Professional Documents
Culture Documents
DLP-2005_03_09
DLP-2005_03_09
DLP-2005_03_09
Automation, Protocols
and Security Issues
William J. Ackerman
Principal Consultant
SLIDE 1
WE’VE MOVED SINCE LAST SUMMER
SLIDE 2
SA, DA, Protocols, DR and Security
SLIDE 3
SA, DA, Protocols, DR and Security
DEMAND VALUES
Ia, Ib, Ic, In (Magnitude and angle) 8 points
KWa, KWb, KWc, KW3 4 points
KVara, KVarb, KVarc, KVar3 4 points
SLIDE 4
SA, DA, Protocols, DR and Security
SLIDE 5
SA, DA, Protocols, DR and Security
SLIDE 6
SA, DA, Protocols, DR and Security
ANALOGS 82 602
STATUS 24 378
CONTROL 24 252
130 1232
SLIDE 7
SA, DA, Protocols, DR and Security
Circuit
Breaker
Test
Sw. Control/Status Information
RTU and I/O Equipment
Protective 3 Volt Transducers
Relays 3 Amp Transducers
1 Watt (3-phase) Transducer
1 VAR (3-phase Transducer)
2 Status Inputs (T/C, Recloser)
2 Interpose Relays (T/C)
Communication Line to 1 Control Relay (Recloser)
Master Station
SLIDE 8
SA, DA, Protocols, DR and Security
Circuit
Breaker
Simulator
Circuit
Breaker
Control/Status Information
Test
Sw.
Link to Local and/or Remote
HMI or Control System
V,I,f Generator
SLIDE 9
SA, DA, Protocols, DR and Security
SLIDE 10
SA, DA, Protocols, DR and Security
SLIDE 11
SA, DA, Protocols, DR and Security
SLIDE 12
SA, DA, Protocols, DR and Security
SLIDE 13
SA, DA, Protocols, DR and Security
SLIDE 14
SA, DA, Protocols, DR and Security
SLIDE 15
SA, DA, Protocols, DR and Security
A LITTLE PERSPECTIVE
SLIDE 16
SA, DA, Protocols, DR and Security
SLIDE 17
SA, DA, Protocols, DR and Security
• NEAR-TERM IMPACT OF DATA VOLUME
– Database Integrity and Failover Issues (continued)
• Need to reconsider periodic check-point of
complete database
• Check-point by exception?
• Not enough time to do periodic integrity scan
of entire RT database
• Break integrity scan into smaller groups,
checked less often
• Complete initializing scan after failover may
take too long
• Scan times much greater than actual CPU
failover times
SLIDE 18
SA, DA, Protocols, DR and Security
SLIDE 19
SA, DA, Protocols, DR and Security
SLIDE 20
SA, DA, Protocols, DR and Security
Importance of Real-Time
CONTROL COMMUNICATIONS DATA REMOTE END
HMI INTERFACE
PROCESSOR PROCESSOR TRANSMISSION PROCESSOR
(Select point)
(Command timer) (Modem, transmit) (Line) (Modem, decode)
YES UNCOMMANDED
(Alarm Message to CHANGE OF
Operator, Alarm DB) STATE?
SLIDE 21
SA, DA, Protocols, DR and Security
• LITIGATION DATABASE
– In the near future a “Litigation” Database may be as
important as an Operations Database.
SLIDE 22
SA, DA, Protocols, DR and Security
SLIDE 23
SA, DA, Protocols, DR and Security
SLIDE 24
SA, DA, Protocols, DR and Security
PROTOCOL ISSUES
UCA (Utility Communications Architecture)
Version 1 issued December 1991
Part of EPRI Project RP2949, Integration of Utility
Communication Systems
Mostly Functional Descriptions
Not widely adopted by industry because of lack of
details
Manufacturing Messaging Specification (MMS)(ISO/IEC
9506) to be used for real-time data but specific
implementations missing
SLIDE 25
SA, DA, Protocols, DR and Security
SLIDE 26
SA, DA, Protocols, DR and Security
SLIDE 27
SA, DA, Protocols, DR and Security
PROTOCOL ISSUES
UCA/MMS Forum started in May 1992
Six working groups to consider MMS applications
1. Power Plants
2. Control Centers
3. Customer Interfaces
4. Substation Automation
5. Distribution Feeder Automation
6. Profiles
WGs 1, 2, 3 not very active
WG 4, 5, 6 functions have been absorbed into UCA-2.0TM
Users Group
SLIDE 28
SA, DA, Protocols, DR and Security
PROTOCOL ISSUES
Inter-Utility Control Center Real Time Data Exchange
Power system data
Interchange Scheduling data
Initial Protocols based on Regional Needs
WSCC (Western Systems Coordinating Council)
IDEC (Inter-Utility Data Exchange Committee)
ELCOM (European)
Above Groups, Vendors, Users Wanted one Standard
Name adopted was ICCP
Inter Control Center Communications Protocol
SLIDE 29
SA, DA, Protocols, DR and Security
PROTOCOL ISSUES
Utility Communications Specification Working Group Established
EPRI RP-3830-01
Work started September 1991, soon merged with IEC efforts
Result issued as IEC International Standard
Common U.S. name is ICCP
Common International name is TASE.2
Telecontrol Application Service Element 2
IEC 60870-6-503, -505, -702, and -802
TASE.2 utilizes MMS, is UCA compatible
Over 200 Utilities using ICCP in U.S.
NERC Mandate to use ICCP for Data Exchange
SLIDE 30
SA, DA, Protocols, DR and Security
Protocol Issues
UCA In the Substation
UCA Version 2 Specification issued Late 1996
EPRI transferred rights on UCA-2.0TM documentation to
IEEE
IEEE Published UCA-2.0TM documents as a technical
report (TR-1550) which is available to the public
UCA-2.0TM Users Group and IEC TC-57, WG 10,11,12
coordinate efforts to produce a common protocol
document
SLIDE 31
SA, DA, Protocols, DR and Security
PROTOCOL ISSUES
UCA-2.0TM Meetings and Demonstrations held in
conjunction with IEEE-PES Power Systems Relay
and Substations Committees (3 times per year)
Vendors demonstrate latest product achievements and
interoperability
SLIDE 32
SA, DA, Protocols, DR and Security
PROTOCOL ISSUES
Substation Automation
GOMSFE
(Generic Object Models for Substation and Feeder Field
Devices)
Non-vendor specific
Compliance with Power System Object Model
descriptions
IEDs became available mid-1998 for interoperability
demonstrations, but didn’t support all features (and
many still don’t)
Currently at Version 0.9x
GOOSE
(Generic Object Oriented Substation Event)
GSSE
(Generic SubStation Event)
SLIDE 33
SA, DA, Protocols, DR and Security
SLIDE 34
SA, DA, Protocols, DR and Security
SLIDE 35
SA, DA, Protocols, DR and Security
SLIDE 36
SA, DA, Protocols, DR and Security
• Brooklyn Boston
• Toity Thirty
• Harvard Havad
SLIDE 37
SA, DA, Protocols, DR and Security
SLIDE 38
SA, DA, Protocols, DR and Security
SLIDE 39
SA, DA, Protocols, DR and Security
SLIDE 40
SA, DA, Protocols, DR and Security
SLIDE 41
SA, DA, Protocols, DR and Security
• “Settled” issues:
• Fiber optics will be physical media in HV
substations, copper may be ok in LV
• Ethernet will be transmission technique
Ethernet speed is not specified; 10
Mbit, 100 Mbit, 1 Gbit available (but
different speeds not inter-operable)
• MMS will be communications services
SLIDE 42
SA, DA, Protocols, DR and Security
SLIDE 43
SA, DA, Protocols, DR and Security
SLIDE 44
SA, DA, Protocols, DR and Security
SLIDE 45
SA, DA, Protocols, DR and Security
SLIDE 47
SA, DA, Protocols, DR and Security
SLIDE 48
SA, DA, Protocols, DR and Security
SLIDE 49
SA, DA, Protocols, DR and Security
SLIDE 50
SA, DA, Protocols, DR and Security
SLIDE 51
SA, DA, Protocols, DR and Security
SLIDE 52
SA, DA, Protocols, DR and Security
SLIDE 53
SA, DA, Protocols, DR and Security
Bridge/Router(m)
Firewall Firewall
Netwo rk Netwo rk
Partn er Partn er
STATUS TARGETS
DPU V1.0 STATUS TARGETS
DPU V1.0
NORMAL A T IME 2000R NORMAL A T IME 2000R
F AIL INST ANT ANEOUS F AIL INST ANT ANEOUS
B B
PICKUP F REQUENCY C PICKUP F REQUENCY C
RECL OSER OUT C NEGAT IVE SEQUENCE RECL OSER OUT C NEGAT IVE SEQUENCE
SYST EM RESET
N T ARGET RESET SYST EM RESET
N T ARGET RESET
E E
Netwo rk Netwo rk
Partn er Partn er
STATUS TARGETS
DPU V1.0 STATUS TARGETS
DPU V1.0
NORMAL A T IME 2000R NORMAL A T IME 2000R
F AIL INST ANT ANEOUS F AIL INST ANT ANEOUS
B B
PICKUP F REQUENCY C PICKUP F REQUENCY C
RECL OSER OUT C NEGAT IVE SEQUENCE RECL OSER OUT C NEGAT IVE SEQUENCE
SYST EM RESET
N T ARGET RESET SYST EM RESET
N T ARGET RESET
E E
Transmit
STATUS
NORMAL
F AIL
TARGETS
A
B
T IME
INST ANT ANEOUS
DPU
2000R
Network
Partn er
V1.0
NORMAL
F AIL
TARGETS
A
B
T IME
INST ANT ANEOUS
DPU
2000R
Netwo rk
Partn er
V1.0
transfer trip
RECL OSER OUT C NEGAT IVE SEQUENCE RECL OSER OUT C NEGAT IVE SEQUENCE
SYST EM RESET
N T ARGET RESET SYST EM RESET
N T ARGET RESET
E E
signal signal
*guard *guard
dedicated communications channel
Netwo rk Netwo rk
Partn er Partn er
STATUS TARGETS
DPU V1.0 STATUS TARGETS
DPU V1.0
* *
NORMAL A T IME 2000R NORMAL A T IME 2000R
F AIL INST ANT ANEOUS F AIL INST ANT ANEOUS
B B
PICKUP F REQUENCY C PICKUP F REQUENCY C
RECL OSER OUT C NEGAT IVE SEQUENCE RECL OSER OUT C NEGAT IVE SEQUENCE
* *
SYST EM RESET
N T ARGET RESET SYST EM RESET
N T ARGET RESET
E E
* SUBSTATION B *
SUBSTATION A
Local Trip Remote Trip
SLIDE 54
SA, DA, Protocols, DR and Security
SLIDE 55
SA, DA, Protocols, DR and Security
Bridge/Router(m)
Firewall Firewall
N e tw o r k N e tw o r k
P a r tn e r P a r tn e r
STA TU S TA R G ETS
DPU V 1 .0 STA TU S TA R G ETS
D PU V 1 .0
N OR M A L A T IM E 200 0R N OR M A L A T IM E 2000R
F A IL F A IL
B IN S T A N T A N E O U S B IN S T A N T A N E O U S
P IC K U P F R E QU E N C Y C P IC K U P F R E QU E N C Y C
R E C L OS E R OU T C N E G A T IV E S E Q U E N C E R E C L OS E R OU T C N E G A T IV E S E Q U E N C E
SYST EM RESET
N T A R GE T R E S E T SYST EM RESET
N T A R GE T R E S E T
E E
N e tw o r k N e tw o r k
P a r tn e r P a r tn e r
STA TU S TA R G ETS
D PU V 1 .0
STA TU S TA R G ETS
D PU V 1 .0
N OR M A L A T IM E 2000R N OR M A L A T IM E 2000R
F A IL F A IL
B IN S T A N T A N E O U S B IN S T A N T A N E O U S
P IC K U P F R E QU E N C Y C P IC K U P F R E QU E N C Y C
R E C L OS E R OU T C N E G A T IV E S E Q U E N C E R E C L OS E R OU T C N E G A T IV E S E Q U E N C E
SYST EM RESET
N T A R GE T R E S E T SYSTEM RESET
N T A R GE T R E S E T
E E
STA TU S
N OR M A L
F A IL
TA R G ETS
A
B
T IM E
IN S T A N T A N E O U S
D PU
2000R
N e tw o r k
P a rtn e r
V 1 .0
GOOSE STA TU S
N OR M A L
F A IL
TA R G ETS
A
B
T IM E
IN S T A N T A N E O U S
D PU
2000R
N e tw o r k
P a r tn e r
V 1 .0
GOOSE
P IC K U P F R E QU E N C Y C P IC K U P F R E QU E N C Y C
R E C L OS E R OU T C N E G A T IV E S E Q U E N C E R E C L OS E R OU T C N E G A T IV E S E Q U E N C E
SYST EM RESET
N T A R GE T R E S E T SYST EM RESET
N T A R GE T R E S E T
E E
N e tw o r k N e tw o r k
P a r tn e r P a r tn e r
STA TU S TA R G ETS
D PU V 1 .0
STA TU S TA R G ETS
D PU V 1 .0
N OR M A L A T IM E 2000R N OR M A L A T IM E 2000R
F A IL IN S T A N T A N E O U S F A IL IN S T A N T A N E O U S
B B
P IC K U P F R E QU E N C Y C P IC K U P F R E QU E N C Y C
R E C L OS E R OU T C N E G A T IV E S E Q U E N C E R E C L OS E R OU T C N E G A T IV E S E Q U E N C E
SYST EM RESET
N T A R GE T R E S E T SYST EM RESET
N T A R GE T R E S E T
E E
* SUBSTATION A SUBSTATION B *
Local Trip Remote Trip
SLIDE 56
SA, DA, Protocols, DR and Security
IEEE 1613
Standard to define environmental
characteristics of Ethernet equipment in
substations
Incorporates basic provisions of C37.90
series on SWC, EMI, RFI
Applies only to substation equipment,
NOT including protection
Approved as IEEE Standard December
2002
SLIDE 57
SA, DA, Protocols, DR and Security
SLIDE 58
SA, DA, Protocols, DR and Security
SLIDE 59
SA, DA, Protocols, DR and Security
SLIDE 60
Security Issues
SLIDE 61
SA, DA, Protocols, DR and Security
Communications
facility
Locked
Gate
Control Switchgear and
House Transformers
Locked
Door
SLIDE 62
SA, DA, Protocols, DR and Security
Unauthorized Intruder
SLIDE 63
SA, DA, Protocols, DR and Security
Generation of Power
ACTION IMPACT
Blocking transmission of data by Impairment of economic dispatch,
introduction of random noise, increased costs, mismatch
corruption of data (‘denial of between required and actual
service’) generation, cost to purchase
replacement power for under-
generation, excess generation
without recovery of costs
Alteration of real-time production Impairment of economic dispatch,
data increased costs, mismatch
between required and actual
generation, cost to purchase
replacement power for under-
generation, excess generation
without recovery of costs
Alteration of metering data Bills rendered for less than actual
amount delivered
Alteration of fuel cost information Impairment of economic dispatch,
increased costs, payment for fuel
not used
Alteration of unit status data Failure to operate at actual limits
SLIDE 64
SA, DA, Protocols, DR and Security
T r a n s m is s io n o f P o w e r
A C T IO N IM P A C T
B lo c k in g tr a n s m is s io n o f F a ll-b a c k to u ltr a -
d a ta b y in tr o d u c tio n o f c o n s e r v a tiv e o p e r a tin g
r a n d o m n o is e , c o r r u p tio n p r a c tic e s o n lin e s a n d
o f d a ta (‘d e n ia l o f s e r v ic e ’) tra n s fo rm e rs b e c a u s e o f
la c k o f k n o w le d g e o f a c tu a l
c o n d itio n s
A lte r a tio n o f r e a l-tim e D e p a r tu r e fr o m o p tim u m
p o w e r flo w d a ta d is p a tc h a n d s y s te m
o p e r a tio n (a t in c r e a s e d
c o s ts )
F a ls ifie d s w itc h in g a n d In a b ility to fu lfill c o n tr a c ts ,
ta g g in g in s tr u c tio n s to ta k e tr a n s fe r lim ita tio n s , n o n -
lin e s , o th e r e q u ip m e n t o u t e c o n o m ic o p e r a tio n o f
o f s e r v ic e g e n e r a tio n , in a b ility to
s e ll/b u y p o w e r
In s e r tio n o f fa ls e s ta tu s G e n e r a tio n o f fa ls e a la r m s
in fo r m a tio n r e g a r d in g in p o w e r s y s te m o p e r a tio n
o p e n /c lo s e d s w itc h e s p ro g ra m s s u c h a s s ta te
e s tim a to r , to p o lo g y ,
c o n tin g e n c y a n a ly s is e tc .
SLIDE 65
SA, DA, Protocols, DR and Security
D is trib u tio n o f P o w e r
A C T IO N IM P A C T
B lo c k in g tra n s m is s io n o f L o s s o f v is ib ility in to
d a ta b y in tro d u c tio n o f d is trib u tio n s y s te m , s lo w
ra n d o m n o is e , c o rru p tio n o r n o re s p o n s e to
o f d a ta (‘d e n ia l o f s e rv ic e ’) p ro b le m s , p o te n tia l s a fe ty
p ro b le m s
A lte re d tra n s fo rm e r a n d O p e ra tio n o f fa c ilitie s
lin e lo a d in g d a ta a b o v e ra tin g s , a c c e le ra te d
lo s s o f life , b a d d a ta fo r
lo a d fo re c a s tin g , v io la tio n
o f p o w e r q u a lity a n d
p o w e r d e liv e ry
re g u la tio n s
A lte re d s ta tu s d a ta U n d e te c te d o u ta g e s ,
v io la tio n o f p o w e r q u a lity
a n d p o w e r d e liv e ry
re g u la tio n s
A lte re d s w itc h in g a n d S a fe ty is s u e s , in c lu d in g
ta g g in g in fo rm a tio n p o te n tia l in ju ry o r d e a th
SLIDE 66
SA, DA, Protocols, DR and Security
P o w e r a n d E n e rg y T ra d in g
A C T IO N IM P A C T
B lo c k in g tra n s m is s io n o f In a b ility to e x e c u te
d a ta b y in tro d u c tio n o f p ro fita b le tra n s a c tio n s ,
ra n d o m n o is e , c o rru p tio n c a n c e l u n p ro fita b le
o f d a ta (‘d e n ia l o f s e rvic e ’) tra n s a c tio n s .
A lte re d q u o ta tio n d a ta S ig n ific a n t c o s t p e n a ltie s
if tra n s a c tio n s a re e n te re d
a t th e w ro n g c o s t o r
s e llin g p ric e
D e le tio n o r e ra s u re o f L o s s o r a lte ra tio n o f
a g re e m e n ts tra n s a c tio n re c o rd s
A lte ra tio n o f s ys te m F a ilu re to e n te r in to
c o n d itio n s a n d s ta tu s o th e rw is e d e s ira b le o r
p ro fita b le tra n s a c tio n s
In te rc e p t c o n fid e n tia l d a ta U s e k n o w le d g e o f c o s ts
re g a rd in g c o s ts , s ys te m a n d c o n d itio n s to o b ta in
c o n d itio n s c o m p e titive a d va n ta g e
SLIDE 67
SA, DA, Protocols, DR and Security
SLIDE 68
SA, DA, Protocols, DR and Security
Customer Activities
ACTION IMPACT
Blocking transmission of Inability to detect power
data by introduction of quality problems,
random noise, corruption including outages
of data (‘denial of service’)
Altered meter data Under or over billing of
customer
SLIDE 69
SA, DA, Protocols, DR and Security
SLIDE 70
SA, DA, Protocols, DR and Security
Sources of Threats
Equipment failure
Authorized user makes mistakes
Authorized user exceeds authorization
“Casual” intruder (curiosity)
Intentional intruder
Software bugs
SLIDE 71
SA, DA, Protocols, DR and Security
SLIDE 72
SA, DA, Protocols, DR and Security
SLIDE 73
SA, DA, Protocols, DR and Security
Conclusions:
SLIDE 74
SA, DA, Protocols, DR and Security
SLIDE 75
SA, DA, Protocols, DR and Security
• Definitions:
PHASE TO PHASE TO THREE PHASE
GROUND PHASE
Area EPS Facility
A
B
C
G
POINT OF
COMMON PCC PCC
COUPLING
(PCC) DISTRIBUTED L
RESOURCE
L
POINT OF
INTERCONNECTION DISTRIBUTED
(PI) RESOURCE
SLIDE 76
SA, DA, Protocols, DR and Security
• “User” Concerns
– Safety of Personnel
• Personnel must be able to work on the EPS and DER facility
without undue risk of injury or death
• General public should not be exposed to hazardous conditions
– Fault duty, including DER, should not exceed ratings of
distribution system equipment, including customer-owned
equipment connected to the system
• Equipment damage, downed conductors, vault fires, etc.
– Normal load-carrying and interrupting capabilities, including
DER, should not be exceeded
• Reduction of system reliability, premature failure of equipment
– Protective relaying and control equipment, should not be
subject to mis-operation as a result of DER additions
• More and longer interruptions, high/low voltage problems
SLIDE 77
SA, DA, Protocols, DR and Security
SLIDE 78
SA, DA, Protocols, DR and Security
SLIDE 79
SA, DA, Protocols, DR and Security
IN CONCLUSION:
SLIDE 80
SA, DA, Protocols, DR and Security
SLIDE 81
SA, DA, Protocols, DR and Security
SLIDE 82
SA, DA, Protocols, DR and Security
Working Group C1
Guidelines and Recommended
Practices for the specification and
use of computer-aided systems as
applied to substation design,
engineering, construction,
maintenance and operation.
SLIDE 83
SA, DA, Protocols, DR and Security
Working Group C2
Application of New Technologies in
Substation Monitoring and Control
Task Force C2TF1: Communications
Networking Devices Installed in
Substations
Task Force C2TF2
Use of Computer Technology in
Substation Data Acquisition and
Control
SLIDE 84
SA, DA, Protocols, DR and Security
Working Group C3
Electric Network Control Systems
Standards
Review and Update of All
Assigned ANSI/IEEE and IEEE
Standards applicable to Substation
Automation and Control
SLIDE 85
SA, DA, Protocols, DR and Security
SLIDE 87
SA, DA, Protocols, DR and Security
http://ewh.ieee.org/cmte/scam2005
SLIDE 88
SA, DA, Protocols, DR and Security
THANK YOU!
SLIDE 89