Cyber and Physiacal Security of Smart Grid
Content
List Of Figures Title
Figure.1 Circuit Breaker with Sensors Figure 2 Sub Station Bus-Bus Pair Figure 3 Incoming Device To System Figure 4 Interconnected Power Plants & Load Sub-Station Figure 5. Emergency Imposed On System
Page No
7 9 10 11 12
CHAPTER-1
ITM/PS/2009/ 09EIMPS615
Page 1
WHAT IS A SMART GRID?
A smart grid [1] delivers electricity from suppliers to consumers using two-way digital technology to control appliances at consumers' homes to save energy, reduce cost and increase reliability and transparency. It is capable of assessing its health in real-time, predicting its behavior, anticipatory behavior, adaptation to new environments, handling distributed resources, stochastic demand, and optimal response to the smart appliances. It is a tool that allows electric utilities to focus on evolving true business drivers by enabling cost containment, end-toend power delivery control, and a more secure infrastructure. The grid is considered to have observability with nodes data integration and analysis to support advances in system operation and control. This includes power delivery integration and high level utility strategic planning functions. The existing transmission and distribution systems use techniques and strategies that are old and there is limited use of digital communication and control technology. To achieve improved, reliable and economical power delivery information flow and secure integrated communication is proposed. The Smart Grid with intelligent functions is expected to provide self-correction, reconfiguration and restoration, and able to handle randomness of loads and market participants in real time, while creating more complex interaction behavior with intelligent devices, communication protocols, standard and smart algorithms to achieve complex interaction with smart communication and transportation systems. The Smart Grid is planned to have the following key characteristics: 1 Self-healing: A grid, which is able to rapidly detect, analyze, respond and restore from perturbations. 2 Empower and incorporate the consumer: The ability to incorporate consumer equipment and behavior in the design and operation of the grid. 3 Tolerant of attack: A grid that mitigates and stands resilient to physical and cyber security attacks. 4 Provides power quality needed by 21st century users: A grid that provides a quality of power consistent with consumer and industry needs. 5 Accommodates a wide variety of generation options: A grid that accommodates a wide variety of local and regional generation technologies (including green power). 6 Fully enables maturing electricity markets: Allows competitive markets for those who want them. ITM/PS/2009/ 09EIMPS615
Page 2
7 Optimizes assets: A grid that uses IT and monitoring to continually optimize its capital assets while minimizing operations and maintenance costs. Overall, the Smart Grid design goals are to provide grid observability; create controllability of assets, enhance power system performance and security; and reduce costs of operations, maintenance, and system planning. Benefits of the Smart Grid with bring forth the following: ● Improved system performance meters. ● Better customer satisfaction. ● Improved ability to supply information for rate cases, visibility of utility operation / asset management ● Availability of data for strategic planning, as well as better support for digital summary ● More reliable and economic delivery of power enhanced by information flow and secure Communication ● Life cycle management, cost containment, and end-to-end power delivery is improved in the smart grid design ● Improved ability to supply accurate information for rate cases- with compounding impact in regulatory utilities ● Input visibility of utility operation to asset management ● Impact access to historical data for strategic planning
1.1 FUNCTIONS ARCHITECTURE
SUPPORTED
BY
THE
SMART
GRID
For the functional scope of the Smart Grid architecture [2], eight functional scenarios have been defined. A short description of each case is provided in the following subsections. 1.1.1 Variable-Tariff-Based Load The key idea of this is a variable price profile given to the customer day ahead before the delivery by a retailer. This profile is considered fixed after transmission to the customer and, as such, the customer can rely on it. The price profile will look different for each day, reflecting market conditions that vary from day to day. These variations will likely further increase with expanding generation from fluctuating sources like wind power and photovoltaic. Generally, this concept allows for integration of loads as well as of generation units at the customer site as it is up to the customer which devices are allowed to be managed according to the variable tariff. To enable in-home energy management, a suitable domestic system is required together with an automatic home management device coupled to an intelligent meter. 1.1.2 Energy Usage Monitoring and Feedback ITM/PS/2009/ 09EIMPS615
Page 3
In the ³Action Plan for Energy Efficiency´, the European Commission estimates the EUwide energy saving potential of households at approx. 27%. As one important measure for realizing this potential, the action plan states that awareness must be increased in order to stimulate end-customer behavioural changes. A timely display of energy consumption is expected to have positive effects on energy savings. Personalized and well targeted advice on how to save energy can further help exploit the savings potential. A portal or display that combines information about present and past consumption, comparisons to average consumption patterns, and precise suggestions how to further lower consumption, which are tailored personally to the customer, is expected to be the most effective way of realizing the targeted increase in households¶ energy efficiency. 1.1.3 Real-time Portfolio Imbalance Reduction This function is rooted in the balancing mechanism as used by Transmission System Operators (TSOs) throughout the world. In this context, a wholesale-market participant, that is responsible for a balanced energy volume position, is called a Balance Responsible Party (BRP). These parties have an obligation to plan or forecast the production and consumption in their portfolio, as well as notify this plan to the TSO. Deviations of these plans may cause (upward or down-ward) regulation actions by the TSO. The TSO settles the costs for the used reserve and emergency capacity with those BRPs that had deviations from their energy programs. On average this results in costs for the BRP referred to as imbalance costs. This business case scenario focuses on the balancing actions by a BRP in the near-real time (i.e. at the actual moment of delivery). Traditionally, these real-time balancing actions are performed by power plants within the BRP¶s portfolio. The key idea of this function is the utilization of real-time flexibility of end-user customers to balance the BRP portfolio. 1.1.4 Offering (secondary) Reserve Capacity to the TSO Taking the previous function one step further, the BRP uses these VPPs to, additionally,bid actively into the reserve capacity markets. 1.1.5 Distribution System Congestion Management This function is aimed at the deferral of grid reinforcements and enhancement of network utilization to improve the quality of supply in areas with restricted capacity in lines and transformers. The Distribution System Operator (DSO) avoids infrastructural investments and optimizes the use of existing assets by active management using services delivered by smart houses. By coordinated use of these services, end-customer loads can be shifted away from periods at which congestion occurs and simultaneousness of local supply and demand can be improved. 1.1.6 Distribution Grid Cell Islanding in Case of Higher- System Instability The main principle of this is to allow the operation of a grid cell in island mode in case of higher system instability in a market environment. The scenario has two main steps, the ITM/PS/2009/ 09EIMPS615
Page 4
first occurring before a possible instability and involves keeping a load shedding schedule up-to-date. The second step is the steady islanded operation. The transition to the island mode is automatic and neither end users nor the aggregator interferes with it. The system manages the energy within the island grid and it is considered that all nodes within the islanded grid will participate in the system. 1.1.7 Black-Start Support from Smart Houses The most important concept of this function is to support the black start operation of the main grid. It is assumed that after the blackout the local grid is also out of operation. The main goal is to start up quickly in island mode and then to reconnect with the upstream network in order to provide energy to the system. 1.1.8 Integration of Forecasting Techniques The volatility of the production level of distributed generators, like renewables and CHP, makes forecasting a necessary tool for market participation. The market actor with the lowest forecasting error will have the most efficient market participation. Moreover, the usage of intelligent management tools for handling the information about the uncertainties of large-scale wind generation will improve the system-wide operational costs, fuel and CO2 savings. The Smart Grid architecture under development must interact with these forecasting tools and additionally ensure accurate data collection for these tools
CHAPTER-2 A TRANSMISSION VIEW
ITM/PS/2009/ 09EIMPS615
Page 5
Power Grids today face many challenges that they were not designed and engineered to handle. Congestion and a typical power flows threaten to overwhelm the system while demand increases for higher reliability and better security and protection. The potential ramifications of grid failures have never been greater as transport, communications, finance, and other critical infrastructures depend on secure, reliable electricity supplies for energy and control. Because modern infrastructure systems are so highly interconnected, a change in conditions at any one location can have immediate impacts over a wide area, and the effect of a local disturbance even can be magnified as it propagates through a network. Large-scale cascade failures can occur almost instantaneously and with consequences in remote regions or seemingly unrelated businesses. On the North American power grid, for example, transmission lines link all electricity generation and distribution on the continent. Wide-area outages in the late 1990s and summer 2003 underscore the grid¶s vulnerability to cascading effects. Practical methods, tools, and technologies based on advances in the fields of computation,control, and communications are allowing power grids and other infrastructures to locally self- regulate, including automatic reconfiguration in the event of failures, threats, or disturbances. It is important to note that the key elements and principles of operation for interconnected power systems were established before the 1960s, before the emergence of extensive computer and communication networks. Computation is now heavily used in all levels of the power network: for planning and optimization, fast local control of equipment, and processing of field data. But coordination across the network happens on a slower timescale. Some coordination occurs under computer control, but much of it is still based on telephone calls between system operators at the utility control centers, even²or especially²during emergencies
2.1 HOW TO MAKE AN ELECTRIC POWER TRANSMISSION SYSTEM SMART[3]
Power transmission systems also suffer from the fact that intelligence is only applied locally by protection systems and by central control through the supervisory control and data acquisition (SCADA) system. In some cases, the central control system is too slow, and the protection systems (by design) are limited to protection of specific components only. To add intelligence to an electric power transmission system, we need to have independent processors in each component and at each substation and power plant. These processors must have a robust operating system and be able to act as independent agents that can communicate and cooperate with others, forming a large distributed computing platform. Each agent must be connected to sensors associated with its own component or its own substation so that it can assess its own operating conditions and report them to its neighboring agents via the communications paths. Thus, for example, a processor associated with a circuit breaker would have the ability to communicate with sensors built into the breaker and communicate those sensor values using high-bandwidth fiber ITM/PS/2009/ 09EIMPS615
Page 6
communications connected to other such processor agents. We shall use a circuit breaker as an example. We will assume that the circuit breaker has a processor built into it with connections to sensors within the circuit breaker (Figure1).
Figure.1 Circuit Breaker with Sensors We also provide communication ports for the processor where the communication paths follow the electrical connection paths. This processor agent now forms the backbone of the smart grid as will be discussed later. We propose a system that acts very fast (although not always as fast as the protections system), and like the protection system, its agents act independently while communicating with each other. As such, the smart grid is not responsible for removing faulted components, which is still the job of the protection system, but acts to protect the system in times of emergencies in a much faster and more intelligent manner than the central control system. 2.1.1 The Advantages of an Intelligent Processor in Each Component, Substation, and Power Plant We presently have two kinds of intelligent systems used to protect and operate transmission systems: the protection systems and the SCADA/EMS/independent system operator (ISO) systems. Modern computer and communications technologies now allow us to think beyond existing protection systems and the central control systems to a fully distributed system that places intelligent devices at each component, substation, and power plant. This distributed system will enable us to build a truly smart grid. The advantage of this becomes apparent when we see that each component’s processor agent has inputs from sensors in the component, thus allowing the agent to be aware of its own state and to communicate it to the other agents within the substation. On a system level, each agent in a substation or power plant knows its own state and can communicate with its neighboring agents in other parts of the power system. Having such independent agents, ITM/PS/2009/ 09EIMPS615 Page 7
which know about their own component or substation states through sensor connections, allows the agents to take command of various functions that are not performed by either the protection systems or the central control systems 2.1.2 Power Systems Components as Plug-and-Play Interconnects One of the problems common to the management of central control facilities is the fact that any equipment changes to a substation or power plant must be described and entered manually into the central computer system¶s database and electrical one-line diagrams. Often, this work is done some time after the equipment is installed, resulting in a permanent set of incorrect data and diagrams in use by the operators. What is needed is the ability to have this information entered automatically when the component is connected to the substation² much as a computer operating system automatically updates itself when a new disk drive or other device is connected. When a new device is added to a substation, the new device automatically reports data such as device parameters and device interconnects to the central control computers. Therefore, the central control computers get updated data as soon as the component is connected; they do not have to wait until the database is updated by central control personnel. Figure 2 shows a substation bus-bar pair connected by a set of disconnect switches and a circuit breaker (the component processors are shown in orange).
Figure 2 Sub Station Bus-Bus Pair Each processor has communication paths connecting it with processors of the substation component in the same pattern as the electrical connections in the substation When a new ITM/PS/2009/ 09EIMPS615
Page 8
component is added to the substation it also has a built-in processor. When the new device is connected, the communication path (Figure 3) is connected to the processor of the device it connects to electrically. When the new component¶s processor and communication path are activated, it can report its parameters and interconnects to the central control system, which can use the information to update its own database
Figure 3 Incoming Device To System
2.1.3 Diagnostic Monitoring of all Transmission Equipment Placing the processing of sensor data in a local agent avoids the problem of sending that data to the central computer via the limited-capacity SCADA communications. The means for processing the local sensor data can be designed by the component manufacturer, and the agent then only needs to send appropriate alarms to the central computers. If the component is under such stress that the local agent determines it is in danger of being damaged, it can initiate shutdown through appropriate interconnects to the protections systems associated with the components 2.1.4 Grid Computing Grid computing can be described as a world in which computational power is as readily available as electric power and other utilities. According to Irving et al. in ³Plug into Grid Computing,´ ITM/PS/2009/ 09EIMPS615
Page 9
“Grid computing could offer an inexpensive and efficient means for participants to compete (but also cooperate) in providing reliable, cheap, and sustainable electrical energy supply”. In addition, potential applications for the future power systems include all aspects that involve computation and are connected, such as monitoring and control, market entry and participation, regulation, and planning. Grid computing holds the promise for addressing the design, control, and protection of electric power infrastructure as a Complex Adaptive System (CAS). 2.1.5 Self-Healing Network Using Distributed Computer Agents A typical sequence seen in large power system blackouts follows these steps: 1) a transmission problem, such as a sudden outage of major lines, occurs 2) further outages of transmission lines due to overloads leave the system islanded 3) frequency declines in an island with a large generation load imbalance 4) generation is taken off line due to frequency error 5) the island blacks out 6) the blackout lasts a long time due to the time needed to get generation back online. A self-healing grid can arrest this sequence. In Figure 4 we show three power plants connected to load substations through a set of looped transmission lines. Each plant and each substation will have its own processor (designated by a small red box in the figure). Each plant and substation processor is now interconnected in the same manner as the transmission system itself.
ITM/PS/2009/ 09EIMPS615
Page 10
Figure 4 Interconnected Power Plants & Load Sub-Station
In Figure 5 we impose an emergency on the system; it has lost two transmission connections and is broken into two electrical islands. The processors in each island measure their own frequency and determine that there are load/generation imbalances in each island that must be corrected to prevent being shut down. The processors would have to determine the following: 1. the frequency in each island 2. what constitutes each island 3. what loads and 4. what power plants are connected to each island 5. what is the load versus generation balance in each island 6. what control actions can be made to restore the load/generation balance
ITM/PS/2009/ 09EIMPS615
Page 11
Figure 5. Emergency Imposed On System
The substation and power plant processors form a distributed computer network that operates independently of the central control system and can analyze the power system state and take emergency control actions in a time frame that cannot be done by central computer systems. How to effectively sense and control a widely dispersed, globally interconnected system is a serious technological problem. It is even more complex and difficult to control this sort of system for optimal efficiency and maximum benefit to the consumers while still allowing all its business components to compete fairly and freely. A similar need exists for other infrastructures,where future advanced systems are predicated on the near-perfect functioning of today’s electricity, communications, transportation, and financial services In the coming decades, electricity¶s share of total energy is expected to continue growing, and more intelligent processes will be introduced into this network. For example, controllers based on power electronics combined with wide-area sensing and management systems have the potential to improve the situational awareness, precision, reliability, and robustness of power systems. It is envisioned that the electric power grid will move from an electromechanically controlled system to an electronically controlled network in the next two decades
ITM/PS/2009/ 09EIMPS615
Page 12
CHAPTER-3 SECURITY
Smart Grid security is to be taken very seriously. The smart grid requires developing and deploying extensive computer and communication infrastructure that supports significantly increased situational awareness and allows finer-grained command and control. This is necessary to support major applications and systems such as demandresponse wide-area measurement and control, electricity storage and transportation, and distribution automation. Any complex system has vulnerabilities and challenges, and the smart grid is no exception.Numerous challenges will arise with the integration of cyber and physical systems, along with such factors as human behavior, commercial interests, regulatory policy, and even political elements. Some challenges will be quite similar to those of
ITM/PS/2009/ 09EIMPS615
Page 13
traditional networks, but involving more complex interactions. The following areas need to be considered [9]
3.1 Trust
For control systems, we define trust as our confidence that, during some specific interval, ● the appropriate user is accessing accurate data created by the right device at the expected location at the proper time, communicated using the expected protocol ● the data hasn’t been modified Many people view the grid’s control systems as operating in an environment of implicit trust, which has influenced design decisions. If some participants aren¶t trustworthy, new methods of addressing this beyond existing monitoring approaches might be required.
3.2 Communication and Device Security
Traditional electric-grid communications have relied predominantly on serial communication environments to provide monitoring and control.
Serial communication is reliable, is predictable, and, owing to the nature of the communications protocols, provides some containment. However, increasing numbers of smart-grid deployments are using Internet technologies, broadband communication, and nondeterministic communication environments. This issue is compounded by the rapid deployment of smart-grid systems without adequate security and reliability planning. For example, whereas traditionally communications involved devices that were in areas with physical access controls (such as fences and locked buildings), two-way meters being deployed now are accessible by consumers and adversaries. Consequently, we must consider automatic meter reading (AMR) environments hostile in such cases. Smart meters are extremely attractive targets for malicious hackers, largely because vulnerabilities can easily be monetized. Hackers who compromise a meter can immediately manipulate their energy costs or fabricate generated energy meter readings. This kind of immediacy of return on the hacker investment has proven to be a great motivator in the past.
3.3 Privacy
As the grid incorporates smart metering and load management, user and corporate privacy is increasingly becoming an issue. Electricity use patterns could lead to disclosure of not only how much energy customers use but also when they¶re at home, at work, or traveling. When at home, it might even be possible to deduce information about specific activities (for example, sleeping versus watching television). It might also be possible to discover what types of appliances and devices are present by compromising either the customer¶s home area network or the AMR network. Also, increases in power draw might suggest changes in business operations. Such energy-related information could ITM/PS/2009/ 09EIMPS615
Page 14
support criminal targeting of homes or provide business intelligence to competitors. Further research is needed in mitigating such threats.
3.4 Security Management Issues Complexity
The complexity and scale of future power systems that incorporate smart-grid concepts will introduce many security challenges. Currently, a large utility communicates with thousands of devices to manage the electrical grid. Both the volume of data and the number of devices with which a utility communicates is likely to increase by several orders of magnitude. With these larger networks, routine maintenance, managing trust, and monitoring for cyber intrusion become challenges.
3.5 SOLUTION
The most effective solution for securing the Smart Grid will be based on Public Key Infrastructure (PKI) technologies [10]. While PKI is complex, many of the items responsible for the complexity can be significantly reduced by including the following five main technical elements: ‡ PKI Standards ‡ Smart Grid PKI tools ‡ Device Attestation ‡ Trust Anchor Security ‡ Certificate Attributes 3.5.1 Smart Grid PKI Standards PKI is a powerful tool that can be used to provide secure authentication and authorization for Security Association (SA) and key establishment. They provide a mechanism for defining naming conventions, certificate constraints, and certificate policies, but they do not specify how these should be used. These standards rightfully leave these details to the organizations implementing the PKI. Therefore the development of PKI standards for use by the critical infrastructure industry is proposed. The standards would be used to establish requirements on the PKI operations of energy service providers (e.g. utilities, generators, etc) as well as Smart Grid device manufacturers Standards could include such items as acceptable security policies (e.g. PKI certificate policies used for issuing each type of certificate in the system), certificate formats, and PKI practices. 3.5.2 Smart Grid PKI Tools Even with the above standards, Smart Grid operators would have to familiarize themselves with PKI concepts, terminology, risks, best practices and the above mentioned standards. This is not likely to provide a cost-effective solution. However, given such a ITM/PS/2009/ 09EIMPS615
Page 15
set of standards, it would be possible for vendors to develop Smart Grid PKI Tools which are based on these standards. Such tools would greatly ease the process of managing the PKI components needed to support the Smart Grid application. These tools will be knowledgeable of the appropriate Smart Grid certificate policy and certificate format standards, and will be used to programmatically enforce compliance to those standards. Such tools will enhance interoperability, reduce the burden of running the PKI, and ensure that appropriate security requirements are adhered to. The tools could both automate and enforce the appropriate requirements for each PKI operation such as vetting certificate signing requests (CSR), or certificate revocation. For example, the tools would know the different requirements for handling CSRs for human system administrators. The tools would aid with system deployment, PKI operations, and system auditing, all in accordance with the standard model policy. Most importantly, these tools will eliminate the need for symmetric key configuration, which is an inherently insecure and expensive process. 3.5.3 Device Attestation An enhanced security function is device attestation. Device attestation techniques provide a method to securely ascertain if a device has been tampered with, as well as the true identity of a device (prior to any on-site provisioning). With device attestation techniques, accredited manufacturers can factory-install device attestation certificates in each Smart Grid device These device attestation certificates are used only to assert the device manufacturer, model, serial number, and that the device has not been tampered with. These certificates coupled with the appropriate authentication protocol can be used by the energy service provider to ensure that the device is exactly what it claims to be. In order to support device attestation, the device will need a FIPS 140 hardware security module (HSM), and will need high assurance boot (HAB) functionality. 3.5.4 Trust Anchor Security One major component of a secure PKI enabled system is the requirement that each relying party (RP) (any device that uses the certificate of a second party to authenticate the second party) must have secure methods to load and store the root of trust or trust anchor (TA). The TA is typically a Certificate Authority (CA) at the top of a CA hierarchy. Relying Parties trust certificate holders because they trust the TA which trusts a CA which trusts the end certificate holders. This trust is evidenced by a chain of certificates rooted at the Trust Anchor. If an adversary could change the root of trust for any RP, that RP could be easily compromised. The challenge for the operator is to ensure that each secure device obtains the correct TA information.
ITM/PS/2009/ 09EIMPS615
Page 16
One method to doing this without needing to preload the TA certificate into every device is as follows. Each accredited manufacture will preload the device with a Manufactures certificate identifying the make, model and serial number of the device, and a ³preprovisioned TA Certificate. After a Smart Grid operator purchases a Smart Grid device, the manufacturer would issue the operator a TA Transfer Certificate, which would instruct the device to accept the operator’s root CA certificate as the new trust anchor, and only the operator’s root CA certificate. The TA Transfer Certificate would be constrained to specific devices (based on serial number) In addition to secure TA management, each PKI enabled Smart Grid device should have the ability to securely load and store a local policy database (LPD). This local policy database is a set of rules that define how the device can use its certificate, and what types of certificates it should accept when acting as an RP. The LPD would be a signed object, stored in the HSM, and signed by a Policy Signing server trusted by the TA. It would be possible for the same PKI tools to automate the management of the LPD as the TA certificate. 3.5.5 Certificate Attributes In order for portions of the Smart Grid to continue to function while major portions of the grid infrastructure are unreachable, it will be essential for Smart Grid devices to be able to authenticate and determine the authorization status for each other (as well as human system administrators) without the need to reach a back-end security server. In order to do this, two additional capabilities would be required. First, Smart Grid certificates will require policy attributes to indicate the applicability of the certificate to a given application. Second, a local source of performing certificate status will be required. This can be accomplished in a number of ways. For example, it would not be difficult or costly to distribute local certificate status servers throughout the grid. A possibly better method involves having each certificate subject periodically obtain a signed certificate status for his own certificate. The certificate subject would store this status and provide it to an RP when authenticating to the RP. The RP would determine, based on local policy, if this status was new enough to accept, and if so, the associated certificate could then be evaluated. It would also be recommended that all certificate subjects were loaded with the chain of certificates between themselves and their TA, and select chains of certificates between the subject’s TA and the TAs of other agencies with which the local agency has cross-signed or otherwise trusts. Management of theses chains of certificates, and ensuring that devices receive the proper set, would again be automated by tools
ITM/PS/2009/ 09EIMPS615
Page 17
CHAPTER-4 RELIABILITY
Renewable resources, while supplementing the generation capability of the grid and addressing some environmental concerns, aggravate the reliability due to their volatility. Demand response and electric storage resources are necessary for addressing economics of the grid and are perceived to support grid reliability through mitigating peak demand and load variability. Electric transportation resources are deemed helpful to meeting environmental targets and can be used to mitigate load variability. Balancing the diversity of the characteristics of these resource types presents challenges in maintaining grid reliability [7]. Reliability has always been in the forefront of power grid design and operation due to the cost of outages to customers. In the US, the annual cost of outages in 2002 is estimated to be in the order of $79B [5] which equals to about a third of the total electricity retail revenue of $249B [6]. A similar estimate based on 2008 retail revenue would be of the order of $109B. Much higher estimates have been reported by others. The reliability ITM/PS/2009/ 09EIMPS615
Page 18
issues in modern power grids are becoming increasingly more challenging. Factors contributing to the challenges include: ● Aggravated grid congestion, driven by uncertainty, diversity and distribution of energy supplies due to environmental and sustainability concerns. The power flow patterns in real-time can be significantly different from those considered in the design or off-line analyses. ● More numerous, larger transfers over longer distances increasing volatility and reducing reliability margins.This phenomenon is aggravated by energy markets. ●The grid being operated at its ³edge´ in more locations and more often because of : → nsufficient investment and limited rights of way → Increasing energy consumption and peak demand creating contention for limited transfer capability → Aging infrastructure → Maximizing asset utilization driven by modern tools for monitoring, analyzing and control ● Consolidation of operating entities giving rise to a larger ³foot print´ with more complex problems and requiring smaller error margins and shorter decision times. This problem may be aggravated by depletion of experienced personnel due to retirement, etc.
4.1 DISTRIBUTION MANAGEMENT FUNCTIONS
The reliability problem also arises due to faults occurring in the system.A set of advanced automation functions [8] is developed to combat this problem. These new distribution management functions can be summarized as follows:
4.1.1 The Fault Diagnosis and Alarm Processing Function: This function is automatically triggered immediately after the occurrence of a fault. It produces a diagnosis of events on the basis of a set of pre-defined scenarios (a comparison of the remote information flow is made with the patterns predefined by experienced operators). The diagnosis produces an analysis of the type of fault enabling the operator to quickly understand what happened in the network under its control. The function can also detect missing remote control signals. 4.1.2 The Fault Location Function:
ITM/PS/2009/ 09EIMPS615
Page 19
After detecting and analyzing the fault, it is necessary to find the location of the fault. The goal of this function is to quickly determine the section of the feeder where the fault occurred. This is performed by analyzing the information sent from fault indicators to the control center. Operators can then intervene and isolate the fault area by remotely opening the corresponding switches. The degree of accuracy depends on the density of fault indicators on the MV network. 4.1.3 The Service Restoration Function: After locating the fault, this function finds all the plans allowing power restoration to lost customers of the non-faulted section of the feeder while considering technical constraints. Each plan consists of a series of actions, (opening/closing of switching devices) leading to power restoration.
CONCLUSION
With the increasing world population, thereby increasing demand, and depleting resources the need to be µsmart and efficient in our energy usage has become an imperative .Implementation of Smart Grid concept would go a long way in solving many of the present energy issues and problems. The whole network needs to be upgraded to meet the requirements i.e. at transmission as well as distribution level. Researches are going on to find the optimal solution and new technology to make all the desired characteristics possible. Smart Meters, Smart Homes, Smart City and so on would constitute the Smart Grid. As the new technologies would be invented and existing ones boosted up to meet the desired specifications the Smart Grid would become a reality and change the whole energy pattern throughout the world ITM/PS/2009/ 09EIMPS615
Page 20
REFERENCES
[1] http://en.wikipedia.org/wiki/Smart_grid [2] Koen Kok, Stamatis Karnouskos, David Nestle, Aris Dimeas, Anke Weidlich, Cor Warmer, Philipp Strauss, Britta Buchholz, Stefan Drenkard, Nikos Hatziargyriou and Vali Lioliou, ³Smart Houses For A Smart Grid´, in 20th International Conference on Electricity Distribution Prague, 8-11 June 2009, CIRED2009 Session 4 Paper No 0751. [3] S. Massoud Amin and Bruce F. Bollenberg, ³Toward A Smart Grid´ in IEEE Power and Energy Magazine in September/October 2005.
ITM/PS/2009/ 09EIMPS615
Page 21
[4] Robert C. Sonderegger, Debbie Henderson, Steven Bubb and Julie Steury, ³Distributed Asset Insight´ in IEEE Power and Energy Magazine in may/june 2004. [5] Arun Sehgal, ³AMR offers multiple benefits´ in Pipeline and Gas Technology in April/May 2005. [6] Patrick McDaniel and Stephen McLaughlin , Pennsylvania State University, ³Security and Privacy Challenges in the Smart Grid´ in IEEE Computer And Reliability Socities in May/June 2009. [7] Khosrow Moslehi and Ranjit Kumar, ³Smart Grid - A Reliability Perspective´ submitted to IEEE PES Conference on ³Innovative Smart Grid Technologies´ January 19-20, 2010, NIST Conference Center, Washington, DC. [8] Xavier Mamo, Sylvie Mallet, Thierry Coste and Sebastien Grenard, ´ Distribution automation: the cornerstone for Smart Grid development strategy´ 978-1-4244-4241-6/09/$25.00 ©2009 IEEE. [9] Himanshu Khurana, MarkHadley, Ning Lu, and DeborahA. Frincke, ³Smart-Grid Security Issues´ in IEEE computer and reliability societies, 1540-7993/10/$26.00 © 2010 IEEE in January/February 2010. [10] Anthony R. Metke, Randy L. Ekl and Schaumburg, IL USA, ³Smart Grid Security Technology´ in 978-1-4244-6266-7/10/$26.00 ©2010 IEEE
ITM/PS/2009/ 09EIMPS615
Page 22
Figure.1 Circuit Breaker with Sensors Figure 2 Sub Station Bus-Bus Pair Figure 3 Incoming Device To System Figure 4 Interconnected Power Plants & Load Sub-Station Figure 5. Emergency Imposed On System
Page No
7 9 10 11 12
CHAPTER-1
ITM/PS/2009/ 09EIMPS615
Page 1
WHAT IS A SMART GRID?
A smart grid [1] delivers electricity from suppliers to consumers using two-way digital technology to control appliances at consumers' homes to save energy, reduce cost and increase reliability and transparency. It is capable of assessing its health in real-time, predicting its behavior, anticipatory behavior, adaptation to new environments, handling distributed resources, stochastic demand, and optimal response to the smart appliances. It is a tool that allows electric utilities to focus on evolving true business drivers by enabling cost containment, end-toend power delivery control, and a more secure infrastructure. The grid is considered to have observability with nodes data integration and analysis to support advances in system operation and control. This includes power delivery integration and high level utility strategic planning functions. The existing transmission and distribution systems use techniques and strategies that are old and there is limited use of digital communication and control technology. To achieve improved, reliable and economical power delivery information flow and secure integrated communication is proposed. The Smart Grid with intelligent functions is expected to provide self-correction, reconfiguration and restoration, and able to handle randomness of loads and market participants in real time, while creating more complex interaction behavior with intelligent devices, communication protocols, standard and smart algorithms to achieve complex interaction with smart communication and transportation systems. The Smart Grid is planned to have the following key characteristics: 1 Self-healing: A grid, which is able to rapidly detect, analyze, respond and restore from perturbations. 2 Empower and incorporate the consumer: The ability to incorporate consumer equipment and behavior in the design and operation of the grid. 3 Tolerant of attack: A grid that mitigates and stands resilient to physical and cyber security attacks. 4 Provides power quality needed by 21st century users: A grid that provides a quality of power consistent with consumer and industry needs. 5 Accommodates a wide variety of generation options: A grid that accommodates a wide variety of local and regional generation technologies (including green power). 6 Fully enables maturing electricity markets: Allows competitive markets for those who want them. ITM/PS/2009/ 09EIMPS615
Page 2
7 Optimizes assets: A grid that uses IT and monitoring to continually optimize its capital assets while minimizing operations and maintenance costs. Overall, the Smart Grid design goals are to provide grid observability; create controllability of assets, enhance power system performance and security; and reduce costs of operations, maintenance, and system planning. Benefits of the Smart Grid with bring forth the following: ● Improved system performance meters. ● Better customer satisfaction. ● Improved ability to supply information for rate cases, visibility of utility operation / asset management ● Availability of data for strategic planning, as well as better support for digital summary ● More reliable and economic delivery of power enhanced by information flow and secure Communication ● Life cycle management, cost containment, and end-to-end power delivery is improved in the smart grid design ● Improved ability to supply accurate information for rate cases- with compounding impact in regulatory utilities ● Input visibility of utility operation to asset management ● Impact access to historical data for strategic planning
1.1 FUNCTIONS ARCHITECTURE
SUPPORTED
BY
THE
SMART
GRID
For the functional scope of the Smart Grid architecture [2], eight functional scenarios have been defined. A short description of each case is provided in the following subsections. 1.1.1 Variable-Tariff-Based Load The key idea of this is a variable price profile given to the customer day ahead before the delivery by a retailer. This profile is considered fixed after transmission to the customer and, as such, the customer can rely on it. The price profile will look different for each day, reflecting market conditions that vary from day to day. These variations will likely further increase with expanding generation from fluctuating sources like wind power and photovoltaic. Generally, this concept allows for integration of loads as well as of generation units at the customer site as it is up to the customer which devices are allowed to be managed according to the variable tariff. To enable in-home energy management, a suitable domestic system is required together with an automatic home management device coupled to an intelligent meter. 1.1.2 Energy Usage Monitoring and Feedback ITM/PS/2009/ 09EIMPS615
Page 3
In the ³Action Plan for Energy Efficiency´, the European Commission estimates the EUwide energy saving potential of households at approx. 27%. As one important measure for realizing this potential, the action plan states that awareness must be increased in order to stimulate end-customer behavioural changes. A timely display of energy consumption is expected to have positive effects on energy savings. Personalized and well targeted advice on how to save energy can further help exploit the savings potential. A portal or display that combines information about present and past consumption, comparisons to average consumption patterns, and precise suggestions how to further lower consumption, which are tailored personally to the customer, is expected to be the most effective way of realizing the targeted increase in households¶ energy efficiency. 1.1.3 Real-time Portfolio Imbalance Reduction This function is rooted in the balancing mechanism as used by Transmission System Operators (TSOs) throughout the world. In this context, a wholesale-market participant, that is responsible for a balanced energy volume position, is called a Balance Responsible Party (BRP). These parties have an obligation to plan or forecast the production and consumption in their portfolio, as well as notify this plan to the TSO. Deviations of these plans may cause (upward or down-ward) regulation actions by the TSO. The TSO settles the costs for the used reserve and emergency capacity with those BRPs that had deviations from their energy programs. On average this results in costs for the BRP referred to as imbalance costs. This business case scenario focuses on the balancing actions by a BRP in the near-real time (i.e. at the actual moment of delivery). Traditionally, these real-time balancing actions are performed by power plants within the BRP¶s portfolio. The key idea of this function is the utilization of real-time flexibility of end-user customers to balance the BRP portfolio. 1.1.4 Offering (secondary) Reserve Capacity to the TSO Taking the previous function one step further, the BRP uses these VPPs to, additionally,bid actively into the reserve capacity markets. 1.1.5 Distribution System Congestion Management This function is aimed at the deferral of grid reinforcements and enhancement of network utilization to improve the quality of supply in areas with restricted capacity in lines and transformers. The Distribution System Operator (DSO) avoids infrastructural investments and optimizes the use of existing assets by active management using services delivered by smart houses. By coordinated use of these services, end-customer loads can be shifted away from periods at which congestion occurs and simultaneousness of local supply and demand can be improved. 1.1.6 Distribution Grid Cell Islanding in Case of Higher- System Instability The main principle of this is to allow the operation of a grid cell in island mode in case of higher system instability in a market environment. The scenario has two main steps, the ITM/PS/2009/ 09EIMPS615
Page 4
first occurring before a possible instability and involves keeping a load shedding schedule up-to-date. The second step is the steady islanded operation. The transition to the island mode is automatic and neither end users nor the aggregator interferes with it. The system manages the energy within the island grid and it is considered that all nodes within the islanded grid will participate in the system. 1.1.7 Black-Start Support from Smart Houses The most important concept of this function is to support the black start operation of the main grid. It is assumed that after the blackout the local grid is also out of operation. The main goal is to start up quickly in island mode and then to reconnect with the upstream network in order to provide energy to the system. 1.1.8 Integration of Forecasting Techniques The volatility of the production level of distributed generators, like renewables and CHP, makes forecasting a necessary tool for market participation. The market actor with the lowest forecasting error will have the most efficient market participation. Moreover, the usage of intelligent management tools for handling the information about the uncertainties of large-scale wind generation will improve the system-wide operational costs, fuel and CO2 savings. The Smart Grid architecture under development must interact with these forecasting tools and additionally ensure accurate data collection for these tools
CHAPTER-2 A TRANSMISSION VIEW
ITM/PS/2009/ 09EIMPS615
Page 5
Power Grids today face many challenges that they were not designed and engineered to handle. Congestion and a typical power flows threaten to overwhelm the system while demand increases for higher reliability and better security and protection. The potential ramifications of grid failures have never been greater as transport, communications, finance, and other critical infrastructures depend on secure, reliable electricity supplies for energy and control. Because modern infrastructure systems are so highly interconnected, a change in conditions at any one location can have immediate impacts over a wide area, and the effect of a local disturbance even can be magnified as it propagates through a network. Large-scale cascade failures can occur almost instantaneously and with consequences in remote regions or seemingly unrelated businesses. On the North American power grid, for example, transmission lines link all electricity generation and distribution on the continent. Wide-area outages in the late 1990s and summer 2003 underscore the grid¶s vulnerability to cascading effects. Practical methods, tools, and technologies based on advances in the fields of computation,control, and communications are allowing power grids and other infrastructures to locally self- regulate, including automatic reconfiguration in the event of failures, threats, or disturbances. It is important to note that the key elements and principles of operation for interconnected power systems were established before the 1960s, before the emergence of extensive computer and communication networks. Computation is now heavily used in all levels of the power network: for planning and optimization, fast local control of equipment, and processing of field data. But coordination across the network happens on a slower timescale. Some coordination occurs under computer control, but much of it is still based on telephone calls between system operators at the utility control centers, even²or especially²during emergencies
2.1 HOW TO MAKE AN ELECTRIC POWER TRANSMISSION SYSTEM SMART[3]
Power transmission systems also suffer from the fact that intelligence is only applied locally by protection systems and by central control through the supervisory control and data acquisition (SCADA) system. In some cases, the central control system is too slow, and the protection systems (by design) are limited to protection of specific components only. To add intelligence to an electric power transmission system, we need to have independent processors in each component and at each substation and power plant. These processors must have a robust operating system and be able to act as independent agents that can communicate and cooperate with others, forming a large distributed computing platform. Each agent must be connected to sensors associated with its own component or its own substation so that it can assess its own operating conditions and report them to its neighboring agents via the communications paths. Thus, for example, a processor associated with a circuit breaker would have the ability to communicate with sensors built into the breaker and communicate those sensor values using high-bandwidth fiber ITM/PS/2009/ 09EIMPS615
Page 6
communications connected to other such processor agents. We shall use a circuit breaker as an example. We will assume that the circuit breaker has a processor built into it with connections to sensors within the circuit breaker (Figure1).
Figure.1 Circuit Breaker with Sensors We also provide communication ports for the processor where the communication paths follow the electrical connection paths. This processor agent now forms the backbone of the smart grid as will be discussed later. We propose a system that acts very fast (although not always as fast as the protections system), and like the protection system, its agents act independently while communicating with each other. As such, the smart grid is not responsible for removing faulted components, which is still the job of the protection system, but acts to protect the system in times of emergencies in a much faster and more intelligent manner than the central control system. 2.1.1 The Advantages of an Intelligent Processor in Each Component, Substation, and Power Plant We presently have two kinds of intelligent systems used to protect and operate transmission systems: the protection systems and the SCADA/EMS/independent system operator (ISO) systems. Modern computer and communications technologies now allow us to think beyond existing protection systems and the central control systems to a fully distributed system that places intelligent devices at each component, substation, and power plant. This distributed system will enable us to build a truly smart grid. The advantage of this becomes apparent when we see that each component’s processor agent has inputs from sensors in the component, thus allowing the agent to be aware of its own state and to communicate it to the other agents within the substation. On a system level, each agent in a substation or power plant knows its own state and can communicate with its neighboring agents in other parts of the power system. Having such independent agents, ITM/PS/2009/ 09EIMPS615 Page 7
which know about their own component or substation states through sensor connections, allows the agents to take command of various functions that are not performed by either the protection systems or the central control systems 2.1.2 Power Systems Components as Plug-and-Play Interconnects One of the problems common to the management of central control facilities is the fact that any equipment changes to a substation or power plant must be described and entered manually into the central computer system¶s database and electrical one-line diagrams. Often, this work is done some time after the equipment is installed, resulting in a permanent set of incorrect data and diagrams in use by the operators. What is needed is the ability to have this information entered automatically when the component is connected to the substation² much as a computer operating system automatically updates itself when a new disk drive or other device is connected. When a new device is added to a substation, the new device automatically reports data such as device parameters and device interconnects to the central control computers. Therefore, the central control computers get updated data as soon as the component is connected; they do not have to wait until the database is updated by central control personnel. Figure 2 shows a substation bus-bar pair connected by a set of disconnect switches and a circuit breaker (the component processors are shown in orange).
Figure 2 Sub Station Bus-Bus Pair Each processor has communication paths connecting it with processors of the substation component in the same pattern as the electrical connections in the substation When a new ITM/PS/2009/ 09EIMPS615
Page 8
component is added to the substation it also has a built-in processor. When the new device is connected, the communication path (Figure 3) is connected to the processor of the device it connects to electrically. When the new component¶s processor and communication path are activated, it can report its parameters and interconnects to the central control system, which can use the information to update its own database
Figure 3 Incoming Device To System
2.1.3 Diagnostic Monitoring of all Transmission Equipment Placing the processing of sensor data in a local agent avoids the problem of sending that data to the central computer via the limited-capacity SCADA communications. The means for processing the local sensor data can be designed by the component manufacturer, and the agent then only needs to send appropriate alarms to the central computers. If the component is under such stress that the local agent determines it is in danger of being damaged, it can initiate shutdown through appropriate interconnects to the protections systems associated with the components 2.1.4 Grid Computing Grid computing can be described as a world in which computational power is as readily available as electric power and other utilities. According to Irving et al. in ³Plug into Grid Computing,´ ITM/PS/2009/ 09EIMPS615
Page 9
“Grid computing could offer an inexpensive and efficient means for participants to compete (but also cooperate) in providing reliable, cheap, and sustainable electrical energy supply”. In addition, potential applications for the future power systems include all aspects that involve computation and are connected, such as monitoring and control, market entry and participation, regulation, and planning. Grid computing holds the promise for addressing the design, control, and protection of electric power infrastructure as a Complex Adaptive System (CAS). 2.1.5 Self-Healing Network Using Distributed Computer Agents A typical sequence seen in large power system blackouts follows these steps: 1) a transmission problem, such as a sudden outage of major lines, occurs 2) further outages of transmission lines due to overloads leave the system islanded 3) frequency declines in an island with a large generation load imbalance 4) generation is taken off line due to frequency error 5) the island blacks out 6) the blackout lasts a long time due to the time needed to get generation back online. A self-healing grid can arrest this sequence. In Figure 4 we show three power plants connected to load substations through a set of looped transmission lines. Each plant and each substation will have its own processor (designated by a small red box in the figure). Each plant and substation processor is now interconnected in the same manner as the transmission system itself.
ITM/PS/2009/ 09EIMPS615
Page 10
Figure 4 Interconnected Power Plants & Load Sub-Station
In Figure 5 we impose an emergency on the system; it has lost two transmission connections and is broken into two electrical islands. The processors in each island measure their own frequency and determine that there are load/generation imbalances in each island that must be corrected to prevent being shut down. The processors would have to determine the following: 1. the frequency in each island 2. what constitutes each island 3. what loads and 4. what power plants are connected to each island 5. what is the load versus generation balance in each island 6. what control actions can be made to restore the load/generation balance
ITM/PS/2009/ 09EIMPS615
Page 11
Figure 5. Emergency Imposed On System
The substation and power plant processors form a distributed computer network that operates independently of the central control system and can analyze the power system state and take emergency control actions in a time frame that cannot be done by central computer systems. How to effectively sense and control a widely dispersed, globally interconnected system is a serious technological problem. It is even more complex and difficult to control this sort of system for optimal efficiency and maximum benefit to the consumers while still allowing all its business components to compete fairly and freely. A similar need exists for other infrastructures,where future advanced systems are predicated on the near-perfect functioning of today’s electricity, communications, transportation, and financial services In the coming decades, electricity¶s share of total energy is expected to continue growing, and more intelligent processes will be introduced into this network. For example, controllers based on power electronics combined with wide-area sensing and management systems have the potential to improve the situational awareness, precision, reliability, and robustness of power systems. It is envisioned that the electric power grid will move from an electromechanically controlled system to an electronically controlled network in the next two decades
ITM/PS/2009/ 09EIMPS615
Page 12
CHAPTER-3 SECURITY
Smart Grid security is to be taken very seriously. The smart grid requires developing and deploying extensive computer and communication infrastructure that supports significantly increased situational awareness and allows finer-grained command and control. This is necessary to support major applications and systems such as demandresponse wide-area measurement and control, electricity storage and transportation, and distribution automation. Any complex system has vulnerabilities and challenges, and the smart grid is no exception.Numerous challenges will arise with the integration of cyber and physical systems, along with such factors as human behavior, commercial interests, regulatory policy, and even political elements. Some challenges will be quite similar to those of
ITM/PS/2009/ 09EIMPS615
Page 13
traditional networks, but involving more complex interactions. The following areas need to be considered [9]
3.1 Trust
For control systems, we define trust as our confidence that, during some specific interval, ● the appropriate user is accessing accurate data created by the right device at the expected location at the proper time, communicated using the expected protocol ● the data hasn’t been modified Many people view the grid’s control systems as operating in an environment of implicit trust, which has influenced design decisions. If some participants aren¶t trustworthy, new methods of addressing this beyond existing monitoring approaches might be required.
3.2 Communication and Device Security
Traditional electric-grid communications have relied predominantly on serial communication environments to provide monitoring and control.
Serial communication is reliable, is predictable, and, owing to the nature of the communications protocols, provides some containment. However, increasing numbers of smart-grid deployments are using Internet technologies, broadband communication, and nondeterministic communication environments. This issue is compounded by the rapid deployment of smart-grid systems without adequate security and reliability planning. For example, whereas traditionally communications involved devices that were in areas with physical access controls (such as fences and locked buildings), two-way meters being deployed now are accessible by consumers and adversaries. Consequently, we must consider automatic meter reading (AMR) environments hostile in such cases. Smart meters are extremely attractive targets for malicious hackers, largely because vulnerabilities can easily be monetized. Hackers who compromise a meter can immediately manipulate their energy costs or fabricate generated energy meter readings. This kind of immediacy of return on the hacker investment has proven to be a great motivator in the past.
3.3 Privacy
As the grid incorporates smart metering and load management, user and corporate privacy is increasingly becoming an issue. Electricity use patterns could lead to disclosure of not only how much energy customers use but also when they¶re at home, at work, or traveling. When at home, it might even be possible to deduce information about specific activities (for example, sleeping versus watching television). It might also be possible to discover what types of appliances and devices are present by compromising either the customer¶s home area network or the AMR network. Also, increases in power draw might suggest changes in business operations. Such energy-related information could ITM/PS/2009/ 09EIMPS615
Page 14
support criminal targeting of homes or provide business intelligence to competitors. Further research is needed in mitigating such threats.
3.4 Security Management Issues Complexity
The complexity and scale of future power systems that incorporate smart-grid concepts will introduce many security challenges. Currently, a large utility communicates with thousands of devices to manage the electrical grid. Both the volume of data and the number of devices with which a utility communicates is likely to increase by several orders of magnitude. With these larger networks, routine maintenance, managing trust, and monitoring for cyber intrusion become challenges.
3.5 SOLUTION
The most effective solution for securing the Smart Grid will be based on Public Key Infrastructure (PKI) technologies [10]. While PKI is complex, many of the items responsible for the complexity can be significantly reduced by including the following five main technical elements: ‡ PKI Standards ‡ Smart Grid PKI tools ‡ Device Attestation ‡ Trust Anchor Security ‡ Certificate Attributes 3.5.1 Smart Grid PKI Standards PKI is a powerful tool that can be used to provide secure authentication and authorization for Security Association (SA) and key establishment. They provide a mechanism for defining naming conventions, certificate constraints, and certificate policies, but they do not specify how these should be used. These standards rightfully leave these details to the organizations implementing the PKI. Therefore the development of PKI standards for use by the critical infrastructure industry is proposed. The standards would be used to establish requirements on the PKI operations of energy service providers (e.g. utilities, generators, etc) as well as Smart Grid device manufacturers Standards could include such items as acceptable security policies (e.g. PKI certificate policies used for issuing each type of certificate in the system), certificate formats, and PKI practices. 3.5.2 Smart Grid PKI Tools Even with the above standards, Smart Grid operators would have to familiarize themselves with PKI concepts, terminology, risks, best practices and the above mentioned standards. This is not likely to provide a cost-effective solution. However, given such a ITM/PS/2009/ 09EIMPS615
Page 15
set of standards, it would be possible for vendors to develop Smart Grid PKI Tools which are based on these standards. Such tools would greatly ease the process of managing the PKI components needed to support the Smart Grid application. These tools will be knowledgeable of the appropriate Smart Grid certificate policy and certificate format standards, and will be used to programmatically enforce compliance to those standards. Such tools will enhance interoperability, reduce the burden of running the PKI, and ensure that appropriate security requirements are adhered to. The tools could both automate and enforce the appropriate requirements for each PKI operation such as vetting certificate signing requests (CSR), or certificate revocation. For example, the tools would know the different requirements for handling CSRs for human system administrators. The tools would aid with system deployment, PKI operations, and system auditing, all in accordance with the standard model policy. Most importantly, these tools will eliminate the need for symmetric key configuration, which is an inherently insecure and expensive process. 3.5.3 Device Attestation An enhanced security function is device attestation. Device attestation techniques provide a method to securely ascertain if a device has been tampered with, as well as the true identity of a device (prior to any on-site provisioning). With device attestation techniques, accredited manufacturers can factory-install device attestation certificates in each Smart Grid device These device attestation certificates are used only to assert the device manufacturer, model, serial number, and that the device has not been tampered with. These certificates coupled with the appropriate authentication protocol can be used by the energy service provider to ensure that the device is exactly what it claims to be. In order to support device attestation, the device will need a FIPS 140 hardware security module (HSM), and will need high assurance boot (HAB) functionality. 3.5.4 Trust Anchor Security One major component of a secure PKI enabled system is the requirement that each relying party (RP) (any device that uses the certificate of a second party to authenticate the second party) must have secure methods to load and store the root of trust or trust anchor (TA). The TA is typically a Certificate Authority (CA) at the top of a CA hierarchy. Relying Parties trust certificate holders because they trust the TA which trusts a CA which trusts the end certificate holders. This trust is evidenced by a chain of certificates rooted at the Trust Anchor. If an adversary could change the root of trust for any RP, that RP could be easily compromised. The challenge for the operator is to ensure that each secure device obtains the correct TA information.
ITM/PS/2009/ 09EIMPS615
Page 16
One method to doing this without needing to preload the TA certificate into every device is as follows. Each accredited manufacture will preload the device with a Manufactures certificate identifying the make, model and serial number of the device, and a ³preprovisioned TA Certificate. After a Smart Grid operator purchases a Smart Grid device, the manufacturer would issue the operator a TA Transfer Certificate, which would instruct the device to accept the operator’s root CA certificate as the new trust anchor, and only the operator’s root CA certificate. The TA Transfer Certificate would be constrained to specific devices (based on serial number) In addition to secure TA management, each PKI enabled Smart Grid device should have the ability to securely load and store a local policy database (LPD). This local policy database is a set of rules that define how the device can use its certificate, and what types of certificates it should accept when acting as an RP. The LPD would be a signed object, stored in the HSM, and signed by a Policy Signing server trusted by the TA. It would be possible for the same PKI tools to automate the management of the LPD as the TA certificate. 3.5.5 Certificate Attributes In order for portions of the Smart Grid to continue to function while major portions of the grid infrastructure are unreachable, it will be essential for Smart Grid devices to be able to authenticate and determine the authorization status for each other (as well as human system administrators) without the need to reach a back-end security server. In order to do this, two additional capabilities would be required. First, Smart Grid certificates will require policy attributes to indicate the applicability of the certificate to a given application. Second, a local source of performing certificate status will be required. This can be accomplished in a number of ways. For example, it would not be difficult or costly to distribute local certificate status servers throughout the grid. A possibly better method involves having each certificate subject periodically obtain a signed certificate status for his own certificate. The certificate subject would store this status and provide it to an RP when authenticating to the RP. The RP would determine, based on local policy, if this status was new enough to accept, and if so, the associated certificate could then be evaluated. It would also be recommended that all certificate subjects were loaded with the chain of certificates between themselves and their TA, and select chains of certificates between the subject’s TA and the TAs of other agencies with which the local agency has cross-signed or otherwise trusts. Management of theses chains of certificates, and ensuring that devices receive the proper set, would again be automated by tools
ITM/PS/2009/ 09EIMPS615
Page 17
CHAPTER-4 RELIABILITY
Renewable resources, while supplementing the generation capability of the grid and addressing some environmental concerns, aggravate the reliability due to their volatility. Demand response and electric storage resources are necessary for addressing economics of the grid and are perceived to support grid reliability through mitigating peak demand and load variability. Electric transportation resources are deemed helpful to meeting environmental targets and can be used to mitigate load variability. Balancing the diversity of the characteristics of these resource types presents challenges in maintaining grid reliability [7]. Reliability has always been in the forefront of power grid design and operation due to the cost of outages to customers. In the US, the annual cost of outages in 2002 is estimated to be in the order of $79B [5] which equals to about a third of the total electricity retail revenue of $249B [6]. A similar estimate based on 2008 retail revenue would be of the order of $109B. Much higher estimates have been reported by others. The reliability ITM/PS/2009/ 09EIMPS615
Page 18
issues in modern power grids are becoming increasingly more challenging. Factors contributing to the challenges include: ● Aggravated grid congestion, driven by uncertainty, diversity and distribution of energy supplies due to environmental and sustainability concerns. The power flow patterns in real-time can be significantly different from those considered in the design or off-line analyses. ● More numerous, larger transfers over longer distances increasing volatility and reducing reliability margins.This phenomenon is aggravated by energy markets. ●The grid being operated at its ³edge´ in more locations and more often because of : → nsufficient investment and limited rights of way → Increasing energy consumption and peak demand creating contention for limited transfer capability → Aging infrastructure → Maximizing asset utilization driven by modern tools for monitoring, analyzing and control ● Consolidation of operating entities giving rise to a larger ³foot print´ with more complex problems and requiring smaller error margins and shorter decision times. This problem may be aggravated by depletion of experienced personnel due to retirement, etc.
4.1 DISTRIBUTION MANAGEMENT FUNCTIONS
The reliability problem also arises due to faults occurring in the system.A set of advanced automation functions [8] is developed to combat this problem. These new distribution management functions can be summarized as follows:
4.1.1 The Fault Diagnosis and Alarm Processing Function: This function is automatically triggered immediately after the occurrence of a fault. It produces a diagnosis of events on the basis of a set of pre-defined scenarios (a comparison of the remote information flow is made with the patterns predefined by experienced operators). The diagnosis produces an analysis of the type of fault enabling the operator to quickly understand what happened in the network under its control. The function can also detect missing remote control signals. 4.1.2 The Fault Location Function:
ITM/PS/2009/ 09EIMPS615
Page 19
After detecting and analyzing the fault, it is necessary to find the location of the fault. The goal of this function is to quickly determine the section of the feeder where the fault occurred. This is performed by analyzing the information sent from fault indicators to the control center. Operators can then intervene and isolate the fault area by remotely opening the corresponding switches. The degree of accuracy depends on the density of fault indicators on the MV network. 4.1.3 The Service Restoration Function: After locating the fault, this function finds all the plans allowing power restoration to lost customers of the non-faulted section of the feeder while considering technical constraints. Each plan consists of a series of actions, (opening/closing of switching devices) leading to power restoration.
CONCLUSION
With the increasing world population, thereby increasing demand, and depleting resources the need to be µsmart and efficient in our energy usage has become an imperative .Implementation of Smart Grid concept would go a long way in solving many of the present energy issues and problems. The whole network needs to be upgraded to meet the requirements i.e. at transmission as well as distribution level. Researches are going on to find the optimal solution and new technology to make all the desired characteristics possible. Smart Meters, Smart Homes, Smart City and so on would constitute the Smart Grid. As the new technologies would be invented and existing ones boosted up to meet the desired specifications the Smart Grid would become a reality and change the whole energy pattern throughout the world ITM/PS/2009/ 09EIMPS615
Page 20
REFERENCES
[1] http://en.wikipedia.org/wiki/Smart_grid [2] Koen Kok, Stamatis Karnouskos, David Nestle, Aris Dimeas, Anke Weidlich, Cor Warmer, Philipp Strauss, Britta Buchholz, Stefan Drenkard, Nikos Hatziargyriou and Vali Lioliou, ³Smart Houses For A Smart Grid´, in 20th International Conference on Electricity Distribution Prague, 8-11 June 2009, CIRED2009 Session 4 Paper No 0751. [3] S. Massoud Amin and Bruce F. Bollenberg, ³Toward A Smart Grid´ in IEEE Power and Energy Magazine in September/October 2005.
ITM/PS/2009/ 09EIMPS615
Page 21
[4] Robert C. Sonderegger, Debbie Henderson, Steven Bubb and Julie Steury, ³Distributed Asset Insight´ in IEEE Power and Energy Magazine in may/june 2004. [5] Arun Sehgal, ³AMR offers multiple benefits´ in Pipeline and Gas Technology in April/May 2005. [6] Patrick McDaniel and Stephen McLaughlin , Pennsylvania State University, ³Security and Privacy Challenges in the Smart Grid´ in IEEE Computer And Reliability Socities in May/June 2009. [7] Khosrow Moslehi and Ranjit Kumar, ³Smart Grid - A Reliability Perspective´ submitted to IEEE PES Conference on ³Innovative Smart Grid Technologies´ January 19-20, 2010, NIST Conference Center, Washington, DC. [8] Xavier Mamo, Sylvie Mallet, Thierry Coste and Sebastien Grenard, ´ Distribution automation: the cornerstone for Smart Grid development strategy´ 978-1-4244-4241-6/09/$25.00 ©2009 IEEE. [9] Himanshu Khurana, MarkHadley, Ning Lu, and DeborahA. Frincke, ³Smart-Grid Security Issues´ in IEEE computer and reliability societies, 1540-7993/10/$26.00 © 2010 IEEE in January/February 2010. [10] Anthony R. Metke, Randy L. Ekl and Schaumburg, IL USA, ³Smart Grid Security Technology´ in 978-1-4244-6266-7/10/$26.00 ©2010 IEEE
ITM/PS/2009/ 09EIMPS615
Page 22
