PDF Version - PAC World magazine

eportsindustry79Impact of IEC61850 onProtection andAutomationB5 is one of 16 Studycommittees of CIGRE.Its scope is to facilitateand promote the progressof protection andautomation.IEC 61850, the standard for communication in substations was published threeyears ago and is already widely used in Substation Automation projects. The goal of thestandard is interoperability between devices from different manufacturers. It supports theinterconnection of all applications in the substation automation (SA) system from the stationlevel with its HMI and remote control gateway to the protection and control IEDs in the bays(station bus), and from these IEDs down to the switchgear (process bus). It supports also theuse of unconventional current and voltage sensors. It may replace all signal wires by serialcommunication links. The standard goes beyond the definition of communication since itprovides additional important features like the domain specific Data Model and the SubstationConfiguration description Language (SCL). Therefore questions came from the users : Whatis the impact of IEC 61850 on protection and automation? How introduce IEC 61850 basedsubstation automations system to exploit all benefits but to minimize the risk of this step?The CIGRE Study Committee B5 had formed the WG 5.11 which created a brochure coveringall these topics and, as common, a summary in Electra - both published in fall 2007. ThisCIGRE brochure cannot replace the more than 1000 pages of the standard but is intended as apractical guideline for utilities. This article cannot replace the 110 pages of the CIGRE brochurePAC.WINTER.2008

y Klaus-Peter Brand80industry reportsCIGRE B5but explain shortly some findings andhighlight its helpful role for utilities.The chapters in the brochurewere written by different authorsfrom utilities and providers.The brochure was compiled bythe members of working group5.11 and crosschecked by therepresentatives of CIGRE SC B536 member countries worldwide.The idea is that each chapteris readable by itself dependingon the background and the aimof the reader. Therefore, there issome overlap between the chaptercontent.Benefits and justificationChapter 2 summarizes thefeatures of IEC 61850 and pointsto the benefits. The combinationof all it s disc ussed feat uresmakes the standard unique. Thehomogeneous and comprehensiveabstract data model including allservices for the communication insubstations is formulated very nearto the user's (substation engineer)terminology and independentfrom any implementation whichis left as task for the manufacturers.The mapping of this model to mainstream communication meansi.e. MMS, TCP/IP and Ethernetmakes the standard future proof.The inclusion of the sampledvalues service allows exploiting thebenefits of new non-conventionalinstrument transformers likeRogowski coils, capacitive dividers,and electro-optical sensors forcurrent and voltages, as well asusing the common conventionalt ransfor mer-t ype ones . TheSCL of IEC 61850 provides acomprehensive description ofthe complete SA system. It wasdefined to be used by all tools -also from different manufacturers- for configuration, engineering,testing, and maintenance i.e. inany phase of the life-cycle startingfrom any single compliant productand ending with the maintenancephase of the customer specificSA project (Figure 3). In chapter3 it is shown how these benefitscorrelate to operative and costbenefits for the utility justifyingthe introduction and use of IEC61850. Examples are the use of SCLand mainstream communicationtechnology, but also the optionsto replace copper wires by serialfiber optic links transportingGOOSE messages or to use anykind of today’s and tomorrow'scurrent and voltage sensors. Lastnot least, interoperability is notonly provided between devices ofdifferent suppliers but also betweendifferent generations of products.Concepts and migrationSA systems realized according toIEC 61850 up to now are more orless one-to-one copies of existingones replacing only the proprietarycommunication by IEC 61850.This step is already beneficialsince it excludes communicationfrom competitor comparisonThe switchgear andSA system should beconsidered as a whole.and facilitates the integration ofa third party main 2 protectionas needed for transmission lines.At the beginning of chapter 6 it isrecommended to reconsider thesystem concepts to exploit thebenefits of IEC 61850 as muchas possible. This is especiallyimportant for migration strategies(chapter 4). There are no generalstrategies because any migrationdepends on the actual state and theintended goal for the SA system.Specification of IEC 61850based SystemsThe most sensitive phase forSA systems is the specificationphase because corrections later inthe implementation phase mayeither be not possible or very costly.Guidelines for specification aregiven in chapter 6 by descriptionand as checklist. The descriptionof the site and the already existingor newly ordered switchgear isessential. The starting point is thesingle line diagram of the substationand the allocated SA functionsas usual.The communicationdesign based on Ethernet is moreflexible and scaleable than theprevious proprietary ones. Activeelements like switches supportThe brochurediscusses a lotof questionsutilitieshave beforeand whenintroducingIEC 618501 Current Responsibility of 2 IEC 61850-Holistic responsibilityfor departments in utilitiessubstationsSuplier A Suplier BCommunicationDepartrmentProtectionDepartrmentControl/SCADADepartrmentSwitchgearDepartrmentSystem Integrator (SI)Suplier ASubstation Department (SD)CommunicationDepartrmentProtectionDepartrmentControl/SCADADepartrmentSwitchgearDepartrmentSystem Integrator (SI)Suplier BIEC61850 Knowledge everywhereSuplier C Suplier D Suplier C Suplier D3 SCD - Thread trough the life cycleof SA and substationOffer/OrderIEDIEDIEDSwitchyardSingle LineFunctionsallocatedICD FilesSystemIntegration/Engineering(Tool)SpecificationSSD FileSimulation(Tool)SCDFileTest(Tool)Simulation(Tool)FATTest(Tool)Maintenance(Tool)SATUpgrade(Tool)MaintenanceSystemRefurbishmentToolPAC.WINTER.2008

this flexibility. To get an optimizedSA architecture, requirements forboth availability and performancehave to be stated. If there are norestrictions in the specification,GOOSE messages may replaceall wiring bet ween IEDs. Atleast for new substation the useof unconventional instrumenttransformers providing samples viathe process bus may be considered.However, these advanced featuresare not a must for using IEC 61850but an option for the future. Theresponsibility that the systemcomposed of interoperable devicesfrom different suppliers is runningas specified has to be taken by theSystem Integrator and fixed inthe specification. This role needsappropriate tools, test equipmentand trained staff. Besides the SAsystem itself the most importantitem to be delivered is a single SCLbasedSubstation ConfigurationDescription (SCD) file - a very costeffective basis for all testing andmaintenance tools and, therefore,for any future upgrades also.Responsibility in utilitiesThe project execution (chapter7) is normal besides the fact thatin the engineering process theSCD for the complete systemhas to be created and reused forsystem tools. In addition to thespecification, the procurementprocess (chapter 5) and the lifecyclemanagement (chapter 8)are within the responsibility ofthe utility. The utilities shouldinvest in the knowledge about thestandard to understand what theymay request and what they willget. The integration of the differentfunctions in the substation to onesystem may strongly impact thestructure of utility organization(see Figures 1 &2).ReferencesThe introduction of IEC 61850 and itsimpact on protection and automationwithin substationsCigre Brochure 326 (produced by SC B5 WGB5.11), 2007, price 75/150 €, www.cigre.orgSummary in Electra N°233, August 2007,21-29Cyber SecurityIssues forProtective Relaysby Solveig Ward, RFL, USAIn a m ajor move towardensuring the reliability of theelectric grid, the Federal EnergyRegulatory Commission (FERC)approved eight cyber security andcritical infrastructure protection(CIP) standards proposed by NERC,CIP 002-1 to 009-1. The standardswill require bulk power systemusers, owners, and operators inthe U.S. to identify and documentcyber risks and vulnerabilities,establish controls to secure criticalcyber assets from physical and cybersabotage, report security incidents,and establish plans for recovery inthe event of an emergency.Substantial compliance is requiredby 06/2008 and full complianceby 12/2008. Utilities that do notmeet audit requirements will facestiff penalties for non-compliancewhen audits begin in 2009.Because of the importance of thissubject the IEEE Power SystemsRelaying Committee WorkingGroup CI studied the issues of cybersecurity related to different aspectsof power system protection andproduced a report “Cyber SecurityIssues for Protective Relays” that isavailable to the community.Cyber sec ur it y is the ter mThe Power SystemRelaying Comettee is inthe Power EngineeringSociety of IEEE.commonly used with respect tothe area of computers. Computers,or microprocessor-based deviceswith computing capability, are nowcommonly used for control andautomation functions in additionto traditional data archival andprocessing.Technological misuse and abusehas become a serious concern in allareas where computers are used andnetworked. The electric industryhas embarked on the processto secure control systems. Thisrequires risk assessment and reviewto determine what is vulnerable tocyber attacks. All assets should beanalyzed in regards to the need forsecurity.Protec t ion and sec ur ing ofnet worked communications,intelligent equipment, and thedata and information vital to theoperation of the future energysystem is one of the key driversbehind developing an industrylevel architecture. Cyber securityfaces substantial challenges, bothinstitutional and technical, fromthe following major trends:Need for greater levels ofintegration with a variety ofbusiness entitiesBiographySolveig M. Wardreceived M.S.E.E.from the RoyalInstitute of Technology,Swedenin 1977. Shejoined ABB Relays.where she has heldmany positions inMarketing, Application,and ProductManagement.After transferringto ABB in the US1992, she was involvedin numericaldistance protectionapplication design,and was ProductManager forcurrent differentialand phase comparisonrelays. She isa member of IEEE,holds one patentand has authoredseveral technicalpapers In June2002, Solveig joinedRFL Electronics Inc.as Director of ProductMarketing.

industry reportsIEEE PES PSRC82SubstationHMIIEDSwitchIEDby Solveig Ward, RFL, USAIncreased use of open systemsbasedinfrastructuresThe need for integration ofexisting or “legacy” systems withfuture systemsGrowing sophistication andc o m p l e x i t y o f i n t e g r a t e ddistributed computing systemsGrowing sophistication andthreats from hostile communitiesT h e r e p o r t a n a l y z e s r e l a yc o m m u n i c a t i o n s a n d t h erequirements covered in thedifferent NERC standards. Twomain groups of protection relatedcommunications applications areidentified:between protection IEDs anddifferent substation and remoteclient applicationsbetween protection IEDswith a substation or in differentsubstations.The requirements for the differentcases are discussed in the report,followed by analysis of the impactof the communications media usedon the security of the system.In evaluating the security threat tosubstation equipment the reportconcludes that numerous peoplehave physical contact with variousdevices within the substation.T h e s e i n d i v i d u a l s i n c l u d eemployees, contractors, vendors,manufacturers, etc. Of particularconcern is the fact that the typicalsubst at ion env ironment can1 Electronic SecurityPerimeterSubstationApplicationsIEDSCADA MasterRouterTelecomDeviceSubstationEngineeringStationTelecomDeviceIEDIEDSubstationprovide a means to compromisethe power system with a lowprobability of being detected orapprehended.Threats may be caused by actionsof authorized persons as well asmalicious actions of authorized andunauthorized persons. Some of thethreat sources to consider include:Employees with criminal intentto profit or to damage others by themisappropr iat ion of ut ilit yresourcesDisgruntled employees or exemployeeswho cause damage tosatisfy a grudgeHobbyist intruders who gainpleasure from unauthorized accessto utility information systemsCriminal activit y by bothindividuals and organizationsdirected against the utility, itsemployees, customers, suppliers,or othersTerroristsC o mpet ing org ani z at ionss e a r c h i n g f o r p r o p r i e t a r yinformation of the utility, itssuppliers, or customersUnscrupulous participants in themarkets for electric power orderivativesSoftware providers who, inat tempt ing to protec t theirintellectual property rights, createvulnerabilities or threaten to disablethe soft ware in cont r ac t ualdisputesCommunication protocols areone of the most critical parts ofpower system operations.T h e I n t e r n a t i o n a lElectrotechnical Commission(IEC) Technical Council (TC) 57Power Systems Management andAssociated Information Exchangeis responsible for developinginternational standards for powersystem data communicationsprotocols. The internationalstandards account for much of thedata communications protocols innewly implemented and upgradedpower industry SCADA systems,subst at ion automat ion, andprotection equipment.The report analyzesrelay communicationsand security issuesBy 1997, IEC TC57 recognizedthat security would be necessaryfor these protocols. It thereforeestablished a working group tostudy the issues relating to security.The work by IEC TD57, WG 15is to be published by the IEC asIEC 62351, Parts 1-7. The IEEEPSRC report concludes with thefollowing Recommendations :Security must be planned anddesigned into systems from thestart. Planning for security, inadvance of deployment, willprovide a more complete and costeffective solut ion. Advanceplanning will ensure that securityservices are supportable.Establish a security policytailored to the needs of protectiverelay systems and the access needsof protective relay engineersAssess existing communicationschannels for vulnerabilities tointrusionImplement and enforce policiesre computer usage, remote accesscontrol, with frequent auditing ofsystems and policies. Emphasizethat security is not a part time adhoc function.Where appropriate, add policies,procedures and hardware tov ulnerable communicat ionschannels and access ports.Where appropriate, implementauthentication and/or encryptiontechniques based on individual riskassessmentsMonitor logs and traffic.Maintain and monitor a list ofauthorized personnel who havepassword or authenticated access.Comply with industry andgovernment regulations.Maintain a backup of vitalinformation.Prepare a recovery procedure inthe event of an attackPAC.WINTER.2008