Securely Extending Communications Into Distribution for a Smart Grid


Globally, utilities have been deploying communication solutions based on Internet Protocol/Multiprotocol Label Switching (MPLS) technology to support their transmission grid communications.

This enables the efficient support of new smart grid applications that tend to be Internet Protocol-based, along with existing operational traffic such as supervisory control and data acquisition (SCADA) and teleprotection on a single secure network, which increases their flexibility, simplifies network management and reduces costs without jeopardizing reliability.

key considerations

As a next step in support of the evolving smart grid, more sophisticated communications networks are being extended to distributed and remote assets in distribution. These are in support of new applications that include substation automation, distribution automation and advanced metering infrastructure (AMI), as well as video surveillance and existing applications such as SCADA and teleprotection. The potential large number of connections, bandwidth and differing priorities associated with these new applications along with a closer proximity of these communications to citizens is driving the need to consider requirements beyond those encountered in support of the transmission grid. As communications are extended into distribution, the solution must address scalability, flexibility and security requirements, as well as simplify operations.


As communications networks are extended to connect distributed and remote assets in distribution, there will be scaling requirements in many dimensions as smart grid applications are supported. Initially there might be hundreds of sites when the primary focus is on deploying SCADA with substation automation and providing initial connectivity for real-time remote substation monitoring and control. The introduction of AMI with devices at millions of residences and businesses and through distribution automation, which can include reclosers mounted on poles in neighborhoods, typically will drive a wireless Wi-Fi, WiMAX or long-term evolution (LTE) solution to reach these endpoints. This will expand by an order of magnitude the number of sites the communications network must reach as communication connectivity is extended to these wireless aggregation points in the field-area network (FAN).

In areas such as San Diego where energy from solar panels on rooftops is growing 3 percent per month, there is a growing remote monitoring and control challenge in distribution. This challenge will increase as California utilities reach the goal of 33 percent renewables by 2020. Extending communications connectivity to these and other micro generation sites will be an important part of an overall solution to manage the changing energy flows.

Associated with the growing number of sites is a significant increase in the number of individual traffic flows or connections; for example, one for each of the millions of meters, for each recloser and several per distribution substation—eSCADA, teleprotection, Voice over Internet Protocol, video surveillance and corporate network access. Similar to the transmission grid, Internet Protocol/MPLS virtual private networks (VPNs) provide the required virtual isolation of each application’s traffic on a converged infrastructure, though support of many more connections is required. Deployment of these smart grid applications in distribution will increase the amount of bandwidth required in the core communications network that connects operations, data and backup centers. Video surveillance at substations for enhanced physical security and worker safety and the aggregation of AMI traffic can add megabits per second and hundreds of kilobits per second of additional traffic, respectively, at each substation that will need support in the core network.

Flexibility. The extension of communications in distribution drives the need to leverage the closest, most cost-effective access media that meets the quality of service requirement. This typically results in the use of fiber and microwave for transport using cost-effective Ethernet interfaces supported by Internet Protocol/MPLS. Internet Protocol/MPLS routers must be designed for use in substation environments. In addition, for deployment at wireless aggregation points as part of distribution automation and AMI deployments, they need to be designed for outdoor pole-mount and cabinet applications. Internet Protocol/MPLS multiservice support capabilities are leveraged to support new smart grid applications traffic, along with existing time division multiplexing-based applications traffic on a converged network.

Security. Distribution networks bring the grid and its supporting communications in close proximity to citizens, even into homes and businesses. This potentially can offer cybercriminals new entry points for hacking into the communications network and grid. As a result, an increasing focus on security is warranted.

There are several facets to securing the flow of communications. Figure 2 identifies several and the capabilities in Internet Protocol/MPLS to secure this critical information, as well as capabilities that can be added to further enhance it.

secure communications

Limiting access to the Internet Protocol/MPLS router and supported services is critical. User IDs and passwords with defined span of control are used to control the type of access to Internet Protocol/MPLS routers.

For example, a dispatched technician might have the management capabilities in using the ID and password to access a router at the substation to initiate troubleshooting but only can view, not change, node and system parameters. Within the Internet Protocol/MPLS network, access control lists and filters are being used to control access to specific users and host Internet Protocol addresses. These prevent spoofing, denial of service attacks and other malicious behaviors. Network access security can be enhanced further with the inclusion of a firewall, which helps stop unexpected and unwanted traffic from entering the network.

VPNs isolate traffic and keep it private and unaffected by other traffic. Communications security is maintained through the use of VPNs along with MPLS label swapping and its associated tables, which ensure traffic only enters and exits the network at pre-identified points.

To help ensure the identification and use of devices on the network remain private, a network address translation capability can be added in an Internet Protocol/MPLS network. This enables the device address on the network to remain hidden while enabling access by authorized users. Encryption might be deployed in a distribution communication network to further enhance privacy and data confidentiality.

An intrusion-detection system, which detects and reports anomalous activities and behaviors recognized as attack patterns, along with intrusion protection system capabilities that automatically react to contain it, can be added to ensure high availability further.


Reliability of the network is crucial in this mission-critical environment. An Internet Protocol/MPLS network can be architected for high resiliency with control and failure recovery mechanisms such as fast reroute deployed for high network availability.


Using Internet Protocol/MPLS to support transmission, distribution and generation simplifies overall communications management in a couple of ways. First, managing just one Internet Protocol/MPLS network that extends across the entire utility grid with a consistent set of features and capabilities that support all existing and new smart grid applications simplifies the overall provisioning and troubleshooting activities relative to managing multiple application-specific networks.


Second, errors can be reduced and operating costs minimized through the design of the management system human interface, task integration and automation capabilities. For example, Internet Protocol/MPLS network management systems can enable easier management by using utility terminology such as provision a SCADA circuit, automated performance validation, and generation of required regulatory reports. This can help staff on a growing number of operational teams perform routine communications management tasks associated with their specific areas—distribution automation, substation automation, AMI—without needing specialized network knowledge and training.


The technical characteristics of Internet Protocol/MPLS and its performance in support of transmission grids have proven that a single, reliable and secure network can remove the need for utilities to maintain multiple application-specific networks. Internet Protocol/MPLS can address the scalability, flexibility and security challenges associated with reliably extending communications to distributed and remote assets in distribution. Incremental security capabilities for these communications in close proximity to citizens can be added to enhance further access control, privacy, confidentiality and availability. An Internet Protocol/MPLS network that extends across the entire utility grid offers the utility a consistent set of features and capabilities in support of all existing and new smart grid applications. Internet Protocol/MPLS delivers a reliable, flexible foundation for emerging smart grid applications and simplification of communications operations.

Dave Christophe is a director of solutions marketing at Alcatel-Lucent. One of his areas of focus is backhaul and WAN applications for public safety and utilities. He is the Broadband Forum working group chair who focuses on industry education through tutorials and was the IP/MPLS Forum education working group chair for nine years.

Smart grid applications in distribution will increase the amount of bandwidth required.

More PowerGrid International Issue Articles
PowerGrid International Articles Archives
View Power Generation Articles on
Previous articleCommunication Networks Transform Tomorrow’s Utility
Next articleWireless Connectivity for a Reliable Smart Grid

No posts to display