摘要
随着信息化与工业化深度融合,核电厂信息安全变得日益重要。网络系统因为其固有的脆弱性,带来了一定的潜在的危险,因此评估网络系统的脆弱性具有重要意义。本文通过分析面临的威胁和详细的网络系统的脆弱性,主要包括SCADA(监控和数据的脆弱性采集)系统、EMS(能源管理系统)和MIS(管理信息系统),确定电力行业的风险,找出薄弱部位,提高网络系统的安全性。论文从核电业进行信息安全的角度出发,描述病毒入侵控制系统的手段及防护方式。根据IEC 62443标准,确定进行信息系统风险评估的方式、步骤和措施,并与广泛使用的核电站概率安全评价(PSA)的安全评价方法进行比较。通过论述说明风险评估是保障核电信息安全的一个重要条件。
With the integration of information technology and industrialization development,the nuclear power plant’s information security has become increasingly important.The cyber system brings some hidden danger because of its inherent vulnerability.So it is significant to assess the vulnerability of cyber system,to determine the risk and the weak parts of power industry,and to set appropriate response for the potential accidents of the cyber system.Starting from the point of view of the nuclear power industry information security,this paper describes the virus invasion means and protection methods, information system risk assessment steps and measures in the industry control systems in accordance with IEC 62443 standard,with the widespread use of nuclear power plant probabilistic safety assessment method.Finally,it describes the risk assessment as an important condition for the protection of the cyber security of nuclear power.
出处
《仪器仪表用户》
2013年第4期22-24,21,共4页
Instrumentation
关键词
风险评估
信息安全
安全级别生命周期
概率安全评价
risk assessment
cyber security
levels of security lifecycle
probabilistic safety assessment
