Transcript Integral-base format (2-4

Outline
 Status of Infrastructure and control
Possible Bottlenecks
 First test results
 Processing of EC
recommendations after
mid-term assessment
RD-PREDIS grid for Demo C
Reduced ratio: power: 30kVA/30MVA
Voltage: 400V/20kV
PS1
Pcc  500MVA
CH 6
PCH 6  6 MW
PGéné  4MW
PS 2
Pcc  250MVA
CH 1
PCH 1  8MW
CH 2
PCH 2  2MW
PGéné  1MW
PGéné  12MW
CH 3
PCH 3  1MW
CH 4
PCH 6  1MW
PGéné  4MW
CH 5
PCH 5  1MW
PGéné  250kW
CH 9
PCH 9  1MW
CH 8
PCH 8  1MW
PS 3
Pcc  125MVA
CH 7
PCH 7  6 MW
PGéné  3MW
PGéné  3MW
RD-Predis grid for Demo C
Synchronous generators
Induction machine and load
DC motor and Wind
turbine
Lines and automations
Status of Infrastructure and Control
Mesures
Ethernet
Modbus
Switch BTH
192.168.0.250
192.168.0.253
192.168.0.251
Control
192.168.0.252
Node 1 (zone1)
Node 2 (zone2)
Node 3 (zone3)
Developed by BTH
PREDIS Network
Switch 24 ports
192.168.105.2-6
192.168.105.65
192.168.105.33
192.168.105.34
192.168.105.7-11
x5
192.168.105.35
x5
Indicators
Recorder
10 FLAIR 200C
3 enregistreurs
192.168.105.66
Agent 1 +
server OPC
Agent 2 +
server OPC
192.168.105.36
Client PcVue
POG
Server OFS
Automate
Automate
Zone 1
Zone 2
Automate
Zone 3
Automate
reconfiguration
SCADA
SCADA
Server PcVue1
Server PcVue2
Server OPC
Server OPC
PC
Configuration
API
x 39
x 57
Tores
SOCOMEC
Sensor LEM +
Voltage Transducer
Interruption devices
PREDIS Distribution network
Local « Generators et Loads »
Status of Infrastructure and Control
 Fault Passage Indicator “Flair 200C”
 Delivery: 2/10 for first test
 Connection in Modbus & TCP/IP
Modbus done
 Connection with both Industrial Control
Device and Agent validated
Flair200C
Status of Infrastructure and Control
 Fault Recorder developed with LabView 8.6
(National Instrument) “OPC server like”
Signal
Data Acquisition
Surveillance
(pick detection)
Threshold detected ?
No
No
Data analysis and recorder
Stop?
Yes
Stop
No
Status of Infrastructure and Control
GUI of program with 14 inputs (simulated inputs) accessible by the Agent
Status of Infrastructure and Control
Example of program with 4 inputs (simulated inputs)
Status of Infrastructure and Control
50 ms
250 éch
250 ms
250 éch
Status of Infrastructure and Control
 Agent Matlab et OPC Toolbox
 2 PC with Matlab + OPC Client Toolbox
available for test
 Validated Fault detection and location
algorithm with Integral distribution
network in off-line mode with EMTP
simulator
 Communication between Schneider
OPC (OFS) server and Matlab OPC
Toolbox in mode COM (server and client
on the same PC) and DA validated
 Communication between OPC Client
and PCVue (OPC server back door)
Status of Infrastructure and Control
 PcVue Scada:
Status of Infrastructure and Control
Status of Infrastructure and Control
 Automation system (Industrial Control
Devices)
 Reconfiguration Automate
premium was existing
 Communication with server
PCVue. Protocole Modbus –
TCP/IP was tested
 Home made Semantic derived
from CIM modeling and IEC
61850 is used
 Three Zone Automates were
delivered and are assembled and
are programmed right now
Status of Infrastructure and Control
 Other new equipment’s delivery and installation (dimmer loads
and transformers with on load tap changer)
Status of Infrastructure and Control
 Other new equipment’s delivery and installation DG emulators (synchronous machine)
Sizing/Delivery/Setup Status in April
Loads
Generators
Transformers
Impedances (Lines Zcc)
Automation Sys.
Fault Passage Indicator
Agent/DSO computers
SCADA
Network Emulation
Switch for LAN
Integration
Total
Sized
Ordered
Delivery
Setup
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
BTH
100%
100%
100%
100%
100%
100%
90%
100%
100%
100%
100%
100%
100%
100%
99%
100%
100%
100%
90%
50%
100%
95%
100%
100%
100%
80%
92%
Possible Bottlenecks
Concerning the delivery + assembly of the equipment  mid may
– need to add the resistance behavior of the lines
Concerning the “EDF like” control system SCADA (in progress)  mid may
– few risks due to PCVue choice and purchase but industrial software to discover  still
need to do the SCADA to Automation system connection and access to the PCVue Server
within the school responsibility
Concerning the “INTEGRAL like” telecommunication system (BTH and Data
acquisition):
– collaboration with BTH for communication layer (variable bandwidth and latency
infrastructure developed within CRISP)
Some difficulties may occurred during the assembling
– the set of devices (huge experiment)
– communication system: Ex: insufficient right to assess school server, OPC/DCOM
The first test of entire system could be late: latest tests in June or July
First test results – visit will follow
 Partial test have been carried out:
 Fault recorder with Labview program
 Fault Detection and location in Integral distribution network on
offline system (EMTP simulator)
 OPC Client toolbox on Matlab operational
 Test communication between Scada software PcVue and
reconfiguration automate Premium
 First test of the entire (power) system cannot be done yet – ICT
infrastructure will be tested at the end of April (every independent
module was tested – visit)
Preparation D7.3 & D7.4 (to be issued in June
or July (?) 2010)
D7.3: Self Healing philosophy and operation process (demo C)
D7.4: Self-Healing analysis performance report (demo C)
 Fault location algorithms will be tested on Integral distribution network.
Various fault scenarios under certain network constraints have been
taken into account.
Test simulated on EMTP/ATP coupling with Matlab Simulink & OPC
toolboc  very good results for Fault Location Isolation & Restoration
Processing of EC recommendations after
mid-term assessment
MTE recommendations
“Security of the information (Confidentiality, Integrity, Availability (CIA
model)).To guarantee that the ICT systems is protected against the threats
which could exploits vulnerabilities, information security mechanisms
should be evaluated and implemented. It is suggested considering the
possibility to carry out an information security risk assessment and
treatment of the ICT system, in order to minimize the information security
risks, or at least, to know and manage them.”
“Maintenance of the systems. Evaluation of the ICT systems maintenance is
important, as the maintenance costs are part of any business plan. It is
encouraged to include maintenance procedures and requirements in the
guidelines.”
Data collection scheme
- Common data model OPC and data
exchange format -
Self Healing Functions - Services
Resilience, Communication and Security
• The quintessential tool for both resilience and for the possibility to
experiment with ICT is virtualizations. EXP-II is basically about assessing
how border interaction between two or more network slices can be coordinated and controlled.
• The first, offline, step is done in collaboration with G2Lab/Grenoble with two
equivalent slices, a physical slice connected to a SCADA solution(G2Lab), and a virtual
one (BTH).
• Regarding self-healing as means towards resilience, there is one major concern in
regards to software here; current resilience mechanisms that can be used to make the
software side of things self-healing are quite unstable themselves and not in a state suitable
for a project such as Integral. Additionally, the resilience mechanisms that do exist in software,
and this might be true in a more general case as well, can be quite harmful unless coupled with
proper monitoring.
Status of Infrastructure and Control
Mesures
Ethernet
Modbus
Switch BTH
192.168.0.250
192.168.0.253
192.168.0.251
Control
192.168.0.252
Node 1 (zone1)
Node 2 (zone2)
Node 3 (zone3)
Developed by BTH
PREDIS Network
Switch 27 ports
192.168.3.1
192.168.1.10
100
192.168.2.10
100
x5
Prises murales
192.168.3.2
192.168.1.1
192.168.3.3
192.168.3.4
x5
Indicators
Recorder
10 FLAIR 200C
3 enregistreurs
192.168.2.1
Agent 1 +
server OPC
Agent 2 +
server OPC
Client PcVue
POG
Server OFS
Automate
Automate
Zone 1
Zone 2
Automate
Zone 3
Automate
reconfiguration
SCADA
SCADA
Server PcVue1
Server PcVue2
Server OPC
Server OPC
PC
Configuration
API
x 39
x 57
Tores
SOCOMEC
Sensor LEM +
Voltage Transducer
Interruption devices
PREDIS Distribution network
Local « Generators et Loads »
Experiments
• As
ICT is rather a means to an end rather than the subject for study
here, we will probably do better trying to support the monitoring of the
self-healing process of the grid. The SCADA system installed (or to be
installed?) at G2Lab will do this of course, but we can probably kill two
birds with one stone by creating a multi-layered (combining say the
state of the GRID with the state of the ICT itself) real-time monitor with
data sampled from the nodes comprising the physical slice and use
that to verify both the behaviour of the SCADA system and the grid
self-healing process, however the amount of work involved in getting
something like this to work is hard to predict. Such a monitoring model
could also possibly be used to construct and tune fault injection (see
below).
Experiments
In terms of security, we can look at how these protocols are affected by
data corruption on the application layer, using fault injection
techniques. Additionally, the data analyzed can be fed back into the
router configuration at the physical slice and perform fault injection on
the datalink/network/ transport layers of the OSI model. These two
kinds of fault injection will fit nicely into attack types based on
fuzzing(injecting random data into information streams) and denial of
service, but could also be done in a more informed manner, say
spoofing (faking the identity to intercept and alter information) /
playback attacks(taking samples of information and playing them back
at a later time). There might be some interesting previous work in this
regard from Rita Wells and the others at the Idaho National Labs (such
as their work on a SCADA procurement standard).
Tools
• To facilitate the offline connection, we should employ IP packet
recording technology at G2Lab and IP packet playback at BTH for
analysis, and gain better data on necessary and sufficient dimensions
for bandwidth.
• Notes on:
Packet Recording / Playback functionality - this have most certainly
been worked on by people interested in experimenting with IDSsecurity solutions. Use to bridge the divide between G2Lab. As the
EXP-II Controller already routes traffic and our communication needs
are modest (we're talking kilobytes per second, not gigabytes), it should
be quite trivial to implement using tools like tcpdump, TCPivo/NetVCR,
Monkey See, Monkey Do and others.
Thanks you for your
kind attention
Any questions or remarks?