Tuesday, July 24, 2018

Cyber Security for Industrial Control Systems (ICS) is Going Where?

Cyber Security for Industrial Control Systems (ICS) has been discussed over many years - and it will be discussed forever. There seems to be no end of discussions and solutions ... the end may come when electric power will be switched off - caused by insecure systems.

As long as we have ICS in operation - which is very crucial! - we will see products being developed and offered that are marketed to safe the world of ICS.

Dale Peterson wrote a very nice and interesting article about "The Future of the ICS Cyber Security Detection Market" (23 July 2018).

Dale seems to expect that the ICS Cyber Security Detection Market will completely change in a few years. He may be right. My expectations is that the change will happen for ever - and ever faster.

So, you may decide to wait! This would be the worst decision you can make.

Whatever is available for your system today - use it! The wait for getting started with, e.g., encrypted ICS protocols is over - use TLS wrapper as much as possible - as soon as possible.

Click HERE for the complete article - worth to read.

Our power system highly depend on ICS - ICS highly depend on power systems. The two can live together only. Non of the two will survive without the other!!

I hope we have enough people to understand that we need more smart people to keep power flowing: means electrical engineers and IT experts ... and ...

My recommendation is that we need to get a better holistic understanding how power systems and ICS are interdependent ... we should not isolate one from the other ... already understood some hundred years ago:

"Hence we must believe that all the sciences are so interconnected, that it is much easier to study them all together than to isolate one from all others. If, therefore, anyone wishes to search out the truth of things in serious ernest, he ought not to select one special science, for all the sciences are cojoined with each other and interdependent."
Rene Descartes (1596-1650)

Finally we will have to accept that reliable electric power will be more expensive soon - moderate increased price in case we care about ICS Cyber Security - extremely expensive if we fail to protect the power system.


New Smart Grid Controller with IEC 61850, IEC 61850-5-104, and DNP3

System Corp (Perth/Australia) offers a new very powerful Smart Grid Controller for applications in:

  1. Secondary Substation Control
  2. Transformer and Asset Management
  3. Micro Grid Control and Automation
  4. Data Gateway Application
  5. IoT and Cloud Service Interfacing




Click HERE for more details.

Thursday, July 19, 2018

HMS Networks AB takes over Beck IPC

HMS has taken over the German based company Beck IPC. Beck IPC has a range of products providing IEC 61850, IEC 60870-5, and DNP3 connectivity - I have reported about their products from time to time ... just search for Beck on the blog.

Click HERE for the HMS press release.

HMS (IXXAT) sells some of the Beck com.tom (as Gateways):

Click HERE for Beck com.tom products with above standards implemented.
Click HERE for HMS Gateway products with above standards implemented.

Saturday, July 14, 2018

IEC TC 57 just published FDIS IEC 61850-8-2 (Mapping to XMPP)


IEC TC 57 just published FDIS IEC 61850-8-2 (Mapping to XMPP) - 253 pages !

(57/2020/FDIS)

Voting ends: 2018-08-24

Part 8-2: Specific communication service mapping (SCSM)
– Mapping to Extensible Messaging Presence Protocol (XMPP)

The long wait for a second SCSM is over!

The new mapping of IEC 61850 describes a specific communication service mapping
(SCSM) over the Extensible Messaging and Presence Protocol (XMPP), providing detailed
information on how to create and exchange concrete communication messages that
implement abstract services and models specified in IEC 61850-7-4, IEC 61850-7-3, and
IEC 61850-7-2.

Note that the MMS messages (defined using ASN.1) are used in IEC 61850-8-1 AND -8-2 ! The only crucial difference between the two message and model mappings (in 8-1 and 8-2) is this:

8-1 uses BER (Basic Encoding Rule) for the messages on the wire, while 8-2 uses (XER (XML Encoding Rule). The complexity of the MMS messages is the same in both mappings - because the structure and how to build messages and how to carry the 7-2 services and 7-x models are the same!

The challenges to implement 8-2 message mapping are more or less the same as with 8-1. Note that the messages in XER are far longer than with BER.

There is - of course - a difference between the two: The transport of messages in 8-2 uses XMPP.

Some may argue, that there are more tools available for XER than for BER. Ok.

IEC 61850-8-2 is far away from something simple and easy to implement and use - especially when you need only a few simple services and models.


WOW -- IEC 61850 Models Publically Available for Download

After long time, IEC has accepted to provide free online access to the IEC 61850 Models!!

Congratulation!

Excerpt from 57/2023/INF (2018-07-13):

"With IEC 61850-7-7, a machine processable format for the distribution of IEC 61850 data models has been defined. Based on that, in the future, all IEC 61850 models will be as well available in this format as namespace files (NSD files).
The namespace files are code components, that are intended to be directly processed by a computer. The purchase of the associated IEC standard carries a copyright license for the purchaser to sell software containing Code Components from this standard to end users either directly or via distributors, subject to IEC software licensing conditions, which can be found at: http://www.iec.ch/CCv1. ..."

Screenshot from the TC 57 Supporting Documents page:



Click HERE to get to the above page.

Sunday, July 8, 2018

First Draft IEC 61850-90-16 Requirements for System Management for IEC 61850

The first Draft on IEC 61850-90-16 (97 pages) has been published (57/2014/DC):

Requirements for System Management for IEC 61850

"The distribution grid is facing a massive roll out and refurbishment of automation equipment to
implement deeper monitoring and new smart grid applications. The new equipment to be deployed in order to solve today’s issues (MV voltage and reactive power regulation for example) will necessarily have to be adjustable and upgradeable in order to face challenges of tomorrow (for example massive electric vehicles fleets, low voltage automation, …) which will arrive long before the end of its 20 years’ service life. Furthermore, there is a necessity for the equipment to adapt to the evolving and growing cybersecurity threats.
The equipment will therefore need to be patched, updated and reconfigured, and this has to be done remotely due to the great number of equipment. This is a cornerstone of the System Management (SM), which refers to functionalities that are not directly linked to the operational role of the equipment but allow it to perform its operational functions in the best conditions possible. Smart Grid Devices Management also includes other functions such as asset management or supervision.
These functionalities need to be managed by the grid operator and address multiple devices from different vendors through independent Information Systems and thus the requirements and exchanges need to be standardized. As these are to be applied to IEC 61850 compliant equipment, these mechanisms need to be integrated in the standard. ..."

Comments are due by 2018-09-28

Role-based Access Control - On its way to become Standard

IEC 62351-8 is on its way to become an IEC Standard (57/2017/CD):

Power systems management and associated information exchange – Data and communications security –
Part 8: Role-based access control

The part 8 is currently a Technical Specification. This will change in the next step.

The 62 page CD has been published for commenting until 2018-09-28

"This document provides standard for access control in power systems. The power system
environment supported by this standard is enterprise-wide and extends beyond traditional
borders to include external providers, suppliers, and other energy partners. ...

The following interactions are in scope:

  • local (direct wired) access to the object by a human user;
  • local (direct wired) access to the object by a local and automated computer agent, e.g. another object at the field site;
  • direct access by a user to the object using the objects’ built-in HMI or panel;
  • remote (via dial-up or wireless media) access to the object by a human user;
  • remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, a distributed energy resource at an end-user’s facility, or a control centre application."

Wednesday, July 4, 2018

IEEE Spectrum July 2018: 6 WAYS IoT IS VULNERABLE

IEEE Spectrum 2018-07 publishes an opinion by Stacey Higginbotham about the vulnerability of IoT devices and systems:

6 WAYS IoT IS VULNERABLE

Here is an excerpt of the six reasons why security for the Internet of Things (IoT) is different from—and more difficult to tackle than—traditional IT security:

  1. We’ve raised the stakes by connecting more physical systems and facilities to wireless networks -> Consequences of failure are more dire.
  2. IoT security is a special challenge:The adversaries are unlike any we’ve seen before.
  3. For traditional IT system, one can count on the software company’s support for a
    set amount of time. What we see: it could be 10 years, 7, 3, 2, or even 0 ...
  4. A connected product that generates a small profit may require years of updates, patches, and security evaluations.
  5. Many connected devices are built with software, hardware, and firmware that are created
    by different companies and pieced together at the end. It takes only one weak link to create a vulnerability ...
  6. Many connected devices live in environments unlike any IT system. In a home, there’s no IT manager to push patches to a connected fridge. And in an industrial setting, patching one machine might cause it to stop working with other equipment on the line.

I would summarize the challenge as follows:

IoT devices and systems require in principle the same attention, efforts and resources like traditional IT systems. The sheer unlimited number of interconnected IoT devices will work securely only if we except to spend much more money than what the market expects!

Or: Today´s solutions will be the problems of tomorrow.

Click HERE for the complete document (1 page).



Real-time Access to German Generation and Consumption of Electricity


You have real-time access to the German generation and consumption of electricity:




Click HERE for the real-time data access.



Monday, July 2, 2018

Version 2 des OE/BDEW-Whitepaper Anforderungen an sichere Steuerungs - und Telekommunikationssysteme


Version 2 des OE/BDEW-Whitepaper (komplett überarbeitete Version!; 80 Seiten):

Anforderungen an sichere Steuerungs - und Telekommunikationssysteme
(Requirements for Secure Control and Telecommunication Systems)

verfügbar

Click HIER für den Zugriff auf das gesamte Dokument.

"Das vorliegende Dokument definiert grundsätzliche Sicherheitsanforderungen für Steuerungs- und
Telekommunikationssysteme für die Prozesssteuerung in der Energieversorgung und gibt
Ausführungshinweise zu deren Umsetzung. Hierzu werden von Fachexperten zusammengestellte,
aktuelle und branchenspezifische Empfehlungen zur Sicherstellung der Informationssicherheit
aufgeführt.
Das Whitepaper definiert Anforderungen an Einzelkomponenten und für aus diesen Komponenten
zusammengesetzte Systeme und Anwendungen. Ergänzend werden auch Sicherheitsanforderungen
an Wartungsprozesse, Projektorganisation und Entwicklungsprozesse behandelt.
Fokus dieses Dokuments sind die im Rahmen der Beschaffung zu berücksichtigenden Anforderungen
an technische Komponenten und Systeme und für die Projektabwicklung relevanten Prozesse.
Ebenso wichtig sind organisatorische Sicherheitsmaßnahmen im Unternehmen, wie der
Aufbau einer Sicherheitsorganisation, ein angemessenes Risikomanagement oder die Schaffung
eines umfassenden Sicherheitsbewusstseins bei den Mitarbeitern (Security Awareness). Diese
organisatorischen Anforderungen stehen nicht im Fokus des Whitepapers, hierzu sei insbesondere
auf die Normen ISO/IEC 27001 und ISO/IEC 27019 verwiesen.
Das vorliegende Dokument ist eine vollständig überarbeitete Neuauflage des BDEW Whitepapers
und der zugehörigen Ausführungshinweise von Oesterreichs Energie und BDEW. Beide Dokumente
wurden zusammengeführt und die Inhalte gemäß aktuellen Technologienentwicklungen
umfassend aktualisiert und ergänzt."

Die englische Version wird in Kürze erscheinen.

Die hier beschriebenen Anforderungen haben erheblichen Einfluss auf Unternehmen im Kontext der Energieversorgung: mehr Mitarbeiter und mehr technische Hilfsmittel, mit denen die Anforderungen erfüllt werden könnten - und damit höhere Kosten!

Wednesday, June 27, 2018

New Title of IEC TC 57 WG 17

The new title of IEC TC 57 WG 17 is:

“Power system intelligent electronic device communication and
associated data models
for microgrids,
distributed energy resources and
distribution automation

Monday, June 18, 2018

Séminaire PowerOn Dakar Sénégal 18 et 19 Juin 2018

Cet évènement vous permettra de partager des connaissances et de rencontrer des experts et spécialistes de différents horizons afin d’échanger sur les solutions aux problèmes que vous rencontrez, les outils de mesures-test-diagnostic des équipements électriques, et d’obtenir de l’aide ou des conseils, ou simplement découvrir les nouvelles techniques innovantes disponibles pour tester les transformateurs et autres équipements des postes HT.

Header-eMailing-Dakar1.jpg

  • Protection des réseaux :
  • CEI 61850 et Réseaux électriques intelligents : impact sur les spécifications, essais et maintenance des postes électriques. Présenté par Andrea Bonetti.
  • Protection Différentielle des transformateurs : influence physique des relais sur les transformateurs. Présenté par Andrea Bonetti.
  • Plan de protection : mesure de l’impédance de ligne. Présenté par Andrea Bonetti.
  • Charge filerie : mesure d’impédance avec le SVERKER. Présenté par Andrea Bonetti.
  • Vérification des TC/TP. Présenté par Mamadou Keita.
  • Efficacité de la Maintenance :
  • Informatisation du Suivi de Parc et de la Gestion des données de test
  • Réseaux Souterrains :
  • Localisation de défauts de cables. Présenté par Adeola Adebomi.
  • Diagnostic des câbles souterrains. Présenté par Adeola Adebomi.
  • Transformateurs de puissance :
  • Test et Diagnostic. Présenté par Mamadou Keita.
  • Et bien d’autres thèmes qui seront abordés basées sur le retour d’expériences terrain

 Nous serions honorés de votre présence et nous vous remercions de cliquer ci-dessous pour vous enregistrer.
Pour toute autre question, n’hésitez pas à nous contacter.

http://fr.megger.com/seminaire-poweron-dakar-senegal

Pour toute demande d’informations, envoyez un e-mail à infos@megger.com

Hôtel King Fahd Palace
Route des Almadies
Dakar 8181
Senegal      

Monday, June 4, 2018

Megger Offers a Wide Range of IEC 61850 GOOSE Test Tools and Experiences


Megger (Sweden) offers a wide range of test tools and experiences for testing and commissioning of systems based on IEC 61850 GOOSE.

They just published a brochure that shares some light on IEC 61850 interoperability problems and solutions for the horizontal communication (GOOSE):

IEC 61850 - GOOSE Interoperability

Click HERE for the brochure.

This document (written by one of the most experienced senior protection engineers) is really worth to download and to read! Andrea Bonetti will give you a deep inside look into the use of GOOSE messaging and how to reach interoperability.

"Interoperability is one of the most misunderstood of all business terms. It is, however, one of the most important of all predictors of success or failure. In short, interoperability is the ability of diverse systems to work together effectively and efficiently. Interoperability is a property of a product or system, whose interfaces are completely understood, to work with other products or systems, present or future, without any restricted access or implementation.

There is absolutely no doubt that Interoperability facilitates valuable business connections—across
processes, between people and information and among companies. Interoperability yields improved
collaboration and ultimately increased productivity. Providing interoperability helps customers decrease complexity and better manage heterogeneous environments—while enhancing choice and innovation in the market. Importantly, the interoperability requirement of the IEC 61850 standard has beneficially increased the “interoperability among different engineers” working for companies that are formally in competition. This increased communication among different vendors has contributed to the fact that GOOSE messaging can today be considered a working technology, even if problems still arise, like in any other technology.

With more than six years of field experience with IEC 61850 GOOSE communication in protection and control applications, it is possible today to list the main reasons for interoperability problems for multi- and single-vendor systems; however, the list of causes of interoperability failures would be longer than what indicated in this document, especially if considering the cases found during the beginning of the use of GOOSE messages.

In order to commission substations with the new IEC 61850 technology, there is need to use some new tools and methods. The key for these tools and methods is, paradoxically, implicitly available in the IEC 61850 standard itself."

Enjoy!

IEC 61850-90-11 - Modelling of Logics for IEC 61850 Based Applications

IEC TC 57 just published a 50+ page proposal for a very interesting topic:

57/2001/DC

Proposed IEC TR 61850-90-11, Communication networks and systems for power utility automation – Part 90-11: Methodologies for modelling of logics for IEC 61850 based applications

Comments to this draft are expected by 2018-07-27 at the latest.

This is likely the first time where application modelling (using a single configuration language!) integrates basic logic functions like AND, OR, Timer, ... including a Mapping of IEC 61850 data types and IEC 61131-3 / PLC Open XML data types.

The document introduces a couple of use cases describing mainly the control and monitoring of switchgears and electrical measurements.

Use case 1 – Busbar disconnector coupled in a double busbar arrangement
Use case 2 – Delayed breaker trip and blocking after 1st low gas pressure alarm
Use case 3 – Bay connected to busbar A
Use case 4 – Definite trip
Use case 5 – "Direct transfer open operation"
Use case 6 – Line outage detection in a breaker and a half scheme
Use case 7 – Unit trip logic
Use case 8 – Data quality management
Use case 9 – Switchgear control on the example of a busbar change-over

The modelling of logics could be of interest for many other applications.


Saturday, May 26, 2018

IEC TS 62351-5 ED2 - Security for IEC 60870-5 and derivatives

IEC TC 57 just published a new proposal to revise TR IEC 62351-5 and convert it into a standard:

57/2000/DC

Proposed revision of IEC TS 62351-5 ED2 and transformation of the TS into an IS (Power systems management and associated information exchange - Data and communications security - Part 5: Security for IEC 60870-5 and derivatives)

Excerpt from the background:

"... Since IEC TS 62351-5 was first published, IEC 60870-5-7 has been published defining specific security requirements for IEC 60870-5 protocols based on IEC TS 62351-5, while similar specific security requirements have been defined for IEEE Std. 1815 (DNP3). In addition, implementations have been undertaken by vendors. As a result, some issues with IEC TS 62351-5 were identified. At the same time, the security requirements for IEC 60870-5 have matured since these specifications were released as a Technical Specification. At this time, it is important to update these security requirements and convert them into an International Standard in order to ensure that implementations of IEC 60870-5 can include the appropriate security measures. ..."

Comments are expected by 2018-07-20 at the latest.

IEC 61850 - Model Extensions To Support Microgrids

IEC TC 57 just published a proposal for a new work:

57/1888/DC

Model extensions to IEC 61850 to support microgrids

From the preamble:

"An important market trend is to enable the operation of DER in islandable mode supplying a local process such as campus, buildings, industries, …. Thus it is important to complement the existing and/or coming IEC 61850 series of standards to support such an operation mode, including the protection of considered assets, the management of their transitioning between grid-tied and islanded mode, but also to the support the management of frequency, voltage, and quality of supply to the process. ..."

Comments to the proposal are welcome by 2018-07-20 at the latest.

IEC 61850-90-9 - Use of IEC 61850 for Electrical Energy Storage Systems

IEC TC 57 has just published a 114 page new draft technical report:

57/1998/DC

Draft IEC TR 61850-90-9, Communication networks and systems for power utility automation – Part 90-9: Use of IEC 61850 for electrical energy storage systems

Comments are welcome until 2018-08-17

"This technical report provides necessary information within 61850 based object model in order to model functions of a battery based electrical energy storage system as a DER unit. For intelligently operated and/or automated grids, storing energy for optimising the grid operation is a core function. Therefore shorter periods of storing energy with charging and discharging capability is also an indispensable function. Charging and discharging operations need to be modelled thoroughly and are in the focus of this technical report. ...
An Electrical Energy Storage system (EESS) is a system which is used for the purpose of intermediate storage of electrical energy. The type of storage, the amount of energy, charging and discharging rates as well as self-discharge rate and many other characteristics are technology dependent and therefore can be very different. However, the general meaning of the characteristics and parameters are identical.
The objective of this document is to define a standardized and general approach to information
modelling for operating an EESS regardless of any specific technique, which supports an efficient way of integrating an EESS into grid operation and other businesses.
Various types of EESS, such as battery, pumped hydro, superconducting magnetic energy storage, flywheels, etc., are defined in “IEC White Paper on Electrical Energy Storage.” According to the the white paper, EESS systems are classified by energy form, advantages/disadvantages to the specific usages or the purpose of the implementation. ... "

Part 7-420 - Distributed energy resources and distribution automation logical nodes

After tremendous work on the revision and extension of the IEC 61850-7-420 Edition 1, IEC TC 57 just published the 366 page committee draft IEC 61850-7-420 ED2:

57/1997/CD

Communication networks and systems for power utility automation – Part 7-420: Basic communication structure – Distributed energy resources and distribution automation logical nodes

Commenting period closes 2018-08-17

Excerpt from the introduction:

"Increasing numbers of DER (distributed energy resources) systems are being interconnected to electric power systems throughout the world. As DER technology evolves and as the impact of dispersed generation on distribution power systems becomes a growing challenge – and opportunity – nations worldwide are recognizing the economic, social, and environmental benefits of integrating DER technology within their electric infrastructure.
The manufacturers of DER devices are facing the age-old issues of what communication standards and protocols to provide to their customers for monitoring and controlling DER devices, in particular when they are interconnected with the electric power system. In the past, DER manufacturers developed their own proprietary ...

This document addresses the IEC 61850 information modelling for DER, although some types and aspects of DER information models have been developed or are being developed separately through technical reports before they are added to this international standard DER model. These consist of the following:
• IEC 61850-90-6: Use of IEC 61850 for Distribution Automation Systems
• IEC 61850-90-8: Object model for electric mobility
• IEC 61850-90-9: Use of IEC 61850 for Electrical Storage Systems
• IEC 61850-90-15: DER Grid Integration using IEC 61850 "

This document is one of the crucial parts for the application of IEC 61850 in distributed power systems.