Cyber-Security Solutions for Ensuring Smart Grid Distribution Automation Functions

The future generation of the electrical network is known as the smart grid. The distribution domain of the smart grid intelligently supplies electricity to the end-users with the aid of the decentralized Distribution Automation (DA) in which intelligent control functions are distributed and accomplished via real-time communication between the DA components. Internet-based communication via the open protocols is the latest trend for decentralized DA communication. Internet communication has many benefits, but it exposes the critical infrastructure’s data to cyber-security threats. Security attacks may not only make DA services unreachable but may also result in undesirable physical consequences and serious damage to the distribution network environment. Therefore, it is compulsory to protect DA communication against such attacks. There is no single model for securing DA communication. In fact, the security level depends on several factors such as application requirements, communication media, and, of course, the cost.There are several smart grid security frameworks and standards, which are under development by different organizations. However, smart grid cyber-security field has not yet reached full maturity and, it is still in the early phase of its progress. Security protocols in IT and computer networks can be utilized to secure DA communication because industrial ICT standards have been designed in accordance with Open Systems Interconnection model. Furthermore, state-of-the-art DA concepts such as Active distribution network tend to integrate processing data into IT systems.This dissertation addresses cyber-security issues in the following DA functions: substation automation, feeder automation, Logic Selectivity, customer automation and Smart Metering. Real-time simulation of the distribution network along with actual automation and data networking devices are used to create hardware-in-the-loop simulation, and experiment the mentioned DA functions with the Internet communication. This communication is secured by proposing the following cyber-security solutions.This dissertation proposes security solutions for substation automation by developing IEC61850-TLS proxy and adding OPen Connectivity Unified Architecture (OPC UA) Wrapper to Station Gateway. Secured messages by Transport Layer Security (TLS) and OPC UA security are created for protecting substation local and remote communications. Data availability is main concern that is solved by designing redundant networks.The dissertation also proposes cyber-security solutions for feeder automation and Logic Selectivity. In feeder automation, Centralized Protection System (CPS) is proposed as the place for making Decentralized feeder automation decisions. In addition, applying IP security (IPsec) in Tunnel mode is proposed to establish a secure communication path for feeder automation messages. In Logic Selectivity, Generic Object Oriented Substation Events (GOOSE) are exchanged between the substations. First, Logic Selectivity functional characteristics are analyzed. Then, Layer 2 Tunneling over IPsec in Transport mode is proposed to create a secure communication path for exchanging GOOSE over the Internet. Next, communication impact on Logic Selectivity performance is investigated by measuring the jitter and latency in the GOOSE communication. Lastly, reliability improvement by Logic Selectivity is evaluated by calculating reliability indices.Customer automation is the additional extension to the smart grid DA. This dissertation proposes an integration solution for the heterogeneous communication parties (TCP/IP and Controller Area Network) in Home Area Network. The developed solution applies Secure Socket Layer in order to create secured messages.The dissertation also proposes Secondary Substation Automation Unit (SSAU) for realtime communication of low voltage data to metering database. Point-to-Point Tunneling Protocol is proposed to create a secure communication path for Smart Metering data.The security analysis shows that the proposed security solutions provide the security requirements (Confidentiality, Integrity and Availability) for DA communication. Thus, communication is protected against security attacks and DA functions are ensured. In addition, CPS and SSAU are proposed to distribute intelligence over the substations level

A comparative study on multi-agent and service-oriented microgrid automation systems from energy internet perspective

The current advancements of energy, information, communication, and automation technologies and their integration have provided ways for the energy industry to transform into cleaner energy systems. This transition has contributed to the concept called energy internet. The recent energy technologies provide clean energy generation, storage and demand response through distributed energy resources. Information, communication, and automation technologies aim to provide supporting software tools and enabling mechanisms to automate the operation and control of those resources in a coordinated way. Thus, researchers and the software industry are developing software frameworks and platforms to support energy system automation. Commonly, most of the frameworks follow the design principles of either multi-agent systems (MAS) or service-oriented architecture (SOA). However, there are many frameworks and no straightforward criteria to select which one to implement in energy systems’ automation applications to fulfill the energy internet vision. This study provides a conceptual investigation of MAS- and SOA-based software solutions by designing a use case for microgrid application automation considering its expansion for enabling energy internet. Two software frameworks, RIAPS and Arrowhead, have been selected as the candidates of MAS and SOA from the literature study. This study shows that neither MAS or SOA approach alone might not meet the requirements of microgrid automation and energy internet. Consequently, a combined approach of MAS and SOA is proposed.publishedVersionPeer reviewe

Network Architecture for IEC61850-90-5 Communication : Case Study of Evaluating R-GOOSE over 5G for Communication-Based Protection

The smart grid includes wide-area applications in which inter-substation communication is required to realize innovative monitoring, protection, and control solutions. Internet-based data exchange, i.e., communication over Internet Protocol (IP), is regarded as the latest trend for inter-substation communication. Interoperability can be achieved via the use of standardized IEC 61850-90-5 messages communicating over IP. Wide-area applications can obtain benefits from IP-multicast technologies and use a one-to-many communication model among substations communicating across a communication network. Cellular Internet is being considered as a potential cost-efficient solution which can be used for the IP-multicast communication. However, it requires knowledge of communicating uncommon IP-multicast traffic over the Internet. Moreover, it presents challenges in terms of cybersecurity and real-time requirements. These challenges must be overcome to realize authentic and correct operation of the wide-area applications. There is thus a need to examine communication security and to evaluate if the communication network characteristics satisfy the application real-time requirement. This paper investigates the secure communication of IEC61850-90-5 multicast messages over the public communication network and proposes two network architectures using the Generic Routing Encapsulation (GRE) tunnel and multipoint GRE (mGRE) within Dynamic Multipoint VPN (DMVPN). Additionally, this paper evaluates the feasibility of cellular (5G and 4G) Internet for the communication of multicast Routable Generic Object Oriented Substation Events (R-GOOSE) messages in wide-area protection applications. For this purpose, we introduce a lab setup to experiment the transmission of R-GOOSE messages within the proposed network architectures. The lab setup contains both software and hardware components. A software application is developed to publish multicast R-GOOSE with a fresh timestamp acquired from time synchronization equipment. These messages are transmitted over the Internet by computer networking devices that support cellular communication. The communication latency of the transmitted messages is measured and analyzed statistically. The statistical analysis results are discussed to evaluate performance of R-GOOSE over cellular Internet for two communication-based protection applications: Logic Selectivity and Loss-of-Main protection schemes.publishedVersionPeer reviewe

Analyzing Reliability of the Communication for Secure and Highly Available GOOSE-Based Logic Selectivity

In an electrical distribution network, Logic Selectivity significantly reduces both the number and duration of outages. Generic Object-Oriented Substation Events (GOOSE) have a key role in the decision-making process of substation protection devices using GOOSE-based Logic Selectivity. GOOSE messages are exchanged between remote protection devices over the communication network. Secured communication with low latency and high reliability is therefore required in order to ensure reliable operation as well as meeting real-time requirement of the Logic Selectivity application. There is thus a need to evaluate feasibility of the selected communication network technology for Logic Selectivity use cases. This paper analyzes reliability of cellular 4G/LTE Internet for GOOSE communication in a Logic Selectivity application. For this purpose, experimental lab set-ups are introduced for different configurations: ordinary GOOSE communication, secured GOOSE communication by IPsec in Transport mode, and redundant GOOSE communication using the IEC 62439-3 Parallel Redundancy Protocol. In each configuration, the GOOSE retransmissions are recorded for a period of three days and the average GOOSE transmission time is measured. Furthermore, the measured data is classified into histograms and a probability value for communication reliability, based on the transmission time, is calculated. The statistical analysis shows that 4G Internet satisfies the real-time and reliability requirements for secure and highly available GOOSE-based Logic Selectivity

Event-based simulation of a decentralized protection system based on secured GOOSE messages

A new simulation library is developed on OMNeT++ to model faults in distribution systems. The proposed library makes it possible to calculate the status of lines and busbars from the point of view of a protection system, enabling the modeling of overcurrents, power outages and fault passage indicators. The library is applied to model a decentralized protection system based on the exchange of IEC 61850 Generic Object Oriented Substation Events (GOOSE) messages between intelligent electronic devices responsible for the operation of circuit breakers and disconnectors. The time needed to secure and transmit GOOSE messages over the Internet is characterized and included in the model. Several studies are carried out to analyze the effect of different parameters, such as GOOSE retransmission times and failure rates of switching devices and communication channels, on the performance of the protection system.This research was funded by the European Commission 7th Framework Program, grant number 608860

Uniform Web of Things based Access to Distributed Energy Resources via Metadata Registry

A lack of multi-level connectivity between the management systems of smart grid actors and cyber-physical systems of distributed energy resources (DERs) impedes transition toward decentralized grid architecture driven by active network management. This article focuses on Web of Things (WoT) concept as a possible enabler of uniform machine type access to DERs. The results of the paper provide a blueprint of WoT adoption patterns in smart grid domain through the example of microgrid management system (MGMS). Moreover, this article delivers work-in-progress implementation of the metadata registry that facilitates the automated service-oriented discovery of MGMSs by aggregator management systems for purposes of market and grid.publishedVersionPeer reviewe

Evaluation of Bone Mineral Density in Rural Women of Kawar-Fars

Background: Osteoporosis is a major public health problem. This study designed to assess peak bone mineral density (BMD), its onset in rural women in Kawar-Fars as well as prevalence of osteopenia and osteoporosis according to WHO and local reference values. Methods: In this cross sectional study , 266 healthy women aged 20-85 years from Kawar-Fars participated and they underwent Dual-energy X-ray absorptiometry (DXA) scanning including two lumbar and femur regions. Results: Peak bone mass of lumbar spine occurred during 29±2 years. Also peak bone mass of total femur occurred around the age of 34±2 years. Prevalence of osteoporosis in lumbar spine according to WHO reference data was 29.7% but using Iranian normative data was 10.5%. Also using WHO reference data, prevalence of osteoporosis in total femur in rural women was 15.4% whereas according to the Iranian normative data was 16.2%. Conclusion: This study provided a baseline normative data of BMD for rural Iranian women. Also it showed prevalence of osteoporosis in rural women is more than urban women

Uniform Web of Things based Access to Distributed Energy Resources via Metadata Registry

A lack of multi-level connectivity between the management systems of smart grid actors and cyber-physical systems of distributed energy resources (DERs) impedes transition toward decentralized grid architecture driven by active network management. This article focuses on Web of Things (WoT) concept as a possible enabler of uniform machine type access to DERs. The results of the paper provide a blueprint of WoT adoption patterns in smart grid domain through the example of microgrid management system (MGMS). Moreover, this article delivers work-in-progress implementation of the metadata registry that facilitates the automated service-oriented discovery of MGMSs by aggregator management systems for purposes of market and grid.publishedVersionPeer reviewe

Information Exchange Platform for Enabling Ancillary Services from Distributed Energy Resources

The operation of the electrical grid is going through a major change. In future, also small-scale distributed energy resources (DERs) need to be utilized in system operation. Increasing penetration of DERs set new challenges for the grids but also open new possibilities in grid and system operation. Smart utilization of DERs would decrease the total costs of the system but barriers for widespread DER ancillary services still exist and include, amongst others, the lack of widely accepted interoperable communication interfaces and the inadequate number of studies going beyond simulations. This paper describes the development of an information exchange platform that enables interoperable data exchange between different energy system actors enabling more efficient use of customers’ and other market actors’ DERs in system operation. The operation of the developed information exchange platform is demonstrated with an example use case that considers utilizing DERs for frequency control through the frequency containment reserve market.acceptedVersionPeer reviewe