一种安全的电力系统计算机网络构建方案

针对目前各级电力系统计算机网络中存在的安全隐患,作者提出了一种比较安全的网络构建方案.该方案能有效地保障电力实时生产系统与各级管理网络免受网络攻击.文章首先对可能产生的各种攻击手段按照其发起网段和原理进行了分类与分析,然后以电力实时应用系统,如SCADA、MIS和办公自动化(Office Automation,OA)的安全为出发点,给出了在电力生产、管理的各级网络上综合运用软件隔离技术和硬件物理隔离技术来构建电力网络的具体方案,即通过严格隔离实时系统和局域网、隔离各个实时系统、隔离局域网和Internet三项举措来全面保障网络安全.对计算机网络安全中的防火墙、数据加密以及指纹身份认证等技术也给出了具体应用策略.

A COMPREHENSIVE PROJECT TO CONSTRUCT SECURE COMPUTER NETWORK FOR POWER SYSTEM

To eliminate the potential insecure hazard in computer networks for power systems, a project to construct a more secure computer network, which can protect the real-time electric power production system and management networks in different levels from possible outside attacks, is proposed. According to the initiate meshwork and principle of various attacks which maybe take place are classified and analyzed; then taking the security of real-time application systems such as the SCADA, MIS and Office Automation (OA) in power network as the start point, a concrete project consisting of three measures, i.e., strict isolation of real-time systems from LAN, isolating the real-time systems each other, isolating the LAN from Internet, are given to construct a secure computer network for power system by comprehensive use of both software isolation and hardware based physical isolation in different levels of computer network for power production and administration; finally, in this project the application of advanced technologies such as the firewall, data encryption, private gateway and finger-print based identity authentication in network security is also described.