Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

doi:10.3969/j.issn.1008-0198.2025.06.004

Hunan Electric Power ›› 2025, Vol. 45 ›› Issue (6): 26-32.doi: 10.3969/j.issn.1008-0198.2025.06.004

• Expert Column:Research on Modeling and Optimization of Largescale New Power System Planning Considering Complex Security Boundaries • Previous Articles Next Articles

Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

ZHOU Gang¹, SHU Zhonghu¹, HUANG Zhenxing², MA Dantong², LU Xianying³

1. State Energy Group Yueyang Power Generation Co., Ltd., Yueyang 414203, China;
2. State Energy Group Hunan Electric Power Co., Ltd., Changsha 410007, China;
3. School of Information Engineering, Zhongnan University of Economics and Law,Wuhan 430073, China

Received:2025-08-11 Revised:2025-10-13 Online:2025-12-25 Published:2026-01-13

Abstract

Abstract: Traditional vulnerability management systems often face issues such as fragmented management frameworks, risks of data tampering, difficulties in tracing repair responsibilities, and insufficient incentives for participants, leading to inefficiency and hard-to-supervise of vulnerability remediation processes. To address these challenges, this study proposes a vulnerability management system for power enterprises based on the decentralized architecture, immutability, and full-chain traceability of block chain technology. The system integrates smart contracts, token-driven incentive mechanisms, responsibility assignment mechanisms, and distributed storage technology via the InterPlanetary File System (IPFS). Through systematic analysis and demonstration of multiple functional modules, including vulnerability data notarization, remediation progress tracking, responsibility tracing, and reward-punishment incentives, the proposed system can ensure high efficiency and closed-loop management of vulnerability management in power enterprises within a block chain environment, providing a novel solution for strengthening vulnerability management in the power sector.

Key words: vulnerability management, block chain, incentive mechanisms, closed-loop governance

CLC Number:

TP399
TM763

ZHOU Gang, SHU Zhonghu, HUANG Zhenxing, MA Dantong, LU Xianying. Research on a Vulnerability Management System for Power Enterprises Based on Block Chain[J]. Hunan Electric Power, 2025, 45(6): 26-32.

References

[1] 国家能源局. 电力发展“十三五”规划[R]. 北京:国家能源局,2016.
[2] ANURAG K S,VENKATESH V,CARL H.Cyber infrastructure for the smart electric grid[M]. Hoboken,New Jersey:Wiley IEEE Press,2022:171-182.
[3] 国家信息安全漏洞库.CNNVD关于Apache Struts安全漏洞的通报[EB/OL]. (2024-12-12)[2025-05-23].https://www.cnnvd.org.cn/.
[4] 中华人民共和国国务院. 关键信息基础设施安全保护条例[EB/OL]. (2021-04-27)[2025-05-23]. https://www.gov.cn/gongbao/content/2021/content_5636138.htm.
[5] 杨一未,孙成昊. 关键信息基础设施保护体系建设与漏洞管理标准化研究[J]. 信息安全研究,2022,8(1):62-70.
[6] 赵永安,谢文博,张泽斌. 关于企业漏洞管理实践的探讨[J]. 中国信息安全,2022(6):47-50.
[7] 刘畅. 统一漏洞管理平台研究设计[J]. 信息安全研究,2022,8(2):190-195.
[8] MURUGIAH SOUPPAYA,KAREN SCARFONE. Guide to enterprise patch management planning: preventive maintenance for technology[EB/OL]. (2022-04-06)[2025-05-23]. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf.
[9] Tenable Vulnerability Management. Expose and close your cyber weaknesses with the market-leading vulnerability management solution[EB/OL]. (2025-05-23)[2025-09-16]. https://www.tenable.com/products/vulnerability-management.
[10] Rapid7 InsightVM:vulnerability management tool[EB/OL].(2025-05-23)[2025-09-16].https://www.rapid7.com/products/insightvm/.
[11] Microsoft. Microsoft defender vulnerability management documentation[EB/OL]. (2025-05-23)[2025-09-16]. https://learn.microsoft.com/en-us/defender-vulnerability-management.
[12] 启明星辰. 天镜漏洞管理平台[EB/OL].(2025-09-16)[2025-09-16]. https://www.venustech.com.cn/u/cms/www/202305/11171158t2hu.pdf.
[13] 绿盟科技. 浙江省电力漏洞统一管理平台建设实践[EB/OL].(2025-09-16)[2025-09-16]. https://www.nsfocus.com.cn/html/2015/21_1231/240.html.
[14] 司冰茹,肖江,刘存扬,等. 区块链网络综述[J]. 软件学报,2024,35(2):773-799.
[15] 单瑞卿,盛阳,苏盛,等. 考虑攻击方身份的电力监控系统网络安全风险分析[J]. 电力科学与技术学报,2022,37(5):3-16.
[16] 冯陈佳,朱江,朱寅,等. 电力监控网安设备策略统一管理体系及其实践[J]. 信息安全研究,2024,10(5):481-488.
[17] 张亚伟,张问银,王九如,等. 基于区块链的数字资产管理系统框架设计与分析[J]. 计算机科学与应用,2019,9(1):28-37.
[18] 李森. 基于漏洞管理平台的聚焦爬虫技术研究分析[D]. 北京:北京邮电大学,2015.
[19] 陈泓达,冯云霞,牛云鹤. 基于IPFS区块链技术的工业互联网数据可信存储系统[J]. 计算机科学与应用,2022,12(5):1292-1300.
[20] 刘超,梁雪青,袁兴佳,等. 基于IPFS和区块链技术的可信数据安全存储和共享系统[J]. 微型电脑应用,2024,40(10):143-147.
[21] 李辰洋. BRaft:一种拜占庭容错的Raft算法[D]. 广州:华南理工大学,2018.
[22] ASIAMAH E A,KEELSON E,AGBEMENU A S,et al.Optimizing blockchain querying:a comprehensive review of techniques,challenges, and future directions[J]. IEEE Access,2024,12:196282-196305.
[23] NIST. Guide to enterprise vulnerability management:SP 800-40 Rev. 4[S]. Gaithersburg:National Institute of Standards and Technology,2023.
[24] ZHANG Y,XU C,LI H,et al.Chronos:Secure and accurate time-stamping scheme for digital files via blockchain[C] //ICC 2019:2019 IEEE International Conference on Communications(ICC). Shanghai,China. IEEE,2019:1-6.
[25] ALAVI S,BESSLER N,MASSOTH M.A comparative evaluation of automated vulnerability scans versus manual penetration tests on false-negative errors[C] //International Conference on Cyber-Technologies and Cyber-Systems. 2018.

Research on a Vulnerability Management System for Power Enterprises Based on Block Chain

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 0

Recommended Articles

Metrics

Comments