Smart Grid Application Systems Lifecycle Security Framework

Abstract

Abstract: AbstractWith the advance of smart grid construction, the number of users increases, and the twoway interactive communication is stronger and stronger, application system is more integrated, and there are risks that the system integrity, confidentiality and availability of business system integrity is destroyed and smart devices, intelligent terminals and users' terminals are illegally fraudulent, illegally remotely controlled and illegally operated. The lifecycle security framework of smart grid applications is proposed, which defines seven aspects of security requirements including the planning, requirements, designment, development, testing, online operation and maintenance and the abandoned part, making information security technology and management measures cover the entire software life cycle.

Key words: smart grid, information security, lifecycle, classified protection, security design

摘要： 摘要随着智能电网建设的推进，用户数量越来越多，双向交流互动性越来越强，应用系统集成度越来越高，存在业务系统完整性、保密性、可用性被破坏，智能设备、智能终端和用户终端被非法冒用、远程控制和违规操作等风险.提出了智能电网应用系统全生命周期安全保障框架，从规划、需求、设计、开发、测试、上线运维、废弃7个环节提出了详细的安全要求，使信息安全技术及管理措施可以覆盖应用软件的整个生命周期.

关键词: 智能电网, 信息安全, 全生命周期, 等级保护, 安全设计

陈建业. 智能电网应用全生命周期安全保障框架[J]. 信息安全研究, 2016, 2(9): 850-855.

References

［1］刘振亚. 智能电网技术［M］. 北京: 中国电力出版社, 2010［2］常康, 薛峰, 杨卫东. 中国智能电网基本特征及其技术进展评述［J］. 电力系统自动化, 2009, 33(17): 1015［3］曹军威, 万宇鑫, 涂国煜, 等. 智能电网信息系统体系结构研究［J］. 计算机学报, 2013, 36(1): 143167［4］董朝阳, 赵俊华, 文福拴, 等. 从智能电网到能源互联网:基本概念与研究框架［J］. 电力系统自动化, 2014, 38(15): 111［5］Wan Y, Cao J, Zhang S, et al. An integrated cyberphysical simulation environment for smart grid applications［J］. Tsinghua Science and Technology, 2014, 19(2): 133143［6］刘念, 张建华. 互动用电方式下的信息安全风险与安全需求分析［J］. 电力系统自动化, 2011, 35(2): 7983［7］陈涛, 王旭. 智能电网信息安全风险分析与思考［J］. 电力信息与通信技术, 2012, 10(12): 97100［8］林为民. 智能电网的信息安全风险及应对措施思考［J］. 中国信息安全, 2015 (9): 7376［9］张驯, 李志茹, 袁晖, 等. 智能电网信息系统安全防护措施研究与探讨［J］. 电力信息与通信技术, 2015, 13(2): 110114［10］OWASP. The ten most critical Web application security risks［EB／OL］. ［20130212］. https:www.owasp.org［11］WASC. WASC threat classification v2.0［EBOL］. ［20100104］. http:www.webappsec.org［12］GBT 22239信息安全技术信息系统安全等级保护基本要求［S］. 北京: 中国标准出版社, 2008［13］GB l7859计算机信息系统安全保护等级划分准则［S］. 北京: 中国标准出版社, 1999［14］练坤梅, 许静, 田伟, 等. SQL注入漏洞多等级检测方法研究［J］. 计算机科学与探索, 2011, 5(5): 474480［15］Xu Tao, Yi Chunxiao. SOAPbased security interaction of Web service in heterogeneous platforms［J］. Journal of Information Security, 2010, 2(1): 17［16］Xu Tao, Yi Chunxiao. Signature and encryption on parts of SOAP message based on rampart［C］//Proc of the 2nd Int Conf on Intelligent Systems and Applications. Piscataway, NJ: IEEE, 2010: 12181223［17］Bruce Schneier. 应用密码学——协议、算法与C源程序［M］. 2版. 北京: 机械工业出版社, 2003［18］秦超, 张涛, 林为民. 电力移动作业PDA安全接入系统设计与实现［J］. 电力系统自动化, 2012, 36(11): 8285［19］李郭欢, 张文政. 可信网络的平台认证与接入［J］. 信息安全与通信保密, 2007 (8): 106108［20］邓松, 林为民, 张涛. 基于TNC的电力终端安全接入技术研究［J］. 电力系统通信, 2012, 10(1): 7881

[1]	. Research on the Application of Mobile Police Data Security Technology in the Implementation of Classified Protection 2.0 [J]. Journal of Information Security Research, 2021, 7(2): 178-183.
[2]	. SWOT-AHP Analysis and Countermeasure Research on Information Security of Public Security Organs [J]. Journal of Information Security Research, 2021, 7(2): 190-196.
[3]	. Multi-source network data privacy protection method based on blockchain technology [J]. Journal of Information Security Research, 2021, 7(1): 86-89.
[4]	. Research on Legislative Protection of Personal Biological Information in the Big Data Era [J]. Journal of Information Security Research, 2020, 6(9): 0-0.
[5]	. Research on 5G Internet of Vehicles Security Based on V2X HSM [J]. Journal of Information Security Research, 2020, 6(8): 705-709.
[6]	. Anomaly Detection Method of Industrial Control System Based on Control Behavior Model [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[7]	. A Study of Civil Aviation Network Security Situation Awareness Technology Based on "Business + Data" Perspective [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[8]	. Research on Cloud Security System Based on Big Data Security Technology [J]. Journal of Information Security Research, 2020, 6(5): 404-420.
[9]	. Identity Authentication Method Based on Blockchain Technology in Telecommuting [J]. Journal of Information Security Research, 2020, 6(4): 317-326.
[10]	. Optimization Design and Implementation of Application Layer Interface of Trusted Cryptography Module [J]. Journal of Information Security Research, 2020, 6(4): 354-361.
[11]	. Research on Mimic Defense System of Internet of Vehicles [J]. Journal of Information Security Research, 2020, 6(3): 244-251.
[12]	. Electronic Payment Information Protection Scheme and Application Based on Payment Tokenization Technology [J]. Journal of Information Security Research, 2020, 6(3): 259-265.
[13]	. Research on the Safety Grade Protection Evaluation for Industrial Control Systems [J]. Journal of Information Security Research, 2020, 6(3): 272-278.
[14]	. Discussion of Security Protection System of Public Security Video Network in Xueliang Project [J]. Journal of Information Security Research, 2020, 6(2): 171-180.
[15]	. Research of Information Security in Beidou Navigation System [J]. Journal of Information Security Research, 2020, 6(12): 1068-1073.