摘要
随着数字孪生水利工程建设的加速推进,原本封闭的水利工控系统逐步开放,水电站监控系统安全防护能力亟待加强。针对水电站监控系统内部脆弱点增多、外部威胁面扩大等问题,从水电站监控系统架构和功能出发,采用现场调研和工具测试等手段,对水电站监控系统当前存在的技术、管理安全风险进行识别和分析,并按照“逻辑分区、流量监测、数据加密、综合管理”的基本思路,提出涵盖区域边界、通信网络、计算环境及安全管理4个方面内容的安全防护体系。安全防护体系完全覆盖监控系统的过程监控层、网络传输层、现场控制层3个层面,能够有效防范外部网络攻击,消除内部管理风险,对保障水电站监控系统安全稳定运行具有重要意义。
With the rapid development of digital twin water conservancy projects,the original closed water industrial control system gradually opens,thus the security defense capacity of hydropower station monitoring system needs to be strengthened.In view of increasing internal vulnerabilities and the expansion of external threats,current technical and management security risks are identified and analyzed from the architecture and functions of the hydropower station monitoring system by means of field research and tool testing.Following the basic idea of“logical partitioning,discharge monitoring,data encryption,and integrated management”,this paper proposes a security defense system covering four aspects:regional boundary,communication network,computing environment,and security management.The security defense system completely covers 3 layers of monitoring system:process monitoring layer,network transmission layer and onsite control layer.The security defense system can eff ectively prevent external network attacks and eliminate internal management risks,which is of great signifi cance to ensure safe and stable operation of hydropower station monitoring system.
作者
荆芳
葛创杰
JING Fang;GE Chuangjie(Yellow River Engineering Consulting Co.,Ltd.,Zhengzhou 450003,China)
出处
《水利信息化》
2023年第6期75-79,共5页
Water Resources Informatization
关键词
监控系统
安全防护体系
安全风险
水电站
monitoring system
security defense system
security risk
hydropower station
