Showing posts with label system. Show all posts
Showing posts with label system. Show all posts

Saturday, March 2, 2019

IEC TC 57 Just Published Draft IEC 61850-90-20 On Redundancy

IEC TC 57 just published the first Draft IEC 61850-90-20 on System Redundancy:

57/2080A/DC
IEC TR 61850-90-20 ED1
Communication networks and systems for power utility automation –
Part 90-20: Guideline to redundancy systems

Excerpt from the Introduction:

"The paper “CIGRE B5-109: Redundancy challenges on IEC 61850 systems and Migration
Paths for IEC 61850 Substation Communication Networks” introduce redundancy concepts as
follows
“Device redundancy of substation control units may be required in order to increase the availability of the substation automation system at the station level. System level redundancy is achieved by hot-hot or hot-standby configuration of duplicated station units that need to exchange information to ensure data consistency as well as coordinated and safe operation.
IEC 61850 communications in redundant configuration of duplicated clients faces challenges how to ensure that database in both central station control units are synchronized and that no events are lost during the switchover from the primary to secondary IEC 61850 client.”
A proposed redundancy system consists of two IED entities forming a logic IED. One or more lower level IEDs, e.g. merging units or circuit breaker, delivering the input data for the IED entities and getting results from the IED entities. One or more higher level clients receives output data from the IED entities for supervision or HMI.
Additionally, a higher level IED might exist, which supervises the state of the redundant system. In this context this concerns especially the state of the IED entities, so that a failed IED can be detected and repaired before the second IED fails.
The communication between the redundant system application and the lower level IEDs takes place with IEC 61850, mainly based on IEC 61850-8-1(MMS) reporting and commands, for time critical functions with IEC 61850-8-1(GOOSE) and IEC 61850-9-2(SV).
The communication to station level clients based on IEC 61850 is typically MMS based for supervision, commands and settings configuration changes. Since MMS is acknowledged service, server and client are aware of each other and the client supervises the servers. If both redundant system IEDs are hot, the client might select which of them it takes for executing a service request."

The TC57 P-members are invited to submit comments to this draft by 2019-03-29 at the latest.

Please note:
The application domains that need redundant systems may be crucial (for some high voltage systems) but may not be applicable for most systems in the energy delivery domain. This document is really of interest for a small, special group of experts ... not everybody interested in using IEC 61850 for exchanging some signals may need to check that draft document.
One challenge with IEC 61850 is: Which subset out of a big standard series do I need to understand for my application - that means: YOU HAVE TO KNOW YOUR APPLICATION !!
Posted by at No comments:
Labels: , , , , , , , ,

Tuesday, April 7, 2015

Secure Power Delivery Systems and Secure Communication

The power utility domain is facing a lot of challenges these days. There are environmental, technical, political, security-related, and market-related issues that require a new design of the whole chain of design, procurement, installation, operation and maintenance of systems that are needed to provide the needed power to the users of power.

There are tons of lists that require this and that. Take the cyber security aspect: You will find many documents that could help you to procure the right solution. One of the latest documents provides helpful text to write down the needs for “Cyber security of Power Delivery Systems”:

“Cybersecurity Procurement Language for Energy Delivery Systems”

Written by US-Experts and published last year.

Click HERE for a copy.

Many (likely most) publications on securing our infrastructure are assuming a mainly hierarchical and centralized Power Delivery and Automation Systems as described in the following (excerpt from the above document, page 1):

“Energy delivery systems comprise the following:

  • The sensors and actuators used for monitoring and controlling energy delivery processes.
  • The computer-based systems that analyze and store data.
  • The communication pathways and networks that interconnect the various computer systems.

Cybersecurity threats, whether malicious or unintentional, pose a serious and ongoing challenge for the energy sector. Today’s highly reliable and flexible energy infrastructure depends on the ability of energy delivery systems to provide timely, accurate information to system operators and automated control over a large, dispersed network of assets and components.

The cyber security requirements could be lowered dramatically in case we think of a more de-centralized Power System that would need a de-centralized Automation System over a small local system of assets and components – requiring a minimum of operational communication with the next hierarchy level.

It seems to be in the interest of manufacturers of network infrastructure to implement huge systems to control a large, dispersed network of assets and components. Sure: This would require a huge, secure network infrastructure – a huge and long-term business case. Cyber-Security seems to be a new support programme to the vendors of communication and automation infrastructure.

As we have experienced, more or less (intended!) simultaneous control commands to a huge number of assets could danger the stability of the power network. I guess that the risk in using a highly cyber-secure network (for monitoring and control) in a large hierarchical power system is much bigger than the risk of a “less” secure network (for monitoring and control) in small de-centralized, self-organizing power systems.

A cyber-secure network is one issue – the (physical and technical!) architecture of our future Power Delivery System is another.

Why don’t we pay more attention to distributed Power Delivery Systems that require distributed monitoring and control? Exchanging measurements, status, settings, and control commands in a huge hierarchical automation system will always be compromised by some people.

Would you trust an avalanche of measurements and status points arriving from millions of sensors communicated in a second? Would you trust that a setting going to millions of controllers will be interpreted in the same way? Or what’s about a control commands send out to ALL actuators? The un-thinkable is already a reality. It happened already last year in Bavaria and Austria.

I experienced the mis-interpretation of the power of my green laser pointer when I went through security of an international airport. My pointer has a power of “<1mW”. I was near to be arrested because the police officer was reading “one MegaWatt” … Fortunately I could help to translate “m” to “Milli”. Finally I had to check-in the pointer before I could go onboard.

I guess that one of the biggest challenges is to find an architecture of our future power delivery system that requires just a few or no measurements, status, settings, and control commands being exchanged between millions of interconnected intelligent devices and systems.

Posted by at No comments:
Labels: , , , , , ,

Thursday, March 14, 2013

Security and IEC 61850: Is it about Bug Fixes or Systematic Issues?

These days experts discuss the future of more secure IEDs and systems in the world of Industrial Control Systems (ICS). Note: ICS is also used in power systems – no question.

There are people that focus on single bugs and how to solve them by patching et cetera. Other experts are more looking at the systematic security problems in control systems.

Eric Byres, CTO and vice president of Tofino Security, a division of Belden, says “It will take major players like Exxon, Duke Energy, for instance, and other corporations with the ICS purchasing power, he says, to force vendors to step up and fix the systemic security issues."

Read a comprehensive discussion about the two positions – quite crucial and interesting.

What do you think about translating this statement into the issues we have with IEC 61850 Interoperability?

It will take major players like AEP, SCE, E.ON, EDF, RWE, Duke Energy, for instance, and other corporations with the ICS purchasing power, to force vendors to step up and fix the systemic interoperability issues with regard to IEC 61850."

This would help to prevent a lot of frustrations during factory and site acceptance tests.

Why do we see just a few major players from the utility domain using their force to improve interoperability? There are several reasons I see:

  • Wall Street, Frankfurter Börse, …
  • Ignorance of issues
  • Not enough experts
  • Attitude: just fix what brakes

Recommendation from my side: Vendors and users should cooperate more in Teamwork and agree on writing documents like “How to profile IEC 61850, IEC 60870-5, …” to get specific profile specifications for a specific application that have (hopefully) not left options to ignore or to chose from.

A good example is the Vattenfall VHP Ready specification (Virtual Heat an Power). This spec defines the IOA for signals according to IEC 60870-5-104 and the Logical Device, Logical Node and Data Object Names.

Example 104:

image

Example IEC 61850:

image

image

If utilities do not specify what they want, they may experience a big surprise when they get the system delivered and installed. They may get much less or much more than what they expected.

And note this: When we get more standard conformant and interoperable IEDs installed, they are definitely linked to the Security issues discussed at the beginning!

What we are looking for is: Interoperable and Secure IEDs and Systems. We should not separate these two requirements! They are highly interrelated.

Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)