电信科学 ›› 2017, Vol. 33 ›› Issue (2): 163-176.doi: 10.11959/j.issn.1000-0801.2017043

• 运营技术广角 • 上一篇    

基于网络隔离与安全数据交换的发电集团双网体系研究与设计

王静1,高昆仑2,张波3   

  1. 1 国家电力投资集团公司,北京 100033
    2 国家电网全球能源互联网研究院,北京 102209
    3 南京理工大学计算机科学与工程学院,江苏 南京 210094
  • 修回日期:2017-02-09 出版日期:2017-02-01 发布日期:2017-03-07
  • 作者简介:王静(1973-),女,国家电力投资集团公司高级工程师,主要研究方向为大型发电集团信息化管理与建设,包括总体规划、网络与信息安全、应用系统建设和部署等。|高昆仑(1972-),男,博士,国家电网全球能源互联网研究院教授级高级工程师,主要研究方向为电力系统自动化、网络与信息安全、人工智能与大数据等。|张波(1985-),男,南京理工大学计算机科学与工程学院博士生,主要研究方向为网络与信息安全、人工智能与大数据等。
  • 基金资助:
    国家高技术研究发展计划(“863”计划)基金资助项目(2012AA050804)

Research and design in dual network scheme of power corporation based on network isolation and secure data exchange

Jing WANG1,Kunlun GAO2,Bo ZHANG3   

  1. 1 State Power Investment Corporation,Beijing 100033,China
    2 State Grid Global Energy Interconnection Research Institute,Beijing 102209,China
    3 School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
  • Revised:2017-02-09 Online:2017-02-01 Published:2017-03-07
  • Supported by:
    The National High Technology Research and Development Program (863 Program)(2012AA050804)

摘要:

集团型发电企业如何面向互联网服务,同时确保电力生产管理和信息网络的安全稳定,是电力企业普遍关注的问题。通过网络隔离和安全数据交换等技术设计了集团型发电企业双网体系结构。在保障网络安全隔离的基础上,引入私有协议交互技术,满足发电企业日益强劲的互联网业务发展需求。提出了逻辑强隔离的总体技术路线以及信息内外网构建、应用部署、典型应用场景信息交换的设计方案;此外,为了实现隔离后的集中监控和统一防护,提出了部署统一监测、统一防病毒、统一终端管理、统一认证系统的设计方案。

关键词: 发电集团, 网络信息安全, 网络隔离, 安全数据交换

Abstract:

It is a common concern for power enterprises of how to ensure the safety and stability of power production management and information network for group-oriented power generation enterprises.The dual-network architecture of group-type power generation enterprise was designed based on network isolation and the safe data exchange technology.Based on the protection of network security isolation,the private protocol interaction technology was introduced to meet the growing business development needs of power enterprises.The overall technical route of logical strong isolation was proposed,the design scheme of construction of information internal and external network,the application and deployment,and information exchange in typical application scenarios was put forward.In addition,in order to realize the centralized monitoring and unified protection after isolation,the design scheme of deploying unified monitoring,unified anti-virus,unified terminal management and unified authentication system was put forward.

Key words: electric group enterprise, network and information security, network isolation, secure data exchange

中图分类号: 

No Suggested Reading articles found!