Beruflich Dokumente
Kultur Dokumente
'The author certifies that the paper titled- ' Utilizing IEC 61850, Ethernet and IP Standards for
Integrated Substation Communications ' and submitted for consideration for the Seminar- IT in
Power Sector ‘Performance Upgradation including Automation’ December 11- 12, 2008 || IHC,
New Delhi, India is original.
systems and the devices attached to the network, as from metering, and various control systems used
well as providing secure management of the network differing data protocols, which forced the use of
infrastructure itself. separate networks. Video surveillance, when
implemented, was on a separate CCTV analog
Successful implementation of such a multi-purpose network. Protection signalling was isolated,
network requires a comprehensive vision of the target primarily because the extreme low latency and
architecture. The advantage of an Ethernet-based guaranteed performance requirements of protection
strategic substation network is that it has the capacity events could not be assured in a shared network.
and flexibility to support multiple applications at the Today, IEC 61850 and other initiatives identify
same time, even when they have widely differing IP/Ethernet as the basic networking technology upon
requirements. The capability is there, but the which to build an integrated substation network
architecture planners and implementers must take architecture, and facilitate data exchange with other
into account that the applications being served by the groups or organizations within the power utility..
network will include diverse objectives and
requirements for things such as protection signalling, Ethernet/IP provides broadly supported
control automation, metering, and that technology for system interconnection across many
communications functionality will be necessary to system suppliers. It leverages mass market
address both communications within the substation component volumes to create a cost-effective, high-
and those extending beyond it. This architecture performance network. In addition, Ethernet lends
guides each successive project as the network itself to fiber-based connectivity that is important in
evolves. Implementers must meet immediate project electrically noisy industrial environments, and it
needs while avoiding missteps that create obstacles to supports ring, dual-star and mesh topologies that are
future evolutionary growth. highly resilient against single-point network faults,
thus improving system reliability.
The paper assesses current and emerging
requirements for substation networking and discusses When multiple projects will share a new
a strategic architecture for local and wide area integrated network, an immediate benefit is reduced
substation networking and proposes practical cost for equipment and facilities. The larger
implementation guidelines that will enable project economic benefits come from reduced cost and delay
planners to proceed with greater confidence that they in adding additional systems to the substation in the
can both meet immediate project needs and also future, and also in reduced cost of ongoing
prepare for a cost effective and flexible path forward operations, including training and maintenance. Also,
into the future. with a larger scaled network serving more
applications, it is easier to justify added features in
II. TARGET ARCHITECTURE the network to increase reliability and security as
It should be a given in any network design additional benefits. See Fig. 1 for an illustration of
implemented today will support a single integrated an integrated power utility layout utilizing Ethernet
network. The alternative is a difficult-to-maintain and IP technology.
hodgepodge of separate networks under the same
roof. Traditionally SCADA networks were separate
3
Video Monitoring
IP Video Data
Server Applications
Ethernet Infrastructure
Fig. 6 Integrated Substation Networking with WAN access to Remote Operations Centres
One key is to implement Internet Protocol (IP) as connection into the Ethernet core network over
the common protocol across systems. As described Ethernet and participate in RSTP for greater
above, legacy serial ports, including administrative reliability. There are several different WAN media
IED ports, can be accessed from a central PC using available, including wireless, fiber and various
common terminal emulation software such as telecommunication carrier services. The WAN
Windows HyperTerminal or by PC client programs gateway should support direct interfaces to the
provided by many IED manufacturers. appropriate service, such as an E1 carrier line.
The Wide Area Network (WAN) gateway device The WAN gateway also plays an important role in
is basically an IP router. Like the other devices in the cyber security for the substation. The WAN gateway
substation, it should be hardened to substation should provide the primary electronic security
equipment standards. It should provide more than perimeter protection. The gateway should include IP
one Firewall features to block unauthorized access to the
8
substation network. Virtual Private Network (VPN) log access events, and optionally all activity during
technologies such as IPsec and Secure Socket Layer the user session.. Some utility cyber security
(SSL) should at least be available to provide implementations have additional active mechanisms
increased security in the future. Secure management in place to detect and alert on forms of attack more
of all network devices is also important, using complex than a direct login attempt. An example is
SSL/SSH and SNMPv3. an Intrusion Detection System (IDS) that looks for
patterns of attack such as aggressive transmissions to
VIII. ACCESS MANAGEMENT SYSTEMS exposed protocol ports or other vulnerabilities in host
As cyber security becomes an integral part of operating systems. IP Firewalls at the control center
substation networks, access management systems and at substations may also detect basic network
provide a bridge between the substation world and IT attacks (or simply misguided packets) that also
by both functioning as the secure gateway for legacy constitute security events. To manage these diverse
devices, and by interoperating with existing sources it is desirable to link firewall events, AMS
Enterprise authentication services. AMS systems events and IDS events to a common Security Event
check for user credentials and establish secure Management console, also shown in Figure 7.
connection to target IEDs. In addition AMS servers
Enterprise Network
AD
Control Center
AMS
RSA Intranet
Router
Router / Dial-up
Term Server Port Switch
Communications
Gateway