CN112600829A - Data safety protection system of comprehensive energy regulation and control system - Google Patents

Data safety protection system of comprehensive energy regulation and control system Download PDF

Info

Publication number
CN112600829A
CN112600829A CN202011438355.0A CN202011438355A CN112600829A CN 112600829 A CN112600829 A CN 112600829A CN 202011438355 A CN202011438355 A CN 202011438355A CN 112600829 A CN112600829 A CN 112600829A
Authority
CN
China
Prior art keywords
data
module
independent control
control module
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011438355.0A
Other languages
Chinese (zh)
Inventor
胡伟
荆江平
陆晓
龙寰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Southeast University
State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University, State Grid Jiangsu Electric Power Co Ltd filed Critical Southeast University
Priority to CN202011438355.0A priority Critical patent/CN112600829A/en
Publication of CN112600829A publication Critical patent/CN112600829A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a data security protection system of a comprehensive energy regulation and control system, which relates to the technical field of network security and comprises an independent control module, a security input module and an information management module; the independent control module is connected with a communication module of a superior power grid dispatching automation system, and the safety input module is used for data acquisition and transmitting the data to the information management module; the information management module is used for managing information data transmitted by the independent control module and the safety input module, forward and reverse physical isolation is arranged among the independent control module, the safety input module and the information management module, and the independent control module is connected to the wireless private network safety input module for power grid dispatching automation and receives the regulation requirement of the dispatching automation; the information safety protection is provided with protection devices with power safety certification, such as redundant positive and reverse physical isolation devices, a longitudinal encryption device and the like.

Description

Data safety protection system of comprehensive energy regulation and control system
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a data security protection system of a comprehensive energy regulation and control system.
Background
The comprehensive energy system is characterized in that advanced physical information technology and innovative management modes are utilized in a certain area, multiple energy sources such as coal, petroleum, natural gas, electric energy and heat energy in the area are integrated, and coordinated planning, optimized operation, cooperative management, interactive response and complementary mutual assistance among multiple heterogeneous energy subsystems are achieved. The energy utilization efficiency is effectively improved and the sustainable development of energy is promoted while the diversified energy utilization requirements in the system are met.
The comprehensive energy regulation and control system is positioned as an industrial control system, is different from an internet system, and related safety protection needs to be configured according to the requirements of an industrial control system. The security of system data transmission and storage is fully considered from the aspects of network communication, virus protection, data storage and the like, and the controllability and the energy of information security are ensured.
Disclosure of Invention
In view of the deficiencies of the prior art, the present invention provides a data security system for an integrated energy regulation system, so as to solve the problems mentioned in the background art.
The purpose of the invention can be realized by the following technical scheme: a data safety protection system of a comprehensive energy regulation and control system comprises an independent control module, a safety input module and an information management module;
the independent control module is connected with a communication module of a superior power grid dispatching automation system, performs information interaction with the superior power grid dispatching system, receives the regulation requirement of the superior power grid dispatching automation, and realizes the deployment of comprehensive energy regulation;
the safety input module is used for acquiring data and transmitting the data to the information management module;
the information management module is used for managing the information data transmitted by the independent control module and the safety input module.
As a further scheme of the invention, a communication acquisition server is arranged in the safety input module, and the acquisition server is connected with an external energy subsystem.
As a further scheme of the invention, the independent control module and the safety input module are protected by adopting forward and reverse physical isolation, and a longitudinal encryption module is arranged in a transmission channel of the independent control module and the safety input module.
As a further scheme of the invention, the safety input module is connected with each energy subsystem at the user side, communication is carried out by adopting a communication mode of an optical fiber private network and a 1.8GHz wireless private network, and the communication protocol adopts an IEC104 protocol.
As a further scheme of the invention, the information management module is provided with a web server and an interface server.
As a further scheme of the invention, a forward and reverse physical isolation device is arranged in data interaction between the independent control module and the power grid dispatching automation system, and a longitudinal encryption device is selected and matched according to the communication distance between the independent control module and the power grid dispatching automation system for safety protection.
As a further scheme of the present invention, data interacted between the independent control module and the upper layer scheduling automation system includes uplink data and downlink data, the uplink data is data forwarded by the integrated energy system to the upper layer scheduling automation system, the downlink data is data forwarded by the upper layer scheduling automation system to the integrated energy system, the uplink data and the downlink data are both real-time data and quasi-real-time data, the real-time data is forwarded through an IEC104 protocol, and the quasi-real-time data is forwarded in an E-file format in an ftp manner.
As a further scheme of the invention, the independent control module is provided with a comprehensive safety protection module, the comprehensive safety protection module is used for detecting network safety, and the comprehensive safety protection module comprises a network safety monitoring device, an intrusion monitoring device, a malicious code prevention system and a safety audit module.
As a further scheme of the invention, the comprehensive safety protection module is used for configuring three modules of an anti-malicious code system, a safety audit device, an intrusion monitoring device and the like in an independent control module in a differentiation mode according to the importance degree of the adjustable capacity.
The invention has the beneficial effects that: the invention ensures the safety protection and data transmission of the comprehensive energy regulation and control system as an industrial control system.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a network security architecture of an integrated energy regulation system;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, in an embodiment of the present invention, a data security protection system for an integrated energy regulation and control system includes an independent control module, a security input module, and an information management module;
the independent control module is connected with a communication module of a superior power grid dispatching automation system, performs information interaction with the superior power grid dispatching system, receives the regulation requirement of the superior power grid dispatching automation, and realizes the deployment of comprehensive energy regulation;
the safety input module is used for acquiring data and transmitting the data to the information management module;
the information management module is used for managing the information data transmitted by the independent control module and the safety input module. The system achieves the functions of self data acquisition, coordination control, information interaction with a superior dispatching system, acceptance of regulation requirements of power grid dispatching automation and the like.
Preferably, a communication acquisition server is arranged in the safety input module, the acquisition server is connected with the external energy subsystem, the communication acquisition server collects information data in the external energy subsystem,
preferably, the independent control module and the safety input module are protected by forward and reverse physical isolation, and a longitudinal encryption module is arranged in a transmission channel between the independent control module and the safety input module, so that the safety of data transmission is ensured, the data transmission is ensured to be correct and effective, and the effectiveness of system management is ensured.
Preferably, the safety input module is connected with each energy subsystem of the user side, communication is carried out in a communication mode of an optical fiber private network and a 1.8GHz wireless private network, and an IEC104 protocol is adopted as a communication protocol. In this example, the microgrid system and the photo-thermal power generation system are accessed to the system through optical fiber cables, the fan system and part of the mobile energy storage are accessed to the system through a wireless private network, and the intelligent community and part of the mobile energy storage are accessed to the system through a wireless public network.
Preferably, the information management module is provided with a web server and an interface server, information data in the independent control module and the safety input module are called through a wireless network, online lookup is achieved, and operation is convenient and rapid.
Preferably, a forward and reverse physical isolation device is arranged in data interaction between the independent control module and the power grid dispatching automation system, and a longitudinal encryption device is selected and matched according to the communication distance between the independent control module and the power grid dispatching automation system for safety protection, so that the safety of communication data transmission between the independent control module and the power grid dispatching automation system is ensured, the data transmission is ensured to be correct and effective, and the effectiveness of system management is ensured.
Preferably, the data that independent control module and upper scheduling automation system are interactive includes uplink data and downlink data, uplink data is the data that comprehensive energy system forwarded to upper scheduling automation system, downlink data is the data that upper scheduling automation system forwarded to comprehensive energy system, uplink data and downlink data are equallyd divide into real-time data and quasi real-time data, real-time data forwards through the IEC stipulation, quasi real-time data forwards with the format of E file through the mode of ftp.
In this example, the real-time data in the uplink data includes information of new energy power generation, aggregated information and the like in the integrated energy park, the quasi-real-time data includes adjustable margin, duration and the like, the real-time data in the downlink data includes remote signaling of main remote measurement, switching, protection and the like of a line, a main transformer and the like included in a power supply path of an area where the integrated energy system is located, and the quasi-real-time data includes information of adjustment requirements and the like issued by a provincial dispatching center of a power grid.
Preferably, the independent control module is configured with a comprehensive security protection module, the comprehensive security protection module is used for detecting network security, and the comprehensive security protection module comprises a network security monitoring device, an intrusion monitoring device, a malicious code prevention system and a security audit module.
Preferably, the comprehensive safety protection module is used for configuring three modules such as a malicious code prevention system, a safety audit and an intrusion monitoring device in a differentiation mode in the independent control module according to the importance degree of the adjustable capacity.
In this example, the standard of the adjustable capacity is set to 50MW, which is less than the standard and does not require three modules, such as a malicious code prevention system, a security audit, an intrusion monitoring device, and the like, and is more than or equal to the standard and needs to be added.
The working principle of the invention is as follows: the invention ensures the safety protection and data transmission of the comprehensive energy regulation and control system as an industrial control system.
It will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the spirit and scope of the invention, and any equivalents thereto, such as those skilled in the art, are intended to be embraced therein.

Claims (9)

1. A data safety protection system of a comprehensive energy regulation and control system is characterized by comprising an independent control module, a safety input module and an information management module;
the independent control module is connected with a communication module of a superior power grid dispatching automation system, performs information interaction with the superior power grid dispatching system, receives the regulation requirement of the superior power grid dispatching automation, and realizes the deployment of comprehensive energy regulation;
the safety input module is used for acquiring data and transmitting the data to the information management module;
the information management module is used for managing the information data transmitted by the independent control module and the safety input module.
2. The system for data security protection of an integrated energy regulation and control system of claim 1, wherein the security input module is provided with a communication acquisition server, and the acquisition server is connected to an external energy subsystem.
3. The data security protection system of the comprehensive energy regulation and control system of claim 1, wherein the independent control module and the security input module are protected by forward and reverse physical isolation, and a longitudinal encryption module is arranged in a transmission channel of the independent control module and the security input module.
4. The system for data security protection of an integrated energy regulation and control system according to claim 1, wherein the security input module is connected to each energy subsystem at the user side, and is communicated in a communication mode of a fiber private network and a 1.8GHz wireless private network, and the communication protocol adopts an IEC104 protocol.
5. The system according to claim 1, wherein the information management module comprises a web server and an interface server.
6. The integrated energy regulation and control system data safety protection system of claim 3, wherein a forward and reverse physical isolation device is provided in the data interaction between the independent control module and the power grid dispatching automation system, and a longitudinal encryption device is selected and matched according to the communication distance between the independent control module and the power grid dispatching automation system for safety protection.
7. The system of claim 1, wherein the data interacted between the independent control module and the upper-layer dispatching automation system comprises uplink data and downlink data, the uplink data is data forwarded by the integrated energy system to the upper-layer dispatching automation system, the downlink data is data forwarded by the upper-layer dispatching automation system to the integrated energy system, the uplink data and the downlink data are divided into real-time data and quasi-real-time data, the real-time data is forwarded through an IEC104 protocol, and the quasi-real-time data is forwarded in an E-file format through ftp.
8. The system for data security protection of an integrated energy regulation and control system according to claim 1, wherein an integrated security protection module is configured in the independent control module, the integrated security protection module is used for detecting network security, and the integrated security protection module comprises four modules of a network security monitoring device, an intrusion monitoring device, a malicious code prevention system and security audit.
9. The system according to claim 8, wherein the integrated safety protection module is configured with three modules of malicious code prevention system, safety audit and intrusion monitoring device in a differentiated manner at the independent control module according to the importance of the adjustable capacity.
CN202011438355.0A 2020-12-07 2020-12-07 Data safety protection system of comprehensive energy regulation and control system Pending CN112600829A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011438355.0A CN112600829A (en) 2020-12-07 2020-12-07 Data safety protection system of comprehensive energy regulation and control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011438355.0A CN112600829A (en) 2020-12-07 2020-12-07 Data safety protection system of comprehensive energy regulation and control system

Publications (1)

Publication Number Publication Date
CN112600829A true CN112600829A (en) 2021-04-02

Family

ID=75192301

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011438355.0A Pending CN112600829A (en) 2020-12-07 2020-12-07 Data safety protection system of comprehensive energy regulation and control system

Country Status (1)

Country Link
CN (1) CN112600829A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113809775A (en) * 2021-09-28 2021-12-17 国网伊犁伊河供电有限责任公司 Distributed energy grid-connected data secure access system and secure access method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529795A (en) * 2016-10-28 2017-03-22 中国南方电网有限责任公司电网技术研究中心 Safety control method and device of electric power monitoring system
CN110601895A (en) * 2019-09-19 2019-12-20 国家电网有限公司 Data control method and device for power communication system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529795A (en) * 2016-10-28 2017-03-22 中国南方电网有限责任公司电网技术研究中心 Safety control method and device of electric power monitoring system
CN110601895A (en) * 2019-09-19 2019-12-20 国家电网有限公司 Data control method and device for power communication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
华光辉等: "区域综合能源协调控制技术", 《中国电力》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113809775A (en) * 2021-09-28 2021-12-17 国网伊犁伊河供电有限责任公司 Distributed energy grid-connected data secure access system and secure access method

Similar Documents

Publication Publication Date Title
Li et al. Smart home: architecture, technologies and systems
Ma et al. Smart grid communication: Its challenges and opportunities
CN102280935B (en) Intelligent power grid management system
CN102087132B (en) Wireless communication processing method for water meter
CN104901307A (en) Multi-network-combined home microgrid electric-energy consumption interactive management system and method thereof
CN105100252A (en) Network topology structure of distributed power monitoring system
CN103683503A (en) System for household power consumption management based on intelligent interaction device
CN104065094B (en) A kind of system and method for electric power virtual energy storage control
CN110912872A (en) New energy power plant dispatching data acquisition system based on Beidou electric power application
Wen et al. A survey on smart grid communication system
CN104009544A (en) Photovoltaic power generation remote control and communication system and method
CN113763169A (en) Energy routing device based on block chain and energy management method
CN113794232A (en) Access method and system suitable for flexible interaction of multi-region multi-type load resources
CN112600829A (en) Data safety protection system of comprehensive energy regulation and control system
CN103138293A (en) Optimal distribution method and system for heat-engine plant plant-level loads
CN104124754B (en) A kind of low pressure large user group uses Electric optimization and system
CN207884359U (en) A kind of safety stabilization control system integration layered cooperative structure
CN104201781A (en) Small-power wireless private network system applied to smart grid
CN201514568U (en) Remote centralized management and control system
CN214315305U (en) Data radio station intelligent communication device based on solar power station
CN215299154U (en) Holographic sensing electric energy scheduling system for power line carrier communication
CN202068233U (en) Intelligent electrical network supervising device based on embedded CPU
Hsu et al. Two-layer security scheme for AMI system in Taiwan
CN109639681B (en) Online reactor core power distribution monitoring system
CN207380505U (en) Home energy source management controls smart host

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210402

RJ01 Rejection of invention patent application after publication