Abstract: To solve the problem that the existing security strategy of power monitoring system is insufficient to defend against new attacks, this paper proposes an automatic threat path construction method based on ATT&CK framework. Firstly, the network undirected graph based on the connectivity between devices is constructed. Then, the threat movement path is constructed according to the asset classification information. Finally, according to the asset classification information, ATT&CK framework and network killing chain, the threat movement path information and the threat path construction are completed. This method not only provides a theoretical basis and support for the formulation of power system security policy, but also provides the possibility to adaptively adjust network security policy when threats are detected.