变电站自动化系统时间同步协同攻击的检测与防护方法  被引量：15

作　　者：王坤[1] 苏盛[1] 赵奕 王冬青 曾祥君[1] 曹一家[1] WANG Kun;SU Sheng;ZHAO Yi;WANG Dongqing;ZENG Xiangjun;CAO Yijia(Hunan Province Key Laboratory of Smart Grids Operation and Control(Changsha University of Science and Technology),Changsha 410114,China;XJ Group Corporation,Xuchang 461000,China;Beijing Kedong Electric Power Control System Co.,Ltd.,Beijing 100192,China)

机构地区：[1]清洁能源与智能电网湖南省协同创新中心(长沙理工大学),湖南省长沙市410114 [2]许继集团有限公司,河南省许昌市461000 [3]北京科东电力控制系统有限责任公司,北京市100192

出　　处：《电力系统自动化》2021年第6期231-239,共9页Automation of Electric Power Systems

基　　金：国家自然科学基金资助项目(51777015);国家重点研发计划资助项目(2018YFB0904903);国家自然科学基金委员会-国家电网公司智能电网联合基金资助项目(U196620027)。

摘　　要：为了使攻击的后果最大化,受国家支持的攻击者可以使用时间同步的协同机制发起高度隐蔽的网络攻击,而无须进行通信。这可能会使多个变电站内的所有断路器同时跳闸,从而引发大停电。提出了一种基于时间加速的方法来检测时间同步的协同攻击。在变电站自动化系统年度检修期间,通过逐步加速系统时间来触发时间逻辑,以识别是否存在潜在的恶意软件。此外,还提出了一种基于变电站自动化系统的异步化时间同步管理方法。将根据结构脆弱性指数识别的几个关键变电站的时间保持异步。因此,这些关键变电站将不会与其他变电站一起遭受时间同步的协同攻击,并且可以大大降低相关后果。基于IEEE 39节点系统的数值模拟表明,通过使2个关键变电站保持时间异步,可以显著减少2到3个变电站的协同攻击的负荷损失,并且电网可以具备应对时间同步协同攻击的韧性。In order to maximize the consequences of attacks, the attackers supported by their nations can launch highly concealed cyber-attack using time-synchronized coordination mechanism without communication, which could trip all circuit breakers within multiple substations at the same time to trigger catastrophic blackout. A time acceleration based approach is proposed to detect the time-synchronized coordinated cyber-attack. During the annual maintenance of substation automation system(SAS), the system time is accelerated one by one to identify whether there are underlying malwares by triggering time logic. Moreover, an approach of time-asynchronized synchronization management based on SAS is proposed. The time of a few key substations that are identified with structural vulnerability index can be kept asynchronized. Therefore, these key substations will not suffer time-synchronized coordinated cyber-attack together with the other substations and the corresponding consequence could be greatly reduced. IEEE 39-bus system based numerical simulation indicates that by keeping 2 key substations time-asynchronized, load loss of coordinated cyber-attack of 2 to 3 substations can be reduced significantly, and the power grid can be resilient against time-synchronized coordinated cyber-attack.

关 键 词：变电站自动化系统 信息安全 协同攻击 同步时钟 异步时间同步管理 

分 类 号：TM63[电气工程—电力系统及自动化]