Research And Application On Information Security Quantitative Risk Assessment Method Of Power Plant Control System

The situation of control system information security in power plants is severe.With the introduction of the Cyber Security Law and Grade Protection 2.0 standards,information security of power plants is paid more and more attention.By conducting the risk assessment of thermal power plant control systems,power plants can establish a more safety system and ensure that power plants can operate normally and safely.In this paper,quantitative risk assessment standards and theories of power plant control systems are analyzed and studied,and a information security risk assessment display platform of power plant is designed.The main work is as follows:(1)According to the development of information security of industrial control system at home and abroad,the current representative risk assessment methods are studied in depth,the specific process of risk assessment for control information security,asset identification,vulnerability identification and threat identification in the power plant are analyzed in detail.(2)A method for quantifying the vulnerability of power plant control systems based on grey correlation analysis and attack graph was proposed.First,starting from the two indicators of vulnerability exploitation probability and vulnerability value,a series of quantitative vulnerability indicators were proposed.Secondly,the quantitative index and attack diagram are used to study the vulnerability of industrial control systems.Finally,the research is carried out with the power plant simulation platform as the experimental background,and finally the total attack expectations of each attack path can be obtained.(3)A method of information security risk assessment of power plant control system based on D-AHP and TOPSIS is proposed.According to the relevant industry standards for risk assessment of industrial control systems,the assessmentindex system and a hierarchical structure model are established.Aiming at the uncertainty of assessment information caused by the differencesin expert's experience,D-AHP is used to solve the impact weights of each index.Then use the TOPSIS to find the expert weight,and finally get the information security risk value of the power plant control system.(4)The information security protection strategy of the thermal power plant control system is proposed,and the information security risk assessment display platform of the power plant control system is designed and developed.The platform is designed based on the requirements using the B/S architecture,the functional modules are divided according to the design framework,and the functions of each module are introduced.The platform has the advantages of clear display,simple operation and easy expansion.