Sunday, July 31, 2016

Power Quality Meter Goes IEC 61850 and IEC 60870-5-104

Friday last week I was involved in installing a high level Power Quality Meter (UMG 512 from Janitza) to monitor the power for a new building:

The objective was to apply a smart gateway between the Meter and IEC 61850 and IEC 60870-5-104. It took some 90 minutes to install the meter and configure it for Modbus TCP communication. The gateway used is an HMS Anybus SG Gateway I/O.

The gateway offers connectivity to Profibus, ProfiNet, Ethernet/IP, and other protocols.
The gateway reads out 22 signals from the Meter (all new Meters from Janitza use the same addresses for the basic signals):

The Modbus signals (from an UMG 604) are listed in the gateway for polling:

As well we need to configure the Signals for IEC 61850 and IEC 60870-5-104:

The signals in IEC 61850 are configured with an SCL File. The 104 signals need manually configuration.

Finally we need to program the mapping from Modbus to IEC 61850 LNs and IEC 60870-5-104 signals. The drop-down menu is used to place the signals to the screen:

Finally the inputs are linked to the outputs:

The signals from the Meter are automatically exposed through IEC 61850 and IEC 60870-5-104 servers.
The IEDScout 4.1 from Omicron is used to connect to the IEC 61850 Server in the Gateway:

And the QTester104 receives messages from the IEC 60870-5-104 server:

Lesson learned: It took less than one hour to configure the Gateway and use it.
This is likely the easiest and fastest way to communicate Power Quality Meter signals through IEC 61850 and IEC 60870-5-104. 

Wednesday, July 27, 2016

Could You Measure a Change in Air Flow caused by a Wind Turbine in a distance of 100 km?

Assume an air flow of x m**3 per second. What happens at your position if a big wind turbine is starting to rotate in a distance of 100 km? Do you expect that you could measure that the air flow is reduced due to the wind turbine that removes energy from the air flow? It may be possible if the turbine would be located in a huge tube. So far so good.
Another question: Could you believe "that a short-circuit at Lawrence Berkeley lab one day was observed by a micro-PMU [Phasor Measurement Units] in Los Angeles, 550 kilometers away, as a 0.002 percent dip in voltage"? It is more likely that one can measure a 0.002 percent dip in 550 km distance than a change in air flow 100 km away caused by a wind turbine.
With a network of many micro-PMUs it may be possible to figure out that somebody is switching on a computer. If you install enough micro-PMUs you may get there.
With a good power quality meter and pattern recognition I could figure out when my wife switches on the Toaster or Microwave.

Each of load (in our home or in the neighborhood) has a specific finger print. So that I could see the patterns and learn what they mean - after some training.

Some people made this observation "We're watching the volts and the amps and we’re not even inside the substation. We’re five miles away. We came up with this idea: What if we were to tell the substation operator that this substation switch is opening and closing? If they were the ones opening and closing it, that’s great. But if not, that’s a pretty good sign that there’s a cyber attack at least being experimented with.”

This is a true story (I guess).

Click HERE for a news report from IEEE Spectrum.

More Big Data to come. Be aware in your home that a power quality meter connected to the copper wire some 20 to 50 m away may be watching you. What about privacy? Is it a good thing to know (almost) everything?
"For in much wisdom is much grief; and he that increaseth knowledge increaseth sorrow." (Kohelet 1:18)

FERC is about to Strengthen the Critical Infrastructure Protection (CIP) Requirements

Security is (so far) likely the most crucial key word in 2016. We all want to live in a secure world with a secure power delivery system and many other infrastructures.
There are many rules set by well known standard setting organizations. One is the US Federal Energy Regulatory Commission (FERC). They have published the Critical Infrastructure Protection (CIP) Reliability Standards years ago. Usually the rules are improved after something serious happened. What happend some months ago? Yes, the Dec 23, 2015 cyber attack on the electric grid in Ukraine.
A lot of reports have been published recently.
FERC seeks comments (in this summer) on possible modifications to the CIP Reliability Standards - and any potential impacts on the operation of the Bulk-Power System resulting from such modifications - to address the following matters:
  1. separation between the Internet and BES Cyber Systems in Control Centers performing transmission operator functions; and
  2. computer administration practices that prevent unauthorized programs from running, referred to as “application whitelisting,” for cyber systems in Control Centers.
Click HERE to access the FERC Docket No. RM16-18-000 that has all the details.

Security standards are one measure to improve the protection of technical systems - but the most crucial issue is: TRUST! Trust is what it's really all about. I hope that all readers of this IEC 61850 blog trust me! I do my best!

By the way, the security requirements on paper or in a PDF document do not protect any system. It is the human beings (you can trust) that have to understand the complexity of the power delivery system, the software applications, communication, and administration of the hardware and software. This requires well educated people - educated in many different (or even all) domains -, sufficient resources, and decisions to implement what is needed.

Rene Descartes (1596-1650) understood it already very well what we have to do: "Hence we must believe that all the sciences are so interconnected, that it is much easier to study them all together than to isolate one from all others. If, therefore, anyone wishes to search out the truth of things in serious ernest, he ought not to select one special science, for all the sciences are cojoined with each other and interdependent."

And: Teamwork makes the dream work!

Stay safe!

Saturday, July 23, 2016

IEC TC 57 Published FDIS IEC 62351-11 Security for XML Documents

Have you ever seen a multi MegaByte XML file used for system or device configurations, COMTRADE, COMFEDE, or other purposes? I have big SCL files that represent real substation specifications. What happens if one (1) single character is removed or changed by somebody ...? A change of a single character can have very severe consequences!
In order to secure XML Files in the context of IEC and other standards organizations, IEC TC 57 just published the document:
57/1753/FDIS: Power systems management and associated information exchange – Data and communications security – IEC 62351-11: Security for XML Documents

Voting closes 2016-09-02

IEC 62351-11 specifies schema, procedures, and algorithms for securing XML documents that are used within the scope of the IEC as well as documents in other domains (e.g. IEEE, proprietary, etc.). This part is intended to be referenced by standards if secure exchanges are required, unless there is an agreement between parties in order to use other recognized secure exchange mechanisms. It utilizes well-known W3C standards for XML document security and provides profiling of these standards and additional extensions.

Wednesday, July 20, 2016

PowerEDGE Offers 3 day Training Course on IEC 61850 and Related Topics in Singapore (24-26 Oct 2016)

The Asian-Pacific region is demanding for competent education services in connection with the application of advanced automation solutions based on IEC 61850 and related standards.
PowerEDGE invites you to attend the most comprehensive Training Course on IEC 61850 ... tap the experience of 230+ courses with 4,100+ attendees all over.
The training  will be conducted in Singapore on 24-26 October 2016.
Click HERE for more details and registration information.

Thursday, July 14, 2016

How to Protect Electric Power Delivery Systems?

These days we see a lot of discussions on security in the domain of electric power delivery systems. One thing is for sure: The power delivery infrastructure is under heavy stress ... just to list a few issues:

  1. Aging equipment (primary and secondary).
  2. Increasing cyber attacks.
  3. Increasing physical attacks.
  4. Aging Workforce.
  5. Political objective to reduce the rate per kWh of electric power consumed.
  6. ...

A lot has been discussed recently regarding these and other issues.

Today I would like to have a brief look on the third bullet "Physical Attack". The Wall Street Journal (WSJ) published the other day a report on physical attacks of substations in the US: "Grid Attack: How America Could Go Dark". After reading these news I decided not to post anything about that report. But: When I got up this morning I read the (bad) news about the tragic attack on humans in Nice (France) last night with 80 people on the death toll of 80, I said to myself, I have to talk about these physical attacks.

First of all, our prayers are for the French people in general and especially for those that have lost one of their loved one, for those that are insured, and those that have experienced this attack.

Second, please read the WSJ report to understand the situation of our - partly very unprotected - electric power delivery system:

Click HERE for the report.

More or less the same could be reported about many substations worldwide.

Next time we may see a truck driving into a major substation, power plant, or high voltage transmission tower, ... How can we protect ourselves and the technical systems that are needed every second in our life?

2. Timothy 3:1-5 says: "1 But understand this, that in the last days there will come times of difficulty. 2 For people will be lovers of self, lovers of money, proud, arrogant, abusive, disobedient to their parents, ungrateful, unholy, 3 heartless, unappeasable, slanderous, without self-control, brutal, not loving good, 4 treacherous, reckless, swollen with conceit, lovers of pleasure rather than lovers of God, 5 having the appearance of godliness, but denying its power."

It is unlikely that all humans will understand the importance of the electric power delivery system (and other critical infrastructures) and to control themselves NOT TO TOUCH the system (AND of course other humans)! So, we have to do our best to better physically protect the crucial stations - which is better than do nothing. Attacks will continue to happen - but we have to spent more resources to increase the physical security.

We all have to accept the increase in your electric power bill - if we want to continue using power whenever we need it - 24/7. I hope that we learn better what the real value of our electric power infrastructure is for our daily life!

KEMA (now DNV GL) has Developed a New Suite of Test Tools for IEC 61850

DNV GL (former KEMA, Arnhem/NL) has developed a suite of IEC 61850 test tools, which will be sold under license to both utilities and technology providers.
Under the name UniGrid, DNV GL provides a new and improved test tool. UniGrid enables test and simulation of a complete IEC 61850 substation automation system and it can be used for various types of conformance and interoperability tests.

The product is planned to be available later this year.

Click HERE to request a copy of the new Brochure.

Saturday, July 9, 2016

New Work Items Proposed within IEC TC 57 (IEC TS 62351-100-1)

Power systems management and associated information exchange – Data and communications security – Part 100-1: Conformance test cases for the IEC 62351-5 and its companion standards for secure data exchange communication interfaces (proposed IEC TS 62351-100-1).

The scope is to specify common available procedures and definitions for conformance and/or interoperability testing of the IEC 62351-5, the IEC 60870-5-7 and their recommendations over the IEC 62351-3. These are the security extensions for IEC 60870-5 and derivatives.

Ballot closes 2016-09-30

New Work Items Proposed within IEC TC 57 (IEC 62351-14)

Power systems management and associated information exchange - Data and communications security - Part 14: Cyber security event logging (proposed IEC 62351-14)

This part 14 of the IEC 62351 series specifies technical requirements for logging cyber security events: transport, log data and semantics, such as how to send and receive security events securely, reliably, how to forward security events or logs, etc.
The purpose of this standard is to specify the requirements needed by the power industry to meet
their cyber security needs, to comply with cyber security regulations and standards, and to guarantee
interoperability among different vendor products.

Logical Node "GSAL" (Generic security application), IEC 61850-7-4, is recommended to take into account with the already published data objects:

AuthFail       Authorisation failures
AcsCtlFail    SEC Access control failures detected
SvcViol        SEC Service privilege violations
Ina                SEC Inactive associations
NumCntRs   Number of counter resets

Ballot closes 2016-09-30

New IEC TC 57 and TC 88 CDV Documents Available for Public Comments

Please note that the following documents are now available for public comments:

IEC 61970-452 Ed.3: Energy management system application program interface (EMS-API) - Part 452: CIM static transmission network model profiles

IEC 61400-25-1 Ed.2: Wind energy generation systems - Part 25-1: Communications for monitoring and control of wind power plants - Overall description of principles and models 

Click HERE for accessing the two documents for comments.

Please note that the general title of the series of IEC 61400-25 has changed to "Wind energy generation systems" ... so does the title change as well:

IEC 61400-25-1: Wind energy generation systems -
Part 25-1: Communications for monitoring and control of wind power plants - Overall description of principles and models

Friday, July 8, 2016

Old School versus New School - The Change of Generations in the Power Industry

Recently there was a conference in Cologne (Germany) held on how to improve human resources developments in power utilities. It seems that many managers expect that they fall short of hiring the best engineers.
Why is the situation in the power industry so crucial? There are many reasons - according to my personal experience. One crucial fear is the change of generations: Old School versus New School.
It is a pity that maintaining and improving the largest and the most crucial machines ever (the interconnected power delivery systems) are not so attractive to young people. What would young people do if there would not enough power to send their messages and photos back and forth? What would hospitals do without electric power? Or ...

Many discussions in the public are centered around one issue: getting cheap and cheaper power. I have experienced this quite often when HR managers start discussing with me to offer cheaper training courses ... I guess many of them have to learn that the change of generations of engineers will become THE challenge in the power industry. Why: Because the complexity of the secondary power system solutions has reached a level that can't easily be managed by inexperienced and less-motivated engineers. These engineers have to be trained in power systems theory AND information systems theory.

We (older) engineers had a chance to learn new technologies step by step over a long period - sometimes 20 or more years. These days we see new approaches being popping-up over night - more or less. The pressure is coming, e.g., from Internet technologies, Industry 4.0, and Smart Phones. These new possibilities will have a big impact on the way how power is generated, transmitted, and (of course) how it is distributed and used.

How do we get prepared for the future power delivery system? Solid education is one of the key issues and expensive.

But many HR managers want to get the best for free. The best things in life may be free. But not the power delivery. The real cost of power delivery will likely only be understood after a longer huge black-out.

One objective of HR managers is to hire more young and motivated engineers - another should be to give the experienced and interested engineers more chances to receive the education they need for the years to come.

Ask for a permission to attend a training - good luck!

Experience with the OMICRON IEDScout Version 4.10 - The Name Space Concept

As you may know we have defined a very powerful namespace concept into IEC 61850. It allows to use logical nodes and data objects from multiple application domains in one single SCL File.
This concept has been incorporated into the standard (IEC 61850-6, -7-1, -7-2, -7-3, 7-4, and 8-1) some 15 years ago. At that time I was the editor of parts -7-1 and -7-2.
By the way: These five (5) parts are often called "The Core Parts of IEC 61850".

The name space “IEC 61850-7-4:2003” indicates that ALL instances within this logical device
are derived from the 2003 editions of IEC 61850-7-4, IEC 61850-7-3, and IEC 61850-7-2. The logical device name space could be understood as the prime name space. The attribute ldNs is an attribute contained in the name plate of the logical node zero (LLN0).
A device that implements more than one Logical Device can support multiple prime name spaces - one per Logical Device.

The name space for Edition 2 of the core documents is as follows:

        IEC 61850-7-4:2007A

The Omicron IEDScout V4.1 analyzes this Logical Device name space and acts according to the name space configured. Let's see how that works.

If the LD name space is missing then the default value will be used: this means Edition 1 of the core documents).
The following figure shows an SCL file that does not contain a value for the "ldNs". Now we open the SCL file with the IEDScout 4.1.The IEDScout figures out that the prime name space is Edition 1 of the core parts. In Edition 1 of IEC 61850-7-3 (Common Data Classes) there are no CDCs like ENS and ENC defined. This is indicated in the warning area. Edition 1 of IEC 61850-7-3 defines INS and INC instead.

The new enumerated Common Data Classes (ENS, ENC and ENG) have been added in Edition 2 of IEC 61850-7-3. The SCL File with the Edition 2 prime name space is shown next:

The IEDScout does not show any warning!


What does that mean for all of us? We have to make sure that our IEC 61850 models configured in an SCL File are according to the prime name space we want to use!

And: The IEDScout has many other powerful (browsing, testing, ...) features build-in that help you to get your IEC 61850 based system running according to the standard series IEC 61850, IEC 61400-25, ...

I am using the IEDScout 4.1 in my training courses. Attendees learn how to model IEDs and how to test them.

Click HERE for downloading a 30 days fully functional evaluation license.

Thursday, July 7, 2016

Should Power Grids Put Their Critical Digital Systems Off?

Power delivery systems worldwide are under heavy stress: physical stress and stress caused by shareholders and hackers and ... The stress is heavy often due to very limited resources that hinder engineers to improve the system very much.

Some people believe that the solution may be lying in going back to the Old Days! They want to spend USD 10.000.000+ for studying to go ,Back to analog and non-digital control systems, purpose-built control systems, and physical controls. Who has said this? ... some 20 years ago? No: this month!

The motto of some US congress man seems to be: Get rid of state-of-the-art technology.

A corresponding bill was assigned to a congressional committee on June 6, 2016:
Click HERE for more details.
Click HERE to download the text of the bill [pdf].

Click HERE for a discussion published under

Does this mean the end of digital protection and automation systems? The end of communication according to IEC 61850, IEC 60870-5, DNP3, Modbus, ...?

What is needed? More well educated engineers that can use the digital technology in a way that the power delivery system can be managed securely and that become able to understand how the technology can be applied in order to re-start the power delivery system after a blackout.

I would like to see 10 per cent of the budget (USD 1.000.000) spent into education for protection, automation, SCADA and communications engineers. Have you ever tried to get approval for attending a training course for advanced protection, automation, SCADA, and communications like IEC 61850, or ...??

My experience after I run more than 230 courses worldwide and educated more than 4.100 engineers is this: many engineers that have asked me for a quote to conduct an in-house course or attending a public course had to give up due to budget restrictions!!

The other USD 10.000.000 could be spent for improving the digital based equipment as Cris Thomas, a security expert (see link to above), said: "Instead of spending two years and $10 million exploring ways to downgrade critical systems with even more outdated tech, we should instead invest that time and money into transforming security for the technology currently in place, and into building next-generation security features directly into future technology."

If utilities want to change the way the run their assets the management and stake holders should listen to the engineers!! And follow their recommendations! This is even more crucial in case of implementing more physical control done by human beings!

Badly educated engineers could do more harm than well operating machines.

Whatever we want to do to "ruggedize" our power delivery system, we need more well educated and experienced engineers. Retiring senior engineers with 52 years (to reduce costs) is not a real option! Or? We need you all! And we need young people to study electric power systems and information technology.

Click HERE for some additional discussion by myself (German version).

Saturday, July 2, 2016

FMTP and NettedAutomation announce Seminar Dates for 2017

Due to the request from power engineers FMTP and NettedAutomation have scheduled several dates for public training courses in 2017:

19-23 September 2016 in Stockholm, Sweden [EN]
10-13 Oktober 2016 in Karlsruhe, Germany [EN]
07-09 Dezember 2016 in Karlsruhe, Germany [DE]

30 January 2017 in San Diego, CA USA (just prior to the DistribuTECH 2017) [EN]
14-17 March 2017 in Stockholm, Sweden [EN]
04-07 April 2017 in Karlsruhe, Germany [EN]
19-22 September 2017 in Stockholm, Sweden [EN]
10-13 Oktober 2017 in Karlsruhe, Germany [EN]

Keep tuned to this blog to receive the latest in the domain power system protection and automation. Tap the experience of more than 230 training courses:
Plan your training for Fall 2016 and 2017 now!
Click HERE for further details.
Click HERE to contact us per email in case you have any question.