Saturday, December 29, 2012

Cyber Incidents grew in 2012 – High in Energy Sector

“The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) leads efforts to improve the nation's cyber security posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation while protecting the constitutional rights of Americans. US-CERT strives to be a trusted global leader in cyber security—collaborative, agile, and responsive in a dynamic and complex environment.” (Source: US-CERT)

The organization just published a must-read summary document covering various issues from the last three months (October – December 2012). You will find a bunch of very useful information about what has happened and what could happen next. 

One focus of US-CERT is the energy sector: From October 2011 to September 2012 “ICS-CERT received and responded to 198 cyber incidents as reported by asset owners and industry partners. Attacks against the energy sector represented 41 % of the total number of incidents.

The large-scale and fast growing deployment of IEDs (Intelligent Electronic Devices) in the whole energy sector (including the huge domain of electric power systems) necessitates the development and application of appropriate security measures.

The year 2013 will be a challenging year to keep the power flowing: the aging infrastructure, the need for smart generation, delivery, and use of power requires smart people that will develop smart processes and smart devices. And: All decisions and solutions to keep the power flowing, the sky blue and grass green MUST be accompanied with existing and new security measures!

Security is more than just a buzzword!

I hope that the responsible managers in power systems have increased the budget for increasing security activities for 2013 (and beyond).

Friday, December 28, 2012

IEC 61400-25 is based on IEC 61850

During the year 2012 I have received more often the question about the relation between IEC 61400-25 and IEC 61850.

The most crucial issue in understanding IEC 61400-25 is this: The standard series IEC 61400-25 is based on the series IEC 61850 (mainly part 7-x, 8-1). A lot of definitions and basics defined in IEC 61850 are not repeated in IEC 61400-25. The part 6 (Configuration language) is not referenced in IEC 61400-25 at all and so on.

Could part IEC 61850-6 be used for IEC 61400-25? Yes, it could be used in almost all implementations of IEC 61400-25. Why? Because usually the implementation of the communication uses the mapping to MMS according to IEC 61850-8-1 which is referenced in IEC 61400-25-4.

To really understand IEC 61400-25, one needs to have a very good basic understanding of IEC 61850.

The standard IEC 61850 could be understood as extended IEC 61850 information models. There are a few special definitions in IEC 61400-25-2 which deviate partly from IEC 61850-7-3 and 7-4.

Example: LN WGEN – Generator

That model comprises among other data objects the objects for 3 phase currents and voltages for the stator and for the rotor:

image

The argument why the electrical measurements are contained in the LN WGEN is simple: The Generator generates voltages and currents … so these measurements are an integral part of the generator! Full stop. In IEC 68150 the modeling approach is to find the smallest parts of information to be exchanged by a function to be modeled.

The electrical measurements in IEC 61850-7-4 are contained in the LN MMXU. To indicate the use for the stator or rotor could be indicated by a prefix in the instance name: Sta_MMXU.A and Rtr_MMXU.A.

image

Note how the instance names are build (according to IEC 61850-7-2 Edition 2):

image 
 
During the ongoing maintenance work on the first five parts of IEC 61400-25 it could be expected that the information models of IEC 61400-25-2 and IEC 61850-7-x will be harmonized as much as possible.

Note that the models may be different – there may be two model, but there is only one real world. The real world does not change depending on models! On the other side, models should be harmonized to a high degree … to prevent confusion. I have seen models implemented for a wind turbine that use MMXU instead of the models in WTUR.

The key issue is: different people and groups have different understanding of modeling!

Monday, December 24, 2012

Europe: Smart Grid Standards are Here or on the Way

Just before end of 2012 a set of comprehensive documents provided by the CEN-CENELEC-ETSI Smart Grid Coordination Group (SG-CG), being responsible for coordinating the ESOs reply to M/490 (Mandate), have been published.

In 2012, the SG-CG worked intensively to produce the following reports (approved by the CEN and CENELEC Technical Boards in December 2012 - to be approved by ETSI Board early January 2013):

In addition, SG-CG produced a Framework Document which provides an overview of the activities. It describes how the different elements mentioned above fit together as to provide the consistent framework for Smart Grids, as requested by M/490.

The documents are very comprehensive and detailed! It is really surprising what experts have put together in relatively short time!! Congratulation!

Please find two small excerpts form the above listed documents:

The Smart Grid Architecture Model (SGAM) provides some kind of overview about the complexity of the European Power Grid (applicable globally) – the available standards and those that need to be defined are positioned in that model:

image

The model could be used as a guidline.

The CEN-CENELEC-ETSI Smart Grid Coordination Group published a “First Set of Standards” … no surprise that IEC 61850 plays a major role today and in the future. Example excerpt:

image

There are – of course – many other standards listed.

In the coming years there is a need for more simple and secure IEC 61850 based devices that could provide the huge amount of signals from and for the process and field zones for power generation, transmission, distribution, DER and customer premises.

The com.tom components (implementing IEC 60870-5-104, –103, IEC 61850, IEC 61400-35, DNP3, …)  are likely to play a major role.

Friday, December 21, 2012

Pay Now Or Later! Life Cycle Cost of Automation System neglected

People responsible for huge automation projects can focus on the cost for installing and commissioning a system OR on the cost for operating and maintaining a system. A reasonable approach would be to figure out what the System Life Cycle Cost are likely.

Yesterday I read in a technical magazine about a very bad example of focusing first on minimum costs for installing and commissioning and neglecting System Life Cycle Cost. In this case the whole automation system is completely refurbished a few years after the system was put in operation. The refurbishment has cost some 15.000.000 Euro. Unbelievable.

The 2 times 34.6 km “Lötschberg Alpine Base Tunnel” (Switzerland) was build between 1999 and 2007. The project’s cost were some 4.000.000.000 Euro. The crucial priority for building the tunnel was meeting the calculated costs and deadlines for opening the tunnel for operation. The project was finished on time and the costs were in the limits set! Perfect! … compared to many huge projects …

But! A running system has to run for years! Very often little efforts are spent to assure that the system remains “clean” and maintainable and expandable even after many years.

In the case of the Lötschberg Tunnel the operation costs were far to high due to the fact that there were very little efforts made during planning and engineering phase to allow a smooth information flow between the many devices and systems. There were many islands of information.

The technical infrastructures had been tendered and realized as separate systems for: Fire protection, Ventilation/ A/C, Lighting control, Escape and evacuation, Cross tube doors, Power supply, Water supply, … Many gateways, protocol inverters, and and had to be installed to let components communicate and share information. The 24*7 operation of the tunnel required personnel on site to run behind alarms: during the first year of operation the many systems produced between 1.000 and 5.000 Alarms per day (!!!). Even after some improvement two experts had to process some 30 alarms per day … causing operating costs (including the people to look after the alarms) of some 4.000.000 Euro per year!

This was far to high!

What to do now? It was decided soon (in 2009) to refurbish the complete automation and SCADA system build mainly by a SINGLE vendor’s solution. Cost for refurbishment: some 15.000.000 Euro. The new system is scheduled to take over the control of the tunnel mid 2013. The operation and maintenance cost are expected be reduced from 4.000.000 Euro to 1.500.000 Euro per year. WOW!

It was reported also that due to the overtime of the service and maintenance personnel many of these people left the company. I guess they were frustrated … or?

Don’t focus on message encoding of one or the other protocol. Always focus on the SYSTEM and Life Cycle Cost.

Missing capabilities to smoothly share information for the some 100.000 signals of the tunnel system have let the costs of operating and maintaining the system sky-rocketed to 4.000.000 Euro per year!

IEC 61850 is intended to provide a smooth and secure information sharing solution – independent of a SINGLE small, medium or big vendor!

Lesson learned: Open (vendor independent) information sharing could have a crucial impact of the Life Cycle Cost.

Do you care about Life Cycle Cost? Yes!? If the answer is Yes, then IEC 60870-5-104, IEC 61850, IEC 61400-25 and DNP3 are recommended options for the future needs of energy system information sharing.

Access a report from the main contractor (vendor) of the refurbished system for the Loetschberg tunnel project [pdf, en].

Another report published in Dec 2012 [pdf, de]

Europe: More on Security for Smart Grids

The European Network and Information Security Agency (ENISA) has published on Dec 6, 2012 a new report titled:

Appropriate security measures for smart grids
Guidelines to assess the sophistication of security measures implementation

The report provides “guidance to smart grid stakeholders by providing a set of minimum security measures which might help in improving the minimum level of their cyber security services. The proposed security measures are organised into three (3) sophistication levels and ten (10) domains, namely:
1. Security governance & risk management;
2. Management of third parties;
3. Secure lifecycle process for smart grid components/systems and operating procedures;
4. Personnel security, awareness and training;
5. Incident response & information knowledge sharing;
6. Audit and accountability;
7. Continuity of operations;
8. Physical security;
9. Information systems security; and
10. Network security.”

Does any of these documents make any system more secure? No! The security will increase only if smart people implement appropriate measures! There are many documents that suggest needed measures – the text written is sometimes nothing else than toner on paper or pixels on a screen.

What to do? Invest in doing something. Don’t wait until the perfect measures are defined and accepted by every manager! That will never happen. Security is an ongoing process that required permanent improvements of measures.

The report recommends “Organisations wishing to establish, implement, operate, monitor and continuously maintain and improve an appropriate level of smart grid security, must also carefully and continuously consider and assess the actual level of preparedness and the related security risks they face.
A risk assessment should be performed throughout the system life cycle: during requirements definition, procurement, control definition and configuration, system operations, and system close-out.”

Security measures should be taken from the very beginning of planning to use automation and information systems. The big show-stopper is that all these measures cost money and need increased resources (manpower, software and hardware, …). In the domain of DNP3, IEC 60870-5-104, IEC 61850 and IEC 61400-25 basic measures are defined in the documents of the series IEC 62351.

Download the complete report [84 pages. pdf]

U-Bahn-Fahrplan Energiewende – Eine gute Übersicht

Energiewende – ein Begriff, der international bekannt ist! Was ist darunter zu verstehen? Sehr viel!! Es geht um Energie – weit über Strom-Erzeugung, –Transport, –Verteilung und –Verbrauch hinaus.

Eine sehr gut zu lesende und sehr leicht verständliche Zusammenfassung auf 16 Seiten sollte jedem Bürger über 15 Jahre als Pflicht-Lektüre empfohlen werden sollte!

Sehr interessant ist der “U-Bahn-Fahrplan”, der alle wesentlichen Aspekte der Energiewende grafisch darstellt:

image

Hier können Sie die komplette Grafik “Gesamtübersicht Energiewende” herunterladen [jpg, 1,6 MB]

Download der Zusammenfassung [16 Seiten, pdf, 4 MB]

Noch Fragen?

IEC 61850 wird in vielen, zur Realisierung der Energiewende notwendigen Technologien eine große Bedeutung zukommen – Mit Sicherheit!

Bildquelle: IFEU-Institut

Monday, December 17, 2012

IEC 61850 Edition 2 Eases the use of the Standard

Is that really true? Sure it is.

First of all, when I talk about “IEC 61850 Edition 2” in this post I mean the Edition 2 of the core parts like IEC 61850-6, –7-x, and -8-1.

Most of the definitions of these Edition 2 core parts have not been touched! Several “overheads” in the former edition have been removed! There are a few cleaned-up definitions (that had already been solved during the tissue process), and there are several new definitions (mainly in the model documents 7-3 and 7-4). New logical nodes like STMP (Supervision Temperature) have no impact on the other definitions – they are independent new definitions for NEW applications.

Let’s look at examples of the “overhead” of mandatory data objects in each and every logical node in edition 1 of part 7-4:

The common data objects in ALL logical nodes in IEC 61850-7-4 Edition 1 required the following four (4) mandatory objects:

NamPlt   LPL
Mod      ENC
Beh      ENS
Health   ENS

According to IEC 61850-7-4 Edition 2 this has been reduced to one single mandatory (1) data object for all but one LN - LLN0:

Beh      ENS

This could save a lot of memory and processing … we have learned to improve the standard – that is what most people expected! Or?

Most basic definitions in common data classes are still the SAME; a lot of devices (edition 1 or edition 2 based) work smoothly together when we look of basic use cases:

SPS (single point status):
stVal   BOOLEAN
q       Quality
t       TimeStamp

DPS (double point status):
stVal   CODED ENUM
q       Quality
t       TimeStamp

MV (measured values):
mag     AnalogueValue
q       Quality
t       TimeStamp

Now when we compare these basic “signal” types with … we will figure out that there is almost NO real difference! Please check the following mapping from IEC 61850 to DNP3 (according to IEEE P1815.1 Draft Standard for Exchanging Information between networks Implementing IEC 61850 and IEEE Std 1815 (Distributed Network Protocol - DNP3):

Mapping for DPS (double point status):

image 

DBBI = Double-Bit Binary Input
BI    =  Binary Input

Do you think this is a crucial difference?

Some people want to make us belief that IEC 61850 is complex. Check on your own, please. If you need help, let me know.

What is the Scope of IEC 61850?

The title and scope of IEC 61850 has been extended from “substations” to “power utility automation” many years ago. The title of all new parts and Edition 2 of revised parts (e.g., IEC 61850-7-1 Edition 2) is:

Communication networks and systems for power utility automation

The scope of IEC 61850 (e.g., as defined in IEC 61850-7-1 Edition 2) has been extended to:

– hydroelectric power plants,
– substation to substation information exchange,
– information exchange for distributed automation,
– substation to control centre information exchange,
– information exchange for metering,
– condition monitoring and diagnosis, and
– information exchange with engineering systems for device configuration.

The written scope of standards can be used to ... but it does not constrain the use.

The scope of IEC 60870-5-104 is defined as follows: This part of IEC 60870 applies to telecontrol equipment and systems with coded bit serial data transmission for monitoring and controlling geographically widespread processes.

Does this preclude to use 104 as substation bus? No, not at all. It is in use in many substations - at least in Germany.

And when it comes to "widespread processes", e.g., PV systems that need to be monitored and controlled, it is natural to use DNP3 or 104, or? ... today ... yes. When it comes to TCP based communication there is a very little (or almost no) difference between one protocol and the other. When you look at the overhead generated by TCP/IP … !

The main issue is: What will it cost to plan, procure, install, rent, configure, ... operate the network infrastructure? The crucial costs are still in the hardware, wires, signal-converters, commissioning, configuration, testing, service, maintenance, and SECURITY measures to be implemented – that’s what I have seen in several "modern" approaches to control a PV system from a DSO. Saving a few minutes in the configuration with one or the other protocol is relatively negligible.

When we talk about cost, let's look at the end-to-end cost and life-cycle cost - not just looking at differences in protocols and scopes of standards.

Have a look at the resources needed to encrypt and decrypt messages at transport protocol layer: The resources for making the transport layer secure requires many more resources than those needed for one protocol message or the other.

Focus on the SYSTEM – which is more than looking at SCADA protocols.

Friday, December 14, 2012

TÜV SÜD conducts One Day Seminar on IEC 61850 in San Diego (CA) on January 28, 2013

TÜV SÜD conducts a One Day Seminar on IEC 61850 Edition 2, Security and Certification in

San Diego (CA)
January 28, 2013 (Monday, the day before the DistribuTech 2013 opens).

What does IEC 61850 Edition 2 mean?
Is the wait for IEC 61850 over?
What is the co-existence of DNP3 (IEC 60870-5-104) and IEC 61850?
What are the security solutions for these standards?
How to ensure that devices are interoperable?

These and many other questions will be discussed during the seminar.

Details and registration can be found here. [early bird rate before January 10]

Note that TÜV SÜD has a booth at DistribuTech [Booth 624], the TÜV SÜD experts will be available during the DistribuTech. Karlheinz Schwarz will be at the UCA International Users Group [Booth 1648].

Contact us, in case you want to meet us. We can set a date and time for a comprehensive discussion in advance.

Stromausfälle und ihre (katastrophalen) Folgen

Strom kommt aus der Steckdose! Oder? Ja – natürlich! Wie kommt er in die Steckdose? Wen interessiert das schon! So ein paar Techniker – die sollten das wissen!

Strom ist nicht so unterhaltsam wie eine Oper oder ein Konzert! Wirklich? Allerdings! Nur - Strom unterhält uns doch alle: Ohne Strom keine Er- und Unterhaltung! In jeglicher Hinsicht. Was passiert, wenn bei der Aufführung einer Oper das Licht ausgeht, die Aufzüge und Rolltreppen stehen bleiben, die Lüftungs- und Klimaanlagen ausfallen, die Handynetze ihren Geist aufgeben, … und die Tankstellen keinen Kraftstoff mehr verkaufen können … laut einer Studie gibt es in Berlin ganze zwei Tankstellen mit einer Notstromversorgung!

In meiner Kindheit habe ich meine Mutter erlebt, als sie gerade beim Waschen war, fiel der Strom aus; sie sagte mir, dann kann ich ja in der Zeit (mit dem elektrischen Bügeleisen) bügeln! Während ihrer Kindheit hätte das wahrscheinlich funktioniert.

Was bei einem Blackout geschieht - Folgen eines langandauernden und großräumigen Stromausfalls. Unter diesem Titel wurde 2011 eine umfangreiche und interessante Studie veröffentlicht.

Zusammenfassung der Studie [3 Seiten, pdf]

Komplette Studie des Büros für Technikfolgen-Abschätzung beim Deutschen Bundestag [251 Seiten, pdf]

Anmerkungen von einem mir bekannten pensionierten Experten, der die Herausforderungen der Energieversorgung von Berufswegen sehr gut kennt:

Die Studie umfasst 261 Seiten. Allein die Zusammenfassung ist 31 Seiten lang. Der Text von Prof. Popp verdichtet dies auf 3 Seiten. Im Februar dieses Jahres war im gesamten europäischen Stromnetz nur noch eine Reserve von ca. 1000 MW verfügbar. Der Ausfall eines einzigen Kernkraftwerkblockes (z. B. ein Block in Philippsburg) hätte zum Totalausfall des gesamten Stromnetzes geführt. So knapp war es noch nie. Aber weil „wieder“ nichts passiert ist, wird diese Extremsituation von der Bevölkerung schlicht nicht wahrgenommen. Unser Umgang mit dieser so wichtigen Infrastruktur wie der Stromversorgung kann nur noch als total unverantwortlich bezeichnet werden.

Da die Kommunikationsmöglichkeiten bei einem totalen Stromausfall sehr rasch wegbrechen (selbst Notausgaben von Zeitungen entfallen, denn wie sollen Journalisten an verlässliche Informationen kommen, wie sollen Notausgaben hergestellt und wie verteilt werden), erreichen Informationen über die Folgen eines längeren Stromausfalles nur noch gerüchteweise und eher lokal die Bevölkerung. Diese kann den tatsächlichen Umfang an Beeinträchtigungen bis hin zu eingetretenen Schäden oder gar zu beklagenden Opfern höchstens erahnen. Eine Wiederherstellung einer dann wieder nutzbaren Infrastruktur ist bisher nicht überlegt, auch nicht geübt. Wie soll das dann funktionieren? Was wären die Folgen?

Wir haben und pflegen die Meinung, dass wir ein technisch hochstehendes Land sind. Mir wird schummrig. Der Vorfall kürzlich in München müsste doch einigen die Augen geöffnet haben. Der lange Ausfall in New York noch viel mehr. Aber wir "spielen" weiterhin mit unserer so wichtigen Infrastruktur und meinen, "der Markt" sorgt dafür (mit Geldbewegungen?!), dass das Gleichgewicht zwischen Erzeugung und Nutzung ständig eingehalten ist. Was ein Irrtum. Mich bringt die Ignoranz noch zum Wahnsinn (oder um).

Sein Fazit: Wann werden die notwendigen Schlussfolgerungen gezogen und tatsächlich konsequent umgesetzt?

Was fällt uns – neben dem Aufbringen von Markierungen für Fahrradwege in Innenstädten – noch alles ein, um die Energieversorgung nachhaltig zu sichern? Es reicht nicht aus, keine Ideen zu haben, man muss auch unfähig sein sie umzusetzen!

Heute ist dafür alles „smart“ (was übrigens auch „gerissen“ bedeutet). Wir sollten uns wieder auf das besinnen, was bisher zu der eigentlich unglaublich hohen Verlässlichkeit der elektrischen Stromversorgung geführt hat: Der Sachverstand, die Vernunft und die gekonnte Beachtung physikalischer Gesetzmäßigkeiten – nicht das Geld und nicht der Markt.

Intelligente und sichere elektrische Energieversorgungsnetze wurden bereits
zu Beginn der Elektrifizierung erfunden und bis heute weiterentwickelt.
Elektrische Sicherungen, Schutz- und Überwachungseinrichtungen sind seit
über 100 Jahren phänomenale Geräte zum Schutz von Leben und technischen
Einrichtungen. Ohne diese „smarten“ Geräte wäre ein fehlerfreies und
ausfallsicheres elektrisches Energieversorgungssystem undenkbar und die
Versorgung mit elektrischer Energie viel zu gefährlich. Siehe auch:

http://blog.iec61850.com/2012/03/smart-grids-19th-century-invention.html

Thursday, December 6, 2012

Where is the sun shining?

If you want to figure out where in Germany the sun is shining, you have several possibilities: check with a weather related website or check the PV power production.

Today (2012-12-06 10:28) the PV Power was 1.1 GW … the sun was shining in the south-western part – where Karlsruhe (my home town) is:

image

Up-to-date  and historical PV power performance provided by SMA.

Monday, December 3, 2012

Two new Papers on IEC 61850 Sampled Value Exchange Models

Several well known experts from Australia (David M.E. Ingram, Pascal Schaub, Richard R. Taylor, and Duncan Campbell) have spent some time on analyzing the applicability of IEC 61850 Sampled Value exchange methods and IEEE 1588 time synchronization for high voltage substations. Read what they have figured out:

The first paper focuses on “Performance analysis of IEC 61850 sampled value process bus networks”:

Process bus networks are the next stage in the evolution of substation design, bringing digital technology to the high voltage switchyard. Benefits of process buses include facilitating the use of Non-Conventional Instrument Transformers, improved disturbance recording and phasor measurement and the removal of costly, and potentially hazardous, copper cabling from substation switchyards and control rooms. This paper examines the role a process bus plays in an IEC 61850 based Substation Automation System.

More details and download link.

The second paper is on: “Performance analysis of PTP components for IEC 61850 process bus applications

New substation automation applications, such as sampled value process buses and synchrophasors, require sampling accuracy of 1 µs or better. The Precision Time Protocol (PTP), IEEE Std 1588, achieves this level of performance and integrates well into Ethernet based substation networks. This paper takes a systematic approach to the performance evaluation of commercially available PTP devices (grandmaster, slave, transparent and boundary clocks) from a variety of manufacturers.

More details and download link.