作　　者： ; ; ; ; ;

机构地区： 北京油气调控中心

出　　处： 《天然气工业》 2013年第11期115-120,共6页

摘　　要： 中国石油天然气股份有限公司的长输油气管道在北京油气调控中心实施集中调度,逐渐形成了依托于通信网络的分布式SCADA系统,对安全提出了更高的要求。当前油气管道SCADA系统的数据传输过程中存在的主要风险因素有:缺少接入控制、使用开放的标准协议、采用明文传输并接入了大量不安全的网络设备,而相应的防护措施不多,特别是中控系统和站控系统之间的数据传输依托光纤网、卫星和公网,使用基于以太网TCP\IP的应用层协议,存在较大风险。为此,结合国内外已有的SCADA安全相关的标准和一些学者提出的防护策略,提出了一种安全防护解决方案,即通过建立基于认证和权限控制的接入控制机制、部署硬件防火墙和加密网关、加强对外安全等方法进行安全防护。该方案可为工程设计提供参考。 As the Beijlng Oil and Gas Control Center plays its role in undertaking the centralized control of long-distance pipelines operated by PetroChina, a distributed SCADA system relying on communication network is gradually formed, for which security is highly required. There exist many risks in data transmission of such a SCADA system at present： lacking access control, using open standard protocols, transmitting in plain texts, and connecting a plenty of insecure network devices without appropriate protection measures. Especially, a potential higher risk even threatens the data transmission between the central control system and station con- trol system with an application layer protocol based on Ethernet and TCP/IP, which relies on the optical fiber network, satellite and public network. In view of this, according to the standards published at home and abroad associated with SCADA security and many security protection strategies proposed by some scholars, this paper presents the following countermeasures： setting up an access control mechanisms based on authentication and authority control, deploying hardware firewalls and encryption gateways, strengthening the exterior security, etc. This study will be a reference for engineering design.

关 键 词： 油气管道 系统 安全 数据传输 协议 接入控制 认证 权限 加密

领　　域： [石油与天然气工程]