马瑞瑞,何清,杨国栋,王大鹏,王毅,杜保华

• 1:西安热工研究院有限公司

摘要(Abstract)：

为了提高电力监控系统的网络安全防护能力，设计了一种电力专用横向单向隔离装置安全加固中间件。该中间件集成了兼容性适配、文件格式矫正、加密认证、负载均衡及权限控制等功能，在业务系统所在管理信息大区和生产控制大区间构建了一道坚实的安全屏障，解决了隔离装置在升级加固过程中面临的业务系统兼容性、硬件故障及明文通信等安全问题，强化了电力监控系统数据传输通道的安全管控，实现了隔离装置的“高效无感知”和“标准化”安全升级加固。该中间件已成功应用于中国华能集团所有火电、水电和新能源电站，提升了电力监控关键信息基础设施网络安全边界防护能力，保障了电力生产的信息安全。

关键词(KeyWords)： 隔离装置;安全加固;中间件;电力监控系统

Abstract:

Keywords:

基金项目(Foundation): 中国华能集团有限公司总部科技项目（HNKJ24-H28,HNKJ24-H57）;; 陕西省科技计划项目（2024GX-YBXM-156）~~

作者(Author): 马瑞瑞,何清,杨国栋,王大鹏,王毅,杜保华

DOI: 10.19666/j.rlfd.202409205

参考文献(References)：

• [1]杨鹏.大型发电厂电力监控系统安全防护方案设计及工程实践[J].电工技术,2023(12):186-189.YANG Peng.Design and engineering practice of security protection scheme for large plant power monitoring system[J].Electric Engineering,2023(12):186-189.
• [2]杨至元,张仕鹏,孙浩.电力系统信息物理网络安全综合分析与风险研究[J].南方能源建设,2020,7(3):6-22.YANG Zhiyuan,ZHANG Shipeng,SUN Hao.Integrated cyber-physical contingency analysis and risk estimates[J].Southern Energy Construction,2020,7(3):6-22.
• [3]曹翔,张阳,宋林川,等.基于深度报文检测和安全增强的正向隔离装置设计及实现[J].电力系统自动化,2019,43(2):162-167.CAO Xiang,ZHANG Yang,SONG Linchuan,et al.Design and implementation of a forward isolation device based on deep packet inspection and security enhancement[J].Automation of Electric Power Systems,2019,43(2):162-167.
• [4]申永辉.电力专用安全隔离装置的原理和应用[J].湖南电力,2006(6):31-33.SHEN Yonghui.Principle and application of power specific safety isolation devices[J].Hunan Electric Power,2006(6):31-33.
• [5]郭仁超,徐玉韬.内外网数据安全交换技术在电网企业的应用研究[J].电力大数据,2018,21(2):61-66.GUO Renchao,XU Yutao.Research on the application of internal and external network data security exchange technology in power grid enterprises[J].Power Big Data,2018,21(2):61-66.
• [6]可再生能源发电站电力监控系统网络安全防护技术规范[S].北京:中国标准出版社,2018:1.Technical specification for cyber security protection of electric power system supervision and control in renewable energy power station[S].Beijing:China Standard Press,2018:1.
• [7]杜鹏,陶洪铸,高保成,等.面向多应用的通用数据采集技术方案[J].电力系统自动化,2015(1):26-30.DU Peng,TAO Hongzhu,GAO Baocheng,et al.Auniversal data collection technology solution for multiple applications[J].Automation of Electric Power Systems,2015(1):26-30.
• [8]李丽芬,程晓荣,吴克河.计算机网络体系结构[M].北京:中国电力出版社,2006:1.LI Lifen,CHENG Xiaorong,WU Kehe.Computer network architecture[M].Beijing:China Electric Power Press,2006:1.
• [9]曹井万.数据加密和单向网闸技术在流程行业的应用研究[J].信息记录材料,2022,23(6):161-164.CAO Jingwan.Research on the application of data encryption and unidirectional gateway technology in the process industry[J].Information Recording Materials,2022,23(6):161-164.
• [10]陈志军,洪莎莎.跨网络信息安全交换平台建设方案研究[J].数字通信世界,2021(5):80-81.CHEN Zhijun,HONG Shasha.Research on the construction plan of cross network information security exchange platform[J].Digital Communication World,2021(5):80-81.
• [11]程裕博.基于网络多路径和数据压缩的IPFS文件传输性能优化研究[D].重庆:重庆理工大学,2024:1.CHENG Yubo.Research on IPFS file transfer performance optimization based on network multipass and data compression[D].Chongqing:Chongqing University of Technology,2024:1.
• [12]吴涛.基于LZ4算法的无损压缩硬件设计与WIFI传输[D].南京:东南大学,2021:1.WU Tao.Hardware design of lossless compression based on LZ4 algorithm and WIFI transmission[D].Nanjing:Southeast University,2021:1.
• [13]徐雪强.基于自适应压缩算法的远程数据采集系统设计与应用[D].哈尔滨:黑龙江大学,2023:1.XU Xueqiang.Design and application of remote data acquisition system based on adaptive compression algorithm[D].Harbin:Heilongjiang University,2023:1.
• [14]王炳耀.Zstd压缩算法的硬件设计与验证[D].西安:西安电子科技大学,2023:1.WANG Bingyao.Hardware design and verification of Zstd compression algorithm[D].Xi’an:Xidian University,2023:1.
• [15]宋永立,孙若尘,贾娟,等.基于国密算法的Co AP安全协议研究与实现[J].计算机工程与设计,2024,45(7):2066-2073.SONG Yongli,SUN Ruochen,JIA Juan,et al.Research and implementation of Co AP security protocol based on domestic cryptographic algorithms[J].Computer Engineering and Design,2024,45(7):2066-2073.
• [16]ABED S,JAFFAL R,MOHD B J,et al.Performance evaluation of the SM4 cipher based on field-programmable gate array implementation[J].IETCircuits,Devices&Systems,2021,15(2):121-135.
• [17]陈少立,何清,王奕飞,等.一种通过反向网闸同步非E文件的方法:CN202111299310.4[P].2024-02-23[2024-05-16].CHEN Shaoli,HE Qing,WANG Yifei,et al.A method of synchronizing non E files through reverse gateway:CN202111299310.4[P].2024-02-23[2024-05-16].
• [18]罗长洲,马梦宇,李萌,等.CRC校验码软件生成技术原理分析[J].计算机仿真,2024,41(3):158-161.LUO Changzhou,MA Mengyu,LI Meng,et al.Principle Analysis of CRC checksum software generation system[J].Computer Simulation,2024,41(3):158-161.
• [19]任晨,刘立,陈鹏,等.一种基于隔离网闸的大文件高效传输方案[J].信息化建设,2021(2):62-64.REN Chen,LIU Li,CHEN Peng,et al.An efficient transmission scheme for large files based on isolation network gates[J].Informatization Construction,2021(2):62-64.
• [20]白燕.基于网闸的双机热备系统的设计与实现[D].北京:北京理工大学,2016:1.BAI Yan.Design and implementation of a dual machine hot backup system based on network gates[D].Beijing:Beijing Institute of Technology,2016:1.
• [21]杨越,王若冰,刘瑞,等.基于多传输通道的单向传输技术研究[J].计算机应用与软件,2017,34(4):135-141.YANG Yue,WANG Ruobing,LIU Rui,et al.Research on unidirectional transmission technology based on multiple transmission channels[J].Computer Application and Software,2017,34(4):135-141.