Due to how diverse Ethernet has proved to be over the years the concept of the Smart Grid was created. This involves remote control and monitoring of the electrical grid from a central position such as the control centre, to improve reliability, resilience, flexibility and efficiency of the electrical grid. Electrical grids nationwide can now be conglomerated into a single Smart Grid with a central control point. This editorial will focus on the communications necessary for the running of the smart grid, and the interoperability and security required.
The advantages provided by Smart Grids are numerous, including the ability to remotely operate and monitor various substations or the tasks within or between those substations, meaning less personnel and less human intervention required per substation. With the ability to control and monitor end devices via the Ethernet network, as well as the end devices being able to communicate directly between one another, operators are provided with better control of the grid as well as more reliable, quicker automation within the grid itself as devices update each other on the status of the grid and their predetermined variables.
However designing and implementing a smart grid, especially as an upgrade to an existing legacy site, requires careful forethought and planning, as well as specialised software and hardware. We will discuss the RuggedCom RuggedSolutions family of software, designed for various aspects of smart grid communications.
One of the first aspects to consider when upgrading a legacy site to Ethernet (Here legacy refers to older serial and point-to-point devices) is interoperability. Devices already in use at a site will often come from a variety of different manufacturers. Due to the fact that the communications between most of these devices would be on a point-to-point, or sometime multidropped, serial cable, interoperability between different vendors within the same substation was never a strong requirement. However upgrading to a smart grid means that generally these devices will need to start communicating with other vendors devices, whether this is multiple IEDs/RTUs sending their data up to a central SCADA system, or different vendor’s RTUs/IEDs needing to communicate amongst each other for a range of various purposes. This can often lead to complications when different devices are speaking different protocols.
In this type of situation one requires a protocol gateway, or “universal translating” device that can allow all RTUs and IEDs to communicate with one another. Enter RuggedCom’s eLAN software. eLAN is a modular, Linux-based substation server and front-end processor that excels at accessing all types of IED data, and getting it to the clients that require it. Users can select any of the wide range of eLAN applications, including 40+ protocols. This means that eLAN can act as the central translator device, connecting together many devices speaking different protocols. With ongoing development taking place the addition new protocol support to the software is feasible. eLAN can normalise a network’s communications as well as preventing the need for purchasing of newer devices that can communicate directly between one another. With eLAN the problem of interoperability is eliminated, allowing much more freedom for upgrading, as well as less CAPEX required for the initial upgrade to Ethernet and TCP/IP.
The next major aspect to consider when using Ethernet is security. Providing remote access to devices is a great help in automation and monitoring of Smart Grids, but one must be sure to not provide this ease of access to malicious users. Ethernet does provide many built in security protocols, however for a mission critical network such as that running a smart grid, advanced security and logging is recommended.
This is where RuggedCom’s Crossbow software comes into play. Crossbow is a Secure Access Management solution designed to provide NERC CIP compliant access to IEDs (Intelligent Electronic Devices). NERC is the North American Electric Reliability Corporation, and the CIP standard is the Critical Infrastructure Protection, a concept that relates to the preparedness and response to serious incidents involving the critical infrastructure of a region. In other words the CIP standard deals with the prevention of malicious attacks or unintended access on a Smart Grid; how the Smart Grid is protected against such scenarios and also how the network and its operators would respond.
Crossbow, as stated, is meant to provide NERC CIP compliance relating to accessing of IEDs. Crossbow will run a main server in the central control room which stores a database of login details. Various users are assigned different roles, and these roles define which devices they can connect to, and at what level (Operator, administrator etc.). Each user will then be assigned a Crossbow login password. Crossbow will then remember the various login passwords for each end device, so once a user is authenticated to the Crossbow server, no further passwords to log into permitted devices are required from the user, Crossbow will handle this transparently in the background. Another strong feature of Crossbow is that it can be set to randomly change the passwords for each individual end device on command or to a time schedule. This list of end device passwords will still be available to a Crossbow administrator with the correct access in the event devices need to be logged into directly, even though they are transparent to the end user.
One of the big concerns with a setup like this is if a remote substation loses communication to the central control room, in this case how is one supposed to authenticate to Crossbow so as to gain access to the devices locally? The answer is the Crossbow Station Access Controller, or SAC. The SAC can be thought of as a Crossbow client. The new range of modular switches from RuggedCom allow for installation of an embedded utility grade PC module. This PC module would be used to run the Crossbow SAC in each remote substation, and each SAC would synchronise itself with the Crossbow SAM (Secure Access Manager) running in the control room. In the event that a remote substation’s SAC could not communicate with the SAM the user could authenticate locally to the SAC database. Upon the SAC regaining communications to the SAM the databases would resynchronise.
Not only does Crossbow control the login to devices on the network at various levels, it can even go further than that by being set up to restrict certain commands from being entered. For instance, if one can gain access to a device on the network there is a good chance that they can then telnet to another device on the network to control that indirectly. Crossbow can prevent situations such as this by disallowing users to enter customised commands such as telnet.
Crossbow provides logging of all users, down to the level of what commands they entered into a particular end device. This kind of traceability is essential to facilitating quick resolution in the event of a problem, as it can be easily traced what configuration changes where made and by whom. The addition of optional CAMs (Crossbow Application Modules) allows modular functionality to be added to the Crossbow system based on the project requirements. The Data Retrieval CAM allows automated retrieval of fault files and event data, while the Event Notification CAM will automatically notify users of customised events. Finally the Config Compare and Firmware Compare CAMs can be used to automatically compare the configuration and firmware (Respectively) of the IEDs against a confirmed configuration/firmware, and notify the user upon finding a difference.
Using these two components of the RuggedSolutions package, operators and administrators can be provided easy access to all permitted devices on the network, remotely and securely. eLAN will work in the background allowing the base communications to take place between different vendor’s protocols on the network. The logging traceability of Crossbow helps eliminate hours of time wasted looking for changes that have caused system instabilities, as well as being able to confirm that users are operating only within authorised devices and their authorised access level. The storage of edge devices, and the single password to authenticate to Crossbow means operators do not have to remember a whole list of passwords, instead they just need their individual strong password for access. In the event that a user needs to be given less access to certain devices, this can be done by simply changing that users access rights, rather than requiring changing passwords on every device on the network. In today’s Smart Grids, interoperability, secure access and traceability are all key aspects that need to be considered. Crossbow and eLAN, when used together, provide a common protocol platform for devices from different vendors to communicate while ensuring the highest levels of secure authentication.
For more information on the full range of the RuggedSolutions software and how they can benefit you please contact H3iSquared.
Name: Tim Craven
Tel: +27 (0)11 454 6025
Email: info@h3isquared.com