Digital substation №1

 

Embed or link this publication

Description

Digital substation Magazine

Popular Pages


p. 1

DIGITAL FROM OUR READE№RS1 2016 SUBSTATION digitalsubstation.com CYBERSECURITY: WHAT ARE THE ADEQUATE BOUNDARIES FOR PROTECTION? 8 BAD HABIT OF USING GGIO LOGICAL NODES  20 FAULT RECORDING IN DIGITAL SUBSTATIONS  24 IMPLEMENTING PTP IN SUBSTATIONS  28 PRACTICAL ASPECTS OF IEC 61850-9-2 IMPLEMENTATION  42 HANDS-ON WITH DANEO 400 IN REAL DIGITAL SUBSTATION  46 RIDING GOOSE WHEEL ATTRACTION FOR PROTECTION AND CONTROL ENGINEERS  51 www.digitalsubstation.com | DIGITAL SUBSTATION 1 DIGITAL SUBSTATION №1 2016

[close]

p. 2

TRAINING LOCAL AREA NETWORKS IN ELECTRIC POWER UTILITIES March 13 – 16, 2017 Vilnius, Lithuania You would learn: Basics of Local Area Networks LAN Redundancy and Time Sychronization Procols Basic approaches to building reliable LANs Online condition monitoring of LAN and integration with SCADA LAN design and comissioning basics Practical exercises with the equipment of major vendors (Siemens RUGGEDCOM, MOXA, ABB, Kyland, Phoenix Contact) would help you to consolidate gained theoretical knowledge. digitalsubstation.com cvs@digitalsubstation.com +7 499 350-71-35

[close]

p. 3

Published by Digital Substation Ltd. General Manager Editor-in-Chief Ekaterina Kvasha kem@digitalsubstation.com Advertising Manager Vyacheslav Chaykin cvs@digitalsubstation.com Editor Elizaveta Votyakova vem@digitalsubstation.com Graphic Design Oleg Drozdov Design Layout Marina Lor-Hodkevich Andrey Tulnov-Sokolov Address: Varshavskoye shosse, 1, str. 1-2, flor 6, room 33, Moscow, Russia, 117105 Digital Substation If you want to subscribe or become an author please contact us: aditorial@digitalsubstation.com If you want to advertise please contact us: cvs@digitalsubstation.com Digital technologies are heavily integrated in our lives. We don't walk out of our homes without mobile phones, we pay with credit cards or online, we share files via virtual disks and we receive mail in electronic form only. There are a handful of other examples. We more often communicate in social networks or via messengers, rather than personally. Digital technologies are everywhere: at work, at home, in transport, in a pocket or in a bag. And we protect all our stuff with a bunch of different and secure passwords, because news more and more often highlight hacker attacks on bank accounts, hijacking of e-mail and social networks accounts, disclosure of confidential information and etc. What about electric power utilities? It is the same and digital technologies are almost everywhere. We mean intellectual electronic devices, process control systems, remote control applications and many other things we discuss in every paper and news published in our magazine. Specialists start discussing cybersecurity issues: attacks on critical infrastructure, possible threats, the need for traffic encryption, penetration tests and appropriate certification of components used in electric power stations and substations. But has not the threat been exaggerated? And if it is real, how should we protect electric power utilities? Or this problem is not real and we don't have to worry about it? In this issue we will try answer these questions. We asked experts around the world to give their opinion on the problem and had a questionnaire in Digital Substation community. On October 19, 2016, together with Russian utility Rosseti, we organized round-table "Cybersecurity: what are the adequate boundaries for protection?". You can check the report in our online version. Read, discuss and ask questions. Being a digital magazine, we provide all the required instruments for that. Join Digital Substation community in social networks or in our online version at www.digitalsubstation.com. Communicate with your colleagues, share your experience and get to know the experience of others! — Ekaterina Kvasha, Editor-in-Chief All published articles express solely the opinion of the authors. Reprinting, copying in whole or in part of any material is allowed only with reference to the publication. www.digitalsubstation.com

[close]

p. 4

CONTENTS 6 NEWS TECHNICAL REPORT FOR USING IEC 61850 FOR FACTS HAS BEEN PUBLISHED IN ITS DRAFT VERSION 6 NEWS NEWTON-EVANS RESEARCH: MORE THAN 80% OF NORTH AMERICAN UTILITIES DO NOT PLAN TO USE IEC 61850 7 NEWS WORLD’S FIRST TÜV SÜD CERTIFICATE ACCORDING TO IEC 62443-4-1 FOR SIEMENS 7 NEWS EXTENSIONS FOR IEC 61850 SYSTEM CONFIGURATION LANGUAGE TO DESCRIBE HMIS HAVE BEEN PROPOSED 24 BRAIN STORM FAULT RECORDING IN DIGITAL SUBSTATIONS 28 ARTICLE WHITE PAPER ON IMPLEMENTING PTP IN SUBSTATIONS 42 ARTICLE PRACTICAL ASPECTS OF IEC 61850-9-2 IMPLEMENTATION IN MICROPROCESSOR-BASED PROTECTION AND CONTROL IEDS 46 HANDS-ON HANDS-ON WITH DANEO 400 IN REAL DIGITAL SUBSTATION 8 BRAIN STORM CYBERSECURITY: WHAT ARE THE ADEQUATE BOUNDARIES FOR PROTECTION? 14 BRAIN STORM NETWORK INFRASTRUCTURE IN DIGITAL SUBSTATIONS 19 Q&A FROM OUR WEBSITE HOW TO IDENTIFY GOOSE COMMUNICATIONS FAILURE? 20 ARTICLE BAD HABIT OF USING GGIO LOGICAL NODES 51 HANDS-ON RIDING GOOSE WHEEL ATTRACTION FOR PROTECTION AND CONTROL ENGINEERS 55 ARTICLE TRANSMISSION OF DATA STRUCTURES IN A GOOSE MESSAGE DIGITAL SUBSTATION | www.digitalsubstation.com

[close]

p. 5

Avacha — is the unified IEC 61850 interface for all kinds of electronic instrument transformers independent on the measurement technology. Learn more at www.tekvel.com www.tekvel.com | 61850@tekvel.com | +41 (41) 5880262

[close]

p. 6

FROM OUR READERS Janez Zakonjsek Relarte Ltd I have been following their development rather regularly from the very beginning, when I was still working actively in Russia and continued also after I moved back to my home country Slovenia. Looking today to everything what happened during all this time I can say very simply: «My sincere congratulations». «Digital Substation» have passed an interesting period from enthusiastic start to the moment, when at least I can say that today the results of your work are presented on a very high professional level. The IEC 61850 standard appeared and caused (as always in such cases) a number of different opinions, so open discussions between different specialists from different sectors were absolutely needed. And here we have today the “Digital Substation”, a point, where we can learn and discuss the most important issues related to protection, automation and control of modern power systems, related to the latest available numerical and communication technologies. And now the site as well as the magazine are available also in English language. My congratulations again. My personal opinion is that “Digital substations” provides today the most complete and comprehensive information related to implementation of digital technologies and IEC 61850 standard worldwide. On the other hand it is possible to get a really great and competent society of experts from the field, which express their view on certain issues and discuss them in a very open, but also professional way. According to my knowledge no other similar site provides such possibilities, at least not with so very fast response and on so high professional level. I only hope that the English version will soon attract also more specialists from all around the world, so that you will have even greater number of participants with even greater experiences. I was attracted at the very beginning with its graphical design, which remains interesting even today. But the quality of all material, the extremely high level of discussions, responses from different specialists on certain questions was a fact which really attracted me always, at every new edition. I do believe that the move towards the English version will even improve all this and make it very popular also outside Russia. Further development will definitely show also some new perspectives, some new subjects, which should be introduced in the future. At the end I would like to express again my appreciations to all the colleagues from “Digital Substation” working so hard for so many years and wish them all the best also in the future. 6 DIGITAL SUBSTATION | www.digitalsubstation.com

[close]

p. 7

FROM OUR READERS Evaldas Oleskevicius OMICRON electronics GmbH I have found website www.digitalsubstation.ru at August 2014. I liked it so much, as the style of the papers and reports was very easy and friendly to read compared with other Russian magazines. I have shared this web site link with my other colleagues who speak Russian, all of them had a very positive feedback. Since then I am regular reader of your magazine online as well as printed version. The most interesting part for me is “Test drive” where we also gave several devices to test (CMC356 and DANEO 400), it is always interesting to read professional comments written in easy way. I am really glad that you decided to make English version of the magazine, in this way newest information which you write, can be read by much more power engineers worldwide. I wish you all the best, and keep going this way! www.digitalsubstation.com | DIGITAL SUBSTATION 7

[close]

p. 8

NEWS TECHNICAL REPORT FOR USING IEC 61850 FOR FACTS HAS BEEN PUBLISHED IN ITS DRAFT VERSION IEC TR 61850-90-14 - Communication networks and systems The benefits of those technologies are clear: as methods to in- for power utility automation - Part 90-14: Using IEC 61850 for fluence conventional AC networks are limited, DC based tech- FACTS (Flexible AC Transmission Systems) data modelling has nologies provide the possibility to actively adjust power flow been published as draft for comments of the industry. and network parameters like frequency and voltage within just As the document states, the IEC 61850 standard series had been started focussing on the main primary equipment and functionality of conventional AC substations in the first place. By now it has been widely deployed and has become state of the art in that area. Soon after, ambitions emerged to Completely new domains, like wind or hydro power generation, have created extensions to the standard series in order to match their applications. milliseconds. They help to support network stability, performance and quality, increase transmission capacity. They enable transmission tasks that would otherwise be technically borderline or impossible, moreover doing so mostly with unprecedented efficiency respectively low losses. make IEC 61850 applicable to a largely widened range of equipment and functionality. Even FACTS and Power Conversion are thus indispensable to secure completely new domains, like wind or hydro power generation, power supply and represent a vital component within the back- have created extensions to the standard series in order to match bone of efficient, reliable and resilient future smart grids. This their applications. technical report finally enables those technologies to also be- Completely new domains, like wind or hydro power generation, come an integral part of the IEC 61850 world. have created extensions to the standard series in order to match their applications. Document describes 12 new logical nodes: Thanks to the very generic basic information and communication structures of IEC 61850 and the integrated services provided, most of domain requirements can be easily adopted and fulfilled with IEC 61850 core functionality. Most of the extension •  AEPC (Automatic Emergency Power Control), •  ARUB (Automatic Run-Up/Run-Back Module), •  ASEQ (Generic Automatic Sequencer), work thus just needs to focus on creating a domain specific data •  ATCC (Automatic Tap Changer Controller), modelling, which allows to semantically describe the domain specific signals. Due to the latest boom of deploying an exponentially increasing number of power electronics and semiconductor based equip- •  CFPC (Control of FACTS and Power Conversion), •  CREL (Control Release), •  GFUN (Generic Control Function), ment directly in the area of medium, high and ultra-high volt- •  MCON (Converter Measurement), age transmission networks, the call for integrating those direct •  RLFR (DC Line Fault Recovery Sequence), current related processes and control systems into IEC 61850 is only logical and consecutive. Two main groups of DC based types of applications exist: FACTS devices (shunt and series connected) that mainly influence the •  XFPC (FACTS and Power Converter device), •  XDCC (DC Circuit), •  ZHAF (Harmonic Filter). network at a definite point of connection and Power Converters Closing date for comments is October 28, 2016. The document is (e.g. HVDC, SFC) that additionally allow to transmit active power available in TC 57 Dashboard at IEC website. between two different points of connection. NEWTON-EVANS RESEARCH: MORE THAN 80% OF NORTH AMERICAN UTILITIES DO NOT PLAN TO USE IEC 61850 Newton-Evans Research Company disclosed some of the findings of 2016 North American Protective Relay Marketplace report. The findings in this report are based on survey responses received from 79 electric utilities that include 16 investorowned, 28 public power, 26 cooperatives, 4 electric power consulting groups, and 5 Canadian electric utilities. This survey was conducted between April and May of 2016. The 79 utilities participating in this year’s study represent 31 million electricity end users/customers, having 3,340 transmission substations and 7.841 distribution substations covering over 800,000 total T&D line miles. Here are some findings outlined. What approaches are you using to operate a WAN for remote access to relays? While 24% of the respondents said they don’t operate a WAN for remote relay access, almost half said they connect via serial port terminal servers or data concentrators. Forty percent use firewalls in conjunction with the WAN, while just over one-third said they use routers with encryption or VPN capabilities to access relays over a WAN. Other mentions included “gateways”. Does your utility’s control system use protocol IEC 61850 for Substation Automation, Protection, Control, or SCADA? Seventeen respondents said they use IEC 61850 in at least one of the four areas. Thirteen percent said they use 61850 within the substation, and another 6% said they plan to use it in the substation by 2018. About 80% of the respondents have no use or plans for IEC 61850 in any area, and 89% said they don’t use or plan to use IEC 61850 for SCADA. 8 DIGITAL SUBSTATION | www.digitalsubstation.com

[close]

p. 9

NEWS What % of your relays have been in service for more than 15 years? Overall, 55% of survey respondents reported that more than one-half of their protective relays have been in service for more than 15 years. Out of all 76 respondents to this question, twelve said that less than 20% of their installed base is older than 15 years. However, in some cases the useful lifespan of a protec- tive relay is stated as nearly 30 years. There are installations of electro-mechanical relays that have been in operation since the 1960’s according to some utility officials. According to the observations reported, two-thirds of relays installed at surveyed IOUs (and nearly two-thirds among Canadian respondents) have been installed for more than 15 years. [Newton-Evans Research Company] WORLD’S FIRST TÜV SÜD CERTIFICATE ACCORDING TO IEC 62443-4-1 FOR SIEMENS The IEC 62443 standard is the first that provides a basis for IT security certification for industrial automation and control systems. As has been noted by Maurizio Scavazzon, head of Smart Grid Services at TÜV SÜD Product Service GmbH, in his LinkedIn post, IEC 62443 is a series of standards governing IT security in plants and systems, system integrators / maintenance service providers and manufacturers of components, subsystems and systems. Certification of product manufacturers is conducted on the basis of IEC 62443-4-1, while security functions of products are evaluated in accordance with IEC 62443-3-3, certification for system integrators employs IEC 62443-2-4, and implemented security functions are likewise assessed under IEC 62443-3-3. TÜV SÜD has been among the first providers to conduct testing and certification that is already in accordance with IEC 62443. The international service provider awarded its first IEC 62443-4-1-based certificate in the world to Siemens only this August; by doing so, it furnished confirmation of Siemens’ compliance with the standard’s security requirements in its interdisciplinary development process for automation and drive products at seven development sites in Germany. EXTENSIONS FOR IEC 61850 SYSTEM CONFIGURATION LANGUAGE TO DESCRIBE HMIS HAVE BEEN PROPOSED IEC TC 57 has published (57/1767/NP) a proposal for extending user dialogue displays; static and dynamic colouring schemes; the System Configuration Language (SCL) to provide high-level menus and navigation bars; etc. direction in terms of how best to bind the HMI graphical objects It will define how the components found within HMI applications with the IEC 61850 data objects/attributes using the configura- are to be described using the SCL. wGotT(SithorihClaenleLlprd)ihbddeeinecesosabcfniar(n-oSsiepIfeVEdtdGiCtoih)nunennpIaaElodammCnoneceg6thsusu1pepm8aaa5geecc0exnee-itss.6dt,e–isinfnuignCcaehoSddmydasii-sttnieotmInhEetCCoWop6n31ofC8sigs5'usiI0btr-Sla6ywct.iiaoniTllncahlobeLdrlaepcenooVfgrnieauncctaeitengopgerthowbIctauwlitlhoidlblienjoegucttthlsienaeHrebMatIosaibcpeppldriicenacctliiaporlneemac,dselaiopgitndnthnsdeaeXltdsd.MpenLwefTeicniehutiedehfsyditnthohfwgouebiwatteuhfsrtuichntenaoednnIEaHddsCmioaMdcree6dIu’rn1simezt8egad5edlr0nwactdphaoahnentiindas-- munication networks and systems components found within HMI builds upon: for power utility automation – Part 6XX: Configuration description language for communication in power utility automation systems related applications are to be described using the SCL. •  The configuration description language defined in IEC 61850-6. •  The basic communication struc- to Human Machine Interfaces (pro- tures defined in IEC 61850-7-4. posed IEC 61850-6xx) – is to describe how the common compo- It may require revision to multiple parts of the IEC 61850 stand- nents found within HMI applications are to be described using the ard, including part 5 (possibly adding HMI communication re- System Configuration Language, which are incorporated under quirements), part 7 (possibly adding new HMI data models) and IEC 61850- 6XX. These components include but are not limited part 10 (possibly adding HMI testing). to the single line diagrams; network topologies; toolbars; static/ dynamic text; dynamic bus colouring; alarms and annunciations; The deadline for comments is November 25, 2016. The document for review is available at IEC website. www.digitalsubstation.com | DIGITAL SUBSTATION 9

[close]

p. 10

BRAIN STORM CYBERSECURITY: WHAT ARE THE ADEQUATE BOUNDARIES FOR PROTECTION? “Brain storm” is a collection of industry experts' opinions on actual problems. It allows specialists to look at different problems at different angles. One of the main topics of this issue is cybersecurity and we are glad to share their points of view on the following questions: 1. What do you think about the cyber security threat at electrical facilities? Is it a real threat, a potential threat or does it exist at all? 2. Do we have to undertake special measures preventing cyber attacks, or would it be enough to just put all things in order (for instance, change the default passwords)? Andrey Schemetov FGC UES (Russian Federation) UTILITY Hot debates are currently going on about cyber security of the relaying equipment and substation automation systems. The primary reason for them is the attempts to equip electric power facilities with software and hardware targeting cyber threats. There are two main parties: utilities involved in the maintenance of the electrical facilities and responsible for their normal operation, and vendors of cyber security systems. Now, I would like to convey the standpoint of the utilities. In my speeches during various public events, I have repeatedly stated that in the first place, it is necessary to develop and implement organizational and technical measures for perimeter protection. The Federal Grid Company implements measures for automatic delivery of all necessary information to consumers (including relay maintenance crews). Additionally, the inspections of microprocessor-based relays are minimized. The relay engineers won’t need remote connection to a substation LAN in order to access data from the protective relays, which facilitates a more reliable perimeter protection. A step-by-step implementation of specific measures combined with continuous threat analysis should decrease the losses from possible cyber attacks as well as the costs of the security measures. Nevertheless, the companies that are engaged in cyber security stubbornly insist on “protecting” the local area network within the electrical facility through the installation of specialized hardware and software. In the course of the roundtable on cyber security at the Relay Protection and Automation exhibition in 2016, the need was realized to implement technical measures for cyber security under the assumption that cyber attacks would take place. The necessity of analyzing the impact of those measures on the core functions of the power facility was not even considered during the talks. I like the following statement in order 31: “Cyber security solutions must not impair the functionality of the substation automation systems.” We must not forget this while considering cyber threats. The utilities have been placed in conditions where cash expenses on the hypothetical threat elimination are demanded from them, while it is unknown what impact the offered cyber security solutions will have on the core relay protection and control functions. Moreover, the vendors will bear no responsibility if normal operation is undermined. Now let me put forward some counter-arguments on cyber security. 10 DIGITAL SUBSTATION | www.digitalsubstation.com

[close]

p. 11

BRAIN STORM 1. Who needs it: Please explain to cyber threat, we will have to make me the financial reason of substation hacking. The reason for bank hacking is clear. The latest inci- The latest incident with the blackout of a 750 kV overhead IT specialists work at the electrical facility around the clock. mww“tdtiptlriaisdatpopnssaahhioNyvpbulrehoiigpabaeauosertripnrrn-shletnledtttnrai1ritaeoaienethateoamtds”tmyptmwcghtcehnaeoepahutpcehaicoenddiianttenorltfsedhuhh–oepiohiySincrudteinetr,rrenleos.ytmpfoittoahnnrgfsrmnawhaIwb7oafieffeteeentofat5zaeranaarlonte“pdtniet0bombsawrldraNtrllrdtlielniib,tl(oookoaetf-cscmiohdsOhuirtX.Vncrolbanjoeykenisputk”eenatuuleolrcyeoesudnsiitsheah.nntnqturtitf“einaiadaTaiaueiotuitfoooditrdodcyeti.cnsarnlnonuokrleuaEtlssebefsarbesiihmnrnluhnvt”e,aidyiaeeoooee.tgpmogertayfnirhiurW7c1tnatrvepyoh.toheo5lpkutahtcoihdufrsSen0hsrapreeaowFepntortsiib,hoaweinkbnedbetUlotltuesrdlVgeeaic---hrf,mnussseiiefeuicsrifeqweltamies)eiudeloecdieilnpGstelidin-Pmrmno,egsiogfdwesrtsweottnhtChavauelstpulhtibee.oidalorneienanlrAmm,dpsiSyistieriIeerctnytphehwpdcowosalaewoeroaetmlpnofdeenenfyaiayura7mpdcd,ndiplplsnr5atdiapoorstltraa0yoiocor.mnghrbeetwTiuaanedomktrilnhseaveucuuisVeeeesseyt-rtschtalelwienendrodaeptmotssinceenohboturtaarr.srlhoeeanbinykdiupdErpecsvscseceptrttevtoieecehthcnaninleiycwcdeaiotctrttebkoeoriotnircooeeeondmifyswuntrernwdratatohopessaahnsmwonpielDliredcenniolfiylrnAaycxlesganlsmwTncugueainctfAi.erdbaorabiritnivcrstoaiecstenyeuetltoeansacteientet.itvhdsxnitunoo,Iee,pcnaaindrwdeiol.nt.lerrte(Iychtpnrtdif3cdGttameHesuawaeaaoosaxb,.nir.ogcrsgtotrtpsaoneidTahwneidTikarntneultdccheoissaistaeicntadtlhtCecer:dd:ydlyahvosdoiotoaeetcereaioihbsuscChsmytsrviyan,ften,eu,yotsraeuubpdsaepasgruindiefsbrmefretfntloaeruoerseirsssoearnat.ospitmbeduschcosfnabyoresluNeeodbhrfetetimttrlocdsidclaniseohcaiotyagteutuetdhde,ewttentibyiaerogtiritmoxueotsiet,aiiknhplwosclcitn,erilioecwys.etiofnmhmainydyasednmmesit.etntbTs)uhqeisopyh,TwnncethppbuehssiilertohvenroeosorsthiiaaengpeeodsyonutcetvsmFantmvmpolreelfeaoitveebtdo,ednerahncveies,dmywraoicbuieautcglnnmwettnaeooteronrteiiittwirtannnehhouilnneenaatiillndggkoeoasssy----rtlll would repeatedly take care of the complex information sys- 2. Responsibility for the operation of relay protection and tems. Such systems would fail during the operation because control systems: Who will be responsible for a relay fail- the server’s operational lifetime is 10 years and the substa- ure, say, if the cyber security software blocks a “malicious” tion is in service for around 40 years. All costs associated GOOSE message coming out after with the IT infrastructure modern- a circuit breaker failure? In that case, breakers on the remote end of the protected component will Now, we have been told that we need to incorporate cyber ization would be included in the tariff, so we could face a modern and innovative power industry with open through remote backup protection. This will cause a blackout of a part of the power system, not security systems and other complex tools. In that case, a huge tariffs for electricity and a minimum number of consumers. ttbcwtjidtcnnuohhhoaooeeseeelnrrctmthdsdattrcrrieeeearanaeoaerlcipgsffacnaniuapdtytciectansboewyeuoti,einbwnnnrlitttiseoegwsotwhniry.uirbshonetTkmfsiehirelothcetiwkeetreehecoy,rolrcueetfsusrofhflrwm,kteoniaediaticrlselnyuiisutlntunerkaysattmitidneyclw.ltiaeissogetpAhrittyrrnoeeamoen.iwtbcmrwrWdy“mileiiddeislnhagwleterinanherobntetetddeeeretr,adcrabedtenelsyrsadpftmt”oeoonrtea.hssdlIhriefbefarowiaasrtlrieteuptDb?ywebsraArMitestasrahTtoeorcaiAtrnnthetdhniitocnieoehsveglnecevnooertl,hfwnntoeiea---for.uldwFiecmanaitllcgphotiroonrooeurevklyteea”raymtsns(hwyweohmfirralilecaielhlonuinalurhibcefkaaeislveci)at.etyugbaroeiefndethnhlpTitsaeanuititrhfvnagetyoeeitlom“eitstoCoFnhoceinneshsetrrrsdievbenticeibchsycgoaraoeeo.asnslkrHtldhsftfcsaoGooartcrcwewforroioyaileimdtrinnthtviysgEcoCoeeiylnrrodoee,ebepmevcileofeerittdrpfsrcwhreoaatasdernmnttenoihicyfgocmeaeein4uictimsle0a,rthhitclpawtoyehyqonseoyajwuiuusarcnidbkoesrtaioes-----rl www.digitalsubstation.com | DIGITAL SUBSTATION 11

[close]

p. 12

BRAIN STORM Anton Shipulin Kaspersky Lab VENDOR the attacks had little knowledge about the industrial equipment they had to “crack”. The goal was to find out the critical breaches that could be used for an attack targeting the enterprise infrastructure, and also to test out the company’s innovative technol- ogy detecting those attacks. As a result, in as little as three hours a short circuit took place at the substation, organized in two ways at once. During two days the substation was “cracked” 26 times, The threat is definitely real, and to prove it, I will provide a few ar- which was enough to disrupt its operation as a whole and damage guments. I will give you a couple of fresh examples. A notorious each of its component. pibwhadtATiuciuicnnnnroaloeahontohgcdsfiuntiuioalsjesionusaiadsaturretlrtrsniesomneecatsceomthwndocroslbwraosmiatnt’.leepaotalridAdieolmocplrfoiosiezetccaafhrfntteuucvteaubehaovisedlusxcoslcientueontaeriaenkaelhrrltsmdpnisecceeitoapeooelicynadbnfepichnweobntcleslauhaosuieeeeet2,cnnrsensors:sr2oiaeigolt,Dont0mtyynreisolhn,rcaeewsqdge0rlnbtccfuiuaeaho0to2eedpoicrdahnle0pv0mfnoeloteoimeoam1oszencdrabrwm6este.ofybteehc,iedersnbonsreatardewslanechternce2autynioeneabt0trbbmgutooccny1aaeeearcloehd5endcr--ottal,rstvfiacusno)esat.artreulTslao-rrsehcusaieeevekpttledstne.atprvaabTccooarlyklhfwngabeDchAaUtehec(etokttkreoiehrcinsronanyeafcfvaumxegboorfinatBernriectscmmrniohlaoaariaaenidlanclecnnltCmrtskfueaniridsooEhtmoleletiscnnsrlegoaveiiettentmiedaoouixtrae,rsnhongaadlsiatadkessxyl.hmktniehop“unTcdsiabpralnyirreulheegtceebsesey:tnrs,etnsseereriierseeannaicdaartastdhdcuilbtaio2rnhamrftyrutecagye0aeitsiacshtth1nnNi,ttd.yleese6uiBtmatd”Pmrtt,iteeoohirtsosbfreotianoeehdswabtrreeiadolesoncerS,rflrdntdeeihettwcamirniculneitaodraaeDlriettrtei.seysfooeiiRspnnnteIiicfrfrhstufaztSfneooeitCu’reessntshctdrmahcoscrseemershahFirecnsb,eatietReriscatrgenreiiEuaidyenututcrugirnibmepqccpsoaclyt2deroaituseranlde0uareowtioeenlare1ottri.rjfnnnigeieeenn5rsAnoceferrtyc,ttgndrFhierasrntasaaob.digeesntcotssaroiodTyutditonstieRerdehisnrifesoennsytuurmedeNftnhftaocsshorleiaaaptaeostr.aauilnutoatvointslpbauhydre2wsnctpt,neirorl0ysee.atefuuEb1rohodrFldnFecg6elfreleDiiiotl&yhrmrnteuCdMriehegcsvrtetiiecmevhaeoehanirntnaixnnrsaaaeRlphiteeattststtdDhaueraiimiitooagndveasrrtttnnnoeossyy-----meartairsmeaevinmheeitxnnnlnreagoeesattddcteectnte”luewenitraatvsarmsrfdtn.ieaotruli,tFtcacaohstrbstreeaohltheneusmtIdlreaaaishttEbthareereptceoasCctenxcatrnthihshraaeoegr6deeeecatmsndi1tninchrscsoo8mowdpekhemn5rstelDeraioo0edothadsrrcdhe.,efiurseiknevc«dtt2vttIea.lgliKhte0heendrn)Aealci1daasosoctfys5’rcpwhtpCobaplikeaoyneeiunenheenrcstdldrrarfetsdtt“osewiuihrih(oanrkabmeecdehanmtytiasvaktilttsorcfeituL,ahatincahonynscaut(cocsfihekgbrinoIwnttleaTsy-orifctdtitaerthlysauhatm)apem.tdotoedpAuianercotmtgyingrai»eotanalhtbirp-nthsuoydoeytestesrmrhtestsifpaihouhmuaxitsnrrbahenettbmeddssnecksustheeoacntrsttordnaatonthairnr–owac“aayrtancntclkyiilercooisaeeeanodsamnxqcwgngrapckupfenesoeew”cillcpuyrroleiea-----itfntshsthttsmwluaaftoihhemtntohgltieieklslaioaoifltsizcbeoorwatp.ekatd.knrNscotesaomkhkeyssctonegtsiosrwfortmyu“ooewbioidlbnumafrdrleegnnekifaslagddyeuimkegntsrspwtesyhoteraheiontotoabohehuitiftoernlfolorooducuurduuttitlibengreotaephghsnsfteyfcidhsesmsoutwtUee”hchhtnormpneeiotceeelsfilamfluonymoesocunlngyroirsdatc.sogectmn,raPtuueedbelhnannesypon.eseenloastcMylt.botptsoiwwpeeoIeotelisrtemesolrreoceyd,ree,aunatpckhoeofccsroaofseoocvoeceunr,seswrtndictgegd.oanrac.te,hdaeoni’AenvvtW.innndlneetcfmTlitaeertzaacih,rctsi.aesolhfaameilItalmyrtetnstiip.ionteuheoecymeTnnnseancwmohat’ooyenu,tpealdpspeanpmlwteeseoapsiemicsaroahsspsraarorseukfoetwttyekbeeahruaiicooehsesatrlitnnn.doassyy-t; Aleksey Lukatskiy CISCO VENDOR The question seems a little awkward to me. As a participant of the mentioned roundtable discussion at the Relay Protection and Automation exhibition in 2016, as well as other events arranged by the Federal Grid Company and CIGRE, I have never heard about hardware supply, in particular. The discussion is more about the relay engineers’ reluctance to consider cyber security as an important issue. They are still falsely assuming that relay protection and control systems are closed-loop and absolutely unattractive to computer hackers, who – in their view – are only targeting banks, where there is something to line their pockets. Unfortunately, this viewpoint, which was true even several years ago, is gradually receding into the past, and history teaches us that things are changing drastically. First, relevant protocols have become open. Then, supposedly isolated networks and systems have started connecting to the Internet (whether this is necessary is a controversial topic). Finally, hackers are not only interested in money. It helps to remember that the risks of extremism and terror attacks have risen under the geopolitically tense conditions. Cyber security experts, who usually judge from the worst-case scenario (and consider that the attack probability at the critical infrastructure, including protection and control equipment, is equal to one), just want the relay engineers to pay attention to these issues they still consider irrelevant. If someone is trying to push their products in these circumstances, let it be on their conscience. 12 DIGITAL SUBSTATION | www.digitalsubstation.com

[close]

p. 13

BRAIN STORM Mikhail Haikin Gomelenergo (The Republic of Belarus) UTILITY Of course, cyber threats are a reality. However, such threats have always been present, even when electromechanical protective relays were being used. When it comes to the special measures of the cyber attack protection, I would first of all suggest that the local area network at the facility be separated from the corporate network at a physical level. In other words, the LAN must be physically separated from the internet. If the Human Machine Interface equipment is connected to both the corporate network and the power facility LAN, the execution environments must be isolated. I believe only the manufacturer’s software should be installed at the facility – else we risk losing data. Maksim Maltcev RUSGIDRO UTILITY I share the apprehensions of Andrey Shemetov, expressed in his article, and also join in with the raised questions. cussed various invasion incidents undermining normal operation of industrial enterprises and businesses. Such incidents are then extrapolated to the collapse of sectors of the economy threatening the country’s survivability. While reading such materials, the maintenance personnel can surely recollect a variety of technological catastrophes that have taken place without any unauthorized tampering and cyber security violation: from the Chernobyl disaster to the system blackout in 2005, followed by the Sayano-Shushenskaya power plant accident. At the same time, I think that the maintenance personnel’s We must be conscious that the huge amounts of money to be reaction to the large-scale cyber security measures being put spent on cyber security will be withdrawn from the budget for into practice is emotional in some the creation and adoption of tech- way, which is easy to explain. Over the decades of the existence of microprocessor-based relays (leaving Over the decades of the existence of microprocessor- nologies assuring reliability and industrial security of the existing solutions. As a side note, the nor- alone the local control systems), security was interpreted as an inherent property of this equipment based relays (leaving alone the local control systems), security mative documents do not recommend using the term “cyber security” due to the fact it can never be and its components. The aspect of was interpreted as an inherent achieved. information security in these systems was not highlighted as a consequence of their relatively limited property of this equipment and its components. I agree with the author that we’d better focus on securing the control systems perimeter, and I share availability. However the concepts of operational reliability and industrial security have always existed, and these have had to be his concerns about a possible technological throwback if that issue is ignored in our country. By no means should the technological ensured by control systems. Over the last several years, the security requirements be left out of consideration. manufacturers of cyber security systems have extensively dis- Ilya Karpov Positive Technologies VENDOR A threat always exists, even if it is not evident for various reasons. Recently, there has been a lot of talk about whether or not different cyber security solutions are necessary and applicable. This situation evokes comparison with a home computer or a house door: everybody chooses the security level themselves, based on their perception of the environment they live in as well as the value of data or facilities. Evaluation is always subjective, and that is why one person mounts the door with an ordinary door lock while another with a more complicated one, along with an alarm. The protection level of their property will hinge on their understanding of the security domain and life experience. There have not been many incidents related to electrical facilities, but they still exist (during 2015, tens of such incidents were noted). The number of incidents in different branches of the industry (including the power industry) is presented annually in ICS-CERT reports. www.digitalsubstation.com | DIGITAL SUBSTATION 13

[close]

p. 14

BRAIN STORM At Positive Hack Days, successful attacks targeting digital substations and generation facilities have been demonstrated multiple times. This year, a lot of approaches and methods were exposed, and it was proven that even an amateur could exert influence on complex systems just by downloading a couple of programs from the internet. always be provided. Besides attacks aimed at earnings, attackers can also be driven by extremist and political motives. Currently, an increasing number of exploits for power engineering systems are being discovered, and this means that lawbreakers’ interests in the critical infrastructure is deepening dayby-day. Unfortunately, there still are people who think that securing Certainly, effective organizational measures and their perfect the control systems perimeter would be enough to deprive the implementation will improve the protection of the power facili- lawbreaker of the opportunity to ties. However “absolute” security is get into the critical infrastructure. There are those who believe that Besides attacks aimed at too good to be true, and attackers will continue to find breaches to get the absence of an internet con- earnings, attackers can also be in. This is why additional monitor- nection is a sufficient protection measure. The Stuxnet story, I suppose, proved hard for many people. driven by extremist and political motives. ing and protection means must be introduced (with their choice depending on the priority of the pro- Currently, local area networks are tected facility). Additionally, the cy- quite accessible for lawbreakers so ber security solutions themselves when working on cyber security solutions, we’d better accept should be protected better (not just new ones but also older that the lawbreaker already has access to our LAN (which, by ones). the way, doesn’t cost them much). It does not really matter what facility we are talking about: a nuclear power plant, a hydropower plant, a transmission substation, or a distribution substation. Using only a set of protective means recommended by the cyber security solution manufacturer is insufficient. The overall system security level is determined by its most insecure component. In electric power systems, this is often relaying equip- ment. If its operation can be undermined just by sending a few Special measures are certainly required. For example, is there any need for an antivirus for a home computer? If the home computer breaks down, then of course it can be replaced and the loss will be minimal (dictated by the new computer’s cost and the time needed for a system installation). If, instead, we bytes of data, this is obviously a vulnerability to be coped with by the relay manufacturer. It is also necessary to provide for similar issues in the future so they never arise again. At the moment, such attacks are possible and they must be identified in order to counter them on time. talk about the infrastructure facilities – how soon could the re- Finally, we must not forget about the direction that power engi- placement take place? neering is moving towards: to the modern environment-oriented The lawbreakers need knowledge about industrial protocols, and it is not uncommon for them to rely on specialists from different fields, including industrial control systems. Therefore, today we need to talk more often about organized cyber groups, such as Dragonfly. Statistics shows that such groups successfully enter wellprotected systems. The financial reason for their attacks can distribution systems. In the near future, distribution systems should begin to support “electricity stream” not only to the consumers, but also in the reverse direction – and even between the consumers. This is one of the enablers of the progressive future – with electric vehicles, smart grids, energy savings, and other innovations. Naturally, all of this incurs additional costs that are often considered too high, which is wrong. As the saying goes, “security is never too much”. Carlos Rodriguez del Castillo DPTO. DE INGENIERIA DE SUBESTACIONES UTILITY could stick to a private network and restrict access to credible users and computers. That being said, the overall cyber security will ultimately depend on the utility policy and their asset management approach. Cyber security policy must be carefully formulated and adapted to suit a specific environment at an electrical facility. All mmDtasciaiAacssooamnrcseoaaesntyapltiakiwefaohngaeirem,tnegeatntesarauidodedhnifrgnicrciaaasnaferyylffctvtgier)bbeiidi,colotsreei.ooemntssbrrdynnueuWotaattteehtfrtnhynemrn.hor’rosdseWleeeimuandapaaectooyotcsahrsoucitvceursheuoteancrasuerurnesdeeninlodssniedogateitdatutmcvoka,npyoto(enseerpaiinendoeiwatrcdtiwpafdosrrchesotbsuaeotthi,luhlcchcsrteichhekoeesses.yttbdrhaeiegtreirtagiastylkt,assycu.okbFcCtaussooanytrciarnsboeeteuuixesolfaluierndutmbclsnaspplteetyurlastetciwtf,cpiuoioyonaeonrrrtluckosimtfiyfauiccplvpcniaoleueaeitlrltnttenicwtycavehd.oiyirenrraaslkmobynwinhlbduiamitetsishaetedsdvtibonefmafretepbyuraetseleittnmudbtnietfderaeoddrmdadamttatccrcohhcoatiectgtoeeenuhaspeibnaintroscusieastdtbekssrbuleieoeedsmltrrfiinl,arenmc.ioptakumsfimSraenefsaniapcaondeeinenstlsmtddet.dtthuihwrmfeesrbuetoeuoSrtecotdrhscepttnuhkheuheapettrlerceserci(evhnuteadidiadoa.eveteteilrefTscploy.iinaa)hetsnriyotcsmetnttecfeeoadippepsslsilolsnspeersieegssgcchrumdesihuuosvinuarretuaibnhoiiccvntllttndgeeeeeeyyt 14 DIGITAL SUBSTATION | www.digitalsubstation.com

[close]

p. 15

BRAIN STORM FACTS AND FIGURES HOW REAL IS THE CYBERSECURITY THREAT FOR UTILITIES? • This is an actual problem of today and we have to resolve it immediately 43,2% • This problem may be actual in the future, but not today 40,4% 44+6140 • Cybersecurityisafar-fetchedproblem, physical attacks on infrastructure are much more likely 5005+ 16,4% WHAT CYBERSECURITY THREATS ARE MORE DANGEROUS FOR UTILITIES? • Threats from hackers, inside and outside of the facility 50,0% • Threats from maintenance personnel, who may inadvertently introduce malicious software into the facility 50,0% WHAT MEANS ARE REQUIRED TO PROTECT IS CYBERSECURITY CERTIFICATION AGAINST CYBERSECURITY THREATS? • It is enough to use standard methods: change of default passwords, application of appropriately configured firewalls, other cyber hygiene means 50,0% • It is required to use special software and/or hardware cybersecurity tools 500+5 55+54 50,0% REQUIRED FOR PROTECTION AND CONTROL IEDS? • Yes 55,4% • No 44,6% According to online-servey by digitalsubstation.com among 146 engineers and managers. 2213+5824WHAT ARE YOUR PRIMARY PROFESSIONAL ACTIVITIES? • Maintenance of electric power facilities 22,6% • Protection and control IEDs vendor 41,8% • Vendor/integrator of cybersecurity systems 7,5% • Design of electric power facilities 15,1% • Protection and control systems commissioning 13,0% www.digitalsubstation.com | DIGITAL SUBSTATION 15

[close]

Comments

no comments yet