Defense in depth cyber security for substation communications. Cybersentryz for ds agile substation cyber security. Economies that are emerging or expanding such as china and india. The substation security solution figure 1 makes use of the cisco isa3000 security appliance with integrated capabilities for firewall, and encryption and intrusion prevention systems ipss, including supervisory control and data acquisition scada signatures. Then navigate to the rules tab and click the plus sign at the bottom right side of the page. Steel structures, equipment anchorage and foundations accepted by. The intelli firewall provides a solution for containing fires and protecting critical assets, and has been installed by large utilities to protect transformers in major substations in california and nevada. Review of cyber and physical security protection of.
When substation protective relays are targeted, there is the potential for physical damage to transformers and other vital physical infrastructure. The vpn can transport iec608705104 as well as serial protocols. To create a security perimeter for the substation, a security control point needs to be established to restrict and monitor traffic flowing into and out of the substation. The middle three levels are ied implementation, ied integration, and substation automation applications. Pdf an algorithm for optimal firewall placement in iec61850. Maintenance protocols configuration protocols are secured either with tls or ssh. Highvoltage transformer substations congressional research service 2 the u.
Some form of protection is required to prevent them from going up in smoke. The electric power substation, whether generating station or transmission and distribution, remains one of the most challenging and exciting fields of electric power engineering. Absorbent glass mat battery technology eliminates the need for a separate ventilation battery room. Both operational and nonoperational data is needed in the data warehouse. Between the generating station and consumer, electric power may flow through several substations at different voltage levels. Distribution substations for power supply power plants. However, these cyberoriented solutions are not fully effective when a control center system becomes malicious or compromised. A typical substation transformer bank is comprised of three or more transformer tanks, each containing up to 45,000 gallons of extremely flammable mineral oil. Cyber intrusions into substations of a power grid and.
To size the data warehouse, the utility must determine who the users. Unique vertical firewall, firewalls for transformers. Firewall rule block port 20000 from all ips except your control center host. Typically, this will be a dedicated firewall, but in some cases a router or terminal server can be used. The input for a distribution substation is typically at least two transmission or subtransmission lines. Pdf 4 protection and control in substations and power. Arguably, one of the most important piece of equipment in any substation is a power transformer. The charger also feeds the dc loads from ac system via a rectifier. Transformer blast wall design pfg electrical jun 10 19. The user will make these decisions based on threat assessment and criticality assignment by the substation owner. Distribution voltages are typically medium voltage, between 2. Ieee 14022000 ieee guide for electric power substation.
Distribution substation a distribution substation transfers power from the transmission system to the distribution system of an area. L control centers rely on substations and communications to make decisions l substations are a critical infrastructure in the power grid relays, ieds, pmus l remote access to substation user interface or ieds for maintenance purposes l unsecured standard protocols like dnp3. The function of an earthing and bonding system is to provide an earthing system connection to which transformer neutrals or earthing impedances may be connected in order to pass the maximum fault current. Utility concrete products we are the leading midwest precast concrete company. Cyber and physical security protection of utility substations. Guide for electric power substations physical and electronic security, ieee power engineering society, new york, ny, april 4, 2000. Oilfilled power transformers also pose the largest fire risk in any substation. A properly configured firewall between the substation and the utilitys corporate network will. L our research will focus on algorithms that defend against insider attacks that aim to disrupt electric power service by spoofing spurious power system control commands, or altering a device configuration, even if commands and data are compliant with respect to syntax, protocol, and targeted device. Network security management for transmission systems. The task of protection and control in substations and in power grids is the provision of all the technical means and facilities necessary for the optimal supervision, protection, control and management of all system components and equipment in high. To better secure the electrical power infrastructure from malicious activity, nerccip regulations call for all external substation network communication to be transmitted through a stateful firewall. The electrical substation design is a complex method with full of engineer planning. Communication between the substation and other remote systems remote centers or other substations are tunneled in a virtual private network vpn a secure encrypted pointtopoint communication channel.
It is designed to address a number of threats, including unauthorized access to substation facilities, theft of material, and vandalism. Ge digital energy ge information multilin d400tm substation gateway instruction manual 9940089 version 2. Power substation design calculations a checklist of 18. Pdf design of an industrial iotbased monitoring system. All rus borrowers rus electric staff effective date. Power utilities companies and the power grid they share contain a complex collection of power. They can be physically or electrically connected, e.
Vuspec page 3 ieee 12402000 r2012, ieee guide for the evaluation of the reliability of hvdc converter stations ieee 12462011, ieee guide for temporary protective grounding systems used in substations. Using physics to advance cyber security for energy. We reserve the right to make changes to these renderings without prior notice. The cyber security of power substations has been recognized as a critical issue since it consists of various types of critical physical and cyber devices. Distribution substations for auxiliary supply hardcopy printer event printer workstation station computer hmi station alarm device gateway functionality iec 6185081 centralized ring gpstime server 0 1 0 firewall vpn maintenance center router firewall vpn remote control. When renewable power sources such as solar and wind are very. Transformers fire separation blast walls electric power. Electrical transformer fire and explosion protection ceu continuing education series module provided by oldcastle precast inc. We got the idea about the latest advancements going on in the field of gis and substation automation. The hostbased anomaly detection uses a systematic extraction technique for intrusion footprints that can be used to identify credible intrusion events within a substation, e. This bulletin is an update and revision of previous rea bulletin 651, design guide for rural substations revised june 1978. Demand for electricity rapidly increases as a nation or country becomes more developed and industrialized. Transformers fire separation blast walls beastieboys2 electrical 5 aug 08 15. The ignition of the transformer oil can come from any number of.
It also shares how a firewall increases the security posture of a modern substation. This ensures that access to the equipment within the substation is restricted to authorized communication through the firewall. Substation integration and automation can be broken down into five levels, as shown in figure 1. Cyber security requirements and related standards for substation automation systems english pdf article security in the smart grid english pdf article balancing the demands of reliability and security. Power over ethernet poe poe process bus wgoose and sv feeder 1 feeder 3 feeder 4 feeder 2 ied ied ied ied ied ied industrial hivision eagle 2030 firewall magnum 6k10k12k mipp mipp magnum 6k10k12k magnum 10c substation computer dx940dx40 10ets wserial ports dymec media converter modular industrial patch panels mix fiber and copper. Design of an industrial iotbased monitoring system for power substations article pdf available in ieee transactions on industry applications pp99. A recent transformer fire on the las vegas strips shows the intelli firewall in action isolating the fire from surrounding equipment and saving lots of money. Power substations contain expensive pieces of equipment. The zonebased firewall capability provides segmentation while providing traffic inspection. Cyber security for substation automation, protection and control systems english pdf technical publication. Substation internet rms scada control center trb142 production transmission substation controller benefits solution integrators and energy operators around the world have recognized that cellular solutions, such as 4g lte enabled gateways and routers, offer the most reliable connectivity and best availability for their complex substation systems. A substation is a part of an electrical generation, transmission, and distribution system. Pdf assessing power substation network security and.
Get the most flexible integration platform with up to 10 ethernet ports and 32 serial ports leverage best in the industry processing power. Network segregation global protection of the esp is ensured by a firewall that denies all communications by default, and allows only required. Ucp produces precast concrete products for the communication, electrical and transportation industries and many others. Layer 3 routers, integrated with a firewall, provide the secure access required. The electrical grid including its substations and feeders is an increasingly easy target for hackers and, given its critical importance, any internal errors that bring down the network would be detrimental as well. Cyber security for utilities cyber security power grids. Electrical substation is the interface in power network where distribution feeders and transmission lines are connected together through switches or circuit breakers by transformers and busbars. Fire protection systems designed specifically to address the unique hazards posed by power transformers are a design consideration that must be recognized and understood. Watch the videos below to see a real transformer fire in progress being isolated by our hightech intellifirewalls or. While substations used to be protected by concrete walls. The zonebased firewall capability provides segmentation while. Substations transform voltage from high to low, or the reverse, or perform any of several other important functions. Substation gateway functionality has evolved to include protocol conversion combined with a security check point. Where a firewall is provided between transformers, it should extend at least 1 ft 0.
As larger weather events and potential threats to the power system are being. Substation modular firewall 2009 nova award nomination construction innovation forum 6494 latcha road, walbridge, oh 43465 4197253108 fax. Protection of modern substations is implemented using microprocessor relays. The router firewall provides a separation between the local substation network and external wide area networks wans. Substation single point of defense security solutions are a thing of the past. A power substation by its nature contains all of the right ingredients to generate the perfect fire storm. Station service power highly reliable and redundant dc charger and battery systems provide uninterruptible power to all circuit breakers and control devices. At the end we hope that by this presentation your understanding regarding various types of substation, operation of a standard substation and also about the various equipements used in power substation would got more clear.
Intelli firewall transformer bank modular firewall. The substation design manual is not intended to replace asset management standards, but rather to act as a reference document that crossreferences existing standards and process documentation and plugs any gaps where asset management documentation does not exist. This document provides recommendations for fire prevention and fire protection for electric generating plants and high voltage direct current converter stations, except as follows. Access to substation data is protected with a builtin firewall, secure rolebased access control, security event logging, encrypted communications mandatory for a highly secured utility network. Power substations are also used to balance the power supplied to the power grid from various power generation sources. The abcs of substation automation levels of substation automation substation integration and automation can be broken down into five levels. With its robust, flexible and scalable design, the smp sg4250 substation gateway is an evolving solution that adapts to new market requirements. Firewall solutions that protect at the perimeter of substation systems, for instance 11, are also developed as commercial solutions. Using physics to advance cyber security for energy delivery. The lowest level is the power system equipment, such as transformers and circuit breakers. The cyberattacks in the electric power substations can affect the pattern of data traffic in scn, as confirmed by related studies e.
Routing firewalls guarding the substation perimeter. Remote access authentication can be required to access the substation lan remotely by configuring the firewall as a proxy authentication, as. Nuclear power plants are addressed in nfpa 805, performancebased standard for fire protection for light water reactor electric generating plants. The result is a false belief that a firewall that meets nfpa 22109, or 850 5. Implementing firewalls for modern substation cybersecurity. Recent technological develop ments have had a tremendous impact on all. Electrical substation firewall utility concrete products. Iec 61850 standard the standard uses fast, modern networking technology, such as tcpip networks andor substation local area networks lan with highspeed ethernet for the fast response needed to monitor protective relays. P1402 ieee draft guide for physical security of electric power substations this guide describes recommended practices for the physical security of electric power substations. During normal operation, the batteries are trickle charged by the charger and remain on standby.
Electrical transformer fire and explosion protection. The key steps in the substation designing include switchingsystem, planning and placing of equipment, selection of components as well as ordering, support of engineers, structural design, the design of electrical layout, protection of relay, and major apparatus ratings. Critical substation risk assessment and mitigation jacques delport general audience abstract substations are key components to the continued and reliable operation of the power system. Substation market growth forecasts 20202026 size statistics. The first step in designing a power substation is to design an earthing and bonding system go to content earthing and bonding. The networkbased anomaly detection is focused on multicast messages in a substation network. Securing substations through command authentication using on.
655 1411 396 597 1604 1308 578 83 488 1013 135 753 92 777 358 932 1109 227 1308 596 474 1482 116 1375 1097 998 1270 133 13 701 323 642 606 851