A survey of network security situation awareness in power monitoring system

Abstract

In recent years, with the increasingly fierce international competition for the information access, use and control, cyberspace has become a new battlefield among countries. After the 12.25 blackout event happened in Ukraine, the number of cyber attacks against key information infrastructures in various countries has been increasing. The cyber attack has become a new form of war. Moreover, the frequent attacks on the power grid indicate that the power industry network and information security situation has been grim. Since 2002, China's power industry has deeply studied of Ertan Power Plant Downtime Event, Time Logic Bomb Event, Exchange Station Infection Virus Incident and other issues. State Grid Corporation of China first carried out the power monitoring system network security autonomous control research work in industrial control system. In accordance with the overall protection principle (security partition, network-specific, horizontal isolation and vertical certification), State Grid Corporation of China explored and established the power monitoring system grid-like security model. However, due to the threat of cyber security penetration and the rapid expansion of power specific network scheduling data network, the bottleneck effect of monitoring and alarm systems based on the traditional border security equipment has appeared. There is an urgent need to collect, analyze and alarm all kinds of network security events for external and internal nodes in the wide area dispatching data network through the new technology Cloud Movement. In this paper, we propose a solution of the network security situation awareness C Event based on the power monitoring system network security metadata. The method can describe the log generalization data of various types of signals, data, behaviors and traces in the power monitoring system. Model these descriptions through the independent research on the large data platform of the existing extensive operation power monitoring system to set up a multi-source, mass data association analysis, network security situation awareness and early warning mechanism.