Wednesday, December 1, 2010

Integrating IEDs inside your IT infrastructure - Part 1

Image: jscreationzs /


This should be a multi-part blog series that will introduce you to the control and data acquisition of substation-grade IEDs (Intelligent Electronic Devices) all the way to the data center. I'll write it as I have the time. If you have any comments or corrections, feel free to leave me a note.

Being a systems architect, not a control engineer, the emphasis of my writings will be on the IT side. I don't have any deep knowledge in the control field, having been exposed to these technologies only recently. When I tried looking for some information on the internet, there wasn't much to start with except Wikipedia entries that didn't fit together linearly. May this series help anyone who happens to follow my footsteps.

Part 1: It all starts at the IED

Wikipedia defines an IED quite well:

An Intelligent Electronic Device (IED) is a term used in the electric power industry to describe microprocessor-based controllers of power system equipment, such as circuit breakers, transformers, and capacitor banks.

Okay, so let me make my own definition, and it's all IT folks like me ought to know:

An IED is either a sensor that returns data, a control device installed in a substation
, or "something that impacts the grid".

All these devices need to provide an interface to communicate back their data, and also some means to be configured by a control engineer or technician. A lot of this stuff have traditionally been relying on the serial RS-232 point-to-point interface (unless you're under 25, you've probably heard of RS-232 before; it is the standard 9-pin or 25-pin serial port on PCs on which you can hook up serial devices). Many IEDs also rely on RS-422 and RS-485 networks which have more features than the basic, low-speed RS-232: RS-422 is a "multi-drop" network, where one sender can be heard by up to 10 slave receivers, while RS-485 is a "multi-point" network that allows up to 32 arbitrary connections.

The upper layer protocol that IEDs use seem to be, a lot of times, Modbus or DNP3. Another interesting fact is that clock synchronization with these devices is often done using the IRIG-B protocol which has a lot more history than the usual (S)NTP protocol many network administrators are already familiar with. For one, IRIG-B can work on serial interfaces.

Many IEDs have recently started to rely on ethernet media and routable TCP/IP networks instead of point-to-point communications. TCP/IP can channel DNP3, Modbus and others, but the IEC 61850 protocol is also slowly becoming a leading standard. Using TCP/IP basically enables you to access the device from anywhere -- a nice feature, but a double-edged sword nonetheless: introducing a routable network in the substation, and hooking up IEDs to it, brings up many obvious security issues that weren't there before.

Remote control and data acquisition from these IEDs could be done using plain modems and dedicated POTS lines. But now that this telecommunication architecture is slowly moving towards routable, high speed IP networks, new ways to remotely manage the substation become available using commoditized IT technology. Many analysis and archiving possibilities spring up once this scattered data is centralized, which involves software that will be unheard of to many IT admins.

We see here that while it all starts at the IED, that IED needs a way to send back its data to the data center. So what once used to be the sole business of the "Control Guys" is also becoming one which also requires some assistance from the "IT Guys".

And yes, as I admitted firsthand at the top of this article, I'm an IT Guy.



The next article will describe how to concentrate a bunch of IEDs together, and securely send their data to the data center.