作為當前國內講述電力行業數據安全實踐的著作,本書以鑄造電力行業數據安全防御之劍,提高電力行業從業人員數據安全能力為目的,講述了塑模、鑄范、鍛造、淬火、拋光、出鞘、劍舞七個步驟的內容,從基本概念到具體實踐,主要涵蓋了電力行業數據安全概述、數據安全政策法規、數據安全保護體系、數據安全防護技術、數據全生命周期安全風險分析及對策、數據安全典型事件、數據安全未來發展趨勢等方面的內容。本書條理清晰,通俗易懂,語言流暢,內容豐富、實用,將理論與實踐相結合。本書適合廣大數據安全愛好者、數據安全與網絡安全從業者學習和掌握數據安全相關技術和知識,更適合電力行業信息技術從業人員開展數據安全業務,還適用于大專及本科院校數據安全相關課程的案例與實踐教學。
周文婷,女,碩士研究生,正高級工程師,現任新疆思極信息技術有限公司總經理,歷任國網新疆電力信息通信有限公司副總經理、國網新疆電力有限公司科技數字化部副主任等職位,先后從事電網調度通信、客戶服務、企業發展、電網安全生產管理、科技創新等領域,從事重點工程 30余項,組織開展科技項目50 多項,獲得國網公司、新疆維吾爾自治區、國家能源學會、全國電子學會、新疆電機工程學會科技進步獎 15 項。榮獲國家電網公司、自治區、國網新疆電力有限公司各類榮譽稱號。
第一章 塑模:電力行業數據安全概述 ····································································.2
1.1 電力系統簡介 ·····················································································.2
1.1.1 傳統電力系統·············································································.3
1.1.2 新型電力系統·············································································.5
1.2 電力行業數據特點 ···············································································.8
1.2.1 數據來源廣泛·············································································.8
1.2.2 數據應用全面·············································································.9
1.2.3 數據特征顯著·············································································.9
1.3 做好電力行業數據安全保護為何重要 ·······················································10
1.4 電力行業數據安全風險與挑戰 ································································12
1.4.1 數據泄露危及國家安全·································································12
1.4.2 非法入侵導致電力系統服務中斷·····················································13
1.4.3 數據濫用帶來違法與犯罪風險························································13
1.4.4 數字化技術蘊含新的安全風險························································14
1.4.5 數據全生命周期管理不足引發短板效應············································15
1.5 本章小結 ···························································································16
第二章 鑄范:電力行業數據安全政策法規 ······························································18
2.1 電力行業數據安全相關法律法規解讀 ·······················································18
2.1.1 《中華人民共和國網絡安全法》 ······················································19
2.1.2 《中華人民共和國數據安全法》 ······················································22
2.1.3 《中華人民共和國密碼法》 ····························································24
2.1.4 《中華人民共和國個人信息保護法》 ················································24
2.1.5 《最高人民法院、最高人民檢察院關于辦理侵犯公民個人信息刑事案件適用法律若干問題的解釋》····················26
2.1.6 《網絡安全審查辦法》 ··································································29
2.1.7 《信息安全技術—網絡安全等級保護基本要求》 ·································30
2.1.8 《關鍵信息基礎設施安全保護條例》 ················································33
2.2 電力行業數據安全相關政策要求 ·····························································35
2.2.1 《電力監控系統安全防護規定》 ······················································35
2.2.2 《電力監控系統安全防護總體方案》 ················································37
2.2.3 《加強工業互聯網安全工作的指導意見》 ··········································37
2.2.4 《工業和信息化領域數據安全管理辦法(試行)》································38
2.2.5 《關于加強電力行業網絡安全工作的指導意見》 ·································40
2.2.6 《電力行業網絡安全管理辦法》 ······················································41
2.2.7 《電力可靠性管理辦法(暫行)》·····················································42
2.2.8 《電力行業網絡安全等級保護管理辦法》 ··········································43
2.3 本章小結 ···························································································44
第三章 鍛造:電力行業數據安全保護體系 ······························································46
3.1 如何做好電力企業的數據安全管理 ··························································48
3.1.1 至關重要的組織架構····································································48
3.1.2 缺一不可的制度流程····································································50
3.1.3 必不可少的管理機制····································································52
3.1.4 不可或缺的人員管理····································································54
3.2 如何做好電力企業數據安全技術防護 ·······················································56
3.2.1 數據分級分類安全防護·································································58
3.2.2 數據安全精準防護·······································································59
3.2.3 數據交互開放可信·······································································60
3.3 如何做好電力企業數據安全運營及服務 ····················································61
3.3.1 數據安全監測·············································································61
3.3.2 數據安全評估·············································································61
3.3.3 數據安全審計·············································································63
3.4 本章小結 ···························································································63
第四章 淬火:電力數據安全防護技術 ····································································65
4.1 傳統數據安全保護技術 ·········································································65
4.1.1 邊界防護···················································································65
4.1.2 身份認證及訪問控制····································································66
4.1.3 數據安全審計·············································································68
4.1.4 數據脫敏···················································································70
4.1.5 數據追蹤溯源·············································································71
4.1.6 數據加密···················································································72
4.1.7 數字簽名···················································································73
4.1.8 數據沙箱···················································································75
4.1.9 數據庫防火墻·············································································76
4.2 新型數據安全保護技術 ·········································································77
4.2.1 基于人工智能的數據安全技術························································78
4.2.2 基于區塊鏈的數據安全技術···························································78
4.2.3 基于零信任架構的數據安全技術·····················································79
4.2.4 基于安全多方計算的數據安全技術··················································81
4.2.5 基于差分隱私保護的數據安全技術··················································83
4.2.6 敏感數據識別技術·······································································84
4.2.7 基于 API 監測的數據安全技術 ·······················································86
4.2.8 基于數據流轉監測的數據安全技術··················································87
4.3 本章小結 ···························································································88
第五章 拋光:電力行業數據全生命周期安全風險分析及對策 ······································91
5.1 數據全生命周期概述 ············································································91
5.2 數據采集階段 ·····················································································92
5.2.1 電力行業數據采集方式·································································93
5.2.2 風險分析···················································································98
5.2.3 應對措施···················································································99
5.3 數據傳輸階段 ··················································································.102
5.3.1 電力行業常用數據傳輸方式························································.102
5.3.2 風險分析················································································.107
5.3.3 應對措施················································································.108
5.4 數據存儲階段 ··················································································.109
5.4.1 電力行業數據存儲方式······························································.109
5.4.2 風險分析················································································.111
5.4.3 應對措施················································································.112
5.5 數據處理階段 ··················································································.114
5.5.1 電力行業常見數據處理場景························································.114
5.5.2 風險分析················································································.115
5.5.3 應對措施················································································.116
5.6 數據交換階段 ··················································································.120
5.6.1 電力數據交換場景····································································.120
5.6.2 風險分析················································································.120
5.6.3 應對措施················································································.122
5.7 數據銷毀階段 ··················································································.124
5.7.1 風險分析················································································.125
5.7.2 應對措施················································································.126
5.8 運維環節的安全風險 ·········································································.128
5.8.1 風險分析················································································.128
5.8.2 應對措施················································································.129
5.9 本章小結 ························································································.129
第六章 出鞘:電力行業數據安全典型事件 ···························································.131
6.1 電力行業黑客攻擊典型案例 ································································.131
6.1.1 烏克蘭電力系統遭受攻擊···························································.132
6.1.2 委內瑞拉電網遭受攻擊······························································.134
6.1.3 暴露的問題·············································································.135
6.1.4 應對措施················································································.135
6.2 供應鏈安全引發數據泄露事件 ·····························································.136
6.2.1 Equifax 公司信息泄露事件··························································.137
6.2.2 SolarWinds 供應鏈攻擊事件························································.137
6.2.3 暴露的問題·············································································.138
6.2.4 應對措施················································································.138
6.3 內部人員由于安全意識淡薄導致數據泄露 ··············································.139
6.3.1 APT 黑客組織“蜻蜓”入侵美國電網 ···········································.139
6.3.2 烏克蘭某核電廠發生重大網絡安全事故·········································.140
6.3.3 暴露的問題·············································································.141
6.3.4 應對措施················································································.141
6.4 系統配置不當造成數據泄露 ································································.142
6.4.1 美國德州電氣工程公司(PQE)服務器配置引發數據泄露 ·················.142
6.4.2 德國電網公司數據泄露事件························································.143
6.4.3 暴露的問題·············································································.144
6.4.4 應對措施················································································.144
6.5 典型的電力行業成功防御網絡攻擊案例 ·················································.144
6.5.1 美國新墨西哥公共服務公司成功應對網絡攻擊事件 ··························.144
6.5.2 愛爾蘭國家電網公司成功應對網絡攻擊事件···································.145
6.6 本章小結 ························································································.146
第七章 劍舞:電力行業數據安全未來發展趨勢 ·····················································.148
7.1 電力行業數據安全面臨新挑戰 ·····························································.148
7.1.1 電力數據主權維護面臨著“新數據孤島”挑戰 ···································.148
7.1.2 個人信息和隱私保護成為電力數據保護的主戰場·····························.149
7.1.3 電力行業數據安全管控更加依賴新技術應用···································.149
7.2 電力行業數據安全未來發展趨勢 ··························································.149
7.2.1 數據安全政策法規和監管措施將日趨完善······································.149
7.2.2 電力數據版權管理體系發展步入正軌············································.149
7.2.3 電力行業的安全體系建設逐步落地···············································.150
7.2.4 電力行業數據安全重要性日益突出···············································.150
新書資訊