变电监控系统网络安全威胁指标研究综述与展望
作者:
作者单位:

(1.国网河南省电力公司调度控制中心,河南 郑州 450052;2.长沙理工大学电气与信息工程学院,湖南 长沙 410114;3.国网河南省电力公司电力科学研究院,河南 郑州 450052)

作者简介:

通讯作者:

畅广辉(1976—),男,教授级高级工程师,主要从事电力系统自动化研究;E?mail:sw612@126.com

中图分类号:

TM863

基金项目:

国网河南省电力公司科研项目(SGHADK00DWJS2200211)


Review and prospect on cyber threat indicators of substation monitoring system
Author:
Affiliation:

(1.Dispatching Control Center,State Grid Henan Electric Power Company, Zhengzhou 450052, China; 2. School of Electrical & Information Engineering, Changsha University of Science & Technology, Changsha 410114, China; 3.Electric Power Research Institute,State Grid Henan Electric Power Company, Zhengzhou 450052, China)

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    网络安全威胁指标(cyber threat indicators,CTIs)是描述或识别网络空间安全威胁所必需的信息,有效表征和刻画攻击行为的CTIs是保障网络安全的基础。与通用信息系统相比,变电监控系统所需应对攻击的强度和能力水平有显著差异,掌握有专业知识的有组织攻击可以通过供应链攻击等方式潜入生产控制区,因为能够突破身份权限管理限制,并不一定会引起安全告警。因此,沿用通用信息系统的CTIs难以准确检测针对变电监控系统定向设计的高隐蔽性网络攻击。为此,首先综述通用信息系统的传统CTIs;然后分析既有结合变电监控系统特点设计的CTIs。在此基础上,针对高隐蔽性安全威胁检测难题,利用变电监控系统的各业务系统按确定流程规则执行业务、一次系统状态以及二次系统通信与告警间具有强耦合性的特点,对基于合规性的变电站CTIs提取设计进行展望,有望准确刻画不触发告警但违反业务规则的高隐蔽性安全威胁,为进一步提高安全防护能力奠定基础。

    Abstract:

    Cyber threat indicators (CTIs) refer to the information necessary to describe or identify cybersecurity threats in cyberspace. Effective CTIs that represent and depict attack behaviors are the foundation for ensuring cybersecurity. Compared with general information systems, the intensity and capability level of attacks that substation monitoring and control systems need to address exhibit significant differences. Organized attacks carried out by individuals with professional knowledge can infiltrate production control areas through supply chain attacks, bypass identity and access management restrictions, and may not necessarily trigger security alerts. Therefore, using CTIs designed for general information systems is inadequate for accurately detecting highly concealed cyber attacks specifically targeted at substation monitoring and control systems. To address this, the traditional CTIs of general information systems are first summarized, and then the existing CTIs designed in conjunction with the characteristics of substation monitoring and control systems are analyzed. Based on this, in response to the challenge of detecting highly concealed security threats, the design and extraction of substation-based CTIs focusing on compliance are anticipated, considering aspects such as the execution of tasks by various business systems in the substation monitoring and control system according to established process rules, and the strong coupling between the primary system status and the communication and alerting of the secondary system. This approach is expected to accurately characterize highly concealed security threats that do not trigger alerts but violate business rules, laying the groundwork for further enhancing security protection capabilities.

    参考文献
    相似文献
    引证文献
引用本文

李翔硕,畅广辉,苏 盛,等.变电监控系统网络安全威胁指标研究综述与展望[J].电力科学与技术学报,2024,39(4):1-10.
LI Xiangshuo, CHANG Guanghui, SU Sheng, et al. Review and prospect on cyber threat indicators of substation monitoring system[J]. Journal of Electric Power Science and Technology,2024,39(4):1-10.

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2024-09-10
  • 出版日期:
文章二维码