CN114465799A - Industrial control network safety supervision and early warning platform of production control system of thermal power plant - Google Patents
Industrial control network safety supervision and early warning platform of production control system of thermal power plant Download PDFInfo
- Publication number
- CN114465799A CN114465799A CN202210125834.XA CN202210125834A CN114465799A CN 114465799 A CN114465799 A CN 114465799A CN 202210125834 A CN202210125834 A CN 202210125834A CN 114465799 A CN114465799 A CN 114465799A
- Authority
- CN
- China
- Prior art keywords
- data
- layer
- early warning
- network
- sis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 41
- 238000004458 analytical method Methods 0.000 claims abstract description 19
- 238000013500 data storage Methods 0.000 claims abstract description 19
- 238000003860 storage Methods 0.000 claims abstract description 13
- 230000002159 abnormal effect Effects 0.000 claims abstract description 12
- 230000000007 visual effect Effects 0.000 claims abstract description 12
- 238000007405 data analysis Methods 0.000 claims abstract description 10
- 238000009960 carding Methods 0.000 claims abstract description 4
- 238000010606 normalization Methods 0.000 claims abstract description 3
- 238000001514 detection method Methods 0.000 claims description 7
- 230000002787 reinforcement Effects 0.000 claims description 7
- 239000000523 sample Substances 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 238000009434 installation Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 abstract description 15
- 238000000034 method Methods 0.000 abstract description 7
- 238000013480 data collection Methods 0.000 abstract description 3
- 238000012544 monitoring process Methods 0.000 description 11
- 238000002955 isolation Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 241000700605 Viruses Species 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009545 invasion Effects 0.000 description 3
- 230000003014 reinforcing effect Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003245 coal Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses production control system industrial control network safety supervision and early warning platform of thermal power plant includes: infrastructure layer: the system is used for realizing the checking, registration, carding and control of the network space assets; a safety protection layer: the system is used for ensuring the safety of the operation of the network and the SIS system; a data acquisition layer: the system is used for uniformly collecting and uploading log, data, flow, information, loophole and other information of each safety control node; a data storage layer: the data normalization module is used for normalizing and storing the data collected in the data collection layer; modeling analysis layer: the system comprises a data storage layer, a data analysis module and a data analysis module, wherein the data storage layer is used for storing various data in the data storage layer and threat intelligence in the Internet; visual display layer: and uniformly displaying the conditions of network security risk nodes, abnormal events, illegal external connections and the like found in the data analysis layer in a graph form through WEB release. The method and the system can realize effective management and control of industrial control assets, network attacks, system bugs and mobile storage management.
Description
Technical Field
The invention relates to the technical field of thermal power generation, in particular to an industrial control network safety supervision and early warning platform of a production control system of a thermal power plant.
Background
Energy is the basis, and electric power is the guarantee. The control mode of the thermal power plant reflects the overall level of management and technology of the thermal power plant, along with the development of large-scale units of the thermal power plant in China, the automation level of the power plant is gradually improved, and new requirements are provided for production and information management of the power plant. In order to reduce the cost and improve the management level of the power plant, the thermal power plant needs to adopt an advanced production management means.
At present, most thermal power plants are provided with a plant-level real-time information monitoring system (SIS for short), real-time data of the thermal power plants are effectively stored and monitored, production efficiency is improved by optimizing production and reducing coal consumption, safety production of the power plants is guaranteed as far as possible, and the aims of improving unit efficiency, guaranteeing safety production of the power plants, reducing operation cost and improving overall economic benefits of the power plants are achieved.
With respect to the related art in the above, the inventors found that: the current monitoring system is difficult to collect and automatically analyze assets, logs and the like in a large production area in a centralized way, and meanwhile, the risk threat of the large production area is difficult to manage, control and manage in a centralized way.
Disclosure of Invention
In order to facilitate centralized collection, analysis and management, the application provides a safety supervision and early warning platform of an industrial control network of a production control system of a thermal power plant.
The application provides a production control system industrial control network safety supervision and early warning platform of thermal power plant adopts following technical scheme:
production control system industrial control network safety supervision and early warning platform of thermal power plant includes:
infrastructure layer: the system is used for realizing the checking, registration, carding and control of the network space assets;
a safety protection layer: the system is used for guaranteeing the operation safety of a network and an SIS system and is used as a probe for acquiring data;
a data acquisition layer: the system is used for determining each safety control node in a network and an SIS system, and uniformly collecting and uploading log, data, flow, information, loophole and other information of each safety control node by using a probe;
a data storage layer: the system comprises a data acquisition layer, a data processing layer and a data processing layer, wherein the data acquisition layer is used for performing data normalization on data such as logs, events, traffic, syslog and snmp collected in the data acquisition layer and storing the data;
modeling analysis layer: the system is used for correlating various data in the data storage layer with threat intelligence in the Internet, carrying out modeling analysis, carrying out comprehensive analysis on information such as network, assets, logs, flow, service data and the like through big data comparison, and then judging and early warning the current network condition;
visual display layer: and performing man-machine interaction in a B/S mode, uniformly displaying conditions such as network security risk nodes, abnormal events, illegal external connections and the like found in a data analysis layer in a chart form through WEB release, and performing real-time alarm output, early warning prediction, evidence obtaining and source tracing on a feature library matching result and a big data analysis result.
By adopting the technical scheme, the safety protection layer protects the operation of the whole system, the data acquisition layer acquires information of each safety control node in the network, the acquired data are uploaded to the data storage layer in a centralized manner, the data storage layer converts the data and stores the data in a standardized format, various data are analyzed through the modeling analysis layer, whether the data are abnormal or not is judged, the visual display layer displays various conditions in a chart form in a unified manner, centralized collection, analysis and management of production data are facilitated, and meanwhile, the supervision efficiency can be improved.
Preferably, an electrical ECS system and a DCS system are arranged on the infrastructure layer, and an industrial control firewall is arranged between the ECS system and the DCS system.
By adopting the technical scheme, the arrangement of the industrial control firewall realizes the regional isolation and solves the unauthorized access behaviors of different systems in the process monitoring layer of the production network.
Preferably, the engineer station, the operator station and the main server of the SIS system are provided with host reinforcement software.
By adopting the technical scheme, the host machine reinforces the setting of software, improves the reinforcement, establishes a credible base line and improves the capability of defending virus invasion.
Preferably, the host reinforcement software is provided with a USB white list.
By adopting the technical scheme, the USB device can be managed and controlled by the setting of the USB white list, and the data security is improved.
Preferably, the host reinforcement software identifies plug information of the USB device, detects whether the plug information belongs to a USB white list, if so, records and outputs the USB device information, and if not, disconnects the USB device and generates an abnormal USB log.
By adopting the technical scheme, the output of information can be realized for the authorized USB equipment, and simultaneously, the record of the USB equipment is saved; for unauthorized USB equipment, the connection of the USB equipment is disconnected in time, and an abnormal USB log is generated, so that the USB equipment is monitored conveniently.
Preferably, the DCS system is provided with a unit switch, the SIS system is provided with an SIS exchange bypass, and an industrial control intrusion detection system is arranged between the unit switch and the SIS exchange bypass.
By adopting the technical scheme, abnormal behaviors, attack characteristics and vulnerability detection are realized.
Preferably, an industrial control operation and maintenance auditing system is arranged on the SIS switch of the SIS switch bypass.
By adopting the technical scheme, unified account management, unified resource and authority distribution and whole-process operation audit are realized.
Preferably, the data storage layer comprises a storage, an alarm device is arranged at the installation position of the storage, the alarm device is used for detecting whether the storage exists at the installation position, if not, the alarm device gives an alarm, and the visual display layer is also used for positioning and displaying the position of the storage in real time.
Through adopting above-mentioned technical scheme, alarm device inspects the accumulator on the mounted position, and when stolen back as the accumulator, alarm device sends out and reports an emergency and asks for help or increased vigilance, and visual show layer location shows the position of stolen accumulator in real time, further improves the security of data.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the safety protection layer protects the operation of the whole system, the data acquisition layer acquires information of each safety control node in the network, the acquired data are uploaded to the data storage layer in a centralized manner, the data storage layer converts the data and stores the data in a standardized format, then the modeling analysis layer analyzes various data to judge whether the data are abnormal, the visual display layer uniformly displays various conditions in a chart form, further the centralized collection, analysis and management of production data are facilitated, and meanwhile the supervision efficiency can be improved;
2. the regional isolation is realized, and the unauthorized access behaviors of different systems in the process monitoring layer of the production network are solved;
3. establishing a credible baseline, defending virus invasion, realizing USB control, realizing account number unified management, resource and authority unified distribution and operation whole process audit;
4. the unified configuration of the security policy and the comprehensive monitoring of the operation condition are realized, so that the overall management and control integration of the security threats of the whole production area is ensured.
Drawings
FIG. 1 is a block diagram of a safety supervision and early warning platform of an industrial control network of a production control system of a thermal power plant in the embodiment of the present application;
FIG. 2 is an architecture diagram of a safety supervision and early warning platform of an industrial control network of a production control system of a thermal power plant in embodiment 1 of the present application;
fig. 3 is an architecture diagram of a safety supervision and early warning platform of an industrial control network of a production control system of a thermal power plant in embodiment 2 of the present application.
Detailed Description
The present application is described in further detail below with reference to figures 1-3.
Example 1
The embodiment of the application discloses production control system industrial control network safety supervision and early warning platform of thermal power plant, refers to FIG. 1, and production control system industrial control network safety supervision and early warning platform of thermal power plant includes:
a first layer: and the infrastructure layer is used for realizing the inventory, registration, carding and control of the network space assets.
A second layer: and the safety protection layer is used for guaranteeing the operation safety of the network and the SIS system and is used as a probe for acquiring data.
And a third layer: and the data acquisition layer is used for determining each safety control node in the network and the SIS system, and uniformly collecting and uploading log, data, flow, information, loophole and other information of each safety control node by using the probe.
A fourth layer: and the data storage layer is used for normalizing and storing the data such as the logs, the events, the flow, the syslog, the snmp and the like collected in the data collection layer.
And a fifth layer: and the data analysis layer is used for correlating various data in the data storage layer with threat information in the Internet, carrying out modeling analysis, carrying out comprehensive analysis on information such as network, assets, logs, flow, service data and the like through big data comparison, and then judging and early warning the current network condition.
A sixth layer: and the visual display layer is used for carrying out human-computer interaction in a B/S mode, uniformly displaying conditions such as network security risk nodes, abnormal events, illegal external connections and the like found in the data analysis layer in a chart form through WEB release, and carrying out real-time alarm output, early warning prediction, evidence obtaining and source tracing on the feature library matching result and the big data analysis result.
Referring to fig. 2, the industrial control network safety supervision and early warning platform of the production control system of the thermal power plant can be constructed on an original system, in this embodiment, the SIS system includes a first-stage SIS system and a second-stage SIS system, network cabinets are respectively deployed between the first-stage SIS system and the second-stage SIS system, ad hoc networks of the first-stage SIS system and the second-stage SIS system are realized through a switch, and meanwhile, a unidirectional isolation gatekeeper is deployed at an outlet of data interaction to realize interaction and strong logic isolation of data between the first-stage SIS system and the second-stage SIS system, wherein the specific construction content is as follows:
the infrastructure layer is provided with an electric ECS system and a DCS system, an industrial control firewall is arranged between the electric ECS system and the DCS system in the first-stage SIS system, the regional isolation is realized, and the unauthorized access behavior of different systems in the process monitoring layer of the production network is solved, wherein the industrial control firewall is based on the framework of Loongson MIPS.
Host reinforcing software is deployed at an engineer station, an operator station and a main server, the host reinforcing software only allows execution of trusted programs by setting a white list strategy, excludes non-trusted programs, and adopts signature authentication and national secret SM3 hash algorithm for cooperative verification, so that active defense and data integrity protection on various unsafe factors are realized, execution and diffusion of malicious codes such as viruses and trojans can be effectively avoided, and execution and utilization of 0Day in an industrial control host are effectively prevented.
The host reinforcing software is also provided with a USB white list, identifies plug information of the USB equipment, detects whether the plug information belongs to the USB white list, records and outputs the USB equipment information if the plug information belongs to the USB white list, and disconnects the USB equipment and generates an abnormal USB log if the plug information does not belong to the USB white list, so that USB control is realized, and the condition of data leakage can be effectively reduced.
The DCS system is provided with a unit switch, the first-stage SIS system and the second-stage SIS system are both provided with SIS exchange bypasses, and an industrial control intrusion detection system is arranged between the unit switch and the SIS exchange bypasses to realize abnormal behaviors, attack characteristics and vulnerability detection.
And an industrial control operation and maintenance auditing system is deployed on the SIS switch of the SIS switch bypass, so that the unified management of account numbers, the unified allocation of resources and authorities and the auditing of the whole operation process are realized.
An industrial control monitoring analysis early warning sub-platform is arranged between the SIS exchange bypass of the first-stage SIS system and the SIS exchange bypass of the second-stage SIS system, so that the safety events of the first-stage SIS system and the second-stage SIS system are managed and controlled in a centralized mode, the uniform configuration of safety strategies and the comprehensive monitoring of the operation condition are achieved, and the integral management and control integration of the safety threats of the whole production large area is guaranteed. The overall arrangement of the equipment does not change the network structure of the original production control system, the topological relation and the structure between the original system equipment are ensured, and new fault points are effectively avoided.
In this embodiment, the data storage layer includes the accumulator, is provided with alarm device on the mounted position of accumulator, and alarm device is used for detecting whether have the accumulator on the mounted position, if no, alarm device sends out the warning, and visual display layer still is used for the location and shows the position of accumulator in real time. In this embodiment, the alarm device may include a pressure sensor, the pressure sensor is disposed at a mounting position of the reservoir, when the reservoir is located at the mounting position, the reservoir contacts and presses the pressure sensor, the pressure sensor outputs a first detection signal, and at this time, no alarm is issued; when the storage is pulled out, the pressure sensor is not pressed by the storage, the pressure sensor outputs a second detection signal, at the moment, an alarm is given out, and the pulled-out storage is displayed in a flashing mode by the visual display layer. Different mounting positions are respectively provided with the pressure sensors, and the pressure sensors are numbered, so that the storage device can be positioned.
The implementation principle of the embodiment 1 is as follows: the safety protection layer protects the operation of the whole system, the data acquisition layer acquires information of each safety control node in the network, the acquired data are uploaded to the data storage layer in a centralized mode, the data storage layer converts the data and stores the data in a standardized format, then the modeling analysis layer analyzes various data to judge whether the data are abnormal or not, and the visual display layer displays various conditions in a chart mode in a unified mode.
The running state of the equipment is collected and analyzed in the modes of log, SNMP, probe and the like, so that maintenance personnel can timely master the leak situation in the system, and when the equipment is abnormal, early warning can be timely provided, the inspection workload of the maintenance personnel is effectively reduced, the processing time of the maintenance personnel is effectively shortened, the defense capability of a production control system network and the equipment is improved, and the reliability of the production control system equipment is improved.
Information islands between the first-stage SIS system and the second-stage SIS system are broken through, unified data collection and centralized analysis among different units in a production control large area are achieved, the phenomena that data are difficult to collect, data are unclear at the bottom of account, data islands, data distortion and the like caused by the fact that an equipment interface is not opened and the like are broken through, and meanwhile asset statistics and charting risk alarming and prediction based on datamation are achieved.
By deploying the industrial control firewall based on the Loongson MIPS framework, the dependence on external technologies can be reduced, potential safety hazards and embarrassment caused by people are effectively eliminated, and the safety risk of the zone boundary caused by non-controllable factors is reduced. And realizing full closed-loop management of risk control of the production area through asset and vulnerability acquisition, identification, analysis, early warning and response.
The traditional SIS system usually needs about 2 people to work all weather, at present, through building an early warning platform, one person can finish supervision, and calculation is carried out according to the method, the personnel cost is saved by 15 ten thousand yuan each year, meanwhile, the early warning platform collects a large amount of control system information, the early warning capacity of vulnerability discovery, network attack and virus invasion is greatly improved, the safety operation of the DCS is improved, the statistics of unit shutdown events caused by the network safety events of the DCS in the past each year is carried out, and the fund can be saved by 150 ten thousand yuan each year.
Example 2
Referring to fig. 3, the difference between this embodiment and embodiment 1 is that a transit switch and an MCU are further disposed between the first-phase SIS system and the second-phase SIS system, the transit switch has a first bypass, a second bypass, and a third bypass, the first bypass is connected to a real-time server of the first-phase SIS system, a first relay is disposed on the first bypass, and the first relay is connected to the MCU; the second bypass is connected with a real-time server of the second-stage SIS system, a second relay is arranged on the second bypass, and the second relay is connected with the MCU; the third bypass is connected with the industrial control monitoring, analyzing and early warning sub-platform, the MCU is respectively connected with the first-stage SIS switch and the second-stage SIS switch, and the MCU has a WDT (watchdog) function.
The implementation principle of the embodiment 2 is as follows: during normal state, first phase SIS switch, second phase SIS switch and MCU communication, MCU start WDT function, and first phase SIS switch is regularly to MCU transmission first dog feeding signal, and second phase SIS switch is regularly to MCU transmission second dog feeding signal. When the first-period SIS switch is down, the first-period SIS switch cannot send out a first dog feeding signal regularly, the MCU does not receive the first dog feeding signal within preset time, the MCU controls the first relay to be closed, and a real-time server of the first-period SIS system is communicated with the industrial control monitoring, analyzing and early warning sub-platform through the transit switch.
When the second-stage SIS switch is down, the second-stage SIS switch cannot send out a second dog feeding signal regularly, the MCU does not receive the second dog feeding signal within preset time, the MCU controls the second relay to be closed, a real-time server of the second-stage SIS system is communicated with the industrial control monitoring analysis early warning sub-platform through the transit switch, and the safety of a network is improved.
The above embodiments are preferred embodiments of the present application, and the protection scope of the present application is not limited by the above embodiments, so: all equivalent changes made according to the structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (8)
1. Production control system industrial control network safety supervision and early warning platform of thermal power plant, its characterized in that includes:
infrastructure layer: the system is used for realizing the checking, registration, carding and control of the network space assets;
a safety protection layer: the system is used for guaranteeing the safety of the operation of a network and an SIS system and is used as a probe for acquiring data;
a data acquisition layer: the system is used for determining each safety control node in a network and an SIS system, and uniformly collecting and uploading log, data, flow, information, loophole and other information of each safety control node by using a probe;
a data storage layer: the system comprises a data acquisition layer, a data processing layer and a data processing layer, wherein the data acquisition layer is used for performing data normalization on data such as logs, events, traffic, syslog and snmp collected in the data acquisition layer and storing the data;
modeling analysis layer: the system is used for correlating various data in the data storage layer with threat intelligence in the Internet, carrying out modeling analysis, carrying out comprehensive analysis on information such as network, assets, logs, flow, service data and the like through big data comparison, and then judging and early warning the current network condition;
visual display layer: and performing man-machine interaction in a B/S mode, uniformly displaying conditions such as network security risk nodes, abnormal events, illegal external connections and the like found in a data analysis layer in a chart form through WEB release, and performing real-time alarm output, early warning prediction, evidence obtaining and source tracing on a feature library matching result and a big data analysis result.
2. The industrial control network security supervision and early warning platform of the production control system of the thermal power plant according to claim 1, characterized in that an electrical ECS system and a DCS system are arranged on the infrastructure layer, and an industrial control firewall is arranged between the ECS system and the DCS system.
3. The thermal power plant production control system industrial control network safety supervision and early warning platform of claim 2, characterized in that an engineer station, an operator station and a main server of the SIS system are provided with host reinforcement software.
4. The industrial control network security supervision and early warning platform of the production control system of the thermal power plant according to claim 3, characterized in that the host reinforcement software is provided with a USB white list.
5. The industrial control network safety supervision and early warning platform of the production control system of the thermal power plant according to claim 4, wherein the host reinforcement software identifies plug information of the USB device, detects whether the plug information belongs to a USB white list, records and outputs the USB device information if the plug information belongs to the USB white list, and disconnects the USB device and generates an abnormal USB log if the plug information does not belong to the USB white list.
6. The industrial control network safety supervision and early warning platform of the production control system of the thermal power plant according to claim 2, characterized in that the DCS system is provided with a unit switch, the SIS system is provided with an SIS exchange bypass, and an industrial control intrusion detection system is arranged between the unit switch and the SIS exchange bypass.
7. The industrial control network safety supervision and early warning platform of the production control system of the thermal power plant according to claim 6, characterized in that an industrial control operation and maintenance auditing system is arranged on the SIS switch of the SIS switch bypass.
8. The industrial control network safety supervision and early warning platform of the production control system of the thermal power plant according to claim 1, characterized in that the data storage layer comprises a storage, an alarm device is arranged on the installation position of the storage, the alarm device is used for detecting whether the storage is arranged on the installation position, if not, the alarm device gives an alarm, and the visual display layer is also used for positioning and displaying the position of the storage in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210125834.XA CN114465799A (en) | 2022-02-10 | 2022-02-10 | Industrial control network safety supervision and early warning platform of production control system of thermal power plant |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210125834.XA CN114465799A (en) | 2022-02-10 | 2022-02-10 | Industrial control network safety supervision and early warning platform of production control system of thermal power plant |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114465799A true CN114465799A (en) | 2022-05-10 |
Family
ID=81413094
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210125834.XA Pending CN114465799A (en) | 2022-02-10 | 2022-02-10 | Industrial control network safety supervision and early warning platform of production control system of thermal power plant |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465799A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187771A (en) * | 2015-07-31 | 2015-12-23 | 山东创德软件技术有限公司 | Plant-level comprehensive supervision platform |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| US20200089204A1 (en) * | 2017-05-31 | 2020-03-19 | Siemens Aktiengesellschaft | Industrial control system and network security monitoring method therefor |
| CN112738063A (en) * | 2020-12-25 | 2021-04-30 | 山东钢铁集团日照有限公司 | Industrial control system network safety monitoring platform |
-
2022
- 2022-02-10 CN CN202210125834.XA patent/CN114465799A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187771A (en) * | 2015-07-31 | 2015-12-23 | 山东创德软件技术有限公司 | Plant-level comprehensive supervision platform |
| US20200089204A1 (en) * | 2017-05-31 | 2020-03-19 | Siemens Aktiengesellschaft | Industrial control system and network security monitoring method therefor |
| CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
| CN112738063A (en) * | 2020-12-25 | 2021-04-30 | 山东钢铁集团日照有限公司 | Industrial control system network safety monitoring platform |
Non-Patent Citations (1)
| Title |
|---|
| 张大松等: "火电工控系统网络安全防护方案设计", 《信息技术与网络安全》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112766672B (en) | Network security guarantee method and system based on comprehensive evaluation | |
| CN214228280U (en) | Edge internet of things agent equipment | |
| CN103049826B (en) | Automated system is safeguarded in operation of power networks | |
| CN105262210A (en) | System and method for analysis and early warning of substation network security | |
| CN110535238A (en) | A kind of transformer equipment intelligent monitor system and method | |
| CN103593804A (en) | Electric power information communication scheduling and monitoring platform | |
| CN105785946B (en) | Computer room ring control integration monitors platform | |
| CN104753952A (en) | Intrusion detection and analysis system on basis of service data flow of virtual machines | |
| CN112153031A (en) | Network security risk monitoring system and method of power monitoring system | |
| CN116257021A (en) | Intelligent network security situation monitoring and early warning platform for industrial control system | |
| CN117787718A (en) | Novel security risk assessment method, device and storage medium for power system situation | |
| CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
| CN118300852A (en) | Information safety monitoring facility for heating power station | |
| CN114629677A (en) | Safety protection system and method for thermal power generating unit electric quantity charging system | |
| CN117706994A (en) | Internet of things environment monitoring system for transformer and distribution station | |
| CN114465799A (en) | Industrial control network safety supervision and early warning platform of production control system of thermal power plant | |
| CN115833380A (en) | Edge Internet of things agent method applied to power Internet of things | |
| CN104915762A (en) | Safe control method and platform based on electrical secondary system of nuclear power station | |
| KR101896442B1 (en) | System, Server and Method for monitoring wind plant with ICT fusion | |
| CN114465800A (en) | Industrial control network security protection architecture and network security protection method for tobacco industry | |
| CN113296047A (en) | Intelligent ammeter detection method | |
| CN112769913A (en) | Microenvironment on-site monitoring system and microenvironment monitoring system of electric cabinet | |
| Ma et al. | Construction of IoT management system for intelligent monitoring of distribution room | |
| CN113259366B (en) | Information and physical collaborative analysis and defense system for malicious attack | |
| CN117670261B (en) | Safe operation and maintenance audit operation integrated terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220510 |