Wednesday, July 30, 2014

Water Infrastructure in Los Angeles under “pressure”

Eight to 10 million gallons of (fresh!) water had been lost after major water main ruptured in Los Angeles yesterday.

Hm, the more than 90-year-old riveted steel pipe carries an estimated 75,000 gallons per minute … that’s a bit.

Click HERE for a report and video by Reuters.

The un-thinkable happened! Which part of the world-wide infrastructures breaks next?

Friday, July 25, 2014

Power Utility Automation Or Power Automation?

The title of IEC 61850 is “Communication networks and systems for power utility automation”. The restriction to power utility is an artificial one required by the standardization organization – it is not set by the industry.

In fact the scope of the IEC 61850 series is: “Communication networks and systems for power automation”.

Wherever power is generated, transported, distributed, and used, IEC 61850 provides the needed tools to provide a standardized interface for information, information engineering, and information exchange. There is no difference between a 3-phase AC system in a distribution system inside an Industrial Facility or outside in an utility grid. I guess you agree, that voltage phase A is voltage phase A.

All crucial information models for electrical systems are defined in IEC 61850-7-4 (core), IEC 61850-7-410 (hydro), IEC 61850-7-420 (DER), IEC 61850-90-7 (inverters), IEC 61850-90-17 (power quality), … It would be in the interest of keeping the reliability of power delivery high, to use ONE standard for all power related applications (in public utilities and in any factory or other plant or site).

There seem some people to apply the “fieldbus approach” … publishing new standards for power systems inside Industrial Facilities AND for an interface between the two domains (between Industrial Facilities and Power Utilities). Fortunately the power does not care if it is flowing inside or outside an Industrial Facility. Why not just use ONE standard (IEC 61850) for applications inside Industrial Facilities, inside Power Utilities, and between the both domains.

The IEC TC 65 has published a Committee Draft to open the door for a new standard:

IEC 65/555/CD: IEC/TS 62872 Ed. 1.0:
System interface between Industrial Facilities and the Smart Grid

Click HERE for a brief project description.
Contact your National Committee for a copy.

Tuesday, July 22, 2014

Navigation Light System for Offshore Wind Farms managed by IEC 61850

The Sabik NavAid Controller is part of the control and monitoring system for the marking of offshore wind
farms. It is used for controlling and monitoring of illuminating and marking components on
offshore structures:

  • Activation and generation of the flash code for all of the attached 5 nautical miles lanterns
  • Activation and generation of an intensity control signal for spotlights
  • Current consumption monitoring for all components of the navigation light system, as well as error
    detection and reporting

The communication supports Modbus and IEC 61850.

Click HERE for a two page NavAid Controller brochure.
Click HERE for the Gateway used in the NavAid Controller.

The Sabik Logo is enhanced by the slogan: WE SHOW THE WAY … with the application of IEC 61850 (IEC 61400-25) Sabic shows also the way how to apply IEC 61850 for many applications outside substations.

Monday, July 21, 2014

New: Hands-On Training with Real Devices and Process Signals

19 years after IEC 61850 standardization started, 10 years after publication of the first set of IEC 61850 core documents, and 10 years after intensive training worldwide, we are now facing a new challenge: Can everybody do hands-on work with the new technology without spending a lot of money?

Yes, You can – if you work with NettedAutomation GmbH.

NettedAutomation GmbH is entering into a new phase of training: using real devices and solutions to work with in the public 3 days general training courses. The program of the 3 days courses is as follows:

  • 1 1/2 days Introduction and basics on IEC 61850 (and briefly on IEC 60870-5-104)
  • 1/2 day Hands-on training on designing ICD and CID documents
  • 1/2 day Configuring and using Server devices for monitoring and control using IEC 61850 and IEC 60870-5-104
  • 1/2 day Configuring and using Client devices for IEC 61850 and gateways to IEC 60870-5-104 and proxy server to IEC 61850

The first new training session according to this program will be conducted from October 15-17, 2014 in Frankfurt (Germany). The hands-on sessions using real devices, as depicted in the following figure, show the devices involved. Further evaluation software running under Windows (offered for free) will be provided at the beginning of the course.

image

On request we are preparing the above evaluation package with one com.tom 3.1S (104 Server, 61850 client and server), one com.tom 5.1 (104 Server, 61850 Server, Modbus client), a simple meter with Modbus RTU, 24 V power supply, relay to operate a fan, and a fan - mounted on DIN Rail. The com.tom (application, communication, and gateways) are configured via a web browser and a CID file – no programming or extra tools required.

Contact NettedAutomation GmbH to receive an offer for the above evaluation set, for the training in Frankfurt in October, or for an in-house training.

NettedAutomation will provide several evaluation sets for the hands-on training in October. For in-house hands-on training NettedAutomation can offer communication with these and other devices – even: bring your own devices.

By the way, beginning in fall 2014, NettedAutomation will also offer (with senior power and protection engineers) intensive 3 days Seminars on Protection and Control with IEC 61850 for HV/MV substations using GOOSE, SV, SCADA, … SCL:

  • IEC 61850 Introduction and experience. Where are we today?
  • Return of experience and application: with Protection and Control (mainly in medium and high voltage) Substation Automation and with SCADA systems.

All Presentations will be supported by practical examples

Contact NettedAutomation for further details on the special protection and SCADA training courses.

Please stay tuned.

Security for XML based System and Device Configuration Information

Discussion on the protection of configuration information can be found HERE (just one blog post down). Please note that IEC TC 57 is working on a new part for series IEC 62351 (Data and communications security):

IEC 62351-11 Ed.1:
Power systems management and associated information exchange - Data and communications security – Part 11: Security for XML Files

The key objectives of this proposal are:

  • Provide a mechanism to authenticate the source of the file.
  • Provide a mechanism for tamper detection.
  • Provide these security mechanisms in a manner that maintains as much compatibility with the current CIM, SCL, and other XML formats as possible.
  • Provide a mechanism so that a source of data can identify what data may or may not be made available to other entities in addition to the initial receiving entity.

It is crucial for the whole industry to support these kinds of standardization projects. The user communities have to pay anyway: now or later.

We have that many good standards and draft material that should be implemented soon to make sure that we can keep control over a wide range of infrastructures.

Click HERE to download an White Paper on Security Standards in IEC TC57 written by Frances Cleveland, WG 15 Convenor [pdf].

Just published: Draft 61850-90-17 – Using IEC 61850 to transmit power quality data

IEC TC 57 has just published the 52 page Draft IEC Technical Report 61850-90-17 – Using IEC 61850 to transmit power quality data (57/1488/DC).

The document is available for comments until 2014-10-10.

Contact your TC 57 National Committee for a copy.

Phenomena considered in the draft are related to:

  • Power frequency
  • Magnitude of the supply voltage
  • Flicker
  • Supply voltage dips and swells.
  • Voltage interruptions
  • Transient voltages
  • Supply voltage unbalance
  • Voltage harmonics
  • Voltage interharmonics
  • Mains signalling voltage on the supply voltage
  • Rapid Voltage Changes (RVC)
  • Underdeviation and overdeviation
  • Magnitude of current
  • Current recording
  • Harmonic currents
  • Interharmonic currents
  • Current unbalance
  • Frequency deviation
  • Supply voltage variations
  • Voltage unbalance
  • Harmonic voltage
  • Interharmonic voltage
  • Voltage fluctuation and flicker
  • Mains signalling and voltages

This draft is intended to increase the interoperability between power quality monitoring systems and any application that needs the corresponding information for operation or post mortem analysis.

Saturday, July 19, 2014

Are Object Names like “CircuitBreakerMainStreet” a Security Problem?

Security is a very crucial issue in the power management and automation. There are standards and other specifications that help to “close” the automations, information and communication systems. Several blog posts discuss these issues.

In a discussion recently the problem with semantic names like “CircuitBreakerMainStreet” for process information (signals) was understood as crucial. Would such names make it easier for somebody to attack a system? Why should the problem be in the Name? If you keep the doors to your device or engineering system wide open – you should not be surprised if your system will be hacked and the infrastructure be damaged.

Is there really a difference (from a security point of view) if the identification is “CircuitBreakerMainStreet” or “Staus1829” or just “1829”? There would be an issue if somebody could retrieve the name from the device by a “too open” communication protocol. Even with IEC 61850 it should be prevented that everybody could just retrieve the self-description. Keep the door to the model closed … allow only the configuration engineer to access it. This would require to implement IEC 62351-8 (Role based access) or something similar.

The easiest access to the model (SCL file or any other configuration Excel Sheet) is likely hacking the engineering computer and download the corresponding configuration files – or to work at the engineering company and copy the files ... It does not matter what is communicated later at run-time, if you get the signal designation and the used identifiers in the protocol you can understand the bits on the wire. This applies to all protocols! DNP3, IEC 60870-5-104, Modbus, IEC 61850, CIM, … Profibus, ProfiNet, …

We have to keep an eye on the whole chain – not just look at the protocol and how signals are designated:

The main objective of the IEC 61850 based engineering process resulting in a comprehensive model description like a SCD File (System Configuration Description according to IEC 61850-6, SCL) is to get a system document that is consistent, has less errors and less omissions! Part of the SCD content can be retrieved by self description service of IEC 61850-8-1 – not.

Let’s now look at two persons that use such a comprehensive system document: first person is authorized person using the document and second person is UN-authorized person using the document. Let’s look at two use cases:

Case A: Provide and use “open”, comprehensive SCD File.
Case B: Use proprietary system configuration description.

… and discuss the situation:

  authorized person UN-authorized person
Case A Can properly monitor and control the system because the operation is using a consistent and well documented system configuration. Needs to be maintained. In the (hopeful very unlikely) event of gaining access to the system configuration it may harm the system.
Case B E.g., especially after some years in operation and after operators have been replaced by new staff, then it may be possible that the operators are not able to properly operate the system! It is unlikely that the UN-authorized person can do a lot of harm.

I believe that Case A is the preferred one that should be implemented: the possibility to properly operate the system by an authorized person outweighs the potential harm that can be done by an UN-authorized person.

One thing is for sure: Protect the system!! Don’t allow anybody to get on your network or systems, implement authentication, and many more …

What do you think? What is your experience? Are you aware of any analysis on this?

I would appreciate receiving your feedback – or you may just post a comment online.

Finally: One more detail on names:

Just a reminder: The IEC 61850 reporting messages and the GOOSE messages do not need to exchange these names like “CircuitBreakerMainStreet”. The content of these messages is specified by the corresponding DataSets. For Reporting see this blog post.

We have to focus on the WHOLE System!

Thursday, July 17, 2014

PhD Thesis about IEC 61850 Process Bus application in High Voltage Substations

A few hours after my offer to post links to further thesis that discuss applications related to IEC 61850, I received very useful information from David Ingram (PhD RPEQ MIEAust CPEng(Aus) SMIEEE, Electrical Engineer). He wrote:

“ …my PhD thesis was on process bus networks looking at SV and PTP. It is freely available for those that are interested.

Title: Assessment of precision timing and real-time data networks for digital substation automation

This project researched the performance of emerging digital technology for high voltage electricity substations that significantly improves safety for staff and reduces the potential impact on the environment of equipment failure. The experimental evaluation used a scale model of a substation control system that incorporated real substation control and networking equipment with real-time simulation of the power system.
The outcomes confirm that it is possible to implement Ethernet networks in high voltage substations that meet the needs of utilities; however component-level testing of devices is necessary to achieve this. The assessment results have been used to further develop international standards for substation communication and precision timing.”

Click HERE to download the full PhD thesis [pdf, 17 MB]. It is quite interesting that his thesis has been downloaded 3 times per day (on average)! He has something important to tell you!

Visit his website with further results of his investigations … you will find many papers related to IEC 61850 for free download.

Dear David, Thanks for your very valuable contributions. Keep going!

Transformer Load Tap Changer Control using GOOSE

Nelli Sichwart wrote 2012 her Thesis

TRANSFORMER LOAD TAP CHANGER CONTROL USING IEC 61850 GOOSE MESSAGING

“… IEC 61850 has many benefits including great flexibility and improved interoperability and
promises to be more widely implemented in the United States with time as is already the case in
many other parts of the world.
This research shows that LTC operation using IEC 61850 is reliable and brings with it all
the benefits that the implementation of IEC 61850 has to offer.
Above all, due to elimination of
the majority of copper wiring, the proposed method is very flexible and can be implemented
using a variety of different devices …”

Click HERE to download the thesis [pdf].

Many other thesis related to IEC 61850 have been written:

Just GOOGLE for further master thesis … You will be surprised.

If you find some other interesting publications (papers, presentations, thesis, …) let me know in order to post it on the blog.

Thanks!

IEC 61850 (MMS) running over LTE

Giang T. Pham did some research on running IEC 61850 (MMS) over LTE. The result is a Master Thesis at the University of Twente:

“Integration of IEC 61850 MMS and LTE to support smart metering communications”

“… The objective of this research is to integrate IEC 61850 MMS and LTE to support communications between smart meters and the central meter data management system. The research includes a literature study of IEC 61850 MMS protocol, focusing on its requirements to support smart metering communication, and simulation-based performance evaluation of IEC 61850 MMS smart metering traffic over LTE network. …

… Since both MMS and LTE support the use of TCP/IP communication profile, the mapping of MMS over LTE to support remote control communication is feasible … the simulation results prove that the integration of IEC 61850 MMS and LTE is not only possible but also provides good performance in term of delay, throughput and packet loss.

Click HERE to download the Master Thesis [pdf].

Why does Security often have a low priority?

During a conversation with a manager of a vendor of Energy Management Systems (EMS) today, I was surprised hearing that they offered a training course on Security measures in 2013 – but had to cancel the course because of too less registrations! Could that be true in 2013?

Here is some information on security measures easy to read and understand – maybe hard to implement:

Whitepaper
Anforderungen an sichere Steuerungs- und Telekommunikationssysteme

White Paper
Requirements for Secure Control and Telecommunication Systems

Click HERE for the bilingual document [pdf]

There is also a companion document (in German) available that gives further guidelines on how to apply the requirements for control center level systems, for communication infrastructure level, and for substations and RTUs:

“Anforderungen an sichere Steuerungs- und Telekommunkationssysteme
Ausführungshinweise zur Anwendung des BDEW Whitepaper”

These requirements are mandatory for vendors!!

Click HERE for the document [pdf, DE].

Every expert in the energy automation business should read, understand, and apply these requirements.

On page 58 you can read (in German):

“Entsprechend den technischen Möglichkeiten sollten in allen Bereichen standardisierte IEC-Protokolle angewendet werden. Der private Bereich dieser Kommunikationsprotokolle sollte nach Möglichkeit nicht verwendet werden.
Eine Verschlüsselung der Protokolle nach IEC 62351 sollte durch den Betreiber geprüft werden, wobei ggf. auftretende Einschränkungen bei der Fehlerdiagnose sowie die notwendige Infrastruktur und Prozesse zur Schlüsselverwaltung berücksichtigt werden sollten.
Dort, wo aktuelle Systeme und Geräte noch nicht die Möglichkeit der Verschlüsselung nach IEC 62351 bieten, sollte die Fernwirkübertragung daher auf den unterlagerten Netzwerkebenen geschützt werden, z.B. durch Nutzung von VPN-Technologie oder SSL/TLS-Tunnelung.
Insbesondere für IP-basierte Protokolle sollten entsprechend sichere Netzwerkstrukturen vorgesehen werden (siehe 2.3).”

By the way, the whitepaper can be used by English speaking experts to learn German – and vice versa ;-)

Wednesday, July 16, 2014

infoteam software supports IEC 61850

Programming application software using OpenPCS (infoteam implementation of IEC 61131-3) is one of the well known options in the PLC world. OpenPCS also incorporates IEC 61850 client/server and publisher/subscriber roles as well as SCL configuration. The result is, for example, a powerful “Smart Grid Controller”:

Software for IEC 61850

Click HERE for more information [EN].
Click HERE for more information [DE].

Tuesday, July 15, 2014

Security – A never ending Story

The more our societies rely on computerized information sharing the more we need to take care that we implement protection mechanisms to run the systems reliable. There are many discussions and approaches how to make or keep the systems robust.

These days there are several discussions going on about whether it is better to keep the vulnerabilities top secret or to let people know how close we are to a lot of critical damages.

Whatever your position is: There is a need to increase the efforts to keep control over our critical infrastructures. And this will require a lot more resources than those written in many business plans for 2014, 2015 and beyond. We have to pay for it anyway: NOW or LATER! Maybe it will be more expensive to pay later!

It is not sufficient to know the issues – We must prevent or fix them actively … as soon as possible.

The other day a new study on ICS and SCADA Security was published:

Critical Infrastructure: Security Preparedness and Maturity

Sponsored by Unisys Independently conducted by Ponemon Institute LLC

The purpose of this research is to learn how utility, oil and gas, alternate energy and manufacturing organizations are addressing cyber security threats. These industries have become a high profile target for security exploits. Moreover, it has been reported that if their industrial controls systems (ICS) and supervisory control and data acquisition (SCADA) systems were attacked the damage could be enormous. …
As the findings reveal, organizations are not as prepared as they should be to deal with the sophistication and frequency of a cyber threat or the negligence of an employee or third party. In fact, the majority of participants in this study do not believe their companies’ IT security programs are “mature
.””

Click HERE to download the report.

My personal understanding is: Everything that is remotely accessible can be breached; everything that is programmed can be re-programmed.

Isn’t it true what King Salmon wrote in Ecclesiastes 1,18 (King James Version): “For in much wisdom is much grief: and he that increaseth knowledge increaseth sorrow.”

This is our daily experience! Or?

Friday, July 11, 2014

New Power Quality and Energy Measurement device supporting IEC 61850

Bender Grünberg offers a new Power Quality and Energy Measurement device supporting IEC 61850 information exchange:

The digital universal measuring device PEM735 is suited for measuring and displaying electrical quantities of electricity networks. The device measures currents and voltages, energy consumption and power, and displays the individual current/voltage harmonics for assessment of the power quality in accordance with DIN EN 50160. The accuracy of active energy measurements corresponds to class 0.2 S in accordance with DIN EN 62053-22 (VDE 0418 part 3-22). The current inputs are connected via external …/1 A or …/5 A measuring current transformers.

Click HERE for general information.
Click HERE for the data sheet.

Wednesday, July 9, 2014

Deutsche Gasversorgung nutzt Profil für IEC 60870-6 TASE.2

20 Jahre nach der Veröffentlichung der Normenreihe IEC 60870-6 TASE.2 (ICCP) ist das Thema TASE.2 bei der deutschen Gasversorgung immer noch hochaktuell! Das wird sicher auch für die nächsten 20 und mehr Jahre so sein!

IEC 60870-6 TASE.2 basiert auf derselben Basistechnologie wie IEC 61850 und IEC 61400-25: MMS (Manufacturing Message Specification, ISO 9506). MMS ist aus dem MAP-Projekt Mitte der 80er Jahre hervorgegangen.

Der DVGW-Arbeitskreis „Standardisierung des Informationsaustausches zwischen Dispatchingzentralen“ empfiehlt für den Austausch von Prozessdaten den Einsatz des „Telecontrol Application Service Element Two“ (kurz TASE.2).

Die Spezifikation des TASE.2-Standards zum Einsatz zum Prozessdatenaustausch zwischen Leitzentralen der Gaswirtschaft sowie einen Leitfaden zur Anwendung finden Sie in der DVGW Gas-Information Nr. 18 "Prozessdatenaustausch zwischen Leitzentralen der Gaswirtschaft auf Basis von TASE.2" , Ausgabe Februar 2012.

Der Leitfaden gibt einen Überblick über die wichtigsten Merkmale und Funktionalitäten von TASE.2 und die konkrete Anwendung von TASE.2 im Extranet der Gaswirtschaft. Der Leitfaden kann auch als Profil verstanden werden. Von der Vielzahl der Möglichkeiten der TASE.2 werden die Definitionen ausgewählt, die für den Anwendungsbereich zu verwenden sind – um einen hohen Grad an Interoperabilität zu erreichen.

Hier klicken, um die DVGW Gas-Information Nr 18 herunterzuladen [pdf, nur lesbar]. Eine druckbare Pdf-Version kann erworben werden.

Vor 15 Jahren haben die an der Normung beteiligten Experten den folgenden Report veröffentlicht:

etz-Report 32
Open communication plattforms for telecontrol applications:
benefits from the new standard IEC 60870-6 TASE.2 (ICCP)

Einige Exemplare des etz-Reports 32 stehen noch zur Verfügung und werden kostenlos abgegeben.

Die hier beschriebene Profil-Bildung sollte auch für IEC 61850 in anderen Anwendungsbereichen zum Vorbild dienen! Dafür werde ich mich verstärkt einsetzen.

Monday, July 7, 2014

Industrieforum VHPready nimmt Fahrt auf

Das “Industrieforum VHPready” erarbeitet einen Standard für virtuelle Kraftwerke, der auf den Normen IEC 60870-5-104 und IEC 61850 aufbaut.
Mittlerweile haben die ersten Arbeitsgruppen des Vereins ihre Arbeit aufgenommen:

AG 1: Weiterentwicklung von VHPready
AG 2: Zertifizierung/Präqualifikation
AG 3: Marketing, Internationalisierung und Standardisierung

Vision und Mission des Vereins:

Das Industrieforum VHPready e.V. setzt sich für die Realisierung der Energiewende durch die standardisierte Vernetzung dezentraler Energieanlagen ein. Der Standard VHPready und seine Zertifizierung gewährleisten das nahtlose, sichere und wirtschaftliche Zusammenwirken aller steuerbaren Komponenten und deren Kompatibilität. VHPready bildet die Grundlage für den flexiblen Zusammenschluss
dezentraler Energieanlagen zu virtuellen Kraftwerken.

Hier für den Flyer klicken.
Hier finden Sie den Zugang zu VHPReady.
Hier ist eine aktuelle Veröffentlichung in den EW Medien.

Mitte Juni 2014 waren folgende Firmen und Organisationen Mitglied: 2G Energy • 50Hertz • Beck IPC • Bosch SI • Energy2market • E.ON Connecting Energies • IABG • Fraunhofer Gesellschaft • IT&I • LichtBlick • Optimax Energy • Phoenix Contact • SSV Software Systems • Vattenfall Europe Wärme • WAGO Kontakttechnik • Younicos

Das Industrieforum ist aus meiner Sicht die erste ernstzunehmende Aktivität in Deutschland, die Vielfalt in der Kommunikation zwischen den vielen dezentralen Energieerzeugungsanlagen (Energie-Erntemaschinen) und Leitsystemen zu reduzieren beziehungsweise erst gar nicht aufkommen zu lassen.

Ohne (eine oder vielleicht zwei) einheitliche Kommunikationslösungen werden die Aufwendungen bei der Realisierung von notwendigen Informationsaustauschverfahren sehr hoch – was dazu führt, dass entweder viele Energieerzeugungsanlagen gar nicht oder nicht optimal eingesetzt werden können oder die Anlagen nur mit einer einzigen Leitstelle kommunizieren kann.

Die Mitarbeit im Industrieforum VHPReady sollte ein Muss für alle Netzbetreiber, Betreiber von virtuellen Kraftwerken und von dezentralen Erzeugungsanlagen sein!