Provisions on safety protection of power monitoring system

Chapter I General Provisions Article 1 In order to strengthen the information security management of the power monitoring system, prevent hackers and malicious codes from attacking and infringing on the power monitoring system, and ensure the safe and stable operation of the power system, these provisions are formulated in accordance with the Electricity Regulatory Regulations, the Regulations of People's Republic of China (PRC) Municipality on the Safety Protection of Computer Information Systems and relevant state regulations, and in combination with the actual situation of the power monitoring system. Article 2 The security protection of electric power monitoring system shall implement the national information security level protection system, and adhere to the principles of "security zoning, dedicated network, horizontal isolation and vertical authentication" in accordance with the relevant requirements of national information security level protection to ensure the security of electric power monitoring system. Article 3 The electric power monitoring system mentioned in these Provisions refers to the business system and intelligent equipment based on computer and network technology and supported by communication and data network, which are used to monitor and control the process of electric power production and supply. Article 4 These Provisions shall apply to power generation enterprises, power grid enterprises and related planning, design, construction, installation, debugging and research and development units. Article 5 The National Energy Administration and its dispatched offices shall supervise and manage the safety protection of the power monitoring system according to law. Chapter II Technical Management Article 6 Business systems based on computer and network technology within power generation enterprises and power grid enterprises shall be divided into production control areas and management information areas.

Production control area can be divided into control area (safety area I) and uncontrolled area (safety area II); Under the premise of not affecting the safety of the production control area, the management information area can be divided into safety areas according to the different safety requirements of enterprises.

According to the actual situation of the application system, under the premise of meeting the overall safety requirements, the setting of safety zones can be simplified, but the vertical cross connection of different safety zones should be avoided. Article 7 The electric power dispatching data network shall be networked by independent network devices on dedicated channels, so as to realize physical safety isolation from other data networks of electric power enterprises and external public data networks.

Power dispatching data network is divided into real-time subnet and non-real-time subnet, which are logically isolated from each other and connected with control area and non-control area respectively. Article 8 If the business system in the production control area uses wireless communication network, other data networks of electric power enterprises (non-electric power dispatching data networks) or external public data network virtual private network (VPN) to communicate with its terminals vertically, a secure access area shall be established. Article 9 Between the production control area and the management information area, a special horizontal one-way power safety isolation device that has passed the inspection by the designated department of the state must be set up.

Safety areas within the production control area shall be logically separated by equipment with access control function, firewall or equivalent facilities.

At the junction between the safe access area and other parts of the production control area, a special horizontal one-way safety isolation device for electric power must be installed, which has passed the inspection by the designated department of the state. Article 10 The vertical connection between the production control area and the WAN shall be equipped with a special vertical encryption authentication device or encryption authentication gateway for electric power and corresponding facilities that have passed the inspection by the designated department of the state. Article 11 Necessary safety protection measures shall be taken at the boundary of the safety zone to prohibit any general network service from crossing the boundary between the production control zone and the management information zone.

The business system in the production control area should have high security and reliability, and it is forbidden to adopt the general network service function with high security risk. Article 12 In accordance with the electric power dispatching management system, distributed digital certificates and security labels for electric power dispatching based on public key technology shall be established, and authentication and encryption mechanisms shall be adopted for important business systems in production control areas. Thirteenth power monitoring system in the selection and configuration of equipment, it should be prohibited to choose the system and equipment that have been tested and identified by the relevant administrative departments of the state and notified by the National Energy Administration of the existence of loopholes and risks; The systems and equipment that have been put into operation should be rectified in time according to the requirements of the National Energy Administration and its dispatched offices, and the operation management and safety protection of related systems and equipment should be strengthened at the same time. In the production control area, except for the safe access area, it is forbidden to choose equipment with wireless communication function. Chapter III Safety Management Article 14 The safety protection of power monitoring system is an organic part of the power safety production management system. Electric power enterprises shall, in accordance with the principle of "who is in charge and who is responsible, who is responsible for operation", establish and improve the safety protection management system of electric power monitoring system, incorporate the safety protection work of electric power monitoring system and its information submission into the daily safety production management system, and implement the responsibility system of grading responsibility.

The electric power dispatching institution is responsible for the technical supervision of the safety protection of the lower-level electric power dispatching institutions, substations and power plants involved in the network within the direct dispatching scope, and the safety protection of other monitoring systems in power plants can be technically supervised by their superior competent units. Fifteenth power dispatching institutions, power plants, substations and other operating units of the power monitoring system security protection implementation plan must be approved by the superior professional management department and information security management department of the enterprise and the corresponding power dispatching institutions, and the implementation plan should be accepted by the above institutions after completion.

The access technical scheme and safety protection measures of the equipment and application system connected to the power dispatching data network must be approved by the directly responsible power dispatching institution.