摘要
针对电力信息系统安全边界逐渐模糊、外部攻击和内部威胁日益严重的问题,文章参考国内外零信任架构理论和实践,构建了基于零信任的智能电网安全防护架构。该架构主要包括终端可信感知Agent、多源数据汇总平台、智能信任评估平台、动态访问控制平台及可信访问代理等。最后,以终端设备数据传输和业务办公场景2个典型应用场景为例,阐述基于零信任的电网安全防护架构在电网应用中的部署方案,为后续电力信息系统完善安全架构提供了建议。
In order to solve the problems that the security boundary of power information system is gradually blurred,and external attacks and internal threats are increasingly serious,a smart grid security protection architecture based on zero trust is constructed with the theory and practice of zero trust architecture at home and abroad.The architecture mainly includes terminal trusted sensing agent,multisource data collection platform,intelligent trust evaluation platform,dynamic access control platform and trusted access agent.Finally,taking two typical application scenarios of terminal equipment data transmission and business office scenario as examples,the deployment scheme of power grid security protection architecture based on zero trust in power grid application is elaborated,which provides suggestions for the subsequent power information system to improve the security architecture.
作者
刘涛
马越
姜和芳
伍少成
左金鑫
彭童
LIU Tao;MA Yue;JIANG Hefang;WU Shaocheng;ZUO Jinxin;PENG Tong(Shenzhen Power Supply Bureau Co.,Ltd.,Shenzhen 518001,China;School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《电力信息与通信技术》
2021年第7期25-32,共8页
Electric Power Information and Communication Technology
关键词
智能电网
零信任
安全防护架构
信任评估
smart grid
zero trust
security protection architecture
trust assessment