Click to Print This Page

Back to Article


SmartGridNews.com
The insider's guide to the modernization and automation of electric power

Cybectec Substation Gateways - 85 out of 100
By Erich Gunther
Nov 5, 2008 - 11:51:25 AM

In SGN's Tech Take articles, power engineer and architect Erich Gunther evaluates actual products and services against the SGN Smart Grid Scorecard. Unless disclosed explicitly at the beginning of the article, neither SGN nor Erich Gunther has received any compensation from the vendor nor do they own stock in the company.  

 

This article examines the Cybectec SMP family of substation gateway and processor products (including related devices and systems/software applications).  Cybectec started in the 1980s as a developer of software applications for industrial and utility-grade devices. It has been designing and producing various gateways since 1993.  In the process, Cybectec has received strong endorsements from a number of their clients including some large investor owned utilities. In early 2007, Cybectec was acquired by Cooper Industries.

 

As you will read below, Cybectec has done an admirable job of providing customers with a strong suite of solutions that support many Smart Grid principles. To understand my evaluation, you need to grasp three essential elements:

·         The role of the SGN Scorecard  

·         The purpose of substation gateways in a Smart Grid  

·         How Cybectec measures up  

 

 

 

The Role of the SGN Scorecard

The SGN Scorecard was developed for a very important reason: most of today's products do not adhere to Smart Grid principles. They do not support the requirements envisioned by Smart Grid researchers such as EPRI, the California Energy Commission's Public Interest Energy Research (PIER™) program, the Modern Grid Initiative and DOE's GridWise program. Nor do they adhere to the mandates in the Energy Independence and Security Act of 2007.

 

In particular, several elements of the EPRI IntelliGrid Architecture are critical to implementing a Smart Grid:

·         Proven, Internet derived communication technologies  

·         Service based architecture at the enterprise level  

·         Self healing technology  

·         Well defined interfaces and points of interoperability  

·         Application of industry and international standards  

·         Built in security and network management  

 

The SGN Scorecard is a checklist that measures whether products meet minimum standards for a Smart Grid. We will use it as the benchmark for all Tech Talk reviews. You are invited to use it free of charge for your own evaluations. For a further explanation and a blank version you can copy freely, download the PDF version of the Scorecard. (See link below.)

 

The Purpose of Substation Gateways in a Smart Grid  

In a truly Smart Grid, retrieving the extensive data available at the substation and delivering to high-value applications and key staff is essential to achieving the expected utility and societal benefits. The bottom line is converting the data into specific, valuable information for improved responsiveness and decision-making (whether automated or manual).  

 

The EPRI IntelliGrid® project developed a vision for the power system of the future (Smart Grid) with the following attributes and objectives:

·         Self healing and adaptive  

·         Interactive with consumers and markets

·         Optimized to make the best use of resources and equipment  

·         Predictive rather than reactive  

·         Distributed across geographical and organizational boundaries  

·         Integrated through the merging of monitoring, control, protection, maintenance, EMS, DMS, marketing and IT  

  • More secure from attack

 

Much of the data needed to achieve these attributes originates at the substation. Therefore, the Substation Gateway has a key role to play. It may gather data, forward it, or host analysis applications.  

 

Two Data Types

The two primary data types are operational (used for SCADA) and non-operational.  Operational data is traditionally used by the SCADA system and typically totals about 10% of the total.  The other 90% is referred to as non-operational data and comprises a wide range of data types and formats. It is used by various engineering, maintenance and other staff to aid in optimizing the reliable use of grid assets.  However, a much larger group of users and applications could potentially benefit from access to select portions of the non-operational data. For their sakes, a Smart Grid Gateway must enable secure, LAN/WAN (if equipped) remote access to a much larger base of substation data than in the past.   

 

In the past, gateway functionality was originally provided by either a data concentrator (dedicated to relay communications) or an intelligent Remote Terminal Unit (RTU).  In fact, some devices called Substation Gateways offer little more than intelligent RTU or basic data concentrator functionality.   

 

Data Concentration Is a Core Function

Data concentration remains a core Gateway function. It includes gathering, storing and delivering a wide range of data types from Intelligent Electronic Devices (IEDs) in the substation.  Data may be delivered to multiple remote SCADA masters and/or client applications.  In many cases, the IEDs (including existing RTUs) are not replaced when the Gateway is installed. As a result, the Gateway must communicate with a large number of different IEDs using both standard and non-standard protocols (usually in serial format).  Advanced Gateways must be capable of supporting; WAN and LAN interfaces, standard protocols such as DNP3, IEC 60870 and IEC 61850, cyber security applications, auditing and logging, network management, automation applications, local user interface, alarm tagging, comprehensive management of firmware and configuration validation and updating, and many other functions.   

 

Flexible Support of Multiple Architectures Is Important Too

Another key Gateway benefit is the flexible support of a wide range of substation automation architectures, thus enabling an effective technology migration strategy.  Substations with mostly electro-mechanical relays, a few serial digital relays and a serial (communicating) RTU can accept and benefit from a Gateway.  In the future – when external IP connectivity is available at the substation and a substation LAN is installed along with upgraded devices – the same Gateway will be able to support more functionality including cyber security.  Certainly a strong business case can be made for installing a Gateway at the time that the external IP connection is installed.  

 

Recommended Gateway Features

To accomplish the purposes described above, a Substation Gateway needs the features and attributes discussed below:

 

Reliability and Ruggedness. Gateways must meet a stringent set of hardware and environmental standards to ensure reliable operation in the harsh substation environment.  Typical operating temperature range should be -40C to +65C.  One useful resource is IEEE Std 1613 - 2003, “IEEE Standard Environmental and Testing Requirements for Communications Networking Devices in Electric Power Substations.”  Another good reference is IEC 61850 Part 3 – General Requirements.  This standard specifies that there shall be no fans or other moving components such as disk drives.  Other key features driving reliability are firmware/software self-diagnostics and redundant configurations.    

 

Hardware Ports. The core data concentration function requires that the Gateway interface with a large number of devices. Many of them require one serial port per device.  A Gateway typically needs at least 16 serial ports, and expansion to 32 or more may be useful. Serial ports should support both fiber and copper.  Multiple Ethernet IP ports should be included as well, also supporting copper and fiber.  In addition, input and distribution ports for time synchronization signals may be required.  USB ports for log downloads and configuration/firmware uploads may be required.  The physical size may be significant if upgrades to older gateways are planned.  An important option may be a reliable input/output module that communicates using a LAN-based standard protocol.

 

The gateway should be designed and expandable to handle a large database of over 100,000 data points to accommodate the growing numbers of new IEDs with large databases.

  

Protocol Suite. The data concentration function also requires supporting a wide range of communications protocols. They should include legacy protocols for IEDs such as Modbus. And they should support the newer standard protocols for both IEDs and SCADA masters.  Standard protocols such as DNP3, IEC 60870-5 and IEC 61850 (including GOOSE) may be needed now or in the future.  When applicable, both serial and LAN formats should be specified.  User-friendly features such as configuration templates for all protocols can reduce the configuration time considerably.  In addition Network Time Protocol (NTP), Simple Network Time Protocol (SNTP), and other time synchronization protocols may be required to allow time synchronization to occur over the network.

 

Cyber Security. The priority source of requirements for cyber security must originate with the utility’s own security policy which defines how the utility addresses the NERC Critical Infrastructure Protection (CIP) – Electronic Security requirements in North America (or its equivalent in other parts of the world).  The security policy will specify which sites and assets are deemed critical cyber assets and establish enterprise and device level requirements for authentication, access control and authorization. It will also determine which technologies will be implemented to address these functions.  In addition the policy will specify required activities such as enterprise and device level logs (audit trails) and how these will be accomplished.  The policy will also address serial communications, dial up access and wireless networks.   

 

A useful reference is IEEE Std 1686 – 2007 “IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities.”  The DNP User’s Group has released Version 1.0 of the “DNP Secure Authentication Specification” for initial review and testing.  The IEC is in the process of developing and releasing IEC 62351 addressing cyber security for substations. Suppliers of Gateways must plan for future upgrades of installed equipment to remain compliant as these standards are released.   

 

The typical suite of other secure applications and features will include Secure Shell (SSH), Secure Socket (TLS/SSL) or IPSec, secure HTTP (HTTPS), secure FTP (SFTP or SCP), IEEE 802.1x for device authentication, IP Port Management and DHCP to restrict IP address assignments to approved MAC addresses.  Embedded self diagnostics is also required including a service to continually verify that the operating applications are valid (“signed” by the supplier).   A total cyber security solution may also require additional components such as routers (firewalls); enterprise level applications working with a Gateway; processes such as testing, inventories, audits; and recovery plans.

 

Device and Network Management. Effective management of large networks of gateways and other IP connected devices requires the use of standard applications such as SNMP (MIBs) and SysLog.  Therefore these applications should be included in the Gateway along with local logging and other associated functions.  Support for remote configuration and remote firmware change management is important.  The Gateway should include an application to perform regular verifications that it contains the correct firmware and configuration versions by interrogating a central server.  

 

Pass Through. This feature uses applications mentioned above (according to the security policy) to enable authorized remote users to securely access IEDs at the substation by “passing through” the Gateway for the purposes of using the IED native configuration software to access the IED seamlessly.  This function may work through a central enterprise server.  In order to prevent unauthorized actions when using native IED software, the enterprise application suite may include a command filtering capability.  

 

Event Record Management. This application automatically interrogates IEDs and retrieves, stores and delivers disturbance and event records to an enterprise server application for rapid access by authorized personnel.  Event and disturbance data may also be used as input for advanced analysis applications (for example, to accurately determine fault location). Note that this function can be performed without a Gateway if necessary.

 

Configuration and Display Applications. The Gateway must include easy-to-use online and offline configuration applications.  Whenever possible, a single point of configuration should be supported.  The device should support the remote upload and download of configuration and firmware files as well as version logging and verification, change logging.  Templates are valuable as noted above with drag & drop capability and drop down menu selections..  Support for the DNP XML schema will be very valuable in the future as well support for IEC 61850 (Part 6) Substation Configuration Language (SCL) also in XML format.   

 

Integrated web browser (server) displays should be provided for alarms, events and SOE (sorted), annunciator, one line diagrams, control action, diagnostics and tagging.  A significant cost savings is possible if the Gateway is also equipment with a web client application and a Keyboard, Video and Mouse (KVM) module is integrated.    

 

Automation Application Support. A Gateway may be an ideal platform for local automation applications developed by the utility or outside staff.  Gateways should support PLC-type programming tools. Ideally, those tools should be based on the IEC 61131-3 standard.   In addition, the Gateway should be capable of supporting the local processing of more sophisticated analysis applications.  This could potentially reduce the volume of data transported by the WAN.

 

Enterprise-Level Applications. Many of the above requirements and features need a suite of applications installed on an enterprise-level server.  In fact, much of the cyber security policy may be implemented at the enterprise level.  In addition, the configuration management, network management, logging functions, event record management and pass through applications require an enterprise-level application.  Note that this suite of applications at the enterprise may communicate directly to substation IEDs, possibly with a substation port switch device but without a substation Gateway.  In addition, to prevent unauthorized actions when using native IED software the enterprise application suite may include a command filtering capability.  

 

Excellent references for recommended features and attributes are:  

  • IEEE Std C37.1 – 2007, “IEEE Standard for SCADA and Automation Systems”
  • IEEE Std 1646 – 2004, “IEEE Standard Communication Delivery Time Performance Requirements for Electric Power Substation Automation”
  • IEEE Std 1615 – 2007, “IEEE Recommended Practice for Network Communication in Electric Power Substations”

Cybectec's Product Lineup  

The following summarizes the primary components of the Cybectec product family.  

 

SMP Gateway Product Family:  

  • SMP™ 4 – one Ethernet and 4 serial ports
  • SMP™ 16/CP – two Ethernet (metallic or optional fiber) and 16 serial ports
  • SMP™ 16/SG – two Ethernet (metallic or optional fiber) and 16 serial ports with expansion options to 48 serial ports
  • SMP™ I/O – input / output module

Enterprise Applications:  

  • Cybectec Enterprise Gateway – hosts the suite of selected enterprise applications

  

Substation User Interface:

  • SMP 16 Annunciator option for integrated KVM module on the Gateways for local display
  • SMP 16/SP Substation Processor for hosting Windows XP® applications, including the Visual Substation HMI/SCADA application       

 

The table below describes the features of the Cybectec Gateway product and solutions based on the features and attributes paragraphs above.

 

Cybectec SMP Product Family – High Level Summary

 

ATTRIBUTE/FEATURE

COMMENTS

Reliability and Ruggedness

Meet the requirements stated above.  Conform to IEEE-1613, IEC-61850-3 and IEEE and IEC Relay Standards.  Run industrial grade Windows CE® (XP® on the SMP 16/SP).  Optional redundant configurations for external communications, substation networks and devices.  Extensive self-diagnostics.

Hardware

Meet the requirements stated above.  Options for CPUs - 266 MHz AMD and > 1.4 GHz Pentium M (optional) processors.  Cybectec has the SMP I/O module – connected using DNP3 LAN.

Protocol Suite

Large library of legacy and standard protocols including DNP3 LAN and IEC 61850 with Goose.  Continue to develop new protocols, as customers require.

Cyber Security

Extensive features and applications.  Port management.  IPSec VPN supported.  Close to launching TLS for secure socket.  Include a background process doing continuous integrity checking for signed (Cybectec or other approved) applications.  Extensive logs.

Device and Network Management

SMP Tools Suite provides a full set of maintenance applications including: a manager application for all SMPs on a network, configuration tool, firmware loader tool and applications for logs, traces and stats and SNMP services.

Pass Through

Meet the requirements stated above.  Enterprise Passthrough Manager application can be remotely enabled/disabled by SCADA.

Event Record Management

Cybectec’s Enterprise Event Manager meets the requirements stated above. 

Configuration / Display Applications

Embedded Web browser server and client.  Direct connection for keyboard, video and mouse.  Standard touch screen option.  Standard and user configurable displays.  User-friendly configuration templates with drag & drop capability and drop down menu selections.  Offer the Visual Substation application as a separate HMI running on the SMP 16/SP platform.  New Enterprise level configuration manager is expected soon.

Automation Application Support

Meet the requirements stated above.  Incorporate IEC 61131-3 compliant Soft PLC and the CoDeSys workbench for control function development.

Enterprise Level Applications

Cybectec’s Enterprise Gateway system hosts a full suite of applications including an event manager, pass through manager, security server, configuration manager (coming), a data bridge for other applications and  

includes a Web server for event viewing.

 How the Cybectec SMP Gateways Measure Up  

With the growing recognition of the value of Substation Gateways, suppliers have stepped up their investments in this product category.  The following is a partial list of other suppliers with competing products and software solutions in this field:  

 

·         NovaTech® Orion Automation Platform

·         Subnet® Substation Server.Net and Enterprise Server.Net

·         SEL®  3332 Intelligent Server and SEL 3351 System Computing Platform

·         GE® D400 Substation Data Manager  

·         Siemens® SICAM Station Manager II

 

Cybectec has developed a great line of Gateway products along with the necessary enterprise applications to support cyber security applications and value-added functions such as pass through and event record management.  In addition, their Gateways support strong self-diagnostics.  Cybectec’s objective of maintaining a single point of configuration is paying big dividends for their customers. An example is the integrated configuration application that automatically configures the SMP I/O module on power up.  It is evident that Cybectec has worked hard to provide customers with a complete set of cyber security applications.   

 

Of course Cybectec is not perfect and is addressing a number of items in response to customer requests.  The SMP I/O module is new and has a few kinks that need resolving. As of now, they do not have a DC analog input capability – however this is due out shortly.  There are the usual minor hardware issues and software bugs and to their credit Cybectec is responsive in addressing these issues.  

 

Another area where customers feel improvement would be beneficial is detailed documentation.  This is a challenge for all suppliers and especially when new product enhancements and features are rolled out rapidly.  Finally the challenge of database size will need to be addressed at substation databases grow to over 100,000+ points for larger sites.   

 

One reoccurring statement comes through when you talk to utilities about Cybectec.  They support their customers well, are responsive when issues come and are open to new ideas and feature requests.  It is clear that Cybectec has retained a talented staff, giving customers confidence that the innovation will continue.

Cybectec SMP Smart Grid Scorecard

 

Metric

Score
(10 is best)

Comments

Impact

9

The ability to gather, store and deliver a large amount of substation data of varying protocols and formats, securely and reliably delivers a major impact.

Openness

8

Use of open standards and the ability to integrate 3rd party applications contribute to openness.

Standardization

10

Extensive use of industry standards.

Security

9

Cybectec have incorporated many features and applications in support of security.  Additional components such as routers and comprehensive firewalls may be needed.

Manageability

10

SMP Tools Suite provides a full set of maintenance applications including a manager application for all SMPs on a network, configuration tool, firmware loader tool and applications for logs, traces and stats and SNMP services.  Enterprise level configuration manager coming soon.

Upgradeability

8

Customers are impressed with the reliability and ease of implementation of new configurations and firmware updates using the Firmware Loader application.

Scalability

8

Scales well on a system level with the Enterprise SMP Manager application for all SMPs on a network.  Two options for processor.  Very large substations may encounter database limitations if only one SMP is used.

Extensibility

9

Automatically detects and logs changes in configurations and applications.  Supports IEC 61850 with self description, standard data model (logical nodes) and client/server, peer to peer and publish/subscribe services. 

Self-Healing

7

Broad implementation of substation gateways can enable improved self healing by providing more essential data to SCADA, EMS, State Estimator and ultimately advanced contingency analysis applications that will use detailed measurements and condition data.  In addition locally enabled automation control functions can contribute to self-healing such as fail over schemes, load balancing and auto-restoration applications.

Interactivity

7

Gateways have the potential to facilitate communications and control with IEDs on distribution feeders for switching, automatic restoration, capacitor control, conservation voltage control.

Total

85

 

Conclusion  

Overall we like the product family that Cybectec has developed and the level and speed of innovation that they continue to maintain.  They will need to continue to innovate at a rapid pace in order to keep up with the rapidly changing needs of their customers as security requirements are clarified and changed and as new beneficial applications are identified.

 

 

Research Credit:  Ron Farquharson

Ron is a Utility Automation Consultant on the Smart Grid Engineering team of EnerNex Corporation.  He has extensive experience in substation control, automation, and monitoring having spent 25 years at GE/GE Harris/ Harris/Westronic prior to joining EnerNex.

   Email Erich W. Gunther

   Summary of all SGN Tech Take reviews

   Smart Grid Scorecard for free download and use (PDF)

   EPRI IntelliGrid Architecture Web site

   GridWise Architecture Council

 

 

 

Subscribe to our FREE eMail News Alert!
Smart Grid Newsletter (SGN) is the insider's guide to the Smart Grid revolution. It consists of a FREE bi-monthly email summary, along with a companion Web site that contains the full stories and other helpful materials.

Benefits of subscribing: SGN is the only central source for all of the news, trends, research and marketplace information relevant to grid automation. In it, you will read about cutting edge technologies; successful pioneers and how they got ahead; regulatory changes that could unleash new markets; the latest research; and new opportunities for sales of grid-related products and services.


© Copyright 2008 SmartGridNews.com