The invention discloses an attack tracing method and system for a power industrial control network. The method comprises the following steps: collecting information from electric power VPN equipment;carrying out attack detection analysis on the collected information, and detecting whether a network attack event exists or not; performing traceability analysis on the detected network attack event,and positioning an area or a node where an attacker is located; and generating a processing strategy, and performing management and control processing on the attack. According to the invention, the related information of the power VPN equipment at the boundary of the power industrial control network is collected; in combination with the characteristics of power industrial control service communication, network attacks in the power industrial control network are traced, the defects that a traditional tracing method is high in cost, large in transformation difficulty, low in precision and poor in operability are overcome, and automatic discovery and intelligent disposal of the power industrial control network attacks are achieved.