Saturday, August 26, 2017

The Cassandra Coefficient and ICS Cyper - Some Thoughts

Do you have a idea what "The Cassandra Coefficient" is all about and how it relates to ICS cyber security? Joe Weiss discusses the issues in a recent publication:

Cassandra coefficient and ICS cyber – is this why the system is broken

Brief extract from the publication:
Joe Weiss writes: " ... What I have found is that each time another IT cyber event occurs more attention goes to the IT at the expense of ICS cyber security. The other common theme is “wait until something big happens or something happens to me, then we can take action”. Because there are minimal ICS cyber forensics and appropriate training at the control system layer (not just the network), there are very few publicly documented ICS cyber cases. However, I have been able to document more than 950 actual cases resulting in more than 1,000 deaths and more than $50 Billion in direct damages. I was recently at a major end-user where I was to give a seminar. The evening before I had dinner with their OT cyber security expert who mentioned he had been involved in an actual malicious ICS cyber security event that affected their facilities. For various reasons the event was not documented. Consequently, everyone from the end-user, other that the OT cyber expert involved, were unaware of a major ICS cyber event that occurred in their own company. So much for information sharing."

My personal experience in this and in many other areas is: People tend to hide information instead of sharing information. I found many times that SCADA experts do not really talk to RTU people, substation automation or protection engineers ... and not at all to the people that are responsible for the communication infrastructure. Most engineers likely tend to focus on their (restricted) tasks and not looking at the SYSTEM and its lifetime. Am I contributing to solve the challenges to build a quite secure system - or am I part of the problem?

I repeat what I have said many times: Teamwork makes the dream work! Become a team player!

Click HERE for the publication.

This publication is worth to read ... some definition of what Cassandra Coefficient is could be found HERE.

Wednesday, August 23, 2017

ICS-Security Für Kleine Unternehmen Machbar Machen

Industrielle Automatisierungssysteme (Industrial Automation and Control Systeme, IACS) durchdringen viele Bereiche der kritischen Infrastrukturen wie Versorgungssysteme für Strom, Gas, Wasser, Abwasser, ...).

Mittlerweile wächst so langsam das Bewußtsein, dass viele dieser Systeme aus vielerlei Gründen nur unzureichend (im Sinne von Informationssicherheit) geschützt sind. Gründe können sein, dass Verantwortliche noch nicht die Notwendigkeit für mehr Schutzanforderungen sehen oder dass die installierten Systeme "altersschwach" sind und nur durch Austausch geschützt werden können, und und ...

Wasserversorgungsunternehmen zusammen mit dem BSI und der RWTH Aachen haben eine Masterarbeit begleitet, die besonders kleinen Versogungsunternehmen den Blick für mehr Sicherheit in der Informations- und Automatisierungstechnik öffnen könnte:


Sarah Fluchs hat die folgende Masterarbeit geschrieben:


Erstellung eines IT-Grundschutz-Profils für ein Referenzunternehmen (kleines/mittelständisches Unternehmen, KMU) mit automatisierter Prozesssteuerung (Industrial Control System, ICS)
Oder:
ICS-Security für kleine Unternehmen machbar machen

Die Arbeit und ein Anhang sind öffentlich zugänglich:

HIER für den Hauptteil der Arbeit klicken.
HIER für den Anhang "IT-Grundschutz-Pilotprofil bzw. IT-Grundschutz-Profil für die Wasserwirtschaft

Diese Masterarbeit ist absolut lesens- und beachtenswert!

Die Einleitung beginnt mit einer Aussage von Ralph Langer:

For many complex IACS networks, there is no longer any single person who fully understands the system, […] and neither is there accurate documentation.

Dieser Aussage stelle ich eine viel ältere von Rene Descartes (1596-1650) voran:

"Hence we must believe that all the sciences [all the aspects of a distributed Automation System; vom Verfasser des Blogposts eingefügt] are so interconnected, that it is much easier to study them all together than to isolate one from all others. If, therefore, anyone wishes to search out the truth of things in serious ernest, he ought not to select one special science (aspect), for all the sciences (aspects) are cojoined with each other and interdependent."

Die Herausforderungen der heutigen und zukünftigen Generationen bestehen darin, ganzheitlich zu denken und zu handeln sowie die vielen überlieferten und damit auch vielfältigen Erfahrungen von unseren Vorfahren, besonders aber von solchen Menschen zu berücksichtigen, die unmittelbar in der Praxis tätig waren und gegenwärtig sind! [Aussage wurde von einem guten Freund ergänzt].

Teamwork makes the dream work.

In diesem Sinne geht mein Dank an Frau Fluchs, die mit ihrer Masterarbeit einen Grundstein gelegt hat. Symptomatisch ist, dass oft grundlegende Arbeiten "nur" von Studenten durchgeführt werden. Schade! Die angesprochenen Themen betreffen uns ALLE!

Eine Aussage in ihrem Fazit und Ausblick würde ich gerne korrigieren:

"Die übergeordnete Thematik der vorliegenden Arbeit ist die ICS-Security. Das Thema besetzt im Vergleich zu der „gewöhnlichen“ IT-Security bislang eine Nische. Vor allen produzierende Unternehmen und Betreiber kritischer Infrastrukturen müssen sich damit befassen – Otto Nor-malverbraucher bekäme zwar die Auswirkungen eines Security Incidents potenziell zu spüren, hat aber keinen direkten Einfluss auf die ICS-Netze und deren Sicherheit."

Wir als Otto-Normalverbraucher haben einen sehr großen direkten Einfluss auf die Sicherheit unserer Infrastrukturen: Indem wir bereit sind, mehr für unsere Grund-Versorgung zu bezahlen!!

Tuesday, August 22, 2017

No Gas No Electric Power - Yes, it Happend

Taiwan was hit recently by a massive blackout caused by simply closing two gas valves that powered six power generators with a total capacity of some 4,0000 MW or 4 GW!
How could that happen? The peak generation did not have reserve power. So the 4 GW tripped could not be compensated by other generations. It happens so fast!
The general stress was one aspect - another was an error made by humans, "almost 9 per cent of the island’s generation capacity, stopped after workers accidentally shut off its natural gas supply".

I am not aware of any details of the human error. One thing is clear: Our infrastructure is really under stress! It will take some efforts to get it fixed.

Click HERE for a news report.

We have really problems with existing and new infrastructures:

Check the pictures from the problems of the new train tunnel project in Rastatt (close to my home town Karlsruhe/Germany) ... you may read German as well ...

What happened? Who knows? Maybe the cheapest offer was awarded a contract ...
There is almost no redundancy in the Rhine river valley rail system ... redundancy costs money ...

It is a pity that new build infrastructure collapses and destroys old (still working) infrastructures.

Monday, August 21, 2017

New Application Example for EvaDeHon Package

We have posted a new example extending the use of the Evaluation, Demonstration and Hands-On (EvaDeHon) Package.

We will publish from time to time additional models and documentation for interesting applications. The objective is to help you to understand the various topologies and possibilities to use the IEC 61850 technology for the process information exchange.

One focus is on the application of the IXXAT (HMS) Smart Grid Gateways.

The example offers polling and reporting (Server on PC, Client on IXXAT WEB-PLC Gateway). The download contains the client CID for the gateway, the server CID and the JSON file for the PC. The gateway polls every 2 seconds and receives reports every 5 seconds - these intervals can be configured. Additionally it includes some specific documentation.



Click HERE for more information.

Saturday, August 19, 2017

Smart Cars Under Attack- What Does it Mean for Power Systems?

We are quite often looking for smart things: cars, phones, power grids, ... expecting they make life easier or more comfortable. May be ... or may not be.
We have to understand and take into account that most of these smart things are under enormous pressure to become hacked.
Researchers have reported that "Smart car makers are faced with a potentially lethal hack that cannot be fixed with a conventional software security update. The hack is believed to affect all smart cars and could enable an attacker to turn off safety features, such as airbags, ABS brakes and power-steering or any of a vehicle’s computerised components connected to its controller area network (Can) bus. ... The hack is “currently indefensible by modern car security technology, and to completely resolve it would require broad, sweeping changes in standards and the ways in-vehicle
networks and devices are made,”"
Click HERE for the full report on computerweekly.
Click HERE for another detailed report also worth to read and FOLLOW.

Hm, that is no good news!

I hope that the power industry is using appropriate (security) standards to dramatically reduce the risk to hack devices used in power automation systems. One of them is IEC 62351. There are many other measures discussed on this block, e.g., the German BDEW Whitebook.
How many more wake-up calls do we need to change our ways how to secure energy delivery services? The more devices are brought into operation the more we need to care about security.

A lethal position of the management would be: "It could not happen to our systems - they are all safe. Really?

In the first years of open systems interconnection (OSI) ... early 1980s, I was quite unhappy with the Ethernet CSMA/CD method and the token bus solution. As a young engineer at Siemens here in Karlsruhe, I spent many hours and days of my free time (at home) to figure out how to improve the CSMA/CD to make the access deterministic - yes I found a solution! My colleagues and the management was supporting Tokenbus only ;-)

So, my patent was not used by Siemens ... but later I figured out that the CAN bus used the same algorithm I developed for my patent.

At that time almost nobody was expecting that years later people would intentionally hack media access protocols!! I remember one person complaining about OSI in the early 80s. He said (in German): "Wer offene Systeme haben will, der ist nicht ganz dicht!" This is not easily to be translated in English - I will try. "Offene Systeme" is "Open Systems". "Dicht" means "close" - and if someone is "nicht dicht" means: you are crazy. So: "If you want to have Open Systems - you must be crazy."

Click HERE to have a look at my patent (EP0110015).

I am really wondering that the old and for long time used protocols like CAN make that lethal trouble 30 years later! What will be next?

By the way, any Ethernet multicast shower in a subnetwork has the potential to crash a "smart" device. If the Ethernet controller has to filter out too many multicast messages it may stop to work.

Resume: Any system needs to be carefully designed, engineered and configured. Do you want to have a problem? No Problem!

The industry has to learn that a lot of changes in the way we automate today has to come!! That requires SMART People - and a lot more resources ... the costs of our living will definitely increase.

I question, if we have really made a lot of progress since the early 80s. Open Sytsems are too "open" ... we have to find ways to close the points where hacker could tap and "re-use" the messages in order to stop talking.

Friday, August 18, 2017

Draft of First Amendment to IEC 62351-3 (power system security) Published

Draft IEC 62351-3/AMD1 ED1 (57/1894/CDV)
Amendment 1 – Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP
The crucial amendment has been prepared by IEC TC57 Working Group 15 in order to address the following:

  1. Definition of additional security warnings for TLS versions 1.1 and 1.0
  2. Alignment of handling of revoked or expired certificates for TLS session resumption and TLS session renegotiation
  3. Clarification regarding session resumption and session renegotiation invocation based on session time.
  4. Enhancement of session resumption approach with the option of session tickets to better align with the upcoming new version of TLS
  5. Enhancement of the utilized public key methods for signing and key management with ECDSA based algorithms
  6. Update of the requirements for referencing standards
  7. Update of bibliograph
The CDV ballot ends 2017-11-03

Drei IEC-61850-Hands-On-Trainingskurse in Deutsch in Karlsruhe (2017 und 2018)

Die NettedAutomation GmbH (Karlsruhe) bietet drei Termine für das aktuelle IEC61850-Hands-On-Training in Karlsruhe an:
05.-08. Dezember 2017 
14.-17. Mai 2018
04.-07. Dezember 2018

Diese unschlagbar günstigen Trainingskurse vermitteln über 30 Jahre Erfahrungen mit Informationsaustausch-Systemen basierend auf internationalen Normenreihen wir IEC 61850 (allgemeine Anwendungen in der Energietechnik, Schaltanlagen, Transport- und Verteilnetze, Wasserkraft, Kraft-Wärmekopplung, Speicher, ...), IEC 61400-25 (Wind), IEC 60870-5-10x (traditionelle Fernwirktechnik), IEC 61158 (Feldbus), IEC 62351 (Sicherheit in der Informationstechnik) und vielen anderen.

Planen Sie schon heute das entsprechende Budget für das Jahr 2018!

Clicken Sie HIER für Inhalte, Preise und Anmeldeinformationen.

Thursday, August 17, 2017

SMA Inverter and Cyber Security Issues

Recently a study on cyber security threads regarding PV inverters was published, in which SMA was mentioned. The topic has also since been seized upon by other media outlets. Unfortunately, the claim has caused serious concern for SMA customers. SMA does not agree with this article, as some of the statements are not correct or greatly exaggerated.

Click HERE for the complete response by SMA.
HIER geht es zur deutschen Seite.

I hope that all vendors of network connected devices are as serious as SMA when it comes to security.

Thursday, August 10, 2017

Fuzzing Communication Protocols - Some Thoughts About a New Report

Have you heard about FUZZING?

Wikipedia explains:"Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. ..." Wow!

Is there any link to IEC 60870-5-104, OPC UA or IEC 61850? Yes there are people that have used the technique to test these and many other protocols.

The "State of Fuzzing 2017" report just published by SYNOPSIS (San Francisco) wants to make us belief that, e.g., the above mentioned protocols are weak and may crash easily. What?

The best is to read the report and my comments below. Other experts have commented similarly.

Click HERE to download the report.

Any kind of testing to improve IMPLEMENTATIONS of protocols is helpful. You can test implementations only – not the protocols or stacks per se.

One of the crucial questions I have with the fuzz testing report is: Which IMPLEMENTATION(s) did they test? Did they test 10 different or 100? Open source implementations only? New implementations or old? Or what?

Testing is always a good idea … more testing even a better approach. At the end of the day, customers have to pay for it (e.g., higher rates per kWh).

I would like to see more vendor-independent tests of any kind … but the user community must accept the higher costs. Are you ready to pay more? How much more would you accept to pay? 50%?

As long as vendors have the possibility to self-certify their products we will see more problems in the future.

Anyway: The best approach would be to use a different protocol for each IED … ;-)

What about testing the wide spectrum of application software? Not easy to automate … to fuzz.

You may have a protocol implementation without any error within one year … but an application that easily crashes … a holistic testing approach would be more helpful. IEC TC 57 WG 10 has discussed many times to define measures for functional tests … without any useful result so far. Utility experts from all over the world should contribute to that project – go and ask you manager to get approval for the next trips to New Orleans, Seoul, New York, Frankfurt, Brisbane, Tokyo, …  to contribute to functional testing. In case you do not attend – don’t complain in the future when IEDs crash …

The more complex an application is, the more likely it is that there will be serious and hard to find problems.

Crashing the protocol handler and application is one thing - what if they don’t crash but bad data gets through?

Conclusion
The report is a nice promotion for the fuzzing tools offered by Synopsis.
The last page states: "Synopsys offers the most comprehensive solution for building integrity—security and quality—into your SDLC and supply chain. We’ve united leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. ... our platform will help ensure the integrity of the applications that power your business."

Testing is very crucial and very complex. I hope that users of devices applying well known protocols in power system automation will soon better understand HOW important testing is - require various tests for devices they purchase and are willing to pay for it!
Start with an education phase as soon as possible - before it is too late.

Wednesday, August 9, 2017

Analysis Of The Malware Reportedly Used in the December 2016 Ukrainian Power System Attack

Senior experts of SANS ICS and E-ISAC have released a very good report:

ICS Defense Use Case No. 6:
Modular ICS Malware
August 2, 2017

This document contains a summary of information compiled from multiple publicly available sources, as well as analysis performed by the SANS Industrial Control Systems (ICS) team in relation to this event. Elements of the event provide an important learning opportunity for ICS defenders.

The sharing of this report is very much appreciated. It is very rare to get such a professional publicly available analysis about a significant and terrifying event in the control system world.

The report closes with this very important statement:

Defenders must take this opportunity to conduct operational and engineering discussions as suggested in this DUC and enhance their capabilities to gain visibility in to their ICS networks and hosts. The community must learn as much as it can from real world incidents and not delay; we expect adversaries to mature their tools and enhance them with additional capabilities.

I recommend you to study this document and get trained by the real experts - for the good of your country! Don't accept the decision of your HR ... not providing you the budget for training. Quite often HR managers believe that our systems are secure - no need for training on security, communication standards, etc.

Click HERE for the full report.

By the way, the SCADASEC blog (as a crucial platform for ICS defenders and other people) is a nice place to visit, discuss and learn issues related to the topics discussed in the paper.

Tuesday, August 8, 2017

Draft for Role Based Access Control (RBAC) Published (IEC 62351-90-1)

IEC TC 57 published the IEC TR 62351-90-1 Draft for Role Based Access Control (RBAC) [57/1905/DTR]:

IEC 62351 Data and communications security –
Part 90-1: Guidelines for handling role-based access control in power systems

The voting period closes on 2017-09-29.

"The power system sector is adopting security measures to ensure the reliable delivery of energy. One of these measures comprises Role-based Access Control (RBAC), allowing utility operators, energy brokers and end-users to utilize roles to restrict the access to equipment and energy automation functionalities on a need-to-handle basis. The specific measures to realize this functionality have been defined in the context of IEC 62351-8. It defines 3 profiles for the transmission of RBAC related information. This information is, but not limited to, being contained in public key certificates, attribute certificates, or software tokens. Moreover, especially for IEC 61850, it defines a set of mandatory roles and associated rights. The standard itself also allows the definition of custom roles and associated rights, but this is not specified in a way to ensure interoperability."

Data and communication security is a crucial issue in the communication between multiple IEC 61850 clients and an IED with a single IEC 61850 Server. The administration of the roles and further behavior requires a highly complex (centralized!?) administration and a complex functionality in each IED implementing RBAC.

The following aspects have a big impact on implementations:
  1. TCP/IP Networking,
  2. General security measures like TLS,
  3. RBAC, 
  4. MMS,
  5. IEC 61850 Services, Models and Configuration, and
  6. Power system functionalities (key for the power delivery system) on top
The bulk of resources needed are mainly independent of the MMS protocol and services. People that want to use other protocols cannot really expect that the cost for getting secure communication and data will be lowered - the most efforts are related to non-protocol issues.
The second, third, fifth, and sixth bullet are most crucial.
In addition to the cost of implementing RBAC (including the other required parts of the series IEC 62351) one has to understand that the operation, management, engineering, and configuration of RBAC consumes a relatively huge amount of resources of the embedded controllers or other platforms.
That is one of the crucial reasons why many IEDs installed today cannot (and likely will not) be upgraded for measures defined in the IEC 62351 series.

Recommendation: As soon as possible get started to understand the impact of the measures defined in IEC 62351 and how to implement some or many of these measures.

Related documents of the series IEC 62351 IEC/TS 62351, Power systems management and associated information exchange – Data and communications security – are:

Part 1: Communication network and system security – Introduction to security issues
Part 3: Communication network and system security – Profiles including TCP/IP
Part 4: Profiles including MMS
Part 5: Security for IEC 60870-5 and derivatives
Part 8: Role-based Access Control

Monday, August 7, 2017

IEC 61850, Sensors, and Cyber Threats

Sensors all over will be more important in the future: First to automate processes and second to monitor the automation systems.
The other day I found a very serious report on compromising automation systems under the title:

ICS cyber threats are morphing into compromise of plant functionality – do we have the right tools? 

The report by Joe Weiss is worth to read.

Click HERE for reading the complete report.

The discussion is about compromising an actuator (Valve, ...)  and let the physics do the damage!

Joe resumes: "Without sensor monitoring, it is NOT possible to see the precursor to these kinds of conditions until it is too late."

I have discussed the reported issues with an expert of valves in industrial process control applications. He confirmed that the cavitation (bubble or Wasserblasen) effect is known for long. But there are only a relatively few applications of (vibration) sensors installed to measure the noise produced by cavitation (see video at Youtube) to figure out that something is going wrong.

IEC 61850 has a bunch of models and services to support sensors:



and event reporting:



The quality attributes that come with all values could be used to flag that the value is valid or not. Additionally the sensor may have a health problem (figured out by a diagnosis routine) that can be reported using the TTMP.EEHealth.stVal attribute (EE - external equipment).

All models and services have to rely on good hardware and software! Or we get: Garbage in - Garbage out!

In our seminars and hands-on training courses we discuss these and many other topics in detail.

IEC 61850 Europe 2017 Conference and Exhibition in September 2017

The largest conference and exhibition on IEC 61850 and related topics invites you:

Multi-Vendor Multi-Edition IEC 61850
Implementation & Operation
3-Day Conference, Exhibition & Networking Forum
26-28 September 2017 
Novotel Amsterdam City
The Netherlands

Now firmly established as the European end-user forum for IEC 61850 experts and implementation leaders, this dedicated 3-day conference, exhibition and networking forum provides the information, inspiration, and connections you need to propel your IEC 61850 deployments further faster!

This year’s end-user driven programme explores the opportunities and challenges presented by sophisticated multi-vendor multi-edition IEC 61850 implementation, operation and maintenance. Utility experiences of advanced functionalities such as Process Bus, GOOSE Messaging, PRP & HSR, and Time Synchronisation are evaluated in the context of digital substations, as well as inter-substation, substation to SCADA systems, substation to metering infrastructure, and substation to DER.

Click HERE for the details of the event.

Attending this conference will give you a flavor of the market for IEC 61850 based systems.

After the conference you may have a lot of questions and my look for some senior experts that will guide you vendor-independently into the magic of the standard series.

Please have a look what kind of training FMTP and NettedAutomation offer you in October and December 2017 in Karlsruhe (Germany).

ENTSO-E Just Published a New Update on Activities Related to IEC 61850

ENTSO-E is actively supporting the application of IEC 61850.

They believe that "The IEC 61850 Standard for the design of electrical substation automation addresses many crucial aspects of TSO communications, data modeling and engineering in order to reach seamless interoperability of different vendors’ subsystems within the TSO system management architecture."

ENTSO-E published an Update on their activities related to IEC 61850 in July 2017.

ENTSO-E Ad Hoc Group IEC 61850 continued to intensively work on the improvement of the IEC 61850 standard interoperability on two main domains:
  1. At information level (data semantic), the development of the ENTSO-E profile through the Interoperability Specification Tool (ISTool)
  2. At engineering level, by consolidating ENTSO-E requirements that have been formalized into a DC (Document for Comment), approved through the IEC National Committees (NC) voting process, and now encapsulated in the action plan of several task forces of the IEC TC 57 WG10
Click HERE for reading the complete the report.

Comparison of IEC 60870-5-10x, DNP3, and IEC 60870-6-TASE.2 with IEC 61850


In 2008 I published the 3rd version of the document:

Comparison of IEC 60870-5-101/-103/-104, DNP3, and IEC 60870-6-TASE.2 with IEC 61850

This is really the most downloaded document since then - and still in 2017!

Click HERE for getting a copy.

It is interesting that so many people are still interested to see the difference between IEC 61850 and the other IEC TC 57 standard series.

Now, in 2017 we have learned that IEC 61850 goes far beyond the other standard series.

The RTU standards like 104 or DNP3 are still in widespread use. Utilities are expecting that many vendors of RTUs will start to discontinue to supporting these standards.
That is one of many reasons why more utilities are starting to get involved in understanding IEC 61850.

IEC PC 118 Has Published Two CDV Documents Dealing With Smart Grid Communication

IEC PC 118 "SMART GRID USER INTERFACE" has published two new CDV documents available for PUBLIC comments:

Systems interface between customer energy management system and the power management system – Part 10-1: Open Automated Demand Response [118/75/CDV] with 87 pages

Systems interface between customer energy management system and the power management system – Part 10-3: Adapting smart grid user interface to IEC CIM [118/76/CDV] with 27 pages

Both CDV (committee draft for vote) are accessible for PUBLIC comments (http://www.iec.ch/comment).

These documents of IEC PC 118 are likely to have an impact on the work done and under development of IEC TC 57 and IEC TC 65. With your comments a duplication of work may be prevented.

Please use the opportunity to provide your comments through the IEC channel.

IEC 61850-90-9 Models for Electrical Energy Storage Systems

IEC 61850 Part 90-9: Use of IEC 61850 for Electrical Energy Storage Systems is progressing these days. The latest draft describes the basic functions of Electric Energy Storage System (EESS) and the information model of the interface to integrate EESS in intelligent grids and establish the necessary communication with standardised data objects. The next official draft is expected to be published soon.
This draft  is  connected  with  IEC 61850-7-420,  as  well  as  IEC 61850-7-4:2010, explaining how the control system and other functions in a battery based electric energy storage unit utilizes logical nodes and information  exchange services  within the IEC 61850 framework to specify the information exchanged between functions as well as information that individual functions need and generate. The first Edition of IEC 61850-7-420 provides an information model for batteries which was derived from the proposed data objects of part 7-4. Those data objects follow the requirements of batteries that are supposed to be used in substations as an auxiliary power system and as backup power supplies. For this purpose it was sufficient to only model the discharge function. Therefore it is necessary to prepare new logical nodes to be applicable for grid connected electrical energy storage systems.
This draft provides necessary information within 61850 based object model in order to model functions of a battery based electrical energy storage system as a DER unit. For intelligently operated and/or automated grids, storing energy for optimising the grid operation is a core function. Therefore shorter periods of storing energy with charging and discharging capability is also an indispensable function. Charging and discharging operations need to be modelled thoroughly and are in the focus of this technical report.

The draft lists several use-cases found in the real world:

UC1 Retrieve current status and capabilities of EESS
UC2 Set charging power to EESS
UC3 Set discharging power to EESS
UC4 Set Operating mode/ schedule  to EESS
UC5 EESS Alarm / Asset Monitoring

UC1 current capability /status information as an example:

1-2-1 EESS Generic Status Reporting
•  ES-DER on or off
•  Storage available or not available
•  Inverter/converter active power output
•  Inverter/converter reactive output
•  Storage remaining capacity (% and/or kW)
•  Storage Free capacity (% and/or kW)

1-2-2 EESS inverter /converter status
•  Current connect mode:  connected or disconnected at its ECP
•  Inverter on, off, and/or in stand-by status: inverter is switched on (operating), off
(not able to operate), or in stand-by
•  mode, e.g. capable of operating but currently not operating
•  DC current level available for operation: there is sufficient current to operate
•  Value of the output power setpoint
•  Value of the output reactive power setpoint
•  Value of the power factor setpoint as angle (optional)
•  Value of the frequency setpoint (optional)

1-2-3 EESS (battery) internal status
 •  Amp-hour capacity rating
•  Nominal voltage of battery
•  Maximum battery discharge current
•  Maximum battery charge voltage
•  High and Low battery voltage alarm level
•  Rate of output battery voltage change
•  Internal battery voltage
•  Internal battery current
•  State of charge (energy % of maximum charge level)
•  Reserve (Minimum energy charge level allowed, % of maximum charge level)
•  Available Energy (State of charge – Reserve)
•  Type of battery

1-2-4 Power measurements
•  Total Active Power (Total P): Value, High and Low Limits
•  Total Reactive Power (Total Q): Value, High and Low Limits
•  Average Power factor (Total PF): Value, High and Low Limits, and averaging time
•  Phase to ground voltages (VL1ER, …): Value, High and Low Limits

More to come ...