As one of the key national infrastructures, the ubiquitous power Internet of things will make everything in the network space in a state of interconnection after its completion. Once there is a network war, it is easy to become the preferred target of network attack. For example, the value data of the ubiquitous power Internet of things can be obtained through the attack, which can analyze the power distribution and the location of the key information infrastructure of the attack target location, Tampering with key node monitoring and early warning information, operation instructions and other key data, resulting in ubiquitous power Internet of things system failure or major security incidents.
At the same time, the ubiquitous power Internet of things is the basic network of public energy utilities, serving the public. If the big data involving customers is attacked due to improper protection, sensitive information such as customers’ electricity, energy consumption details, telephone numbers, and geographic location of energy consumption are leaked, which will have a negative impact on the public security. Therefore, it is necessary to build a system protection system to ensure the safe operation of ubiquitous power Internet of things. Among them, data height control is the core, “two networks” intelligent interaction is the key, and security dynamic defense is the bottom line.
Data management is the core of security management and control
Data is the most basic element of ubiquitous power Internet of things, and data security management is the most prominent risk of big data application of Internet of things.
In the whole cycle of energy generation, transmission, transformation, adjustment, distribution and utilization, massive data is generated in every link and every moment. For example, in the operation of ubiquitous power Internet of things, the equipment status information is obtained in real time or regularly through various sensors, and the data only covers the main network equipment, with the order of magnitude of TB. The data volume of distribution network equipment is larger and there are many kinds of data. With the gradual integration of distribution network equipment into equipment production management system, the data scale will reach Pb level. At present, in the field of marketing and customer service, there is only one item of power consumption information collection, with about 90tb of new data added every year and 7tb of customer service data added in advance.
These data can greatly promote the ubiquitous power Internet of things intelligent perception, internal control ability and user service efficiency, but if the data provider can not effectively control the data collection, transmission, storage, processing and use, it may cause massive sensitive data leakage.
For example, some local data collection terminals still have data, and lack of security protection mechanism for the retained data; The lack of data transmission security mechanism between the local intelligent terminal and the background server, the lack of identity authentication, authority management, encryption, integrity verification and other security mechanisms in the acquisition system will cause data damage or leakage. Once big data is tampered with and leaked, it will have a great impact on energy and power production, operation and management, and user services. Therefore, in the planning stage, it is necessary to implement data management as an important module to eliminate data security risks and put data security at the highest priority in most occasions.
“Two networks” intelligent interaction is the key to security management and control
The current smart grid has a typical “Intranet” feature, which provides security guarantee for the power industry by limiting the flow of information. The construction vision of ubiquitous power Internet of things is to share data, so as to have Metcalfe’s Law (the value of a network is equal to the square of the number of nodes in the network, and the network value is proportional to the square of the number of connected users), and further form a more open and cooperative development format. But at the same time, ubiquitous power Internet of things is more vulnerable to information attacks. Therefore, how to give consideration to the characteristics of “two networks” and give full play to their respective advantages is a major principle issue for the construction of ubiquitous power Internet of things, and also an important way to achieve security control.
The author believes that the security control of ubiquitous power Internet of things depends on the intelligent interaction of strong smart grid under the premise of “limited opening”. To solve this problem, Xue Yusheng, academician of Chinese Academy of engineering, proposed a better solution, that is, the ubiquitous power Internet of things includes the buffer network based on private network and the public network vulnerable to hackers. The buffer network indirectly improves the openness through the interface with the public network, and the intelligent power network indirectly interacts with the society through the interface with the buffer network. From the nature of information network, smart grid still belongs to the internal network. Ubiquitous power Internet of things includes not only the buffer network with the characteristics of private network, but also the private network with the characteristics of Internet.
Dynamic defense is the last line of defense for security protection
Dynamic defense system includes not only front-end risk perception, information distribution, threat analysis, but also back-end response linkage. Through the technical means of portrait calibration of the typical state of the device, interactive linkage with the authoritative vulnerability library and virus library, the real-time perception and correlation analysis of the overall security situation of the ubiquitous power Internet of things can be realized, and malicious attacks can be found in time and handled quickly.
For example, for the operation and maintenance of smart substation, it is necessary to further innovate algorithm technology, enhance data security transmission encryption, role authentication, authorization management and access authority inspection, so that the smart substation can resist malicious command attacks on internal and external network on the premise of meeting the existing business requirements. When it is found that the internal and external network is attacked, it is more necessary to use network technology to block the attacker’s behavior and launch counter attack. In addition, it is necessary to carry out attack and defense rehearsal in advance to continuously improve the technical level and coping ability of power operators.
Source: China Energy News