电力企业工控PLC系统立体综合防控体系的设计与实践

doi:10.3969/j.issn.1674-1951.2021.02.008

华电技术 ›› 2021, Vol. 43 ›› Issue (2): 46-52.doi: 10.3969/j.issn.1674-1951.2021.02.008

电力企业工控PLC系统立体综合防控体系的设计与实践

刘文彬()

北京卓识网安技术股份有限公司,北京 102206

收稿日期:2020-09-10 修回日期:2021-01-10 出版日期:2021-02-25 发布日期:2021-03-05
作者简介:刘文彬（1987—）,男,山东济南人,工程师,工学硕士,从事电力行业网络安全及工业控制系统安全防护研究方面的工作（E-mail： liuwenbin@enst.org.cn）。
基金资助:
国家重点研发计划项目(2016YFB0901200)

Design of a comprehensive protection and control system for industrial control PLC in electric industry

LIU Wenbin()

Beijing Excellent Network Security Technology Corporation,Beijing 102206,China

Received:2020-09-10 Revised:2021-01-10 Online:2021-02-25 Published:2021-03-05

摘要/Abstract

摘要：

随着工业化和信息化的不断融合,工业通信和自动化控制技术向网络化、标准化、开放化的方向发展,可编程逻辑控制器（PLC）系统本体信息安全功能的缺失,通信协议、安全策略等方面存在的安全漏洞被逐渐暴露,传统的信息安全威胁延伸到了工业控制领域,且电力行业PLC系统具有部署范围广、数量多等特点,普遍应用于发电企业的关键部分,一旦系统存在的中、高危漏洞被黑客利用,极易造成PLC设备非正常动作、数据被篡改、信息泄露等后果,甚至可能导致PLC设备崩溃、系统拒绝服务。因此,电力行业工控PLC系统存在较大信息安全隐患。提出了一种面向电力企业工控PLC系统的多层次全方位的综合防控体系,从辅网控制系统网络边界划分和防护、本体安全防护、综合管理3方面建立立体防控体系。该设计方案已在某电力企业全面部署,并且取得了预期效果,将厂级PLC系统安全防护提高到了一个新的台阶。

关键词: 工业控制系统, 可编程逻辑控制器（PLC）, 综合防控体系, 信息安全防护

Abstract:

With the integrating of informatization and industrialization,industrial communication and automatic control technologies have become more networked,standardized and open.Meanwhile,the security vulnerabilities in communication protocol and security strategy are exposed for the lack of information security functions in Programmable Logic Controller（PLC） itself.And this traditional threat to information security has developed into the field of industrial control（IC）.Massive PLCs are widely used in electric power enterprises,especially in their core part.Once the medium or high risk vulnerabilities be attacked,PLC will malfunction,leading to data tampering,information leakage and even PLC breakdown and DoS.To solve the prominent hidden danger in information security of PLC,a multidimensional comprehensive protection and control system for industrial PLC in electric industry is proposed.The system can execute protection from three aspects,network boundary division of auxiliary network control systems,self security protection and comprehensive management.This design have been deployed in an electric power enterprise and achieved satisfied results.It could improve the security protection for plant-level PLC systems to a new level.

Key words: industrial control system, Programmable Logic Controller（PLC）, integrated protection and control system, information security protection

中图分类号:

TK01 ⁺8：TN98

刘文彬. 电力企业工控PLC系统立体综合防控体系的设计与实践[J]. 华电技术, 2021, 43(2): 46-52.

LIU Wenbin. Design of a comprehensive protection and control system for industrial control PLC in electric industry[J]. Huadian Technology, 2021, 43(2): 46-52.

图/表 3

参考文献 17

[1]	刘文彬, 湛高峰, 刘韧. 电力工控系统安全威胁分析[C]// 第三届全国信息安全等级保护技术大会论文集.沈阳, 2014:488-492.
[2]	谢丰. 工业控制系统网络攻击与安全防护思考[J]. 保密科学技术, 2016(9):18-21.
[3]	苏畅, 熊申铎, 罗安琴, 等. 电厂工控信息安全半实物仿真模型研究[J]. 信息技术与网络安全, 2018,37(10):5-9.
	SU Chang, XIONG Shenduo, LUO Anqin, et al. Research on hardware in the loop simulation model based on industrial control system of power plant information security[J]. Information Technology and Network Security, 2018,37(10):5-9.
[4]	吴文燕, 姜鑫, 王晓锋, 等. 虚拟化与数字仿真融合的多尺度网络复现技术[J]. 计算机应用, 2018,38(3):746-752.
	WU Wenyan, JIANG Xin, WANG Xiaofeng, et al. Multi-scale network replication technology for fusion of virtualization and digital simulation[J]. Journal of Computer Applications, 2018,38(3):746-752.
[5]	苏畅, 龚钢军, 罗安琴, 等. 发电系统动态仿真监控平台研究[J]. 电子技术应用, 2017,43(12):65-68.
	SU Chang, GONG Gangjun, LUO Anqin, et al. Research on dynamic simulation and monitoring platform of power generation system[J]. Application of Electronic Technique, 2017,43(12):65-68.
[6]	唐文. 工业自动化控制系统信息安全研究[J]. 计算机安全, 2012(4):2-7.
[7]	彭勇, 江常青, 谢丰, 等. 工业控制系统信息安全研究进展[J]. 清华大学学报(自然科学版), 2012,52(10):1396-1408.
	PENG Yong, JIANG Changqing, XIE Feng, et al. Industrial control system cybersecurity research[J]. Journal of Tsinghua University(Science and Technology), 2012,52(10):1396-1408.
[8]	王杰, 高昆仑, 王万召. 基于OPC通信技术的火电厂DCS后台控制[J]. 电力自动化设备, 2013,33(4):142-147.
	WANG Jie, GAO Kunlun, WANG Wanzhao. Thermal power plant DCS for background control based on OPC communication technology[J]. Electric Power Automation Equipment, 2013,33(4):142-147.
[9]	徐震, 周晓军, 王利明, 等. PLC攻防关键技术研究进展[J]. 信息安全学报, 2019,4(3):48-69.
	XU Zhen, ZHOU Xiaojun, WANG Liming, et al. Recent advances in PLC attack and protection technology[J]. Journal of Cyber Security, 2019,4(3):48-69.
[10]	尚文利, 张修乐, 刘贤达, 等. 工控网络局域可信计算环境构建方法与验证[J]. 信息网络安全, 2019(4):1-10.
	SHANG Wenli, ZHANG Xiule, LIU Xianda, et al. Construction method and verification of local trusted computing environment in industrial control network[J]. Netinfo Security, 2019(4):1-10.
[11]	尹骞. 电力行业工业控制网络的运维和安全研究[J]. 信息安全研究, 2019,5(8):679-684.
	YIN Qian. Research on maintenance and security of industrial control networks in electric power industry[J]. Journal of Information Security Research, 2019,5(8):679-684.
[12]	苏琦, 王玮, 刘荫, 等. 电力行业的信息安全防护方案研究[J]. 信息网络安全, 2017(11):84-88.
	SU Qi, WANG Wei, LIU Yin, et al. Research on the scheme of information security protection in electric power industry[J]. Netinfo Security, 2017(11):84-88.
[13]	杨琳, 龚钢军, 林红, 等. 基于区块链技术的能源电力特色数据库管理[J]. 华电技术, 2020,42(8):48-53.
	YANG Lin, GONG Gangjun, LIN Hong, et al. Database management with energy and power characteristics based on blockchain technology[J]. Huadian Technology, 2020,42(8):48-53.
[14]	孙跃, 杨晟, 龚钢军, 等. 基于可信计算和区块链的配电物联网内生安全研究[J]. 华电技术, 2020,42(8):61-67.
	SUN Yue, YANG Sheng, GONG Gangjun, et al. Research on endogenous security of distribution Internet of Things based ontrusted computing and blockchain technology[J]. Huadian Technology, 2020,42(8):61-67.
[15]	张徐亮, 万里冰, 钱伟中, 等. 基于区块链的电力大数据安全保障体系[J]. 华电技术, 2020,42(8):68-74.
	ZHANG Xuliang, WAN Libing, QIAN Weizhong, et al. Security assurance system for electric power big data based on blockchain technology[J]. Huadian Technology, 2020,42(8):68-74.
[16]	姚亮, 邹磊, 韩志勇. 智能变电站信息安全策略探讨[J]. 华电技术, 2016,38(12):15-17,24.
	YAO Liang, ZOU Lei, HAN Zhiyong. Intelligent substation information security strategy discuss[J]. Huadian Technology, 2016,38(12):15-17,24.
[17]	曹一家, 姚欢, 黄小庆, 等. 基于D-S证据理论的变电站通信系统信息安全评估[J]. 电力自动化设备, 2011,31(6):1-5.
	CAO Yijia, YAO Huan, HUANG Xiaoqing, et al. Security evaluation of substation communication system based on D-S theory[J]. Electric Power Automation Equipment, 2011,31(6):1-5.

电力企业工控PLC系统立体综合防控体系的设计与实践

Design of a comprehensive protection and control system for industrial control PLC in electric industry

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 17

相关文章 2

编辑推荐

Metrics

本文评价

[1]	宫月, 李秋香, 张心语, 龚钢军, 金璐. 能源工业网络空间安全风险与模型研究[J]. 华电技术, 2021, 43(2): 40-45.
[2]	舒茂龙. 大型空冷机组ETS优化与改造简析[J]. 华电技术, 2016, 38(4): 27-29.