变电站自动化系统扰动同步协同攻击及防护分析  被引量：13

作　　者：王坤 苏盛[1] 左剑 李鸿鑫 刘亮[1] 王冬青 赵奕 WANG Kun;SU Sheng;ZUO Jian;LI Hongxin;LIU Liang;WANG Dongqing;ZHAO Yi(College of Electrical and Information Engineering,Changsha University of Science and Technology,Changsha 410114,Hunan Province,China;Electric Power Dispatch&Control Center,Guangdong Power Grid Corporation,Guangzhou 510600,Guangdong Province,China;Electric Power Research Institute,Shenzhen Power Supply Bureau Co.,Ltd.,Shenzhen 518000,Guangdong Province,China;Beijing Kedong Electric Power Control System Co.,Ltd.,Haiding District,Beijing 100192,China;Xu Ji Group Co.,Ltd.,Xuchang 461000,Henan Province,China)

机构地区：[1]长沙理工大学电气与信息工程学院,湖南省长沙市410114 [2]广东电网电力调度控制中心,广东省广州市510600 [3]深圳供电局有限公司电力科学研究院,广东省深圳市518000 [4]北京科东电力控制系统有限责任公司,北京市海淀区100192 [5]许继集团有限公司,河南省许昌市461000

出　　处：《电网技术》2021年第11期4452-4460,共9页Power System Technology

基　　金：国家自然科学基金资助项目(51777015);国家重点研发计划项目(2018YFB0904903);湖南省自然科学基金(2020JJ4611)。

摘　　要：国家支持型网络攻击可经供应链攻击等方式渗透侵入变电站自动化系统,进而以逻辑炸弹的形式,通过多个变电站的无站间通信扰动同步协同跳闸攻击,达成最大化破坏后果的目的。首先分析了变电站跳闸攻击实现方式;在此基础上,提出基于扰动同步的多变电站无站间通信协同机制,分析了采用节点低电压表征扰动时的攻击协同方式;采用IEEE39节点系统进行以节点低电压为触发机制的扰动同步协同攻击仿真分析。仿真结果表明,采用适当的低电压阈值作为攻击协同判据,线路跳闸等初始故障可触发故障点邻近变电站中恶意软件的低电压逻辑,造成变电站跳闸失压、并可能以多个变电站主动连锁跳闸的方式导致大量变电站失压,触发大停电。最后结合电力监控系统入网检测流程,讨论变电站监控系统中扰动同步协同攻击恶意软件的检测方法。State supported cyber-attack can intrude into substations automation systems via vendor of control and monitoring system by supply chain attack. It could initiate synchronous disturbance coordinated cyber-attack to trip all circuit breakers within multiple substations without communication among substation, and trigger blackout to maximize the consequence of cyber-attack. The way of switch attack of substation is analyzed. A disturbance based coordination mechanism is proposed to synchronize cyberattack in various substations. Synchronous disturbance coordinated cyber-attack with under-voltage is simulated with IEEE 39 node system. Simulation result indicates that short circuit fault could trigger targeted malware in neighboring substations and result in proactive cascade outage of multiple substations or even catastrophic blackout. The way to detect undermined targeted malware coordinated by disturbance in substations automation system is proposed in the end.

关 键 词：变电站自动化 扰动同步协同攻击 逻辑炸弹 主动连锁跳闸 供应链攻击 

分 类 号：TM721[电气工程—电力系统及自动化]