Talking about "Internet + Information Security Management" of Electric Power

With the popularization of Internet technology, network and information security are also facing new threats. As the central power enterprise under the jurisdiction of the five provinces and regions, China Southern Power Grid occupies an important position in China's power and energy industry. Power network and information system are now widely used and are developing at a high speed, and are becoming the core of the development of power information technology. The network and information security management of electric power has become an important part of electric power operation management.

Conceptual understanding of Network and Information Security

The concept of computer network and information security can be roughly understood as: it is a modern comprehensive discipline composed of many disciplines, which has developed rapidly in recent years. it involves computer technology, cryptography, network technology, topology theory, information and communication technology, applied mathematics and other disciplines. Its content roughly includes that the files and data of the software, hardware and its operating system in the computer network system are protected from being modified, leaked or destroyed by unauthorized random or deliberate factors; the whole computer network system can run continuously, reliably and uninterruptedly, and various application services are uninterrupted and withdrawn.

Computer network and information security have two meanings: information security and network system security. The security of information is to ensure the availability, integrity and confidentiality of basic information, equipment information, user information, content resources and other information or data. Network system security is to ensure the normal state, continuous and stable operation of the software, hardware and network system in the network system. Generally speaking, network and information security refers to the use of system, management, technology and other three-dimensional and comprehensive ways to ensure the continuous, stable and normal operation of the network system.

The proposal of Power Network and Information Security

Today's network information system has become the basic supporting platform of power operation, and the basic structure of power network information system in different management areas based on transmission and distribution data network, dispatching data network and integrated information network has been gradually formed. Information resources are continuously shared, including all aspects of production and management, such as engineering construction projects, power grid production and operation, customer marketing services, management information systems and so on. For public utility enterprises, the ability of network security and network information security directly affect the development and efficiency of the company, and directly affect the construction and application of the "smart grid" of Southern Power Grid. Computer and network information are following the rapid development of the times, at the same time, the network information security technology of computer is constantly updating and developing, which leads to some differences in the cognition of power network information security in some power enterprises. there are weak links in power network information security. The problems of computer network and information security have become important factors affecting the safe operation of electric power.

However, some institutions do not pay attention to the problem of computer network and information security, and there are many potential problems in enterprise computer network and information security management. The control of network and information security has not been effectively implemented, and there is a lack of management standards to guide the safe operation of enterprise network information systems.

The present situation of Network Information Security of Electric Power

1. Analysis on the present situation of Network Information Security

(1) insufficient security awareness is the bottleneck of computer network information system security.

There is a lack of security awareness, which has always been a difficulty in network information security. From administrator to end-user, from architecture design to technical implementation, there is no awareness of actively preventing network and information security problems.

At the beginning of network and information system design, there is usually a lack of funding or understanding, and the system architecture generally reduces or does not invest in security. Network and information system operations usually paralyze administrators or users, and management or use is generally for the sake of weakening security.

(2) the defects and deficiencies of the operation and management mechanism restrict the strength of security prevention.

There are no sound and effective rules and regulations for network and information system security, and they only make local and basic defenses against the whole network and information system in daily operation and maintenance, and lack of comprehensive measures. The safe operation of network and information system not only meets the requirements of technical level, but also requires a comprehensive and strict management mechanism for design, operation and maintenance. System designers, administrators, operators and users need to abide by it together, be responsible for the security of each role, and establish a standardized unity to ensure the mandatory establishment, effective implementation and availability of the above rules.

(3) insufficient allocation of facilities and personnel is the basic reason why it is difficult to defend against network information security.

With the shortage of network and information security management professionals, the scope and field of network and information technology are constantly expanding, and the number of security professionals can not keep up with the actual needs of enterprises. Inadequate network and information security infrastructure, improper configuration of firewalls, routers or other network devices, or lack of policies, ignoring loopholes such as operating systems and server programs, and the antivirus software and client software of the devices are not updated in time. Inadequate network and information security infrastructure or negligence of personnel make it easy for intruders to attack and destroy enterprise networks and information systems as targets.

two。 Risks in Power Network and Information Security

(1) Network security risk

The power computer network and information system covers all areas of the business of the power grid company, including all employees of all departments of the power grid company. In the continuous construction and expansion of power network and information system, there is no unified security planning and scientific configuration, the subnetting of logical network is unreasonable, there is interconnection between different subnets, and there is no security characteristics. there is no repeated construction of large-scale network equipment and communication lines, and there are other security risk factors in the network.

(2) system security risk

The system security risk of power network and information system is large. A variety of host operating systems and hardware device firmware have security vulnerabilities and malformed configurations, and there is no appropriate patch management method and system. At the system level, this artificially creates a connection between highly vulnerable networks and information systems, leaving an opportunity for attackers.

(3) Application security risk

Generally speaking, the application software system of electric power enterprise can be divided into three categories: the first kind is general software such as WPS, Office office software and AutoCAD drawing software; the second