摘要
随着电力监控系统建设不断完善,部署在其中的网络、安全设备和业务应用场景不断增多,相关的网络边界安全策略也愈加繁杂,往往跨越多个供应商、多个设备厂商以及多个物理位置,运维难度大,依赖于“人”以及传统“手动”的安全管理方式准确率低,极大增加了公司重要业务和核心数据资产遭受网络攻击的风险.因此,迫切需要加强网络边界安全策略管理体系的建设.结合电力监控系统的网络安全设备特性,提出一套基于网络安全设备资产分析、电力监控系统路由拓扑分析以及信息安全设备策略分析的安全边界策略统一管理体系,并开发了相应软件平台,在资产探测、路由策略采集、防护策略采集的基础上进行网络安全策略计算,实现了安全边界的策略统一管理.研究以及实践部署表明,该体系可以有效提升运维效率和系统安全性,对于电力监控系统具有较好的针对性、实用性和先进性.
With the continuous improvement of power monitoring system,the deployment of networks,security devices,and business applications within them has been increasing.Consequently,the associated network boundary security strategies have become increasingly complex,often spanning multiple suppliers,equipment manufacturers,and physical locations.This complexity leads to challenges for operation and maintenance,and reliance on manual security management methods results in low accuracy,significantly increasing risk of network attacks on the company’s important business and core data assets.Therefore,there is an urgent need to enhance the construction of a network boundary security strategy management system.This article proposes a unified management system for security boundary strategies based on network security device asset analysis,power monitoring system routing topology analysis,and information security device strategy analysis,taking into account the characteristics of network security devices in power monitoring systems.Corresponding software platforms have been developed to calculate network security strategies based on asset detection,routing strategy collection,and protection strategy collection,which have implemented unified policy management of security boundaries.The research and practical deployment have shown that the system effectively improves operational efficiency and system security,demonstrating good relevance,practicality and advancement for the power monitoring system.
作者
冯陈佳
朱江
朱寅
严威
李雪妍
张宇
袁倩倩
Feng Chenjia;Zhu Jiang;Zhu Yin;Yan Wei;Li Xueyan;Zhang Yu;Yuan Qianqian(Shibei Power Supply Company,State Grid Shanghai Electric Power Company,Shanghai 200072)
出处
《信息安全研究》
CSCD
北大核心
2024年第5期481-488,共8页
Journal of Information Security Research
关键词
电力监控系统
安全边界策略
统一管理体系
风险监测
策略优化
power monitoring system
security boundary strategy
unified management architecture
risk monitoring
strategy optimization