基于能源枢纽的综合能源信息物理系统安全防护架构研究

doi:10.3969/j.issn.2097-0706.2024.05.008

摘要/Abstract

摘要：

为了提高综合能源系统（IES）中设备间和能源节点间的能源和信息交互效率，降低能源生产和传输成本，实现多种能源的高效转化与灵活分配，构建了一种基于能源枢纽（EH）的集中-分布式IES架构。基于该IES模型，定义了基于子信息物理系统集群的信息物理系统，在信息侧提出了能源枢纽节点内部每个子信息物理系统运行模型以及基于子信息系统服务器的信息交互模型。计及IES中信息安全问题对系统可靠性的影响，结合不同类型能源互补、能源网络传输分配、储能和清洁能源动态接入等系统运行特性，分析了综合能源信息物理系统安全需求，并基于可信计算技术构建了一种三元三层可信安全防护架构。从各能源节点为入手点，该防护体系形成了基于节点可信、网络连接可信和应用可信的防护机制，以确保IES安全可靠运行。

关键词: 综合能源系统, 信息物理系统, 能源互补, 储能, 清洁能源, 安全防护架构, 可信计算

Abstract:

To improve the energy and information exchange efficiency between devices and energy nodes in an integrated energy system （IES）， reduce energy production and transmission costs， and achieve efficient conversion and flexible allocation of multiple energy sources， a centralized-distributed integrated energy system based on energy hubs（EH） is constructed. According to the model of the IES，the cyber physical system based on the cluster of sub-cyber physical systems is defined. On the information end of the IES， the operational model for each sub-cyber physical system and information interaction model for sub-information system servers in an EH node are given. Being exposed to cyber security threats， the integrated energy cyber physical system comprehensively takes complementarity of different energy sources， network transmission and distribution of energy， energy storage， clean energy's dynamic access to the grid and other operational requirements into considerations， and adopts a three-element and three-layer secure trusted protection architecture based on trusted computing technology. Starting from protecting every energy node， this protection system constructs a protection mechanism based on node trust， network connection trust and application trust， to ensure the safe and reliable operation of the IES.

Key words: integrated energy system, cyber physical system, energy complementarity, energy storage, clean energy, security protection architecture, trusted computing

中图分类号:

TK018：TM74

龚钢军, 王路遥, 常卓越, 柳旭, 邢汇笛. 基于能源枢纽的综合能源信息物理系统安全防护架构研究[J]. 综合智慧能源, 2024, 46(5): 65-72.

GONG Gangjun, WANG Luyao, CHANG Zhuoyue, LIU Xu, XING Huidi. Security protection for integrated energy cyber physical systems based on energy hubs[J]. Integrated Intelligent Energy, 2024, 46(5): 65-72.

图/表 8

图1

图2

图3

图4

图5

图6

图7

表1

参考文献 22

[1]	金红光, 何雅玲, 杨勇平, 等. 分布式能源中的基础科学问题[J]. 中国科学基金, 2020, 34(3):266-271.
	JIN Hongguang, HE Yaling, YANG Yongping, et al. Basic scientific issues in distributed energy system[J]. Bulletin of National Natural Science Foundation of China, 2020, 34(3):266-271.
[2]	吕佳炜, 张沈习, 程浩忠, 等. 考虑互联互动的区域综合能源系统规划研究综述[J]. 中国电机工程学报, 2021, 41(12):4001-4021.
	LYU Jiawei, ZHANG Shenxi, CHENG Haozhong, et al. Review on district-level integrated energy system planning considering interconnection and interaction[J]. Proceedings of the CSEE, 2021, 41(12): 4001-4021.
[3]	刘自发, 谭雅之, 李炯, 等. 区域综合能源系统规划关键问题研究综述[J]. 综合智慧能源, 2022, 44(6): 12-24. doi: 10.3969/j.issn.2097-0706.2022.06.002
	LIU Zifa, TAN Yazhi, LI Jiong, et al. Review on key points in the planning for a district-level integrated energy system[J]. Integrated Intelligent Energy, 2022, 44(6): 12-24. doi: 10.3969/j.issn.2097-0706.2022.06.002
[4]	国家发展改革委, 国家能源局. “十四五”现代能源体系规划[EB/OL].(2022-01-29)[2022-04-02]. http://www.gov.cn/zhengce/zhengceku/2022-03/23/content_5680759.htm.
[5]	黄伟, 刘文彬. 基于多能互补的园区综合能源站-网协同优化规划[J]. 电力系统自动化, 2020, 44(23):20-28.
	HUANG Wei, LIU Wenbin. Multi-energy complementary based coordinated optimal planning of park integrated energy station-network[J]. Automation of Electric Power Systems, 2020, 44(23): 20-28.
[6]	曾慧, 杜源, 李涛, 等. 考虑碳交易与绿证交易的电-热耦合园区低碳规划[J]. 综合智慧能源, 2023, 45(2): 22-29. doi: 10.3969/j.issn.2097-0706.2023.02.003
	ZENG Hui, DU Yuan, LI Tao, et al. Low-carbon planning of a park-level integrated electric and heating system considering carbon trading and green certificate trading[J]. Integrated Intelligent Energy, 2023, 45(2): 22-29. doi: 10.3969/j.issn.2097-0706.2023.02.003
[7]	ZHANG X, SHAHIDEHPOUR M, ALABDULWAHAB A, et al. Optimal expansion planning of energy hub with multiple energy infrastructures[J]. IEEE Transactions on Smart Grid, 2017, 6(5): 2302-2311.
[8]	王智, 张玲, 吴迪, 等. 基于多能源站协调的区域电力-热力系统站网联合规划[J]. 热力发电, 2022, 51(7): 46-53.
	WANG Zhi, ZHANG Ling, WU Di, et al. Joint planning of regional power-thermal system network based on multi-energy station coordination[J]. Thermal Power Generation, 2022, 51(7): 46-53.
[9]	王丹, 孟政吉, 贾宏杰, 等. 考虑多区域互联协同的分布式能源站设备配置及站间管线规划[J]. 电网技术, 2020, 44(10): 3734-3746.
	WANG Dan, MENG Zhengji, JIA Hongjie, et al. Distributed energy station equipment configuration and interconnected network planning considering multi-regional interconnection and coordination[J]. Power System Technology, 2020, 44(10):3734-3746.
[10]	韩宇奇, 郭嘉, 郭创新, 等. 考虑软件失效的信息物理融合电力系统智能变电站安全风险评估[J]. 中国电机工程学报, 2016, 36(6):1500-1508,1763.
	HAN Yuqi, GUO Jia, GUO Chuangxin, et al. Intelligent substation security risk assessment of cyber physical power systems incorporating software failures[J]. Proceedings of the CSEE, 2016, 36(6): 1500-1508, 1763.
[11]	马爽, 周亚丽. 基于多智能体协同优化的微电网 CPS 模型[J]. 北京信息科技大学学报, 2018, 33(6):77-82.
	MA Shuang, ZHOU Yali. Microgrid CPS modeling based on cooperative optimization of multi-agent[J]. Journal of Beijing Information Science & Technology University, 2018, 33(6): 77-82.
[12]	王振刚, 陈渊睿, 曾君, 等. 面向完全分布式控制的微电网信息物理系统建模与可靠性评估[J]. 电网技术, 2019, 43(7):2413-2421.
	WANG Zhengang, CHEN Yuanrui, ZENG Jun, et al. Modeling and reliability assessment of completely distributed microgrid cyber physical system[J]. Power System Technology, 2019, 43(7): 2413-2421.
[13]	张向宏, 苏禹. 能源互联网及其安全防护体系建设研究[J]. 微型机与应用, 2015(9):5-11.
	ZHANG Xianghong, SU Yu. Research on energy internet and its security protection system construction[J]. Microcomputer & Its Applications, 2015(9):5-11.
[14]	安宁钰, 徐志博, 周峰. 可信计算技术在全球能源互联网信息安全中的应用[J]. 电力信息与通信技术, 2016(3):84-88.
	AN Ningyu, XU Zhibo, ZHOU Feng, et al. Application of trusted computing technology in global energy interconnection cyber security[J]. Electric Power Information and Communication Technology, 2016(3):84-88.
[15]	高昆仑, 赵保华, 王志皓, 等. 全球能源互联网环境下可信计算技术研究与应用探讨[J]. 智能电网, 2015, 3(12):1103-1107.
	GAO Kunlun, ZHAO Baohua, WANG Zhihao, et al. Research and application discussion of trusted computing technology under the global energy internet environment[J]. Smart Grid, 2015, 3(12):1103-1107.
[16]	吕世超, 孙利民, 石志强, 等. 关键基础设施中工业控制系统安全监管与防护探讨[J]. 保密科学技术, 2016(9):12-17.
	LYU Shichao, SUN Limin, SHI Zhiqiang, et al. Discussion on safety supervision and protection of industrial control system in key infrastructure[J]. Secrecy Science and Technology, 2016(9) :12-17.
[17]	许周, 孙永辉, 谢东亮, 等. 计及电/热柔性负荷的区域综合能源系统储能优化配置[J]. 电力系统自动化, 2020, 44(2):53-59.
	XU Zhou, SUN Yonghui, XIE Dongliang, et al. Optimal configuration of energy storage for integrated region energy system considering power/thermal flexible load[J]. Automation of Electric Power Systems, 2020, 44(2):53-59.
[18]	薛禹胜, 李满礼, 罗剑波, 等. 基于关联特性矩阵的电网信息物理系统耦合建模方法[J]. 电力系统自动化, 2018, 42(2):11-19.
	XUE Yusheng, LI Manli, LUO Jianbo, et al. Modeling method for coupling relations in cyber physical power systems based on correlation characteristic matrix[J]. Automation of Electric Power Systems, 2018, 42(2):11-19.
[19]	刘文霞, 宫琦, 郭经, 等. 基于混合通信网的主动配电信息物理系统可靠性评价[J]. 中国电机工程学报, 2018, 38(6):1706-1718.
	LIU Wenxia, GONG Qi, GUO Jing, et al. Reliability simulation of ADN cyber-physical system based on hybrid communication network[J]. Proceedings of the CSEE, 2018, 38(6): 1706-1718.
[20]	夏锋, 孙优贤. 工业以太网应用性能分析[J]. 电气传动, 2004(2):40-43.
	XIA Feng, SUN Youxian. On performance of industrial Ethernet[J]. Electric Drive, 2004(2): 40-43.
[21]	曹一家, 张宇栋, 包哲静. 电力系统和通信网络交互影响下的连锁故障分析[J]. 电力自动化设备, 2013, 33(1):7-11.
	CAO Yijia, ZHANG Yudong, BAO Zhejing. Analysis of cascading failures under interactions between power grid and communication network[J]. Electric Power Automation Equipment, 2013, 33(1): 7-11.
[22]	李惠军, 陆建强, 周霞, 等. 面向智慧园区系统的网络攻击关联分析与防护策略研究[J]. 综合智慧能源, 2022, 44(7): 1-9. doi: 10.3969/j.issn.2097-0706.2022.07.001
	LI Huijun, LU Jianqiang, ZHOU Xia, et al. Network attack association analysis and attack protection strategy for smart park systems[J]. Integrated Intelligent Energy, 2022, 44(7): 1-9. doi: 10.3969/j.issn.2097-0706.2022.07.001

功能	作用
威胁管理	通过对与资产相关的事件进行关联分析，获取与该资产特定弱点相关的威胁情报
弱点管理	为用户提供一个操作界面，使其能够方便地访问资产弱点库；根据用户的权限向用户提供查看、编辑和增加弱点记录的功能
风险管理	根据资产的自身价值、弱点库中的弱点记录以及与该资产相关事件建立的威胁记录，更全面地评估资产的风险状况
弱点字典表	资产弱点表是建立在预置好的弱点基础库上的，弱点字典表是该基础库的重要组成部分。每一条资产中的弱点记录都必须对应一条弱点字典表中的弱点知识记录。弱点字典表的内容来自漏洞扫描工具，这些内容会不断更新并支持手动维护