With the rapid development of digital twin water conservancy projects，the original closed water industrialcontrol system gradually opens，thus the security defense capacity of hydropower station monitoring system needsto be strengthened. In view of increasing internal vulnerabilities and the expansion of external threats，currenttechnical and management security risks are identified and analyzed from the architecture and functions of thehydropower station monitoring system by means of field research and tool testing. Following the basic idea of“logical partitioning，discharge monitoring，data encryption，and integrated management”，this paper proposes a security defense system covering four aspects：regional boundary，communication network，computing environment，and security management. The security defense system completely covers 3 layers of monitoring system：process monitoring layer，network transmission layer and onsite control layer. The security defense system can eff ectively prevent external network attacks and eliminate internal management risks，which is of great signifi cance to ensure safeand stable operation of hydropower station monitoring system.