Research on security protection strategy of flexible interactive platform between captive power plant and power grid

. In order to strengthen the security protection of the flexible interactive platform between the self owned power plant and the power grid, ensure the security of business data, resist the malicious attacks of hackers, improve the robustness of the platform operation, and ensure the safety and reliability of users' power consumption, it is necessary to take a number of security protection technical means to build a comprehensive security defense system of the power grid platform.


Introduction
The application of computer, network and information technology in power system has effectively improved the quality of power production and power utilization efficiency.The information communication system of power system has made good progress in the direction of systematization, intelligence and automation.Modern power system has developed into a complex coupling network system composed of physical power system and information communication system [1] [2].The captive power plant has jumped out of the traditional self-sufficiency mode and participated in the power market competition, which has been strongly supported by national policies, and effectively improved the power balance of the grid from the power supply side [3].The "flexible interactive platform between captive power plant and power grid" is connected with the system of State Grid Corporation of China.Its network security protection is very important, which will directly affect the normal operation of the power system.The influencing factors of power system network security in the big data environment include: lack of citizen security awareness, data storage security, system security vulnerabilities, virus intrusion and imperfection of network security mechanism [4].In order to strengthen the security protection of the flexible interactive platform between self owned power plants and power grids, ensure the security of business data, resist malicious attacks by hackers, and improve the robustness of the platform, it is necessary to take a number of security protection technical means to build a set of indepth comprehensive security defense system.

Research on safety protection methods
Security protection methods mainly include border security protection, terminal security protection, network security protection, and comprehensive security protection .

Border security protection
The goal of border security protection is to protect the interior of the border from external attacks.Firewall, VPN and leased line shall be adopted between the platform and external network to ensure the security of boundary and data transmission.

Terminal safety protection
Terminal security protection refers to the security protection of all terminals in the platform system [6].Due to the characteristics of large mobility, scattered location, large number and difficult management of terminal equipment, in addition to installing anti-virus software for computer virus protection, terminal level firewall control, intrusion protection and patch management are also required to better ensure the security of all kinds of terminals, and also reduce the security risks faced by the entire platform system to a great extent.
The terminals related to the platform are divided into intranet terminals and extranet terminals.The intranet terminals are used for the business operation and information processing of the information intranet, and the extranet terminals are used for the information access of the extranet.For the internal and external network terminals, their security protection should be considered.The terminal security should deploy host based security measures, and the relevant security protection design should be carried out from the following aspects: terminal virus protection, malicious code protection, patch management Terminal security management.

Network security protection
Network security is the ability to prevent attacks, intrusion, interference, destruction, illegal use and accidents on the network, keep the network in a stable and reliable state, and ensure the integrity, confidentiality and availability of network data.The network security protection research of the platform includes network equipment security protection, network information security protection and network channel protection.The data communication used by the system should be protected by encryption, identity authentication and other technical measures.Network equipment security protection includes the security protection of routers, switches, wireless devices, firewalls, security gateways and other security devices that provide network operation proppant security defense in the basic network and security domain.The main protection strategies include security access control, equipment security management, equipment security reinforcement, equipment link redundancy, etc. Network information security protection refers to taking security measures at the network level to ensure the security of information transmitted through the network.When the business information is transmitted across the security domain through the network, encryption and decryption measures such as encryption or inserting digital signatures into the information flow should be adopted based on the confidentiality requirements of the information flow, so as to ensure that sensitive information will not be illegally intercepted when it is transmitted through the network.If the application does not support the above functions and it is difficult to transform, it can also be implemented by means of IPSec VPN and other third-party technical means.Network channel security protection deploy intrusion protection system in the network segment where the main servers are located for network monitoring, map the traffic of important business servers to the listening port of network intrusion protection system, and customize the intrusion protection rule base according to the specific application data.In addition, the construction of network security protection system should adopt the strategy of defense in depth of multi-layer defense and multi-point defense.According to the requirements of level protection, the comprehensive protection of physical security, computing environment security, regional boundary security and active defense can effectively improve the network security protection ability of the platform.

Comprehensive safety protection
Integrated protection is a process of information security protection for the power monitoring system from the host, network equipment, malicious code prevention, application security inspection and audit analysis, backup and disaster recovery and other levels in combination with the relevant requirements of the national information security level protection work.It mainly formulates protection strategies from eight aspects: intrusion detection, host and network equipment reinforcement, malicious code prevention, security inspection and analysis, network security management, backup and disaster recovery, user interface security protection, and data interface security protection.

Formulation of platform security protection strategy
According to the principle of hierarchical and sub domain security protection, the protection objects are mapped to each security domain, and the protection measures required for each domain are classified into boundary security protection, network security protection, terminal security protection, and finally the security protection measures are mapped to the corresponding security types.
The specific security protection measures include: network access control, system security reinforcement, system vulnerability scanning, intrusion protection measures, wireless security measures Remote access control, content security measures, virus detection measures, log audit measures, backup and recovery measures, identity authentication and access management related control measures and physical security measures.Combined with the above-mentioned protection methods and measures, the platform system is divided into security zones, and the overall security protection strategy system is shown in Figure 1.According to the overall security protection strategy mentioned above, the security protection analysis is carried out for the flexible interactive platform between the captive power plant and the power grid, and a one-way access security protection scheme is formulated.The oneway access scheme has less information interaction and is relatively safe.The specific security protection deployment strategy is shown in figure 2.

Summary
The era of big data has put forward higher requirements for the security of network systems.Formulating effective network security protection strategies is crucial to the robust operation of the system.Aiming at the selfdeveloped flexible interactive platform between self owned power plant and power grid, this paper formulates network security protection strategies from four aspects: boundary security protection, terminal security protection, network security protection and comprehensive security protection, so as to ensure the safe operation of the system.This work was supported by The Science and Technology Project of State Grid Corporation of China -Research on low-carbon regulation oriented coal-fired captive power plants' participation in power grid supply and demand regulation and source grid load coordinated operation technology(5400-202236173A-1-1-ZN).
5. Zheng Chen.Construction of network security protection system for power monitoring system

Figure 1 .
Figure 1.Overall strategy system of security protection.

Figure 2 .
Figure 2. Overall strategy system of security protection.
The vertical security boundary protection is the vertical defense line of the system.Certain technical measures are adopted to realize the remote safe transmission of data and the security protection of the vertical boundary.Security measures include border network access control, information intrusion prevention and defense of hidden borders.Border network access control deploy border network access control measures at the vertical network boundary; Information intrusion prevention adopts the intrusion prevention system to detect and protect the information flow flowing through the boundary.When an attack is detected, the intrusion prevention system should record the attack source IP, attack type, attack purpose, attack time and block the attack behavior.In case of serious intrusion events, it should be able to provide timely alarm information; Hidden boundary refers to the hidden non-public network interface caused by illegal outreach.Management means and special technical measures are adopted to prevent the information intranet host from illegally connecting to the Internet, and its behavior is located and blocked.The third-party boundary security protection mainly refers to the network boundary between the interactive platform and the Internet, and the network boundary between the interactive platform and other stakeholders.
It is divided into the third-party boundary of the information extranet and the third-party boundary of the information intranet to analyze the security protection strategy.The third-party boundary of information extranet refers to the security boundary between information extranet and Internet and the network boundary formed by dial-up connection with other units.The security protection measures for such boundary mainly include: boundary network access control, remote security access, external release service security, information intrusion protection, content filtering and defense of hidden boundary.The third-party boundary of the information intranet refers to the network boundary formed by the connection between the information intranet and other third-party networks.The relevant security protection measures mainly include: boundary network access control, information intrusion protection and defense of hidden boundaries.