Outline

Status of Infrastructure and control

Possible Bottlenecks

First test results

Processing of EC

recommendations after

mid-term assessment

RD-PREDIS grid for Demo C

MVAPcc

PS

500

1

MWP

CH

CH 8

1

1

MWP

MWP

CH

Géné

CH

4

6

6

6

MVAPcc

PS

250

2

MVAPcc

PS

125

3

MWP

CH

CH 1

3

3

kWP

MWP

CH

Géné

CH

250

1

4

6

MWP

CH

CH 1

5

5

MWP

MWP

CH

Géné

CH

1

2

2

2

MWP

CH

CH 6

7

7 MWP

MWP

CH

Géné

CH

3

1

8

8

MWP

MWP

CH

Géné

CH

3

1

9

9

MWPGéné 4

MWPGéné 12

Reduced ratio: power: 30kVA/30MVA Voltage: 400V/20kV

Induction machine and load

Synchronous generators

DC motor and Wind turbine

RD-Predis grid for Demo C

Lines and automations

PREDIS Distribution network

Tores SOCOMEC

RecorderIndicators

10 FLAIR 200C 3 enregistreurs

Sensor LEM + Voltage Transducer

Server OFS

Agent 1 +server OPC

SCADA Server PcVue1 Server OPC

Automate reconfiguration

x 39x 57

x 5

Agent 2 +server OPC

MesuresEthernetModbus

Switch 24 ports

PREDIS Network

Developed by BTH

Control Node 2 (zone2) Node 3 (zone3)Node 1 (zone1)

Switch BTH

Client PcVuePOG

192.168.0.250192.168.0.251 192.168.0.252

192.168.0.253

x 5

192.168.105.2-6

192.168.105.7-11

192.168.105.33

192.168.105.34

192.168.105.35 192.168.105.36

192.168.105.65 192.168.105.66

Automate Zone 1

SCADA Server PcVue2 Server OPC

Automate Zone 2

AutomateZone 3

Local « Generators et Loads »

PC Configuration

API

Interruption devices

Status of Infrastructure and Control

Status of Infrastructure and Control

Fault Passage Indicator “Flair 200C”

Delivery: 2/10 for first test

Connection in Modbus & TCP/IP Modbus done

Connection with both Industrial Control Device and Agent validated

Flair200C

Status of Infrastructure and Control

Fault Recorder developed with LabView 8.6 (National Instrument) “OPC server like”

Surveillance(pick detection)

Stop?

Data analysis and recorder

Threshold detected ?

Data Acquisition

Signal

Stop

No

Yes

No

No

GUI of program with 14 inputs (simulated inputs) accessible by the Agent

Status of Infrastructure and Control

Example of program with 4 inputs (simulated inputs)

Status of Infrastructure and Control

250 éch

250 ms50 ms

250 éch

Status of Infrastructure and Control

Agent Matlab et OPC Toolbox

2 PC with Matlab + OPC Client Toolbox available for test

Validated Fault detection and location algorithm with Integral distribution network in off-line mode with EMTP simulator

Communication between Schneider OPC (OFS) server and Matlab OPC Toolbox in mode COM (server and client on the same PC) and DA validated

Communication between OPC Client and PCVue (OPC server back door)

Status of Infrastructure and Control

PcVue Scada:

Status of Infrastructure and Control

Status of Infrastructure and Control

Automation system (Industrial Control Devices)

Reconfiguration Automate premium was existing

Communication with server PCVue. Protocole Modbus –TCP/IP was tested

Home made Semantic derived from CIM modeling and IEC 61850 is used

Three Zone Automates were delivered and are assembled and are programmed right now

Status of Infrastructure and Control

Status of Infrastructure and Control

Other new equipment’s delivery and installation (dimmer loads and transformers with on load tap changer)

Other new equipment’s delivery and installation DG emulators (synchronous machine)

Status of Infrastructure and Control

Sizing/Delivery/Setup Status in April

Sized Ordered Delivery Setup

Loads 100% 100% 100% 100%Generators 100% 100% 100% 100%

Transformers 100% 100% 100% 100%Impedances (Lines Zcc) 100% 100% 90% 90%

Automation Sys. 100% 100% 100% 50%Fault Passage Indicator 100% 100% 100% 100%Agent/DSO computers 100% 100% 100% 95%

SCADA 100% 100% 100% 100%Network Emulation 100% BTH 100% 100%

Switch for LAN 100% 100% 100% 100%Integration 100% 100% 100% 80%

Total 100% 100% 99% 92%

Concerning the delivery + assembly of the equipment mid may– need to add the resistance behavior of the lines

Concerning the “EDF like” control system SCADA (in progress) mid may– few risks due to PCVue choice and purchase but industrial software to discover still

need to do the SCADA to Automation system connection and access to the PCVue Server within the school responsibility

Concerning the “INTEGRAL like” telecommunication system (BTH and Data acquisition):– collaboration with BTH for communication layer (variable bandwidth and latency

infrastructure developed within CRISP)

Some difficulties may occurred during the assembling – the set of devices (huge experiment)– communication system: Ex: insufficient right to assess school server, OPC/DCOM

The first test of entire system could be late: latest tests in June or July

Possible Bottlenecks

First test results – visit will follow

Partial test have been carried out:

Fault recorder with Labview program

Fault Detection and location in Integral distribution network on offline system (EMTP simulator)

OPC Client toolbox on Matlab operational

Test communication between Scada software PcVue and reconfiguration automate Premium

First test of the entire (power) system cannot be done yet – ICT infrastructure will be tested at the end of April (every independent module was tested – visit)

Preparation D7.3 & D7.4 (to be issued in June or July (?) 2010)

D7.3: Self Healing philosophy and operation process (demo C)

D7.4: Self-Healing analysis performance report (demo C)

Fault location algorithms will be tested on Integral distribution network. Various fault scenarios under certain network constraints have been taken into account.

Test simulated on EMTP/ATP coupling with Matlab Simulink & OPC toolboc very good results for Fault Location Isolation & Restoration

MTE recommendations

“Security of the information (Confidentiality, Integrity, Availability (CIA model)).To guarantee that the ICT systems is protected against the threats which could exploits vulnerabilities, information security mechanisms should be evaluated and implemented. It is suggested considering the possibility to carry out an information security risk assessment and treatment of the ICT system, in order to minimize the information security risks, or at least, to know and manage them.”

“Maintenance of the systems. Evaluation of the ICT systems maintenance is important, as the maintenance costs are part of any business plan. It is encouraged to include maintenance procedures and requirements in the

guidelines.”

Processing of EC recommendations after mid-term assessment

Data collection scheme- Common data model OPC and data exchange format -

OP

C I

nte

rfac

eOPC server object

OPC groupobject

OPC groupobject

OP

C I

nte

rfac

eSelf -healingfunctionalities,programmation

in MATLAB(HTFD)

Self -healingfunctionalities,programmation

in MATLAB(HTFD)

OPC groupobject

OPC groupobject

OPC groupobject

IEDs(RTU, FPI, FR)

Measurement devices

(CT, VT)

+

OPC Interface

Process devices(Protection relay, remote control switches, circuit breaker)

MATLABOPC group

object

OP

C I

nte

rfac

eOPC server object

OPC groupobject

OPC groupobject

OP

C I

nte

rfac

eSelf -healingfunctionalities,programmation

in MATLAB(HTFD)

Self -healingfunctionalities,programmation

in MATLAB(HTFD)

OPC groupobject

OPC groupobject

OPC groupobject

IEDs(RTU, FPI, FR)

Measurement devices

(CT, VT)

+

OPC Interface

Process devices(Protection relay, remote control switches, circuit breaker)

MATLABOPC group

object

Self Healing Functions - Services

PMU RTU

SCADA/DMS

Local report

Operation of protection devicesConfirmation of permanent fault (recloser, FPIs )Opening of substation feeder breaker

Fault distance estimationFault distance path determination with help of FPIsFaulty section location

Fault isolationPartial supply restoration of healthy sections Damage repairTotal supply restoration

Fault detection block

Fault location block

Fault isolation andservice restoration block

Phasors of state variableMonitoring devices

Substation feeder circuit breaker

Automated feeder switchingdevices

Fault Passage Indicator (FPI)

Observation of abnormal phenomenon

Trouble calls from customersLoss of upstream supply

Step 1

Step 2

Step 3

Agent cell level 1

PMU RTU

SCADA/DMS

Local report

Operation of protection devicesConfirmation of permanent fault (recloser, FPIs )Opening of substation feeder breaker

Fault distance estimationFault distance path determination with help of FPIsFaulty section location

Fault isolationPartial supply restoration of healthy sections Damage repairTotal supply restoration

Fault detection block

Fault location block

Fault isolation andservice restoration block

Phasors of state variableMonitoring devices

Substation feeder circuit breaker

Automated feeder switchingdevices

Fault Passage Indicator (FPI)

Observation of abnormal phenomenon

Trouble calls from customersLoss of upstream supply

Step 1

Step 2

Step 3

Agent cell level 1

Resilience, Communication and Security

• The quintessential tool for both resilience and for the possibility to experiment with ICT is virtualizations. EXP-II is basically about assessinghow border interaction between two or more network slices can be coordinated and controlled.

• The first, offline, step is done in collaboration with G2Lab/Grenoble with two equivalent slices, a physical slice connected to a SCADA solution(G2Lab), and a virtual one (BTH).

• Regarding self-healing as means towards resilience, there is one major concern in regards to software here; current resilience mechanisms that can be used to make the software side of things self-healing are quite unstable themselves and not in a state suitable for a project such as Integral. Additionally, the resilience mechanisms that do exist in software, and this might be true in a more general case as well, can be quite harmful unless coupled with proper monitoring.

PREDIS Distribution network

Tores SOCOMEC

RecorderIndicators

10 FLAIR 200C 3 enregistreurs

Sensor LEM + Voltage Transducer

Server OFS

Agent 1 +server OPC

SCADA Server PcVue1 Server OPC

Automate reconfiguration

x 39x 57

x 5Agent 2 +

server OPC

MesuresEthernetModbus

Switch 27 ports

PREDIS Network

Developed by BTH

Control Node 2 (zone2) Node 3 (zone3)Node 1 (zone1)

Switch BTH

Client PcVuePOG

192.168.0.250192.168.0.251 192.168.0.252

192.168.0.253

x 5

192.168.1.10 100

192.168.2.10 100

192.168.3.1

192.168.3.2

192.168.3.3

192.168.3.4

192.168.1.1 192.168.2.1

Automate Zone 1

Prises murales

SCADA Server PcVue2 Server OPC

Automate Zone 2

AutomateZone 3

Local « Generators et Loads »

PC Configuration

API

Interruption devices

Status of Infrastructure and Control

Experiments

• As ICT is rather a means to an end rather than the subject for study here, we will probably do better trying to support the monitoring of the self-healing process of the grid. The SCADA system installed (or to be installed?) at G2Lab will do this of course, but we can probably kill two birds with one stone by creating a multi-layered (combining say the state of the GRID with the state of the ICT itself) real-time monitor with data sampled from the nodes comprising the physical slice and use that to verify both the behaviour of the SCADA system and the grid self-healing process, however the amount of work involved in getting something like this to work is hard to predict. Such a monitoring model could also possibly be used to construct and tune fault injection (see below).

Experiments

In terms of security, we can look at how these protocols are affected by data corruption on the application layer, using fault injection techniques. Additionally, the data analyzed can be fed back into the router configuration at the physical slice and perform fault injection on the datalink/network/ transport layers of the OSI model. These two kinds of fault injection will fit nicely into attack types based on fuzzing(injecting random data into information streams) and denial of service, but could also be done in a more informed manner, say spoofing (faking the identity to intercept and alter information) / playback attacks(taking samples of information and playing them back at a later time). There might be some interesting previous work in this regard from Rita Wells and the others at the Idaho National Labs (such as their work on a SCADA procurement standard).

Tools

• To facilitate the offline connection, we should employ IP packet recording technology at G2Lab and IP packet playback at BTH for analysis, and gain better data on necessary and sufficient dimensions for bandwidth.

• Notes on:Packet Recording / Playback functionality - this have most certainly been worked on by people interested in experimenting with IDS- security solutions. Use to bridge the divide between G2Lab. As the EXP-II Controller already routes traffic and our communication needs are modest (we're talking kilobytes per second, not gigabytes), it should be quite trivial to implement using tools like tcpdump, TCPivo/NetVCR, Monkey See, Monkey Do and others.

Thanks you for your kind attention

Any questions or remarks?