David Dolezilek

Requirements or recommendations? Sorting out NERC CIP, NIST, and DOE cybersecurity

Oil and gas, water and electric power — all of these essential services rely on SCADA (supervisory control and data acquisition), protection, and monitoring systems that use communications networks. The use of communications networks makes these systems potentially vulnerable to cyberattack. Over the past decade, faced with an increase in computer hacking and the recognition of the importance of these services to health and welfare, economic stability, and national security, the United States federal government has been increasingly involved in efforts to assist utilities in improving their security posture. Smart grid has become synonymous with asynchronous, nonmission-critical information exchange applications. Smart grid infrastructure describes the existing, yet largely unrecognized, mission-critical control applications that enable generation and delivery of power. Smart grid infrastructure applications require deterministic and synchronous message exchange, including automation and teleprotection. Today, utilities are faced with a confusing array of cybersecurity guidance, standards, and regulatory requirements. Electric utilities operating bulk power system assets must comply with eight NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) standards that are in the process of being revised. Federal entities are required by the FISMA (Federal Information Security Management Act of 2002) to comply with NIST (National Institute of Standards and Technology) standards. Under the Energy Independence and Security Act of 2007, Congress gave NIST the task of developing a framework of interoperability and cybersecurity for smart grid applications. To date, the framework has been primarily focused on smart grid information exchange applications that use asynchronous data flow, including metering, demand response, and the near realtime elements of substation and distribution automation. These automation elements and other smart grid infrastructure applications that require deterministic synchronous data exchange, including teleprotection and synchrophasor state measurement, remain a future endeavor. This paper discusses various cybersecurity requirements and presents a clear picture of work being done by NIST to explain what is required and recommended and what utilities should expect to see in the near future as NERC and NIST work continues.

Case studies: Synchrophasors for wide-area monitoring, protection, and control

Worldwide power systems operated for maximum economy potentially sacrifice traditional stability margins. Long lines between generators and loads, changes in the generation mix, and an increase in interconnections have complicated the use of older tools for system analysis. System disturbances and blackouts at locations throughout the world have demonstrated the need to simplify how system operators obtain the situational awareness necessary to maintain stability and optimize economy.

Using dynamic real-time substation information to reinvent asset management

Existing applications do not satisfy asset management. Geospatial information systems (GIS), in part, perform static inventory management of power delivery assets, i.e., location of the asset and nameplate data but not dynamic performance or availability. Maintenance management systems retain the history of maintenance tasks performed on equipment and predict when new tasks should be performed but do not understand return on investment (ROI) to plan replacement. Work management systems help schedule resources to perform maintenance, replacement, or operational tasks only after they have been identified elsewhere. So in essence, true asset management is overlooked. The success of these applications should rely heavily on timely and accurate data. Real-time and historical operating data are essential for identifying and improving dynamic performance optimization, for outage management and avoidance, and for planning obsolescence and expansion. This paper addresses overlooked asset management needs of determining and improving the health, reliability, ROI, and performance of apparatus and systems, and hopes to provide a better understanding of how to consider benefits or losses the utility experiences.

Validating mission-critical ethernet networks for protection, automation, and control applications

The communications standard IEC 61850-5 identifies fast messages that perform high-speed automation, protection, and interlocking to meet or exceed a transmission time of 3 milliseconds as Type 1A, Performance Class P2/P3. Modern microprocessor-based devices and Ethernet networks routinely meet this requirement when everything is working as expected. One of the most important acceptance criteria (and perhaps least understood) is the maximum transmission time when unexpected things do happen and messages are delayed. Because not all paths in an Ethernet network perform the same, this paper introduces path performance classifications that illustrate the minimum and maximum transfer times between two devices. The telecommunications performance standard IEC 60834-1 is commonly used to evaluate point-to-point high-speed automation and interlocking. It describes the overall operating time between the instant of the change of state at the command input on the source device and the instant of the change of state at the command output on the destination device. This includes propagation time and any additional delays. IEC 60834-1 further defines transmission dependability as the ability to receive each command message within the fixed actual transmission time defined by the application, in this case 3 milliseconds. IEC 61850-5 specifically states that testing and verification of the complete transfer time must be performed during site acceptance testing using the physical devices and network equipment. Methods to test and validate message transmission during normal Ethernet packet delivery as well as during path failure are introduced in this paper based on both Rapid Spanning Tree Protocol (RSTP) and Parallel Redundancy Protocol (PRP).

Case study of practical applications of smart grid technologies

The simple truth to making the distribution grid smarter is to deploy communications and leverage advanced controls that are commonplace in substation automation, remedial action schemes, power management systems, and industrial closed-loop power automation. The untapped powerful information within the protection, control, and monitoring intelligent electronic devices (IEDs) can be leveraged. Dramatic distribution automation improvements are available by simply enabling and coordinating the unused automation capabilities of the numerous isolated IEDs already in service throughout the power system via distributed communications. These improvements automatically and rapidly isolate faults, restore power, monitor demand, and maintain and restore stability for more reliable generation, transmission, and delivery of electric power. By communicating with one another to accomplish tasks formerly done by humans or left undone, these IEDs observe the state of the power system, make educated decisions, and then take action to preserve the stability and performance of the grid. The smart grid is a collection of information sources and the automatic control systems that manage the delivery of power, understand the changes in demand, and react to it by managing demand response. This paper focuses on distribution-level protection and automation techniques illustrated with real-world case study examples.

Decision-making information from substation IEDs drives equipment life extension, modernization, and retrofitting

Much of the power system equipment in use today is nearing or has passed its predicted operating life, and we are pushing equipment to increasingly higher levels to meet demands. Injuries, failed equipment, unscheduled downtime, and loss of production are concerns that require knowledge of in-service power system apparatus. This is coupled with the competitiveness of the electrical energy market. The prevention of faults and defects in substation primary equipment is considered a major differentiating factor in the quality of power delivered by utilities. The reduction of faults and defects that cause interruptions in the supply of electrical energy significantly improves service performance rates.

Case study: Replace substation wiring with rugged fiber communications

This paper describes the impact of new substation protection, control, and monitoring wiring techniques based on virtual wiring replacing traditional wiring. Special emphasis is given to the architectural implications of using digital communications between devices instead of traditional pairs of copper conductors to communicate status and measurements. Additional distinction is made regarding wiring reduction, yard construction, interoperability, and system testing. The paper also analyzes the influence of the latest best practice installation methods of pre-engineered solutions. Emphasis is placed on interoperability among generations of technology from one or more manufacturers and the physical benefits derived from the expanded use of fiber-optic network communication.

Remote Data Monitoring and Data Analysis for Substations-A Case Study in Implementation

Todays intelligent electronic devices (IEDs) and robust communications processors contain large amounts of valuable substation data that have been available for years but largely overlooked. Initial integration efforts by most vendors focused solely on providing data access and control of supervisory control and data acquisition (SCADA) type data from the IEDs to replace separate SCADA hardware such as RTUs. Following the RTU replacement method led many vendors to use SCADA protocols to retrieve these data for use in supervisory operation. Choosing to use SCADA protocols, such as Modbusreg, DNP, and UCA led to the problem that data unsupported by these protocols were trapped in the IED and unavailable. Stranded data include historical performance information, equipment monitoring data, device diagnostic data, automation data, as well as settings and configuration information. A few innovative utilities have been managing these data through remote monitoring and making them available for use by all divisions of the company. Todays data tools and communications methods allow every utility to take advantage of these data to truly manage their power systems. This paper is a case study of remote data monitoring and data analysis design and techniques. This remote monitoring technology greatly reduces power system operation and maintenance (O&M) costs while providing valuable information to system planning and operating departments

Communications Technologies and Practices to Satisfy NERC Critical Infrastructure Protection (CIP)

This paper addresses the new North American Reliability Council (NERC) critical infrastructure protection (CIP) requirements, which have replaced the guidelines in the previous NERC standards 1200 and 1300 on cybersecurity. This paper is a tutorial on how to deploy intelligent electronic devices (IEDs) and communications and security technology to satisfy each applicable section of the NERC CIP and reduce the chances of electronic intrusion. Through use of the information in this paper, each entity can begin the process of satisfying internal responsibilities to proactively improve security and strengthen their security posture

Case study in improving protection system reliability with automatic NERC PRC-005 inspection, testing, reporting, and auditing

This paper is a case study of the design process and validation of a simple and effective solution to satisfy the North American Electric Reliability Corporation (NERC) PRC-005 protection system maintenance program (PSMP) requirements. The example solution is a protection system monitoring (PSM) application for an in-service system at a hydroelectric generating station. This PSM system uses simple digital communication to collect information from intelligent electronic devices (IEDs) to perform real-time validation and status reporting to keep components in working order and to quickly restore the malfunctioning components to proper operation. The PSM controller and all communications are separate from protection and supervisory control and data acquisition (SCADA) communications channels to prevent the possibility of affecting these communications channels. Control is not possible via the PSM communication, and the links are safely added to in-service systems, which simplifies conformance for existing plants. The PSM controller has a real-time operator interface that provides an up-to-the-second audit status of compliance, detected anomalies, and true alarms. The embedded maintenance program automatically performs all of the possible PRC-005 maintenance program activities, including the following: ; Verification - a means of determining that the component is functioning correctly. ; Monitoring - the observation of the routine in-service operation of the component. ; Testing - the application of signals to a component to observe functional performance, observe output behavior, or diagnose problems. ; Inspection - an operator interface to present visible signs of component failure, reduced performance, and degradation. ; Calibration - the recommendations for and confirmation of the adjustment of the operating threshold or measurement accuracy of a measuring element to meet the intended performance requirement. ; Upkeep - the routine activities to ensure that the component remains in good working order and ensure the visibility of any hardware and software service advisories that are relevant to the device application. ; Restoration - the description and acknowledgement of the completion of actions to restore the proper operation of malfunctioning components. Critical protection system components, including potential transformers, current transformers, relays, controllers, station dc supply, and communications channels, are automatically monitored for function and accuracy. The system includes the automatic collection of event reports and disturbance records to provide enterprise-level event storage and analysis. The system is scalable in size and function. A discussion of future enhancements, such as trip circuit validation, is included in this paper. The isolation of the PSM system from the protection, control, and monitoring (PCM) network operation is also discussed to address system security. The system was tested using the design of an actual hydroelectric generating station. The test also included a full simulation of the system. Two major distinctions between traditional protection system maintenance and the testing performed by the PSM system are the automatic and the continuous nature of the reporting. The PSM system constantly performs evaluations on in-service equipment, evaluating and reporting the overall system health. The PSM system not only improves the overall reliability of the bulk electric system by performing real-time evaluations of critical protection system components but also reduces or eliminates fines due to a missed test.