从合规到实战：MITRE ATT&CK赋能新型电力系统关键基础设施安全保护标准的实施路径

摘要：

【目的】新型电力系统逐步开放、互联、智能化，在新能源、智能终端接入的同时无限放大了新型电力系统对外暴露面，带来严峻的网络安全挑战，为解决现有防护体系难以防御高持续性威胁的问题，亟须提升新型电力系统安全防御能力。【方法】通过将MITRE ATT&CK威胁建模框架映射到GB/T 39204—2022《信息安全技术 关键信息基础设施安全保护要求》中，建立了“合规基线+实战能力”协同防御体系，通过“分析识别、安全防护、检测评估、响应恢复”四步实施路径，形成一套可操作、可度量的技术实施清单和技术能力评价指标体系。【结果】通过在某集中式光伏电站的验证，本方案能系统性地提高对恶意控制指令攻击的检测与防范水平，将平均威胁检测时间从小时级缩短至分钟级。【结论】验证了该方法在提高新型电力系统安全保障能力的有效性，为关键信息基础设施的安全防护提供了可行的技术手段。

Abstract:

[Objective] The gradual opening-up, interconnection, and intelligentization of the new power system, along with the integration of new energy sources and smart terminals, infinitely expands the attack surface of the system externally, posing severe cybersecurity challenges. To tackle the challenges posed by existing protection systems in the context of defending against high-persistence threats, and to strengthen the security defense capabilities of the new power system.[Methods] The paper develops a collaborative defense system that integrates the“compliance baseline” with“practical capability” by aligning the MITRE ATT&CK threat modeling framework with the GB/T 39204-2022,Information security technology—Cybersecurity requirements for critical information infrastructure protection. Through a structured fourstep implementation process of“analysis and identification, security protection, detection and evaluation, response and recovery”, the paper develops a set of actionable and measurable technical implementation checklists and technical capability evaluation index systems. [Results] At a centralized photovoltaic power station, this solution is validated to systematically improve detection and prevention of malicious control command attacks, reducing the average threatdetection time from hours to minutes. [Conclusion] This study confirms the effectiveness of the method in enhancing the security assurance capability of new power systems, offering a feasible technical approach for security protection of critical information infrastructure.

引用格式：李永刚，潘善民.从合规到实战：MITRE ATT&CK 赋能新型电力系统关键基础设施安全保护标准的实施路径 [J].标准科学，2026 (4)：69-77 .

作者简介：李永刚，本科，高级工程师，研究方向为电网网络安全。潘善民，硕士，工程师，研究方向为电网网络安全。