随着信息通信技术在电力信息系统中的不断发展和应用,电网的防护边界逐渐模糊,外部攻击和内部威胁日益严重,急需对电力系统的信息资源进行有效的访问控制,以确保其数据安全。本文在电网二次系统安全防护总体框架的基础上,结合零信任安全机制,提出一种面向电网信息安全的零信任动态访问控制模型。该模型通过分析电网系统的访问主体属性与行为信息的特点,综合考虑威胁行为、滑动窗口、惩罚机制等因素对访问控制的影响,以实现对访问主体信任值的持续评估和动态控制。仿真实验结果验证了所提访问控制模型的可行性和有效性。

With the continuous development and application of information and communication technology in power information system, the protection boundary of power grid is gradually blurred, and external attacks and internal threats are increasingly serious. It is urgent to carry out effective access control to the information resources of power system to ensure its data security. Based on the general security protection framework of power grid secondary system and zero-trust security mechanism, this paper proposes a zero-trust dynamic access control model for power grid information security. By analyzing the attributes of the access subject and the characteristics of the behavior information of the power grid system, the model comprehensively considers the influence of threatening behavior, sliding window, punishment mechanism and other factors on the access control, and realizes the continuous evaluation and dynamic control of the access subject trust value. The simulation experimental results verified the feasibility and effectiveness of the proposed access control model.

国家电网科技项目基于零信任的电力监控系统网络安全接入关键技术与装备开发研究