摘要
为应对泛连接环境下小型水电站网络安全防护难题,通过分层网络架构重构与新型通信技术融合,设计覆盖厂站区域与集控中心的立体化网络安全防护改造方案。采用5G专网技术构建隔离的数据传输通道,结合端到端加密协议,有效抵御传统公网环境下的数据窃听、重放攻击与协议篡改风险,并通过引入SASE架构,构建零信任安全模型,为远程运维人员建立动态可信接入环境,阻断基于漏洞利用的横向渗透攻击。基于SDN架构,融合多维度数据要素,探索小型水电站端到端网络智能化管理,实现从被动监控到主动防御的管理模式升级。结果表明,该方案能够使小型水电站实现可靠的网络连接、端到端网络安全防护,并通过智能化管理提升运维效率。研究成果为小型水电站无人化值守与智能化运营提供可量化、可复用的网络安全改造实施方案,为能源行业物联网场景下的网络安全防护体系建设提供工程参考。
To address cybersecurity challenges faced by small hydropower stations in a ubiquitous connection environment,a three-dimensional protection scheme was designed by integrating a layered network architecture with advanced communication technologies,covering both the plant area and the centralized control center.The scheme employed 5G private networks to establish isolated data transmission channels and incorporated end-to-end encryption protocols to effectively prevent data eavesdropping,replay attacks,and protocol tampering in traditional public network environments.By introducing the SASE architecture,a zero-trust security model was established,enabling a dynamic and trusted access environment for remote operation and maintenance personnel while mitigating lateral penetration attacks based on vulnerability exploitation.Built on an SDN architecture,the scheme integrated multidimensional data elements to explore intelligent end-to-end network management for small hydropower stations,achieving an upgrade in management from passive monitoring to proactive defense.Results showed that the scheme enabled small hydropower stations to achieve reliable network connectivity,end-to-end network security protection,and improved operation and maintenance effi ciency through intelligent management.The study provides a quantifi able and replicable cybersecurity transformation solution for unmanned and intelligent operation of small hydropower stations and off ers engineering reference for cybersecurity system construction in energy-sector IoT scenarios.
作者
陈淏
龚子桓
宋然
程崇浩
卞正皑
余雪芬
刘鲤晞
吴子劲
邢明辉
CHEN Hao;GONG Zihuan;SONG Ran;CHENG Chonghao;BIAN Zheng’ai;YU Xuefen;LIU Lixi;WU Zijing;XING Minghui(China Telecom Fujian Company,Fuzhou 350001,China;Beijing Fufu Software Technology Co.,Ltd.Fuzhou Branch,Fuzhou 350001,China;China Telecom Co.,Ltd.Research Institute,Beijing 102209,China;Fujian Lide Automation Equipment Co.,Ltd.,Fuzhou 350010,China)
出处
《水利信息化》
2025年第5期35-43,共9页
Water Resources Informatization
基金
中国福建电信科创委研发任务基金项目(24FJ002343)。
关键词
网络安全改造
小型水电站
5G专网
专网承载
多因素认证
智能化运维
泛连接环境
cybersecurity transformation
small hydropower stations
5G private network
private network bearer
multi-factor authentication
intelligent operation and maintenance
ubiquitous connection environment
