Animal "Attacks" on Power Systems - Worry About Squirrels

BBC news has published an interesting report on "Squirrel 'threat' to critical infrastructure".

According to the report "The real threat to global critical infrastructure is not enemy states or organisations but squirrels, according to one security expert.
Cris Thomas has been tracking power cuts caused by animals since 2013.
Squirrels, birds, rats and snakes have been responsible for more than 1,700 power cuts affecting nearly 5 million people, he told a security conference."

Click HERE to read the report.

Are You Looking for Authenticated Encrypted Time Signals?

GPS-based time signals could be less robust and reliable - this has been discussed in various forums. Electric power systems rely on time synchronization you can trust.

In a new US DOE project (TASQC - Timing Authentication Secured by Quantum Correlations) experts are planning to develop authenticated encrypted time signals that mitigate known vulnerabilities in GPS-based time. The project aims to:

• Develop and demonstrate a secure time distribution system using quantum-correlated signals over geographically wide area;
• Develop and demonstrate protocols for time-stamp authentication for data reported from power systems;
• Expand capability of the developed infrastructure for secure authentication of broadcast messages;
• Evaluate the system for cyber- and physical-vulnerabilities;
• Partner with industry to develop timing requirements for power systems and to refine design of system and protocols.

Phil Evans, Ph.D., TASQC Principle Investigator, Oak Ridge National Laboratory, respectfully requests your assistance for the TASQC project by both answering the questions in a brief survey, and distributing it amongst your colleagues in the electric power industry.

IEC TC 57 Published Several New IEC 61850 Documents

IEC TC 57 has published several new documents of the standard series IEC 61850 (Communication networks and systems for power utility automation):

57/1832/CD
IEC 61850-2: Glossary [57 pages]
Comments are required by 2017-04-07

57/1829/CD
IEC 61850-80-5: Guideline for mapping information between IEC 61850 and IEC 61158-6 (Modbus) [45 pages]
Comments are required by 2017-04-07

57/1828/RVC
IEC 61850-7-2 A1 Ed.2: Abstract communication service interface (ACSI)
The CDV has been accepted.

DTR IEC 61850-7-500: How to use IEC 61850 for SAS

IEC TC 57 has published a Draft Technical Report (57/1817/DTR; 84 pages) with guidelines on how to apply IEC 61850 for substation automation:

Communication networks and systems for power utility automation –
Part 7-500: Basic information and communication structure – Use of logical nodes for modeling application functions and related concepts and guidelines for substations

Voting closes 2017-02-17

This is a document that you MUST read when you are involved in substation automation.

This Technical Report of IEC 61850 describes the use of the information model for devices and functions of IEC 61850 in applications in substation automation systems but it may be used as informative input also for the modeling of any other application domain. In particular, it describes the use of compatible logical node names and data objects names for communication between Intelligent Electronic Devices (IED) for use cases. This includes the relationship between Logical Nodes and Data Objects for the given use cases. ...
Part 7-5 describes in examples the use of logical nodes for modeling application functions and related concepts and guidelines in general independently from any application domain respectively valid for all application domains in the electric power system (substation automation, distributed energy resources, hydro power, wind power, etc.). This part 7-500 describes in examples the use of logical nodes for application functions in substation automation including also line protection between substations. It implies also some tutorial material where helpful. But it is recommended to read parts IEC 61850-5 and IEC 61850-7-1 in conjunction with IEC 61850-7-3 and IEC 61850-7-2 first.

New: Modelling of Logics for IEC 61850 Based Applications

IEC TC 57 has published a very interesting proposal (57/1814/DC; 49 pages) for modelling logics:

IEC TR 61850-90-11, Communication networks and systems for power utility automation –
Part 90-11: Methodologies for modelling of logics for IEC 61850 based applications

Comments are expected by 2017-02-03

This part of IEC 61850 describes the methodologies for the modelling of logics for IEC 61850 based applications in power utility automation. In particular, it describes the functional view of logic based on existing logical nodes for generic process automation and the operational modes of the logic. Furthermore it includes the specification of the standard language to be applied to specific the logic as well as the related data exchange format between engineering tools and their application as well as the mapping of logic elements to IEC 61850 data types.

The IEC 61131-3 PLC programming language is used to describe syntax of functions.

Example PLD (Programmable Logic Description): The PLD file contains the logic unit program code in PLC OpenXML format, representing the description of the logic programmable scheme that can then be mapped to a GAPC LN instance. Excerpt:



... more to come next year.

Guideline for definition of Basic Application Profiles (BAPs) using IEC 61850

IEC TC 57 has published a document for comments (57/1813/DC, 27 pages) on application profiles::

Draft IEC TR 61850-7-6, Communication networks and systems for power utility automation –
Part 7-6: Guideline for definition of Basic Application Profiles (BAPs) using IEC 61850

Comments are expected by 2017-02-03

This guideline is focused on building Application / function profiles and specifies a methodology to define Basic Application profiles (BAPs). These Basic Application profiles shall provide a framework for interoperable interaction within or between typical substation automation functions. BAPs are intended to define a subset of mandatory features of IEC 61850 in order to increase interoperability in practical applications.

In the context of standards the term “profile” is commonly used to describe a subset of an entity (e.g. standard, model, rules).
Accordingly an IEC 61850 standard profile contain a selection of data models (mandatory elements), communication services applicable and relevant engineering conventions (based on the Substation Configuration Language SCL defined in IEC 61850-6) for an application function of a specific use case in the domain of power utility automation.
Depending on the scope and objective different profile types can be distinguished:

• User profile – defined subset that is valid for a specific user / organization (e.g. utility)
• Product / Device profile – implemented subset in a specific vendor product /device
• Domain profile – defined subset for a specific domain and relevant use cases (e.g. monitoring of substation)
• Application / function profile

A nice example is contained in Annex A:
Example for BAP of distributed automation function “reverse blocking” using BAP template

CIM for Distribution Network Operations

IEC TC 57 has published the FDIS (57/1810/FDIS; 160 pages) of the future standard IEC 61968-3 Ed2:
Application integration at electric utilities - System interfaces for distribution management -
Part 3: Interface for network operations
Voting closes 2017-02-03

IEC 61968 provides utilities the means to supervise main substation topology (breaker
and switch state) and control equipment status. It also provides the means for handling
network connectivity and loading conditions. Finally, it makes it possible for utilities to locate
customer telephone complaints and supervise the location of field crews.
IEC 61968-3 specifies the information content of a set of message payloads that can be used
to support many of the business functions related to network operations. Typical uses of the
message payloads defined in IEC 61968-3 include data acquisition by external systems, fault
isolation, fault restoration, trouble management, maintenance of plant, and the commissioning
of plant.

This part is closely related to the Common Information Model (CIM).

Closing 2016 - Greetings from Karlsruhe

As 2016 comes to a close, I say "a hearty Thank You!" for choosing our services, visiting the IEC 61850 blog, and for the great cooperation this year.

I wish you, your family, and the many people around you a happy, healthy and prosperous New Year 2017 … living in peace and harmony.

Hope your home is a safe place to live. Take care.

Please, help to keep the power flowing and the grass green - with the various standards defined by IEC and IEEE.

I look forward to meeting you in 2017 - maybe soon in San Diego (CA) on January 30, 2017.

Please drop us an email if you like this blog or you would like me to post other interesting information on the blog.

Bye for now.

OpenGridMap - Help to collect data and produce power grid approximations for CIM

OpenGridMap is a new open community that crowdsources realistic power grid data to be used for research purposes. Here you will find the tools for crowdsourcing power grid data. The goal is to create an open platform for inferring realistic power grids based on actual data. Our vision is to provide a tool to researchers and practitioners that is able to produce realistic input data for simulation studies. OpenGridMap will support the entire process from data collection to formatting grid data for various purposes. We explore innovative ways to capture data and produce power grid approximations, e.g., using smartphone apps, drones, expert classification, existing map APIs, and graph inference algorithms.

Click HERE to visit the OpenGridMap website.

The next step would be to convert the collected data into a CIM and SCL format ... it is underway for CIM (Common Information Model):

OpenGridMap: towards automatic power grid simulation model generation from crowdsourced data
By Jose Rivera, Technische Universität München

"OpenGridMap is an open source project that crowdsources realistic power grid data to be used for research purposes. In this paper, we propose an approach for the automatic generation of power gird simulation models from crowdsourced data. The proposed approach orders the crowdsourced data into a power circuit relation which is then used to produce a CIM description file and subsequently a power grid simulation model. ..." ... and I guess the modelling in IEC 61850-6 SCL (System Configuration Language) will follow soon - I am sure.

Click HERE for the above mentioned paper.

More to come as discussed during the Training Courses conducted by NettedAutomation this week in Karlsruhe:

IEC-61850-Seminare zu unschlagbaren Preisen in Karlsruhe auch in 2017

Wir bieten auch im nächsten Jahr zwei Intesiv-Hands-On-Seminare an:

09.-12. Mai 2017 
05.-08. Dezember 2017

Die drei (3) Blöcke (1 Tag + 2 Tage + 1 Tag) können einzeln oder in Kombination gebucht werden. Sie entscheiden selbst, ob Sie nur einen Tag von Ihrem Arbeitsplatz fern bleiben möchten oder zwei, drei oder vier. Je nachdem, welche Zeit und welchen Bedarf Sie haben.

HIER klicken, um zur Beschreibung und den Anmeldeunterlagen zu gelangen [pdf, 430 KB].

BDEW IT-Sicherheitsempfehlungen öffentlich zugänglich

Der BDEW (Bundesverband für Energie- und Wasserwirtschaft e.V., Berlin) hat seit Jahren weitreichende Empfehlungen für die IT-Sicherheit veröffentlicht und mehrfach aktualisiert.
Aus aktuellem Anlass (unter anderem die Einbrüche in DSL-Router) ist die Beachtung der vorliegenden Empfehlungen unbedingt angebracht!!

IT-Sicherheitsempfehlungen
1. Allgemeine Empfehlungen

• Whitepaper- Anforderungen an sichere Steuerungs- und Telekommunikationssysteme (PDF)
• Ausführungshinweise zur Anwendung des Whitepaper - Anforderungen an sichere Steuerungs- und Telekommunkationssysteme (PDF)
• Checkliste zum Whitepaper - Anforderungen an sichere Steuerungs- und Telekommunikations-systeme (XLSX)

2. Technische Empfehlungen für den sicheren Datenaustausch in der Marktkommunikation

• Studie über sichere webbasierte Übertragungswege, Version 2.1 (PDF)
• Marktüberblick AS2-Lösungen in der Energiewirtschaft (15 MB) (PDF)
• Leitfaden "Implementierung AS2 in Unternehmen der Energiewirtschaft" (PDF)
• PKI Zertifikatsrichtlinie (Certificate Policy) des BDEW (PDF)
• Unternehmensübergreifende PKI-Topologien, PKI-Dienste und Einsatzrahmenbedingen (PDF)
• Zehn Schritte zur VEDIS-Sicherheit (PDF)
• Häufig gestellte Fragen - FAQ zu VEDIS (PDF)
• Zertifizierungsrichtlinie (PDF)
• Umgang mit Schlüsselmaterial (PDF)

HIER klicken, um die 12 Dokumente (jeweils mit einem eigenen Link) frei herunterzuladen.

Das Lesen und Verstehen wird etwas Zeit in Anspruch nehmen - die Umsetzung wird ungleich aufwendiger werden!
Sie sollten Ihr Management überzeugen, diese Empfehlungen ernst zu nehmen - nicht nur, um irgendwelche Anforderungen in Regulierungen oder Gesetzen zu erfüllen.

Draft IEC 62351-90-2 Deep Packet Inspection (DPI) of encrypted communications

IEC TC 57 just published a very crucial draft document proposing a new topic to the security of communication in power delivery systems applicable to DNP3, IEC 60870-5-104, IEC 60870-6 (TASE.2), IEC 61850 and the like:
57/1792/DC
Proposed draft for IEC TR 62351-90-2, Power systems management and associated information exchange – Data and communications security –
Part 90-2 Deep Packet Inspection (DPI) of encrypted communications

The standard series IEC 62351 comprises methods to secure communication channels between IEDs and between IEDs and SCADA systems. Complex communication networks have to be monitored and health-checked properly, both from an operational and from a security perspective.
The monitoring process used is called Deep Packet Inspection (DPI), and relies on the availability of the whole payload for inspection. The need for DPI on communication channels between IEDs and SCADA and/or between IEDs by an independent third party is really important.
This report serves as a guide for the implementation of DPI in encrypted communications. It is intended as an overview of existing and possible new solutions for DPI, analyzing the impact on several factors, including security, performance and cost.

NEW HW: IEC 61850-9-2 LE Sampled Value Publisher

The SystemCorp "IEC 61850-9-2 LE Sampled Value Publisher" is a hardware platform for specific sampled value publisher applications for the Smart Grid IoT Platform from Novtech using the Altera (now part of Intel) dual core ARM/FPGA Cyclone V SoC.
This Smart Grid IoT Platform provides eight high precision analogue inputs. The A/D converter is directly controlled by the FPGA producing the sampling rate required for the SV publisher,   which is implemented in one ARM core.
The Sampled Values are published at a rate of 4000 frames per second for a grid frequency of 50Hz and 4800 frames per second for 60 Hz.
An eight channel VT/CT interface module is also available from SystemCORP Embedded technology allowing a direct connection of the Smart Grid IoT Platform to 110 V VTs and 5 A CTs.





Click HERE for downloading a two page description and additional information [pdf, 390 KB].

Crucial IEEE 802 And Other IEEE Standards For Free Download

The IEEE Get program grants public access to view and download current individual standards at no charge:

IEEE 802® Standards

IEEE 1622™ Standard: Electronic Distribution of Blank Ballots for Voting Systems | Design Automation Standards

IEEE 2600™ Standards: Hardcopy Device and System Security 

IEEE C95™ Standards: Safety Levels with Respect to Human Exposure to Radio Frequency Electromagnetic Fields

IEEE/ANSI N42 Standards: Radiation Detection Standards.

Click HERE for the list of IEEE Standards available for free download.

Reminder: Many ISO/IEC Standards Are Publicly Available

ISO and IEC provide free access to many older and newer standards like

ISO/IEC 27000 (Fourth edition 2016-02-15):

Information technology — Security techniques — Information security
management systems — Overview and vocabulary

Click HERE for the above standard ISO/IEC 27000.
Click HERE for the complete list of publicly available standards.

IEC 61850 - Take a Closer Look For The Best Possible Start in San Diego

FMTP (Uppsala, Sweden), NettedAutomation (Karlsruhe, Germany), and OPAL-RT (Montreal, Canada) will conduct a one day intensive course that opens doors You never dreamed possible:

Demystifying and mastering the complexity of IEC 61850

Location:
Holiday Inn Express San Diego South - Chula Vista
632 E Street
Chula Vista, CA 91910

Date:
Monday, 30 January 2017 from 10:00 AM to 4:00 PM (PST)

The online registration is now open:
Click HERE for Registration.

A 60 US$ Early Bird Discount applies until 31 Dec 2016.
Register today!

Industrial Internet of Things (IIOT) - Security Framework

The Industrial Internet Consortium (IIC) has published a draft Security Framework (173 pages).
The framework is quite interesting for all experts involved in information exchange systems ... also in the energy application domain.
The Introductions says in the second paragraph:
"These [IIOT - Industrial Internet of Things] systems differ from traditional industrial control systems by being connected extensively to other systems and people, increasing their diversity and scale. They also differ from traditional information technology (IT) systems in that they use sensors and actuators in an industrial environment. These are typically systems that interact with the physical world where uncontrolled change can lead to hazardous conditions. This potential risk increases the importance of safety, reliability, privacy and resiliency beyond the levels expected in many traditional IT environments."
The power systems are using sensors and actuators communicating with protection and automation systems for the last decades. The industry has developed the standard series IEC 61850, IEC 62351, IEC 60870-5-104, DNP3, IEC 61968/70, and IEC 61400-25 to provide a basis for safe, reliable, resilient, and secure power delivery systems. These stable standards are state-of-the-art in power delivery systems. And they are referenced in many Frameworks and Roadmaps. The series IEC 62351 is one of the crucial series dealing with security in power automation systems:

Click HERE for a copy of the IIC framework [pdf, 4.6 MB].
Click HERE for a white paper about the IEC 62351 series [pdf, 3.5 MB] and HERE for a page on Wikipedia.

The IIC Security Framework gives an overview about many aspects in the future distributed automation and which aspects are crucial to be managed. 

Basic Application Profiles (BAPs) using IEC 61850

IEC TC 57 has proposed to develop a new Technical Report (TR):

IEC TR 61850-7-6: Communication networks and systems for power utility automation –
Part 7-6: Guideline for definition of Basic Application Profiles (BAPs) using IEC 61850
(57/1782/DC)

The proposed work will:

• describe the methodology of profiling in the context of IEC 61850
• give a common understanding about the modular profiling concept of basic application profiles (BAP)
• define the contents of a standardized basic application profile (BAP template)
• give guidance for the use of that BAP template
• and also show an example of a BAP.