摘要
针对新近部署了态势感知装置的某厂站,远动装置通道在正常运行中固定时间段出现规律性的异常中断故障,通过Wireshark录制网络报文对比分析,对照试验后,将故障性质定性为态势感知装置异常发起TCP SYN端口扫描引发的网络安全事件,并提出相应的处理措施。为防范电力系统网络开发改进过程中,类似网络安全事件重复发生,列举了相应防范建议,有效提升电力监控系统网络安全风险管理水平。
Aimed at tracking down the source of abnormal interruptions that regularly occurred in the RTU channel of a substation,where a situational awareness device has been recently deployed,comparative analysis of the network messages recorded by Wireshark was carried out alongside comparative experiments.The fault was determined to be a cyber security event caused by the TCP SYN port scanning abnormally initiated by the situational awareness device.The corresponding treatment measures are proposed.In order to prevent the recurrence of similar cyber security events during the cyber development and improvement of power system,the corresponding prevention suggestions are listed to effectively improve the cyber security risk management level of power monitoring system.
作者
罗馨豫
梁兴海
韦举仁
陈强
韦启朋
李永健
LUO Xinyu;LIANG Xinghai;WEI Juren;CHEN Qiang;WEI Qipeng;LI Yongjian(Baise Bureau,CSG EHV Power Transmission Company,Guangxi Baise 533000,China)
出处
《广西电力》
2021年第5期69-75,共7页
Guangxi Electric Power
关键词
态势感知
网络安全
端口扫描
situational awareness
cyber security
port scanning
