基于数据安全的继电保护设备合规并网方案设计  被引量：3

作　　者：韦恒 李海勇 颜丽 黄超 廖晓春 曾令森 WEI Heng;LI Haiyong;YAN Li;HUANG Chao;LIAO Xiaochun;ZENG Lingsen(Guangxi Power Grid Co.,Ltd.,Nanning,Guangxi 530013,China;Wuhan Huadian Shuncheng Science Technology Co.,Ltd.,Wuhan,Hubei 430071,China)

机构地区：[1]广西电网有限责任公司,广西南宁530013 [2]武汉华电顺承科技有限公司,湖北武汉430071

出　　处：《广东电力》2022年第2期83-92,共10页Guangdong Electric Power

基　　金：广西电网有限责任公司科技项目(046000KK52200016)。

摘　　要：针对电力系统网络信息安全防护要求不断升级的趋势,以及部分二次设备因不符合安全防护整改的要求而脱网运行的现状,设计一种基于数据安全的继电保护设备合规并网方案。以安全防护问题较为突出的录波器为例,搭建合规并网装置安全防护模型,将同站所有录波器合规并网;建立合规并网装置安全防护机制,有效隔离各种恶意攻击和非法访问等风险因素;设计数据安全防护过程和基于风险矩阵法的安全评估流程,进行数据风险的辨识和拦截;采用逻辑映射和数据镜像进行现有业务的无感运作和可靠数据的安全传输。实践结果表明,该方案不仅可实现录波器的合规并网、风险的有效隔离和数据的安全上送,还能大幅减少安全防护整改的工作量。In view of the updating trend of network information security requirements for the power system,and the run off-line of some secondary equipment due to their failure in meeting the requirements for security protection and rectification,a compliance network access scheme for relay protection equipment based on data security is designed.Taking the recorder with more prominent securit issues as an example,the security protection model was built,and all the recorders on the same site were connected to a compliance network access device.The security protection mechanisms of compliance network acces device were also established to effectively isolate various risk factors such as malicious attacks,illegal acess and so on.Data security protection process and security assessment flow based on the risk matrix method were designed to identify and intercept data risks,and logical mapping and data mirroring were used for the non-sense operation of existing businesses and secure transmission of reliable data.The practical results show that the scheme can not only realize compliance network access of recorders,the effective isolation of risks and the secure upload of data,but also reduce the workload of security rectification.

关 键 词：电力系统 录波器 合规并网 安全防护 逻辑映射 数据镜像 

分 类 号：TM73[电气工程—电力系统及自动化]