As the development direction of future power grids, smart grids penetrate into various links such as power generation, transmission, transformation, distribution, consumption, scheduling, and communication information. Among these links, the intelligent substation is undoubtedly the most crucial one. The intelligent substation adopts advanced, reliable, integrated, low-carbon, and environmentally friendly intelligent equipment, with the basic requirements of digitalization of the entire station information, networking of communication platforms, and standardization of information sharing. It automatically completes basic functions such as information collection, measurement, control, protection, measurement, and monitoring, and can support advanced functions such as real-time automatic control, intelligent regulation, online analysis and decision-making, and collaborative interaction with adjacent substations and power grid dispatch as needed.
The development of information technology provides a guarantee for the intelligence of the power grid, but more research and practice focus on the implementation and mining of new functions introduced by information technology, lacking sufficient consideration for the security of smart grids under the background of information technology, which brings varying degrees of security risks to information collection, transmission, intelligent control and other links. With the advancement of smart substation construction, compared with traditional substations, smart substations have broader openness and complexity, and a large number of open system architectures such as IT technology and TCP/IP Ethernet are used to introduce security threats from traditional information security fields into the power grid system. So, once subjected to malicious attacks or virus infections, it can lead to local or even large-scale power outages, causing serious economic losses and other consequences.
Security issues of intelligent substation monitoring system
The intelligent substation monitoring system faces various security risks, and relying solely on passive defense and repair is unreliable. What is needed is a comprehensive solution. Based on the characteristics of the intelligent substation monitoring system, the following aspects need to be addressed to address security issues:
1) Threat Management: Deploy a threat management platform to conduct risk assessment, vulnerability analysis, and security analysis on the intelligent substation monitoring system, in order to accurately and timely understand the current security status of the system, facilitate the planned and step-by-step completion of risk assessment and subsequent security data collection and analysis work based on the actual situation.
2) Security audit design: Deploy a monitoring audit platform between the partition layer and the station control layer to monitor port scanning, brute force attacks, Trojan backdoor attacks, denial of service attacks, buffer overflow attacks, etc., and provide alarms when serious intrusion events are detected; And record the operation status of network devices, network traffic, user behavior, etc. in the network system in logs;
3) Malicious code prevention design: Deploy IAD intelligent protection products at the partition layer, enabling malicious code detection and blocking functions.
4) Comprehensive management. Deploy a security supervision platform to unify online management, visual display, and early warning of monitoring and auditing terminals, intelligent protection terminals, etc.