Cybersecurity, Generation, Smart Grid

The Role of Communications in the Smart Grid

Issue 11 and Volume 17.

Role of Communications in the Smart Grid

by Jim Krachenfels, Belden Americas Inc.

At one time, power delivery to customers was simple and one-way. The smart grid offers a different scenario. Effective communications strategies are critical to successful smart grid deployments, and the substation is the heart of any power utility communications strategy.

Multistakeholder Environment, Need for Alternative Energy Integration

The smart grid initiative introduced complexity levels. Innovations that have helped the grid manage power more effectively include:

  • Alternative power generation technologies;
  • Automated meter reading (AMR) and intelligent power management; and
  • Consumer and supplier scenarios in which consumers operate alternative power generation methodologies and occasionally sell power back to the grid, as well as consume it.

Utilities find it difficult to balance generation and demand in real time, especially with renewable and distributed energy generation. Some renewables—typically solar and wind power—are hard to accommodate because of their unpredictable, intermittent energy output. In addition, these resources often are not under the direct control of a utility. Substations must be able to monitor and manage energy flow and balance available power and consumer requirements.

On the consumer side, AMR, with its potential to measure real-time customer power use and provide feedback, generates new types of data and requires more intelligence within the grid.

figure 1

Monitoring this information is important. Equally important is the ability to use the information to control and balance generation with demand. An emerging trend is utilities’ paying power generators based on the amount of power supplied to the grid and on the predictability and reliability of supplied power.

There is another highly practical and urgent component to the need for increased communications efficiency and effectiveness. The physical threats and cyberthreats to the power utility infrastructure are real, and the communications infrastructure necessary to support physical surveillance and security, such as streaming video information—often in high-definition and high-resolution access control devices—can overwhelm a network that is insufficiently scalable and intelligent.

Standards-based Implementation

Smart grid network infrastructure must be organized around a standard. IEC 61850 is an international standard for communication in power generation facilities and substations that is Ethernet-based. It supports interoperability and scalability. By integrating key functions within a substation such as protection, control, measurement, monitoring and providing the means for high-speed protection applications, IEC 61850 simplifies power management.

A second standard important in smart grid development is IEEE 1588 v2. It is a breakthrough timing protocol that, for the first time, offers submicrosecond synchronization for clocks in substation and power delivery devices such as sensors and actuators over an Ethernet network. It is a critical component for allowing utilities to offer the precision timing necessary to support the control algorithms required for modern power management and delivery systems.

Substation-centric Communications Imperatives

Substations are the natural collection point for real-time information concerning power flow in and out of the grid. Substations are where voltages are stepped up from generation to transmission levels, and stepped down again from transmission to distribution levels (see Figure 2).

figure 2

Substations use Ethernet-enabled intelligent electronic devices (IEDs) such as protective relays and power monitors to measure power and, therefore, control and protect substation equipment such as circuit breakers and transformers. Other Ethernet-enabled automation components include operator interface terminals, data storage components, controllers and input and output devices.

Such devices are connected in a substationwide Ethernet network to substation controllers—either remote terminal units or more specialized substation controllers using Ethernet switches. Switches also enable communication between the substation and the utility dispatch centers via supervisory control and data acquisition (SCADA) systems to provide critical data that allows utilities to match generation with demand. Because the substation environment is often hostile with wide variations in temperature and humidity along with high vibration and electrical noise, high reliability is of utmost concern.

Building the Communications Infrastructure

Bandwidth scalability in an industrially hardened package. Industrially hardened networking products including Ethernet switches and routers are the best solution for smart grid infrastructure. They are engineered to operate and keep operating under harsh environmental conditions. Office-grade networking products never will be able to operate reliably in an environment that can include temperature extremes, exposure to dirt and other contaminants, moisture and high levels of electromagnetic interference.

Switches and routers for the smart grid also must be able to support more ports—particularly fiber ports. Fiber ports for 100Mb and gigabit provide the distance and security to accommodate the increased video surveillance demands of the power utility industry. In addition, the reduced cost of fiber media has made information technology physical security more affordable. Serial ports on the switches and routers enable interconnection to legacy devices. The increased port density also increases network reliability by providing fewer failure points.

Managed switches improve performance, security. Hardened managed Ethernet switches are penetrating deeper into substations as their footprints and costs have decreased. They provide network administration functions including but not limited to filtering data flow, traffic prioritization, network diagnostics and access security. Data filtering usually is based on the traffic type: broadcast or multicast, for example.

Traffic prioritization is required when the network is used simultaneously for varied applications. If voice data does not receive a high priority, the conversation might be intermittent. Automation data can be prioritized per port to ensure the highest level of repeatability and real-time response. A best practice made possible by the greater bandwidths available to utilities is segmenting automation networks so they do not compete with high-bandwidth traffic such as voice and video.

Network diagnostics can trigger an alarm based on bandwidth use, loss of communication or intermittent lost packets. One cost-saving result of network diagnostics is using lost-packet monitoring as an early warning of problems within the communications system. This allows maintenance to be scheduled, rather than reactive.

A managed switch can support access security in various ways. Turning off unused ports allows for easy identification of an unauthorized device’s attempting to use one of those ports and activates an alarm. Active ports can be secured through an access control list in the switch that contains media access control or Internet Protocol addresses. The switch sends an alarm upon detecting unauthorized access attempts.

Redundancy in connectivity and power. In addition to an insatiable need for continuous flows of data to monitor and manage the smart grid, the power industry also faces increased demand for energy from industrial and residential customers. Designing redundancy into network paths to every important device is critical to maintaining uptime in power substations and distribution systems in smart grid communication networks.

Network redundancy provides alternative communication paths should a segment of the physical media be interrupted by failure or maintenance. Smart grid switches, routers and other networking products will require redundant power supplies, as well as network-path redundancy to ensure data continues flowing.

Networking software is also key in keeping downtime to a minimum for critical utility applications. Key protocols include RSTP-2004 (a version of the rapid spanning tree protocol), IEC standard 62439-2 media redundancy protocol, and the new zero-failover protocols, parallel redundancy protocol (PRP) and high-availability seamless redundancy (HSR), which are based on the IEC 62439 standard.

Growth of Wireless Extensions to Ethernet

figure 3
Management of communication among substation devices is typically accomplished at the substation by installed Ethernet switches. Although these switches can be managed or unmanaged, managed switches provide additional functionality critical to the robust deployment of Ethernet in substation automation applications.

Wireless extensions to Ethernet networks support the power industry’s embrace of distributed data collection, monitoring and control. The installation of AMR devices on the consumer side would be cost-prohibitive without wireless communications. Wireless also is used extensively to connect remote substations—particularly in rugged terrain—cost-effectively into smart grid management systems. Some routers, hardened to meet the demands of substation conditions, offer reliable cellular communication to support AMR applications quickly and economically and to reach dispersed power facilities—even those widely distributed green power generation sites.

Integrated Security for Smart Grid Management

An intelligent smart grid relies on real-time, high-bandwidth, two-way open communications to control and monitor power flows. These communications make the smart grid viable but also open it to cyberattack. In addition, wireless technology brings its own smart grid challenges in security and regulatory concerns.

Although much of the current power grid is controlled by legacy automation systems that often don’t use open communications technologies, these systems usually are linked to SCADA systems that rely on open communication systems, making the entire system vulnerable to attack. Smart grid technologies are introducing millions of new intelligent components to the electric grid. Wireless extensions to Ethernet networks also pose security issues. In general, open communications among many devices has made cybersecurity a critical component of any communications system.

NERC’s Impact on Smart Grid

The North American Electric Reliability Corp. (NERC) develops and enforces reliability standards, assesses reliability, monitors the bulk power system and educates, trains and certifies industry personnel. NERC’s regulatory power extends through the U.S. and Canada. NERC’s critical infrastructure protection standards cover sabotage reporting; critical cyberasset identification; and security management controls, personnel and training, electronic security perimeters, the physical security of critical cyberassets, systems security management, incident reporting, response planning and recovery plans for critical cyberassets.

Cybersecurity must address deliberate attacks such as internal breaches, industrial espionage and terrorist strikes, as well as inadvertent compromises of the information infrastructure resulting from user errors, equipment failures and natural disasters. The obvious home for much of the substation protection will be in the switches and routers at the center of the communications infrastructure. A well-designed firewall is an important cyberprotection element. Firewalls stop unauthorized communications from outside the firewall and allow legitimate network traffic to pass, discerning between the two based on user-defined rules and configuration. Managed switches and routers typically are incorporated into a well-designed firewall. As cybersecurity solutions are deployed, it will be necessary to replace or retrofit many automation and communication components throughout the grid that are not designed to support protective measures. This is a costly proposition. In addition to components cost, there will be the time factor for installation and training operations and maintenance personnel.

figure 4
A redundant ring is set up among substations and includes the control center, as well as the ability to connect with remote substations via a cellular connection.

Specialized industrial security solutions offer a lower-cost way to extend the life of current installations. They can be used between existing communication channels and outside facilities. The appliances examine all network traffic and prevent unauthorized access and can provide other functions, such as monitoring network performance.

In addition, for optimum protection, components with common safety requirements can be grouped together into zones and protected by industrial security appliances to provide in-depth defense. Such appliances should offer zero-configuration installation and a process-safe start-up and test mode. They should be able to be installed in a live facility without network changes or production shutdowns. Installation personnel should not require knowledge of the operational security setup; the devices can be commissioned later with a centralized security management console.

Summary

The smart grid has tremendous potential to better how utilities generate and deliver power. With this opportunity come new challenges for connecting and managing the system. Ethernet provides a strong communications infrastructure capable of supporting the demands and addressing security issues. Without powerful industrial Ethernet devices and protocols, smart grid would be impossible. By designing infrastructure using best practices for high-bandwidth, reliable, redundant and secure communications within and among substations and central operations points, power utilities can adopt and deploy smart grid programs with confidence.

Jim Krachenfels is a marketing manager in the Industrial Solutions Division of Belden Americas Inc. He has more than 10 years’ experience in marketing and product management. He has a Bachelor of Arts in Economics from Northwestern University and an MBA from the University of Michigan. Reach him at [email protected].

Today’s power generation and distribution systems are much more complex and require better communications strategies.

Cyberattacks—A Clear Threat

The Stuxnet worm discovered in July 2010 is an example of how a cyberattack can affect power systems. Stuxnet was designed to attack industrial environments, specifically sites using Siemens WinCC, S7 and PCS7 control and SCADA products. For about two years, Stuxnet gathered information on the processes and systems used at Iran’s Natanz nuclear facility, then it took control over the facility’s centrifuges and shielded its actions from operators’ view.

Stuxnet was introduced into a closed system through files on an infected memory stick. It exploited several previously unknown Siemens and Windows vulnerabilities. Many power facilities worldwide use Siemens’ automation systems and were infected when the malware accidentally was released over the Internet. Although their systems were not damaged, many man-years of effort went into removing Stuxnet from their facilities.

Since Stuxnet, the threat to critical infrastructure by cyberattacks has increased significantly. The Stuxnet code provided a road map for other sophisticated malware and spawned a generation of worms such as Duqu, Night Dragon and Flame that use industrial networks as the doorway for industrial espionage. Also, hackers and security researchers worldwide have been made aware of the susceptibility of industrial networks and are focusing on them as never before. The likelihood of future attacks on smart grid infrastructure is high.