Abstract : Based on the operational characteristics of the power system and the current situation of power information technology in China, this paper describes the basic architecture of power information security protection and points out that building a power information security monitoring system (center) is an important measure to ensure power information security. The basic functions of the power information security monitoring system are summarized. It is proposed that power information security monitoring should be based on power information security analysis, thus introducing the concepts of power information security analysis and control, and basic methods for power information security analysis. Keywords : Power system; Information security; Monitoring 1 Introduction Network and computer technologies have propelled the power system into the digital age. In the digital age, the power grid carries both electrical energy flow and information flow; information flow guides electrical energy flow, and electrical energy flow depends on information flow, making the operation of the power system safer, more reliable, of higher quality, and more economical. The dispatching, operation, production, and daily management of modern power systems increasingly rely on various computer information systems. Currently, power information systems carry almost all the operational and management information of power enterprises. The security of power information systems is directly related to the safe and reliable operation of the power system. With the deepening of the market-oriented reform of the power system, the security of power transaction information has also become prominent. Information is a crucial resource for digital power systems, and ensuring the security of power information is a vital task that modern power systems must face. China's power industry has already invested to some extent in information security. Most power companies have adopted necessary security measures, such as firewalls, antivirus systems, and some simple disaster recovery backup systems. Overall, most existing systems are point- and localized protection measures, insufficient to achieve a high level of defense. Based on general concepts and principles of information security, this paper, combined with the characteristics of China's power system, describes the basic architecture of power information security protection. On this basis, it argues that building a power information security monitoring system (or power information security monitoring center) is an important measure to improve power information security, describing the main functions of the power information security monitoring system, including status monitoring, operation monitoring, and security analysis. The important fundamental role of power information security analysis in power information security monitoring is clarified, and the concepts of power information security analysis and control, as well as basic power information security analysis methods, are proposed. 2. Basic Architecture of Power Information Security Information security aims to ensure the effectiveness of information. Information security involves the confidentiality, integrity, availability, and controllability of information. The power system is an important distributed and hierarchical public utility with obvious characteristics; ensuring the safety of the power system is the primary task of the operation and management of the power system. The architecture and deployment of the power information security system should conform to the basic needs of the power system, the flow and security level of power information, and the structure of the power information network. (1) Power information flow structure The fundamental goal of the power information security protection system is to ensure the normal and smooth operation of basic power business. Therefore, to ensure power information security, it is necessary to clearly understand the structure of power business information flow. From the perspective of power enterprise operation, the logical structure of power business information flow is shown in Figure 1. The requirements for the safe, reliable, high-quality and economical operation of the power system determine the security level that power information should have. Power automation information (real-time operation monitoring information) is the information with the highest requirements for safety and reliability for power enterprises; production management information, marketing management (power market) information, resource management (finance, materials) and decision support information are power information of a lower level. (2) Power information network structure In conjunction with the above power information flow logical structure, my country currently adopts a power information network structure that combines dedicated networks and public networks. In Figure 2, SPDnet is the dispatch information network and SPnet is the power information network. They are dedicated power networks. The above power network structure strongly supports the requirements of power information security on the network. According to the importance of power information, different functions adopt different networks, and under the premise of ensuring security, they achieve connection with the Internet. (3) Power information security protection system architecture The overall framework of the national power secondary system security protection divides power information into "three layers and four zones" [1]. According to the information function, power information services can be divided into three layers: the first layer is the automation system; the second layer is the production management system; and the third layer is the power information management system. The three-layer functions are matched with the power information network structure to generate four security zones: 1) Security zone 1 is the automation system supported by SPDnet (real-time information); 2) Security zone 2 is the production management system supported by SPDnet (real-time information); 3) Security zone 3 is the production management system supported by SPnet (non-real-time information); 4) Security zone 4 is the power information management system supported by SPnet (non-real-time information). Figure 3 describes the overall structure of my country's power information security protection system. This structure clarifies the security isolation between information application and network and the security isolation between information application. Under the above overall framework, starting from the three aspects of security strategy, security technology and security management, we will comprehensively and systematically build a power information security system for the physical security, network security, system security, application security, data security and user security of the power information system. 3 Power Information Security Monitoring System Power information is an important resource for power companies. Insecurity of power information can cause huge losses to the production, operation and management of the power system. The security of modern power systems not only refers to the security of the physical power system, but also includes the security of the power information system. Due to the importance of information security, more and more domestic and foreign companies and organizations have begun to establish information security monitoring systems or information security monitoring centers [2,3>, with the goal of comprehensively and systematically improving the level of information security. The power system is a large-scale public utility system that is distributed and hierarchical. The geographical distribution leads to the hierarchical control and management. In view of the importance of power information security and the hierarchical distribution of power enterprise management, it is necessary to establish a power information security monitoring system or a power information security monitoring center. (1) Main functions of power information security monitoring system Power information security monitoring realizes two online monitoring functions: the integrity of information equipment and the operating status of information system. Based on online monitoring, this system achieves security management of information equipment and the operation of information systems, thereby improving the security level of information systems. 1) Equipment Security Management: This involves monitoring the status of information equipment and managing it effectively. Basic functions include: ① Real-time monitoring and control of the operating status of information equipment; ② Equipment management using a tree-structured classification method; ③ Equipment management expression using a geographic information system (GIS) approach; ④ Configuration, maintenance, and upgrade management of information equipment. 2) Real-time Operation Security Management: This monitors the operational status of information systems and responds promptly to sudden security incidents. Basic functions include: ① Collecting operational information of information systems at network node levels; ② Real-time classification and display of network and system operational status; ③ Timely response to security incidents and triggering security response mechanisms; ④ Storage and management of security incident information. 3) Offline Operation Security Analysis: Based on historical security information, offline security analysis identifies anticipated security incident queues, formulates security countermeasures, and evaluates the security level. This includes: ① Retrieval and management of security data; ② Analysis and calculation of security data: identifying security incident queues, formulating security countermeasures, establishing security mechanisms, and evaluating the system's security level; ③ Generating security analysis reports. 4) Information security inspection, certification and assessment management The superior power information security monitoring center has the power to conduct security inspections, certification and assessments of the information security of subordinate power enterprises. 5) Daily management Daily management includes the following basic contents: ① User management; ② System configuration management; ③ System log management; ④ Security system management. (2) Main supporting technologies of power information security monitoring system 1) Object-oriented management organization technology Power information system is a large-scale distributed hierarchical system proportional to the scale of physical power system. Security management work is very complex and heavy. High-efficiency information management methods should be adopted. Power information system is composed of objects. Objects have the characteristics of independence, correlation, inheritance and polymorphism. Independence and correlation reflect the situation of the object itself and the relationship between the object and the environment; inheritance and polymorphism reflect the individual and common characteristics of the object. Use the independence and correlation of objects to express the equipment integrity and operation status of the information system; use its inheritance and polymorphism to realize the effective management of information system equipment. 2) Data unified management technology Establish information security data standards to lay the foundation for unified security information management. 3) Security Management Adapter Technology: Security management adapters enable information communication and sharing between products from different manufacturers. Distributed across the managed network segments, these adapters collect information system security information and forward security control commands, making them a crucial link in information system security management. 4) Device Management Agent Technology: Device management agents are the execution link for security management. They either run inside the device or on other computers outside the device. Security management adapters and device management agents work together using standard protocols. 5) Cascaded Management Technology: Cascaded management enables comprehensive management of large-scale, distributed, and hierarchical information systems. The application model of a power information security monitoring system is shown in Figure 4. Figure 4 illustrates an application model of a cascaded power information security monitoring system. The main system has an information security monitoring center, and each regional system has an information security monitoring sub-center. 4 Power Information Security Analysis and Control Although power information security is generally considered very important, the level of understanding remains at a macro and general level. We should gradually gain a clearer understanding of power information security. We should not only grasp the extent of damage to the information system itself caused by security incidents, but more importantly, we should grasp the power system security incidents and the extent of damage caused by information security incidents. This requires the establishment of corresponding models and the proposal of specific security analysis and control methods. Power information security analysis is a fundamental function of the power information security monitoring system (center). In the face of the collected security information, we can use the means of power information security analysis to provide a basis for the prevention, emergency control and recovery control of information security; thereby improving the overall level of power information security. (1) Set of security incidents Let A be the set of power information security incidents, representing the security incidents that may occur in the power information system; let B be the set of power system security incidents, representing the power system security incidents that may be caused by information security incidents; including production operation incidents and business management incidents. The power system security incident set B can be further divided into the set of real-time automation system security incidents, the set of production security incidents, the set of marketing (market) security incidents, the set of resource management security incidents and the set of decision-making resource security incidents, etc. (2) Correlation analysis of security hazards It establishes the correlation relationship between the set of power information security incidents A and the set of power system security incidents B. The correlation analysis includes which power system security events may be triggered by the information system security event and how much damage they will cause. Let ai represent a certain power information security event; P(ai) represent the probability of occurrence; bj represent the power system security events that may be triggered; P(bj,ai) represent the probability that ai will trigger bj; dj represent the degree of damage (loss) caused if event bj occurs. The values ​​of the probability P(ai) of the power information security event and the probability P(bj,ai) of the power system security event are between 0 and 1. The degree of damage is divided into several levels such as 1, 2, 3, ..., the smaller the level, the more serious the degree of damage. Table 1 reflects the correlation analysis of the power information security event ai. The relationship between the information system security event and the power system security event cannot be clearly determined in many cases. Because the occurrence of an information security event does not necessarily mean that a power system security event will occur. The correlation analysis reflects the degree of potential damage to the power system caused by the power information security event. (3) Weight and queuing of information security events For the information security event ai, its security severity can be determined according to the correlation analysis of security risks. Let wi be the security severity of ai. The value is determined by queuing power information security events according to the size of the security severity wi, resulting in the information security severity queue W. It should be noted that P(ai) is not only related to the operation status of the information system and the integrity of the equipment, but also to the external environment, including disasters, the activity of a certain virus, etc., which are also dynamic. Correspondingly, the information security severity queue W is also dynamic. Therefore, the information security monitoring system must pay attention to its changes. (4) Information security control Based on the monitoring of power information security, the power information security analysis is used to realize the functions of information security prevention control, emergency control and recovery control. 1) Prevention control Based on the monitoring of the information system and the power information security analysis, according to the order of the information security severity queue W, weak links are found and prevented before they occur. Targeted measures are taken to strengthen information security and avoid information security events. 2) Emergency control According to the order of the information security severity queue W, security response measures are designed, security response mechanisms are deployed, and the foundation for emergency control is laid. Once an information security incident occurs, the corresponding security mechanism will be immediately triggered according to the security response measures set in the prevention and control system. This will reduce the scope of the security incident and avoid greater losses. 3) Recovery Control: For anticipated information security incidents, recovery control strategies and recovery mechanisms will be designed and deployed. After an information security incident occurs, the recovery mechanism will be activated to quickly restore system operation. 4) Information Security Construction: Based on the order of the information security severity queue W and the probability P(ai) of the information security incident ai, the security level of the information system will be analyzed, and an overall plan to improve security will be planned. Under the deployment of the overall information security plan, information security devices and software will be invested in a targeted manner to improve the security of the information system. With limited financial investment, P(ai) will be effectively reduced, and the ability to resist damage to the information system and power system will be enhanced. 5 Conclusion Combining the characteristics of the power system and the current status of China's power information network, this paper describes the basic architecture of power information security. It points out the importance of building a power information security monitoring system (monitoring center) and gives the basic functions focusing on equipment status monitoring and system operation monitoring. It proposes the concept and basic methods of power information security analysis that combine power information security with power system security. Power information security analysis is an important foundation for implementing power information security prevention, emergency control, and recovery control, and is a basic function that a power information security monitoring system should possess.