implications of smart grid advancements in the US | |
Panguluri et al. | Protecting water and wastewater infrastructure from cyber attacks | |
Mir et al. | Security gaps assessment of smart grid based SCADA systems | |
Voropai et al. | Issues of cybersecurity in electric power systems | |
Zhang et al. | Reliability analysis of power grids with cyber vulnerability in SCADA system | |
Marali et al. | Cyber security threats in industrial control systems and protection | |
CN111107045A (en) | Safety baseline of power monitoring system of hydraulic power plant | |
CN105471857A (en) | Power grid terminal invalid external connection monitoring blocking method | |
Barnes et al. | Introduction to SCADA protection and vulnerabilities | |
Ocaka et al. | Cybersecurity threats, vulnerabilities, mitigation measures in industrial control and automation systems: a technical review | |
Johnson et al. | Physical security and cybersecurity of energy storage systems | |
Smith | A survey of research in supervisory control and data acquisition (SCADA) | |
Ensor et al. | Utility cybersecurity preparedness: Filling the cybersecurity gap to improve resiliency | |
Hou | Application of GB/T20984 in electric power information security risk assessment | |
Eslava | An algorithm for optimal firewall placement in iec61850 substations | |
Rele et al. | Enhancing Safety and Security in Renewable Energy Systems within Smart Cities | |
McKay | Lessons to learn for US electric grid critical infrastructure protection: Organizational challenges for utilities in identification of critical assets and adequate security measures | |
Mohamed et al. | Understanding cyber-physical resilience from a power system perspective | |
Melligan | The Vulnerability of the United States Electrical Power Grid |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200505 |