SCADA EMS and Automation Philosophy_3rd Draft Working File Ao 09Nov

SCADA/EMS and Automation Philosophy Table of Contents Date Issued:

Rev. November 2017

1.0

SCADA/EMS AND AUTOMATION PHILOSOPHY Rev 1.0


Rev. November 2017

Table of

1.0

Contents

1. Overview......................................................................................................... 1 1.1 Introduction............................................................................................. 1 1.2 Objectives................................................................................................ 2 1.2.1 New and Updated Facilities............................................................2 1.2.2 Existing Facilities........................................................................... 2 1.2.3 Benefits.......................................................................................... 2 1.2.4 Dissemination................................................................................. 3 1.3 Scope of SCADA/EMS and Automation Philosophy..................................3 2. SCADA/EMS..................................................................................................... 5 2.1 Control Center Philosophy....................................................................... 5 2.1.1 Control Center Hierarchy................................................................5 2.1.2 Control Center SCADA/EMS Conceptual Architecture..................13 2.1.3 Control Center SCADA/EMS Architecture Principles....................15 2.1.4 SCADA/EMS Application Software................................................20 2.1.5 EMS Performance Requirements.................................................20 2.1.6 Maintenance Philosophy..............................................................83 2.2 Real-Time Monitoring and Control.........................................................83 2.2.1 Introduction.................................................................................. 93 2.2.2 Scope............................................................................................ 94 2.2.2.1.

Substation.................................................................................. 94

2.2.2.2.

Directly-Connected Power Plants...............................................94

2.2.2.3.

Embedded Generators................................................................95

2.2.2.4.

High Voltage Direct Current (HVDC)...........................................95


Rev. November 2017

1.0

2.2.2.5.

VRE Integration.......................................................................... 95

2.2.2.6.

Ancillary Services (AS)...............................................................95

2.2.2.7.

Energy Storage System..............................................................95

2.2.2.8.

Distribution Utilities................................................................... 95

2.2.2.9.

Critical SCADA Assets................................................................ 95

2.2.3 Operational Requirement.............................................................96 2.3 Data Center............................................................................................ 83 2.3.1 Data Storage................................................................................. 83 2.3.2 Power Source and Grounding Protection.....................................88 2.3.3 SCADA/EMS Equipment Operating Environment Philosophy.......93 2.3.4 Precision Air Conditioning Unit (PACU)........................................93 2.4 Control Center Site Selection................................................................97 2.4.1 Site Selection Criteria.................................................................. 97 2.4.2 Evaluation Process....................................................................... 98 2.4.3 Economic Analysis....................................................................... 98 3. Substation Automation System (SAS) Philosophy.......................................99 3.1 Introduction........................................................................................... 99 3.2 Objectives............................................................................................ 100 3.3 Scope................................................................................................... 100 3.3.1 New substation........................................................................... 101 3.3.2 Expansion................................................................................... 101 3.3.3 Upgrade....................................................................................... 101 3.4 SAS Philosophy.................................................................................... 101 3.4.1 Conceptual overview of SAS......................................................101 3.4.2 SAS Hardware architecture........................................................102


Rev. November 2017

1.0

3.4.3 SAS Application and Functions...................................................113 3.4.4 SAS Performance Criteria..........................................................120 3.4.5 Expandability.............................................................................. 121 3.4.6 SAS Standards............................................................................ 121 3.4.7 Maintainability............................................................................ 123 3.4.8 Availability................................................................................... 123 3.4.9 Interconnectivity........................................................................ 123 3.4.10 Phasor Measurement Unit (PMU)..............................................123 3.4.11 Power Requirement................................................................... 123 3.4.12 Environmental Requirement.....................................................123 3.4.13 Cyber Security.......................................................................... 123 4. Cyber Security............................................................................................ 125 4.1 Introduction......................................................................................... 125 4.2 Objective.............................................................................................. 125 4.3 Scope................................................................................................... 125 4.4 Major Cyber Security Considerations..................................................126 4.4.1 Critical Cyber Assets.................................................................. 126 4.4.2 Security Management Controls..................................................126 4.4.3 Personnel and Training...............................................................128 4.4.4 Electronic Security..................................................................... 129 4.4.5 Physical Security........................................................................ 132 4.4.6 System Security Management....................................................132 4.4.7 Incident Reporting and Response Management........................134 4.4.8 Recovery Plans........................................................................... 134 5. Data Communications................................................................................ 136


Rev. November 2017

1.0

5.1 Introduction......................................................................................... 136 5.2 Smart Grid Communications............................................................... 136 5.3 Wired and Wireless Communications..................................................136 5.4 Network Configuration......................................................................... 137 5.4.1 Separate/Dedicated Network......................................................137 5.4.2 Hierarchical Network.................................................................. 137 5.5 Network Equipment/Hardware.............................................................143 5.5.1 Master Stations/ACC System......................................................143 5.5.2 Remote/RTU/MBSC Stations.......................................................144 5.6 Data Communications Protocol Standards.........................................144 5.6.1 Master Station Protocol..............................................................144 5.6.2 Remote Station Protocol............................................................145 6. Interface..................................................................................................... 146 6.1 Introduction......................................................................................... 146 6.2 Internal Interface................................................................................. 146 6.3 External Interface................................................................................ 147 6.3.1 Market Operations...................................................................... 147 6.3.2 Distribution Utilities and Other Utilities....................................147 6.3.3 Maintenance and Support Users (SCADA Personnel, Vendor & Third Parties)............................................................................ 147 6.3.4 External Data Requirements......................................................147 6.3.5 Power Plants Interface Philosophy............................................147 7. Other Considerations.................................................................................. 148 7.1 Time Synchronization........................................................................... 148 7.2 Fault Information/Data System..............................................................79


Rev. November 2017

1.0

7.2.1 Description.................................................................................... 79 7.2.2 Input Requirements....................................................................... 80 7.2.3 Process Principles........................................................................ 82 7.2.4 Output Requirements.................................................................... 82 8. Labelling and Identification of SCADA/EMS and Automation Equipment ................................................................................................................... 149 Appendix A: Technology Roadmap.............................................................150 Appendix B: Real-Time Monitoring and Control Operations Matrix..........154 Appendix C: Reference Standards.............................................................163 Appendix D: SCADA/EMS Application Requirement Matrix.......................165 Appendix E: SCADA/EMS Hardware Requirement Matrix..........................167 Appendix F: Protocol and Standards Reference Architecture..................168

SCADA/EMS and Automation Philosophy Acronyms and Definition of Terms Date Issued:

Page: i Rev.

November 2017

1.0

Acronyms and Definition of Terms Acronyms ACC ACE

AGC

ANSI API

AS

Automation

AVC

Definition Area Control Center Area Control Error, the difference between scheduled and actual electrical generation within a control area on the power Grid, taking frequency bias into account. Automatic Generation Control (AGC) calculates the required parameters or changes to optimize the operation of generation units. The automatic generation control software uses real-time data such as frequency, actual generation, tie-line load flows, and plant units’ controller status to provide generation changes. Automatic generation control system also calculates the parameters required for load frequency control and provides the required data on demand to maintain system frequency and power interchanges with neighboring systems at scheduled values. American National Standards Institute An Application Programming Interface, a particular set of rules and specifications that a software program can follow to access and make use of the services and resources provided by another particular software program that implements that API. It serves as an interface between different software programs and facilitates their interaction, similar to the way the user interface facilitates interaction between humans and computers. Ancillary Service, support services such as primary reserve, secondary reserve, tertiary reserve, reactive power support, and black start capacity which are necessary to support the transmission capacity and energy that are essential in maintaining power quality and the reliability of the Grid. the use of control systems and information technologies to reduce the need for human work in the production of goods and services. In NGCP it covers Substation Automation System and Building Automation System. Automatic Voltage Control


BCU BESS BFR

BMU BNCC

BPU BRCC

CBM

ii Rev.

November 2017 BCU

Page:

1.0

Bay Control Unit, a terminal unit used with supervising and controlling systems for equipment such as CBs, DSs, and Transformers installed in electric power generating plants and substations. Bay Control Unit Battery Energy Storage System Breaker Failure Relays, are intended to act as secondary protection for the primary protection relays. (The primary protection relays operate the breakers in the event of a system fault.) In normal operation, the breaker failure relay asserts an additional trip signal (re-trip) to the breaker as soon as it receives the signal from the primary protection relay. This is intended to back-up the primary protection relay in case the output from the primary relay did not initiate the breaker trip operation. If the retrip is successful, a larger outage opening of backup breakers is avoided. If the retrip is unsuccessful the breaker failure relay will open all of the adjoining, upstream breakers to clear the fault. The breaker failure relay only opens these upstream breakers if the current in the primary breaker persists for a pre-set period of time, indicating the primary breaker is malfunctioning. Tripping upstream breakers prevents the continued fault from causing further damage to the system. Bay Measuring Unit Back-Up National Control Center, a control center with the same functionality as the NCC. BNCC will take over the NCC functions in the event the NCC fails. Bay Protection Unit Backup Regional Control Center, a control center that takes over all vital functions in a case of the regional control center failure. Condition-based Maintenance, a maintenance strategy that monitors the actual condition of the asset to decide what maintenance needs to be done. CBM dictates that maintenance should only be performed when certain indicators show signs of decreasing performance or upcoming failure.


CMC COS CPS Critical Cyber Assets

CSV file/format

CT CTR/PTR Cyber

Cyber asset

Cyber Security

DAC

iii Rev.

November 2017 CIM/CIS

Page:

1.0

Common Information Model, an open standard that defines how managed elements in an IT environment are represented as a common set of objects and relationships between them. This is intended to allow consistent management of these managed elements, independent of their manufacturer or provider. Control Monitoring Criteria Change of State Control Performance Standard Facilities, systems and equipment which if destroyed, degraded or otherwise rendered unavailable would affect the reliability or operability of the power Grid system a comma separated values file which allows data to be saved in a table structured format. CSVs look like a garden-variety spreadsheet but with a .csv extension. Traditionally they take the form of a text file containing information separated by commas, hence the name. Current Transformer Current Transformer Ratio/Potential Transformer Ratio A prefix used in a growing number of technology and IT terms to describe new things that are being made possible by the spread of computers Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the power Grid system Set of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access Data Acquisition and Control (DAC) function, used in transmission and distribution operations, comprises multiple types of mechanisms for data retrieval and issuing of control commands to power system equipment. These mechanisms are often used in conjunction with each other to provide the full range of DAC interactions. The DAC function, in turn, is used by other functions, such as Supervisory Control and Data Acquisition (SCADA) systems, Energy Management Systems (EMS), Protection


Page: iv Rev.

November 2017

1.0

Engineering systems, and Advanced Distribution Automation (ADA), as the means for their interactions with the power system equipment.

DAP Data Diode

Dispatcher Workstation

DMZ

DNP 3

DS

Day Ahead Projection A data diode (also referred to as a unidirectional gateway, deterministic one-way boundary device or unidirectional network) is a network appliance or device allowing data to travel only in one direction. a user interface that is allowed to perform, to control and monitor and as well as run system advance application like AGC and power analysis study. Demilitarized Zone, perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. Distributed Network Protocol Version 3, a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (aka Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. Disconnect Switch


EMS

Engineering Workstation

EOS ESP

Fast Ethernet

FES Firewall

v Rev.

November 2017 DTS

Page:

1.0

Dispatcher Training Simulator, also known as an operator training simulator, is a computer-based training system for operators (known as dispatchers) of electrical power Grids. It performs this role by simulating the behavior of the electrical network forming the power system under various operating conditions, and its response to actions by the dispatchers. Student dispatchers may therefore develop their skills from exposure not only to routine operations but also to adverse operational situations without compromising the security of supply on a real transmission system. Energy Management System (EMS), a system of computer-aided tools used by operators of electric utility Grids to monitor, control, and optimize the performance of the generation and/or transmission system. The monitor and control functions are known as SCADA; the optimization packages are often referred to as "advanced applications" a user interface similar to an a Dispatcher Workstation, but usually allowed to perform a simulation study of the system, pre and post disturbance analysis and other study and system analysis functions. Equipment Outage Schedule Electronic Security Perimeter, the logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled Common name for the LAN specified by IEEE 802.3 and CCITT 8802.3. A base band, local area network that operates at 100 million bits per second and can be extended up to 1.5 kilometers of cable. It uses a carrier sense multiple access/collision detection protocol. Front End System An inter-network connection device that restricts data communication traffic between two connected networks. A firewall may be either an application installed on a general-purpose computer or a dedicated platform (appliance), which forwards or rejects/drops packets on a network. Typically firewalls are used to define zone borders. Firewalls generally have rules restricting which ports are


Gateway

GB Geographical Map GbE

GNSS GOOSE

GPS

vi Rev.

November 2017

FTP

Page:

1.0

open File Transfer Protocol, FTP is an Internet standard for transferring files over the Internet. FTP programs and utilities are used to upload and download Web pages, graphics, and other files between local media and a remote server which allows FTP access a network node equipped for interfacing with another network that uses different protocols. It may contain devices such as protocol translators, impedance matching devices, rate converters, fault isolators, or signal translators as necessary to provide system interoperability. It also requires the establishment of mutually acceptable administrative procedures between both networks. A protocol translation/mapping gateway interconnects networks with different network protocol technologies by performing the required protocol conversions Gigabyte Geographical display representing location of power plants and substations including transmission lines Gigabit Ethernet, a term describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second, as defined by the IEEE 802.3-2008 standard. Global Navigation Satellite System Generic Object Oriented Substation Event, a mechanism for the fast transmission of substation events, such as commands, alarms, indications, as messages taking advantage of the powerful Ethernet and support realtime behavior Global Positioning System (GPS), a space-based global navigation satellite system (GNSS) that provides reliable location and time information in all weather and at all times and anywhere on or near the Earth when and where there is an unobstructed line of sight to four or more GPS satellites. It is maintained by the United States government and is freely accessible by anyone with a GPS receiver.


Page: vii Rev.

November 2017

1.0

Grid

Grid Dispatcher

GUI

HAP HIS

HMI

HVDC

IED

I/O

Graphical User Interface, a type of user interface that allows users to interact with electronic devices through graphical icons and visual indicators such as secondary notation, instead of text-based user interfaces, typed command labels or text navigation. Hour Ahead Projection Historian, a software program that records and retrieves production and process data by time; it stores the information in a time series database that can efficiently store data with minimal disk space and fast retrieval. Human Machine Interface, The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software. High Voltage Direct Current, an electric power transmission system that uses direct current for the bulk transmission of electrical power, in contrast with the more common alternating current (AC) systems. Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers) Input/Output, refers to the communication between an information processing system (such as a computer), and the outside world, possibly a human, or another information processing system. Inputs are the signals or data received by the system, and outputs are the signals or data sent from it. The


Page: viii Rev.

November 2017

1.0

term can also be used as part of an action; to "perform I/O" is to perform an input or output operation. I/O devices are used by a person (or other system) to communicate with a computer.

ICCP

ICS

IEC IEC 60870-5-101

Inter-Control Center Communications Protocol (ICCP or IEC 60870-6/TASE.2), a protocol for data exchange over wide area networks (WANs) between utility control centers, utilities, power pools, regional control centers, and Non-Utility Generators. ICCP is also an international standard: International Electrotechnical Commission (IEC) Telecontrol Application Service Element 2 (TASE.2). General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) often found in the industrial sectors and critical infrastructures. An ICS consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy) International Electrotechnical Commission IEC 60870-5-101 (IEC101), an international standard prepared by TC57 for power system monitoring, control & associated communications for telecontrol, teleprotection, and associated telecommunications for electric power systems. This is completely compatible with IEC 60870-5-1 to IEC 60870-5-5 standards and uses standard asynchronous serial telecontrol channel interface between DTE and DCE. The standard is suitable for multiple configurations like point-to-point, star, multi-dropped etc.


IEC 61970

IED

ix Rev.

November 2017 IEC 61968-8:2015

Page:

1.0

IEC 61968-8:2015 specifies the information content of a set of message types that can be used to support many of the business functions related to customer support. Typical uses of the message types include service request, customer agreement, and trouble management. The purpose is to define a standard for the integration of customer support (CS), which would include customer service, trouble management and point of sale related components integrated with other systems and business functions within the scope of IEC 61968. The scope of this standard is the exchange of information between a customer support system and other systems within the utility enterprise. a series of standards deals with the application program interfaces for energy management systems (EMS). The series provides a set of guidelines and standards to facilitate: the integration of applications developed by different suppliers in the control center environment; the exchange of information to systems external to the control center environment, including transmission, distribution and generation systems external to the control center that need to exchange real-time data with the control center; the provision of suitable interfaces for data exchange across legacy and new systems. Intelligent Electronic Device, a term used in the electric power industry to describe microprocessorbased controllers of power system equipment, such as circuit breakers, transformers, and capacitor banks.

Integrated Monitoring Center IP IRIG-B

Internet Protocol Inter-Range Instrumentation Group time code "B", a standard format for transferring timing information via DC level shift (DCLS), pulse-width coded signal (“unmodulated IRIG-B”) or as an amplitudemodulated signal based on a sine wave carrier with a frequency of 1kHz (“modulated IRIG-B”). Atomic frequency standards and GNSS receivers designed for precision timing are often equipped with an IRIG


Page: x Rev.

November 2017

1.0

output

IS&R

ISMR

ISMS

ISO ITU-T KVM

L/R LAN

Local Control Maintenance Workstation

MBSC

Information Storage and Retrieval, the systematic process of collecting and cataloging SCADA and EMS data so that they can be located and displayed on request. Information Security Management Representative, , a person responsible for the overall management and implementation of ISMS Information Security Management System, a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach International Standards Organization International Telecommunication Union Telecommunication KVM (keyboard, video and mouse) device, a hardware device that allows a user to control multiple computers from one or more sets of keyboards, video monitors, and mice. Lower/Raise Local Area Network, a system of physical cables and associated procedures to allow the exchange of information between two or more personal computers, host computing system and computer terminals. The most common LANs are Ethernet (IEEE 802.3 and CCITT 8802.3). a mode of control in which plant and substation equipment are controlled by the equipment itself. a user interface similar to an a Dispatcher Workstation, but usually allowed to perform a higher level of system control, such as changing alarm limits capabilities to modify system database, graphics, reports, control strategies, and other programming functions. Microprocessor Based Substation Control, an integrated system for protecting, measuring, control, supervision and reporting. It is a hierarchical structure system based on a station


MTTR

MVA MVAR MW MWH NCC NCIT NDME NMS

NOD NPD NTP

OEM

OLTC

OPC

xi Rev.

November 2017

MO MODBUS

Page:

1.0

computer which communicates via serial, IP and other communication buses to a distributed system such as protective relays, control modules and the alarm system. Market Operation/Market Operator a serial communications protocol use with programmable logic controllers (PLCs). Simple and robust, it has since become one of the de facto standard communications protocols in the industry, and it is now amongst the most commonly available means of connecting industrial electronic devices. Mean Time To Repair, a basic measure of the maintainability of repairable items. It represents the average time required to repair a failed component or device. Megavolt-ampere Megavolt-ampere (reactive) Megawatt Megawatt-hour National Control Center, monitors and controls the whole network of the Philippines Grid. Non-Conventional Instrument Transformer Network Disturbance Monitoring Equipment Network Management System, an application or set of applications that lets the network administrator manage a network element inside a bigger network management framework. NMS may be used to monitor both software and hardware component in a network. Network Operation Division Network Protection Division Network Time Protocol, a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Original Equipment Manufacturer, a company that produces parts and equipment that may be marketed by another manufacturer On Load Tap Changer, a device for changing the tapping connections of a transformer winding, suitable for operation while the transformer is energized or on load Open Platform Communication, interoperability standard for the secure and reliable exchange of


OSI

PACU

PAGASA

PAS PCB PDC

PLC

xii Rev.

November 2017

OSF

Page:

1.0

data in the industrial automation space and in other industries. It is platform independent and ensures the seamless flow of information among devices from multiple vendors Open Software Foundation, a not-for-profit organization founded in 1988 under the U.S. National Cooperative Research Act of 1984 to create an open standard for an implementation of the UNIX operating system Open Systems Interconnection (OSI), an effort to standardize networking that was started in 1977 by the International Organization for Standardization (ISO), along with the ITU-T. Precision Air Conditioning Unit, controls the ambient environment by providing constant temperature and humidity conditions to costly and sensitive sophisticated electronic equipments throughout the year. This is in contrast to normal air conditioning which provides only the cooling comfort to people sitting in a room. Philippine Atmospheric Geophysical and Astronomical Services Administration.

Power Application System Power Circuit Breaker Phasor Data Concentrator, receives and timesynchronizes phasor data from multiple phasor measurement units (PMUs) to produce a real-time, time-aligned output data stream. Through use of multiple PDCs, multiple layers of concentration can be implemented within an individual synchrophasor data system. Programmable Logic Controller, a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines or lighting fixtures. PLCs are used in many industries and machines. Unlike generalpurpose computers, the PLC is designed for multiple inputs and output arrangements, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed or non-volatile memory.


PNPD POSIX

PTP

PU RCC

RDBMS

Real-Time

Remote Control

xiii Rev.

November 2017 PMS PMU

Page:

1.0

Protection Management System Phasor Measuring Unit, a device which measures the electrical waves on an electricity Grid using a common time source for synchronization. Time synchronization allows synchronized real-time measurements of multiple remote measurement points on the Grid. The resulting measurement is known as a synchrophasor. Power Network Planning Divison Portable Operating System Interface, a family of related standards specified by the IEEE to define the application programming interface (API), along with shell and utilities interfaces for software compatible with variants of the Unix operating system, although the standard can apply to any operating system. Precision Time Protocol, a protocol used to synchronize clocks throughout a computer network. On a local area network, it achieves clock accuracy in the sub-microsecond range, making it suitable for measurement and control systems. Processing Unit, is the same as application servers. Regional Control Center, a control center that is in charged with monitoring and control of the regional power system. The function of the RCC is quite similar to that of the NCC. The only difference between these two is that the NCC monitors and controls the entire power system whereas the RCC is only responsible for the monitoring and control of the regional system. Relational Database Management System, a database management system (DBMS) that is based on the relational model as introduced by E. F. Codd. Most popular commercial and open source databases currently in use are based on the relational database model. Pertaining to a system or mode of operations in which computation is performed during the actual time that an external process occurs, in order that the computation results can be used to control, monitor, or respond in a timely manner to the external process. a mode of control in which plant and substation equipment are controlled by Plant and Substation


Router

RS232

RS485

RTD RTOS

RTU

xiv Rev.

November 2017

Risk Assessment

Page:

1.0

Control System set of activities executed to understand the risks to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. a device that forwards data packets across computer networks. Routers perform the data "traffic directing" functions on the Internet. A router is a microprocessor-controlled device that is connected to two or more data lines from different networks. When a data packet comes in on one of the lines, the router reads the address information in the packet to determine its ultimate destination. Recommended Standard-232, the traditional name for a series of standards for serial binary singleended data and control signals connecting between a DTE (Data Terminal Equipment) and a DCE (Data Circuit-terminating Equipment). It is commonly used in computer serial ports. The standard defines the electrical characteristics and timing of signals, the meaning of signals, and the physical size and pinout of connectors. ANSI Telecommunications Industry Association/Electronic Industries Alliance 485, a standard defining the electrical characteristics of drivers and receivers for use in balanced digital multipoint systems. The standard can be used effectively over long distances and in electrically noisy environments. Multiple receivers may be connected to such a network in a linear, multi-drop configuration. Real Time Dispatch Real Time Operating System, an operating system (OS) intended to serve real-time applications that process data as it comes in, typically without buffer delays. Processing time requirements (including any OS delay) are measured in tenths of seconds or shorter increments of time Remote Terminal Unit, a microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or SCADA (supervisory control and data acquisition system) by transmitting telemetry data to the system and/or altering the state of connected


Page: xv Rev.

November 2017

1.0

objects based on control messages received from the system.

SAN SBO

Storage Area Network Select Before Operate (similar to “select and execute”). Two-part command sequence used to achieve high communications security and hardware verification before the control is actually executed.

SCADA

Supervisory Control and Data Acquisition, the topend control system for remote monitored sites comprised of hosts, multiple workstations, peripherals, front-end processors, and user interfaces for monitoring and control, trending, report generation, and other functions. Supervisory Control and Data Acquisition/Energy Management System, supervises controls, optimizes and manages generation and transmission systems. It enables utilities to collect, store and analyze data from hundreds of thousands of data points in national or regional networks, perform network modeling, simulate power operation, pinpoint faults, preempt outages, and participate in energy trading markets. Substation Control and Information Management Submarine Cable Overload Protection Scheme Sequence of Events Recorder a computer, or series of computers, that link other computers or electronic devices together. They often provide essential services across a network like application, file, printing and others An input variable that sets the desired value of the controlled variable. This variable may be manually set, automatically set, or programmed. Secure File Transfer Protocol Security Incident and Event Management, a software, appliances or managed services that provide real-time analysis of security alerts generated by applications and network hardware. Also logs security data and generates reports for compliance purposes System Integrity Protection Scheme

SCADA/EMS

SCIM SCOPS SER Server

Set Point

SFTP SIEM

SIPS


SLF Smart Grid Smart Substation SO SOE SQL

Supervisory Control SVC

Switch Tape drive

TASE.2

TB

xvi Rev.

November 2017 SIS

Page:

1.0

Safety Instrumented System, a system that is composed of sensors, logic solvers, and final control elements whose purpose is to take the process to a safe state when predetermined conditions are violated. Other terms commonly used include emergency shutdown system (ESS), safety shutdown system (SSD), and safety interlock system (SIS) Short-Term Load Forecast

System Operation/System Operator Sequence of Events Structured Query Language, a database computer language designed for managing data in relational database management systems (RDBMS). Its scope includes data insert, query, update and delete, schema creation and modification, and data access control. a control mode in which plant and substation equipment are controlled by control centers SCADA/EMS or SCADA system Static VAR Compensator, a set of electrical devices for providing fast-acting reactive power on highvoltage electricity transmission networks. a networking device that connects network elements in one segment. a data storage device that reads and writes data on a magnetic tape. IEC60870-6 Telecontrol Application Service Element 2 (TASE.2), a protocol (informally known as the InterControl Center Communications Protocol (ICCP)) was developed by IEC TC57 WG07 for data exchange over Wide Area Networks (WANs) between a utility control center and other control centers, other utilities, power plants and substations. TASE.2 (ICCP) is used in almost every utility for inter-control center communications between SCADA and/or EMS systems. It is supported by most vendors of SCADA and EMS systems. Terrabyte


TCP/IP

UFR

UI UL Unidirectional gateway

UNIX UPS

UTC

xvii Rev.

November 2017 TBM

Page:

1.0

Time-based maintaenance, is a maintenance performed on equipment based on a calendar schedule. This means that time is the maintenance trigger for this type of maintenance. Time-based maintenance is planned maintenance, as it must be scheduled in advance. Transmission Control Protocol/Internet Protocol, is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent Under Frequency Relay, a device that functions to protect the load in the event generator frequency decreases below preset limits. It actuates when the frequency decreases to 55 hertz for 60-hertz operation and 46 hertz for 50-hertz operation. User Interface, a set of commands or menus through which a user communicates with a program Underwriters Laboratory Unidirectional gateways are a combination of hardware and software. The hardware permits data to flow from one network to another, but is physically unable to send any information at all back into the source network. The software replicates databases and emulates protocol servers and devices. a multi-user computer operating system originally developed in 1969 by a group of AT&T Uninterruptible Power Supply, is an electrical apparatus that provides emergency power to a load when the input power source, typically the utility mains, fails. It will provide instantaneous or nearinstantaneous protection from input power interruptions by means of one or more attached batteries. Universal Coordinated Time – a time scale which forms the basis of a coordinated radio dissemination of standard frequencies and time signals. It corresponds exactly in rate with international atomic time, but differs from it by an integral number of seconds


VPN

VPS

VRE

VRLA Gel VSLF VT WAMS

WAN

WAP WEB

xviii Rev.

November 2017 UTM

Page:

1.0

Unified Threat Management, a comprehensive solution for network security as a primary network gateway defense solution for organizations. It has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing and on-appliance reporting. Virtual Private Network, a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network Video Projection System, an integrated large-scale system for display and monitoring of the overall power network status and/or conditions Variable Renewable Energy, energy produced from a source that is renewable, cannot be stored by the facility owner or operator and has inherent intermittently that is beyond the control of the facility owner or operator. These includes PV , wind and run-of-river generating system a Valve-Regulated Lead Acid battery that utilizes gel as electrolyte Very Short-Term Load Forecast (VSLF) Voltage Transformer Wide Area Monitoring System, provides enhanced transmission capacity and security achieved by online monitoring of the system safety or stability limits and capabilities. Additionally, it reinforces power systems and associated investment planning based on feedback obtained during analysis of system dynamics. Wide Area Network, a computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries). Week Ahead Projection World Wide Web, a system of interlinked hypertext documents accessed via the Internet. With a web browser, one can view web pages that may contain text, images, videos, and other multimedia and navigate between them via hyperlinks.


Page: xix Rev.

November 2017 Workstation

XML

A special computer designed for technical or scientific applications. Intended primarily to be used by one person at a time, they are commonly connected to a local area network and run multiuser operating systems. Extensive Markup Language

1.0

SCADA/EMS and Automation Philosophy Overview Date Issued:

Page: 1 Rev.

November 2017

1.0

1. Overview 1.1 Introduction Technological advancements in computing and data communication have pushed the boundaries of what is technically feasible in SCADA/EMS, substation automation, and cyber security. Data processing algorithms also experienced significant advances making it possible to handle large amount of data and process it into information that aids decision making in Grid operation and maintenance. These advancements support the increasing use of digital control and information technology to improve the reliability, security and efficiency of the electric power Grid. The planned interconnection of Visayas and Mindanao Grids will transform the Philippine Grid from separate networks into a single electrical power Grid. This transformation will necessitate a shift in perspective and adjustments in the organization and operation of System Operations. Technical, informational, and organizational factors are drivers of change. The revised SCADA/EMS and Automation Philosophy of NGCP capitalizes on the technical and informational advancements to provide NGCP with the capability to effectively manage and maintain its transmission network. It is predicated on the power system principles of reliability, adequacy, security, and resiliency as well as on SCADA principles on redundancy, interoperability and application of mature standards. The SCADA/EMS and Automation Philosophy described in this document provides the concept and framework for NGCP’s SCADA/EMS and automation infrastructure. It expounds on the data exchange from the RTUs/SAS to Area Control Centers (ACCs), Regional Control Centers (RCCs), National Control Center (NCC), and the New Market Management System (NMMS) of Market Operation. Modifications were introduced to the Control Center Hierarchy in the context of a unified NGCP electrical transmission network which will be realized when Visayas and Mindanao HVDC interconnection becomes operational. Condition-based Maintenance (CBM) is among the key features of the philosophy. CBM is a maintenance strategy that monitors the actual condition of the asset to decide what maintenance needs to be done. It emphasizes that maintenance should only be performed when certain indicators show signs of decreasing performance or upcoming failure. In view of this, the philosophy considered an expanded real time data set for the control centers. The previous data set composed of power system operational data has been expanded to include real time parameters essential to the monitoring of the condition of power system elements such as transformers, breakers, transmission lines, and other primary and secondary devices; communication equipment


Page: 2 Rev.

November 2017

1.0

as well as protection equipment. Handling and processing of these data will be performed by an Integrated Monitoring Center at the NCC. Data exchange with external customers such as Market Operation, Department of Energy, Distribution Utilities, etc., is part of the SCADA/EMS and Automation Philosophical framework. Due consideration was given to the robustness of the data exchange and security of the NGCP SCADA/EMS Network. The principle of redundancy to maintain high availability is a cornerstone of the philosophy. Redundancy schemes for NCC, RCC, and ACC are illustrated and elaborated. SCADA/EMS and Substation Automation implementations adhering to the framework of this philosophy will lay the foundation for a Smart Grid ready NGCP. 2. Objectives The purpose of this document is to guide the development programs of SCADA/EMS and automation philosophy for NGCP, designers, consultants and contractors that can ensure uniformity and consistency in SCADA/EMS and automation projects for NGCP facilities 1. Provide guiding concepts in the preparation of contract specifications relative to control system hardware and software for SCADA/EMS and automation projects of NGCP. This covers both acquisition of new system as well as upgrades of existing automation facilities. 2. Formulate a comprehensive approach for development programs, designing, specifying, implementing, and testing SCADA/EMS and automation projects of NGCP. Potential benefits from this philosophical approach can best be realized through constant and consistent application to all projects that directly or indirectly deal with process control. 3. Promote the use of appropriate standards for software, network, communication and hardware within SO and O&M facilities. All of the objectives cited, complements each other to achieve optimal degree of reliability, interoperability, and maintenance efficiency for NGCP’s SCADA/EMS and SAS installations. This will strengthen NGCP’s capability to efficiently realize its corporate responsibility to the nation and its stakeholders. 2.1.1 New and Updated Facilities


Page: 3 Rev.

November 2017

1.0

The design of new SCADA/EMS and automation system, which shall be incorporated into NGCP facilities or upgrade of existing automation set-up, shall be in accordance with the design philosophy set out in this document. This is to ensure that any SCADA/EMS and automation project to be undertaken is an integral part of the NGCP-wide automation control program. A coordinated effort in this respect spearheaded by System Operations can provide consistency in the design of SCADA/EMS and automation projects 2.1.2 Existing Facilities Existing facilities shall not be replaced outright with newer system just for the sake of keeping pace with what is “technologically in” at the moment. The SCADA/EMS and automation philosophy herein described have incorporated a migration strategy that will permit the incorporation of new or enhanced functionalities to existing facilities that can improve operational effectiveness. 2.1.3 Benefits The adoption of the SCADA/EMS and Automation philosophy will ultimate redound to NGCP’s corporate advantage. The use of proven techniques, approved equipment, and common hardware and software will result in overall benefits from the uniformity of control strategies, reports and logs, process optimization, and improvement in overall business efficiency. The adoption of the SAS philosophy will ultimate redound to NGCP’s corporate advantage. 1. It will be used as a common reference for O&M, SO and P&E and other support groups. 2. It will be used as a common reference for planning, design, construction implementation, operation and maintenance of all NGCP facilities and equipment. 3. The use of proven techniques, approved equipment, and common hardware and software will result in overall benefits from the uniformity of control strategies, reports and logs, process optimization, and improvement in overall business efficiency. Overall benefits of this philosophy will give more reliable and efficient operation and maintenance of the substation using the international standard industry practice. This will result in achieving and sustaining the improved levels of efficiency, reliability, compatibility, enhancement, system upgrade and


Page: 4 Rev.

November 2017

1.0

adoption of new technology in an existing substations. Likewise, this philosophy manual will be used as reference for the old, existing and new design of substation control and operation system. 2.1.4 Dissemination For the SCADA/EMS and Automation Philosophy to be useful they must be properly disseminated to project participants. Since the SCADA/EMS and Automation Philosophy covers technical standards, the dissemination of information must be carefully controlled. 3. Scope of SCADA/EMS and Automation Philosophy Operation of complex and critical systems should be guided by a philosophy delineating the operational, maintenance, and expansion roadmap for the system. The philosophy, in all aspects, must dovetail with NGCP’s corporate vision and mission. Essentially, it should provide System Operations and other functional group of NGCP with the direction that could optimize its contribution to the realization of NGCP’s corporate goals. A systems approach was deemed appropriate in describing the interplay of the key points in the SCADA/EMS and Automation Philosophy. These key points are enumerated below and depicted in Figure 1 - Conceptual Overview: SCADA/EMS. The key points are linked to each other to show the interaction of the elements in the system. Thus, it can be seen that a failure or sub part performance of one element can have an adverse impact on the performance of the other elements and ultimately the final output of the system.


Page: 5 Rev.

November 2017

Figure 1 Conceptual Overview: SCADA/EMS and Automation Philosophy

1.0

SCADA/EMS and Automation Philosophy Page:

SCADA/EMS

6

Date Issued:

Rev. November 2017

1.0

4. SCADA/EMS 5. Control Center Philosophy 5.1.1 Control Center Hierarchy Separate management of the Luzon, Visayas, and Mindanao Grids to ensure the twin goal of satisfying Grid demand and maintaining Grid security already presents a certain peculiar level of complexity. It is to be expected that the bar of complexity will be raised to a higher level than what is currently experienced by NGCP when the interconnection of the Luzon, Visayas, and Mindanao Grids is completed. The mindset of managing the Philippine Grid as isolated Grids of Luzon, Visayas, and Mindanao is no longer sufficient. There should be a holistic view of the Philippine Grid as a single interconnected network. In consonance with this concept, a hierarchy of control is envisioned to be established to support the integrated operation of the transmission system and dispatch of all generation in the Philippines. The delineation of the hierarchical matrix of responsibility are as follows: 

National Control Center (NCC) The National Control Center shall coordinate all high voltage levels, critical lines and substations’ transmission operations and dispatch all generation in accordance with the real-time dispatch schedule from Market Operations.



Regional Control Centers The

Regional

Control

Centers

in

Luzon,

Visayas,

and

Mindanao shall monitor and control the transmission system in their respective areas of responsibility. The monitoring and control shall be in accordance with the regional transmission operational blueprint laid out by NCC for the respective regions. 

Area Control Centers The Area Control Centers in Luzon, Visayas, and Mindanao shall supervise transmission operations of other parts of the


SCADA/EMS

7

Date Issued:

Rev. November 2017

1.0

transmission system not managed by the RCC and which have been placed under their supervision. 2.1.1.1.National Control Center (NCC) “Concept before form”. This is the guiding ethos in the formulation

of

the

SCADA

Philosophy.

The

Conceptual

Framework of the National Control Center shown in Figure2.2 was formulated in consonance with this notion. It established the linkages and relational framework that binds the various key aspects in data exchange and control between the NCC, RCC, ACC, and other stakeholders in the electric power industry. Due emphasis is placed on data exchange and control for these are necessary in keeping an electric power system operating synchronously. All the interconnected systems must operate cooperatively to maintain the reliability of the entire system because any disturbance in one part of the network affects the rest of the network. The success of this cooperative effort requires robust data exchange and control actions among regional control operators, generation/transmission operators, and market operators. Formulation of the National

Control Center framework is

anchored on the following general principles on power system:  Reliability Electricity shall be delivered to customers in the desired amount and quality within acceptable standards. Reliability measurands can be in terms of frequency, duration and magnitude of adverse effects on the supply of electricity.  Adequacy Power system shall be able to supply the aggregate electrical demand and energy requirement of the customer at all times. Scheduled and reasonably expected outages of system elements shall be factored in to the demand and supply scenarios.  Security

SCADA/EMS and Automation Philosophy SCADA/EMS Date Issued:

Page: 8 Rev.

November 2017

1.0

Power systems shall have the ability to withstand sudden disturbances such as electric short circuit, voltage collapse or unanticipated loss of power system elements.  Redundancy Inclusion of extra system or component shall be provided in case of failure in the other component  Resiliency Attribute that allows a control system to better sustain and more quickly recover from adverse effects such as cyberattacks or natural disasters.  Interoperability The capability of two or more networks, systems, devices, applications, or components to work together and to exchange and readily use information securely, effectively, and with little or no inconvenience to the user.  Interchangeability The ability of two or more devices or components to be interchanged without making changes to the other components or devices and without degradation in system performance.  Mature Standard The standards used shall be mature. It should have been in use for a sufficient time that most of its initial faults and inherent problems have been identified and removed or reduced by further development. 2.1.1.1.1. National Control Center Conceptual Framework The National Control Center (NCC) SCADA/EMS is at the top of the control center hierarchy of NGCP. This is followed by the Regional Control Centers located in Luzon, Visayas, and Mindanao at the second level. The third level is composed of the Area Control Centers of Luzon, Visayas, and Mindanao. At the fourth and lowest level are the RTUs/SAS of the different installations (substations, switchyards, plants, etc.) from which power system data emanates.


Page: 9 Rev.

November 2017

1.0

Data from devices in plants, substations, switchyards, etc. corresponding to the Control and Monitoring Criteria (CMC) of NGCP will be collected by the RTUs/SAS. These will be polled by the SCADA system at the Area Control Centers (ACCs). Data exchange between the ACCs at the third level and RTUs/SAS at the fourth level shall utilize appropriate mature standard protocols. The RCCs will be linked with the ACCs through a data communication network that adheres to the data communication philosophy. Inter Control Center Protocol (ICCP), a mature standard protocol for exchange between Control Centers shall be adopted between the RCC and ACC for monitoring functions. Other inter control center standard protocols which will become mature in the future can be considered. DNP3/IP standard protocol shall govern the data exchange between RCC/ACC and the RTUs/SAS for this control function. The NCC and the RCC will be connected through a data communication link. Data exchange between NCC and RCC shall be through Inter Control Center Protocol (ICCP) – a mature standard protocol for inter control center exchange. The NCC shall have control function capability over field devices in substations/switchyards as well as the MW/MVAR regulation for plant and generating units. For this purpose, a direct data communication link between NCC and RTUs/SAS shall be separately established. Likewise, DNP3/IP standard protocol shall govern the data exchange between NCC and the RTUs/SAS for this control function. Other entities in the electric power industry such as National Transmission Company (TransCo), Distribution Utilities (DUs), Generating Companies, market agents, government offices, and service provides shall connect to NCC through the WebServices server. Internet/intranet data communication link shall be used. The link shall pass through a firewall connected to the Web Services server. SCADA/EMS installations wishing to connect with NCC shall use the Inter Control Center Protocol (ICCP) for the exchange


SCADA/EMS

10

Date Issued:

Rev. November 2017

of

information.

The

connection

1.0

shall

be

through

the

Demilitarized Zone (DMZ) of the NCC network configuration. Data

exchange

between

the

Market

Operator’s

Market

Management System and NCC shall be established through ICCP and shall pass through a firewall.

Figure 2 - National Control Center Conceptual Framework 2.1.1.1.2. National Control Center Integrated Monitoring System The SCADA Philosophy is principle-centered. One of the principles that serves as a pillar of the philosophy is “Power System Reliability”. It is important that power system reliability be viewed in a more expansive perspective that takes into consideration the various key factors which have reasonable impact on the reliability of the power system. Among these factors are the condition of the transmission lines;

substation

and

switchyard

equipment

such

as

breakers, transformers, etc.; telecommunication equipment, cyber security, power network protection equipment, and SCADA

system

equipment.

When

any

of

this

system

experience a plunge in reliability due to equipment failure, the reliability of the power system is correspondingly affected in an adverse way. A picture of the condition of the components of these system is essential in the decision making

process

for

actions

to

be

taken

to

maintain

reliability. This can be realized through real time monitoring of key equipment parameters that defines its condition. This


SCADA/EMS

11

Date Issued:

Rev. November 2017

1.0

is the essence of condition based maintenance – perform appropriate maintenance activity based on the condition of the equipment. Large volume of data is involved in the real time monitoring of the system components of the power system. Moreover, the data will be diverse – communication data, cyber security data, and data from other systems. All these need to be integrated and put in proper perspective. A reasonable approach to handle the bulk and diversity of the data is to channel it to an integrating center – An Integrated Monitoring Center

at

NCC.

The

Conceptual

Architecture

for

the

Integrated Monitoring Center is illustrated in Figure 3. The regional level of the hierarchy shall have a Network Management System (NMS) for the management of the communication

system,

Protection

Management

System

(PMS) for the monitoring of the protection system, Security Incident and Event Management (SIEM) for cyber security, and Condition-Based Maintenance System (CBM) for the equipment

maintenance.

Redundant

Front-End

Communication Servers at NCC for NMS, PMS, SIEM, and CBM will collect regional data. Data from other system shall also be collected by a redundant Front-End communication server similarly connected to the other front ends. Mature standard protocol shall be used in data transmission from the regional level to NCC. The integrated monitoring center at the NCC shall have application servers with the capability to handle the volume of data for the center. The servers shall have application software for the handling and processing of data. It shall have the capability to process structured and unstructured data into a generic format compatible with the application software. Workstations with sufficient processing power shall be provided. The workstations will be used by personnel manning

the

integrated

monitoring

center

for

data

processing and HMI displays. An archival system to store historical data shall be installed at the center. Personnel of


Page: 12 Rev.

November 2017

1.0

the center can access historical records for reference, studies, and model formulation. NGCP shall consider the inclusion of data analytics to the integrated management center. Data analytics algorithms can provide valuable information that can facilitate decision making on keeping power system reliability at a level which is cost effective for NGCP.

Figure 3. National Control Center Integrated Monitoring System Conceptual Framework 2.1.1.2.Control Center Back-Up Philosophy 2.1.1.2.1. Control Center Back Up Schemes The control center back up philosophy is in accordance with the principle of redundancy. Each control center shall have a backup control center. When one control center can no longer function because of natural disaster or man-made incapacitating event, the backup control system shall be able to take over the functions. a. Control Center Back-Up Scheme 1


Page: 13 Rev.

November 2017

1.0

Figure 4. Control Center Backup Scheme 1 Control center backup philosophy under Scheme 1 shall be as follows: 





National Control Center Level  LRCC shall be the backup control center of NCC. Conversely, NCC shall be the backup control center for LRCC Regional Level  MRCC shall be the backup control center of VRCC. Conversely, VRCC shall be the backup control center for MRCC Area Control Center Level  ACC2 shall be the backup control center for ACC1. Conversely, ACC1 shall be the backup control center for ACC2.

b. Control Center Back-Up Scheme 2


Page: 14 Rev.

November 2017

1.0

Figure 5. Control Center Backup Scheme 2

Control center backup philosophy under Scheme 2 shall be as follows: 





National Control Center Level  VRCC shall be the backup control center of NCC. Conversely, NCC shall be the backup control center of VRCC Regional Control Center Level  MRCC shall be the backup control center of LRCC. Conversely, LRCC shall be the backup control center of MRCC Area Control Center Level  ACC1 shall be the backup control center of ACC2. Conversely, ACC2 shall be the backup control center of ACC1.

Appropriate selection criteria shall be developed as guide in making decision on the choice between Scheme 1 and Scheme 2 for Control Center Backup. 2.1.1.2.2. Back Up Control Readiness Principle All Control Centers ether NCC, RCC and ACC as discuss above shall be provided with Backup with SCADA/EMS System with same capability as the main. The Backup Control Center shall be capable of taking over the functions of the main Control Center in the event of the latter’s failure. This shall be supported to the extent that, if the Main system


Page: 15 Rev.

November 2017

1.0

becomes unavailable due to an emergency situation, all of its critical functions shall become available at the backup NCC/RCC system to allow the power system to be monitored and controlled remotely. Thus, the Main and the Backup shall be identical systems which differ only as to the number of users. The Main and Backup will be simultaneously collecting data from the field RTUs, ICCP and SASs. Requirements for maintaining the Backup Control Center system in a state of readiness shall include the following: 1. All maintenance activities at the Main Control Centers system involving changes in the database, display, report, and program including advance application shall automatically download to the back-up control center or prompt the user to download a copy to the backup system. A simple point and click by the user shall initiate an automatic transfer of the updated information from the Main System to the backup system and initiate appropriate installation, activation procedures, and reinitialization in the backup system. No maintenance activities can be performed at the backup system while maintenance is on-going at the main. 2. System Controller and other user entries to the main control center system shall be downloaded to the backup system. 3. All Information stored in IS&R on the main system shall also be automatically downloaded to the IS&R system in the backup system. The focal point of all these requirements is to ensure that the backup system is, at all times, synchronized with the main system. Thus, in the event that the main system falters, the backup system can present to the dispatcher a SCADA/EMS that is highly similar to the main system. It shall be possible to perform maintenance works remotely on main from the backup. The user interfaces at the backup shall be designed and configured to have the capability to remotely


Page: 16 Rev.

November 2017

1.0

connect to main through the WAN linking main to the backup. The remotely connected backup user interface shall appear as one node in the main network. Proper authentication and safeguards shall be put in place to prevent unauthorized remote connection from the backup to main control center. In the event that the backup becomes the online system due to failure of main, changes made in the backup shall be uploaded to the main system when it is restored to service and prior to being placed on-line by the user. 2.1.1.3.Regional Control Center (RCC) The RCC configuration characteristics shall be based on the SCADA/EMS Conceptual Architecture shown in Figure 6. This shall compose of the Application Processors (e.g. SCADA, EMS DTS and WAMS), IS&R Processor and Storage for archival of power system data, user interfaces workstations for dispatch, engineering and maintenance and a Video Projector Screen (VPS) for enhanced visual presentation of SCADA/EMS data. A WEB application server caters to the data needs of users external to the EMS. Data Acquisition sub-system handles the data acquisition aspect from the RTUs/MBSCs. Data exchange with other control centers EMS is done through the ICCP subsystem which can handle various data exchange protocols. Specific requirements for hardware and applications for RCC and BRCC shall conform to Section 2.1.4.5 SCADA/EMS Application Requirements and Section 2.1.4.6 SCADA/EMS Hardware Requirements respectively. 2.1.1.4.Area Control Center (ACC) The ACC shall also adhere to the conceptual architecture shown in Figure 6. Generally, the ACC only has monitoring and control capability within its defined area of responsibility. Absent from the ACC are advance application functions such as AGC, DTS, Load Forecast, and Network Application Software. Specific requirements for hardware and applications for ACCs shall conform to Section 2.1.4.5 SCADA/EMS Application Requirements and Section 2.1.4.6 SCADA/EMS Hardware Requirements respectively. 5.1.2 Control Center SCADA/EMS Conceptual Architecture


SCADA/EMS

17

Date Issued:

Rev. November 2017

1.0

The control center conceptual architecture defines the network setup for the various hardware and peripherals necessary for the efficient and safe operation of a control center. The conceptual architecture at the control center shall be applicable for NCC, RCCs, and ACCs of the NGCP. They will differ only

in

the

number/processing

power

of

the

hardware,

application software, and data storage capacity. The volume of data, extent of control actions and number of users shall be the key

parameters

in

determining

the

processing

capability,

number of hardware, and storage capacity that will present in the respective control centers. The control center architecture shall have 5 zones as shown in Figure 6 – SCADA/EMS Conceptual Architecture. Zone 5 contains the data collection devices such as the RTUs, PMUs, and transient recorders. Existing serial protocol output of the RTUs will be converted to a network protocol using a protocol converter such as terminal servers. High Availability (HA) firewalls shall separate Zone 5 from Zone 4. This is in consonance with the cyber security protection principle of protecting the control center network from intrusions. Zone 4 contains the data acquisition servers for SCADA, Wide Area Measurement

(WAMS), and

ICCP servers. The redundancy

principle shall be manifested in Zone 4 by having redundant servers for WAMS, Front End System (FES), and ICCP servers. Intrusion Detection System (IDS) and Intrusion Protection System (IPS) servers shall be part of Zone 4 for cyber security of the network. High Availability (HA) firewall shall be installed between Zone 4 and Zone 3. Zone

3

contains

the

Cyber

Security

Application

servers,

SCADA/EMS servers, Information Storage and retrieval (IS&R), WAMS Servers, and HIS Servers. SCADA/EMS servers, WAMS servers,

and

Historian

servers

shall

be

in

a

redundant

configuration. The Patch Management server and workstations for

the

users

–

maintenance

personnel,

control

center

dispatchers, planning/studies, and video wall controller and peripherals – are contained in Zone 2. All servers, workstations, and peripherals connect to Zone 3 through a HA firewall.


SCADA/EMS

18

Date Issued:

Rev. November 2017

1.0

MO Application, HIS Web Apps replicator, and HIS ICCP are attached to a Local Area Network (LAN) in Zone 1. The LAN shall be outside the SCADA/EMS network boundary. The flow of data between Data Historian in Zone 3 and Data Historian Replicator in Zone 1 shall be uni-directional – from data historian of Zone 3 to Data Historian replicator in Zone 1. This shall be effected through a data diode. The New Market Management System of Market Operation connects to NGCP through a firewall attached to the LAN in Zone 1. Connection point shall also be established to permit remote SCADA/EMS hardware and application software maintenance by the supplier. The access shall be governed by applicable Cyber Security operating procedures. Firewalls shall be put in place along the connection path. Remote user interfaces (UIs) are installed at the ACCs to provide ACC dispatchers with a view of the entire Grid thereby enhancing his Grid situational awareness. These remote UIs connect to the RCC SCADA/EMS through a data communication network. The bandwidth shall be sufficient to ensure

complete

and

uninterrupted

data

flow

from

RCC

SCADA/EMS to the ACC remote UI. The data link shall have a firewall at the ACC and another firewall in Zone 2 connecting to RCC SCADA/EMS in Zone 3.


Page: 19 Rev.

November 2017

1.0

Figure 6. SCADA/EMS Conceptual Architecture 5.1.3 Control Center SCADA/EMS Architecture Principles The SCADA/EMS architecture shall be anchored on the following general principles: 2.1.3.1.Configuration Characteristics The SCADA/EMS function is classified as either critical or noncritical. Every critical function shall be supported by sufficient redundancy to ensure that any single failure will not interrupt the availability of that function. Non-critical functions need no redundancy, because they may be terminated until restarted manually or may be executed at low priority until any necessary equipment repairs have been completed. Each automatic transfer to backup resources of one or more critical functions interrupted by a failure shall be completed with no loss of data. As a minimum, data coherency shall be maintained by performing integrity checking before committing and allowing for transaction rollbacks if needed. Functions that were scheduled to execute during the time that a transfer is occurring shall automatically execute following completion of the transfer.


SCADA/EMS

20

Date Issued:

Rev. November 2017

1.0

Critical SCADA/EMS backed up shall employ one or more of the following approaches. 

One-for-one redundancy, in which the function of the failed



PU is taken over by a dedicated backup PU One-for-many sparing, in which a spare PU provides backup



for one or more PUs A fault tolerant architecture

2.1.3.2.Expansion Characteristics SCADA/EMS architecture performance in the future, as new functions and data communications are added and the delivered capabilities become limiting, the SCADA/EMS shall be designed to enable the convenient addition of processing units, main memory, and bulk memory. The bulk memory capacity of all processing units shall be also expandable. The SCADA/EMS expansion requirements shall be based on the most probable growth rates, the potential for new applications, and judicious balance between delivered SCADA/EMS costs against capabilities. There shall be no restrictions on the vertical (i.e., upgrade of processors,

etc.)

or

horizontal

expansion.

(i.e.,

adding

processors, workstation’s, peripherals, or connections to other LANs or WAN, etc.). It shall be able to make all databases and SCADA/EMS changes to support the anticipated system growth, through interactive procedures supplied in the initial SCADA/EMS. 2.1.3.3.Open System Standards The

SCADA/EMS

shall

conform

to

mainstream

computing

international standard under Smart Grid, emerging standards, whenever those standards are appropriate in the context of a SCADA/EMS architecture. In this regard, the computer system and communication standards referred to in the following sections shall be utilized throughout the SCADA/EMS.


SCADA/EMS

21

Date Issued:

Rev. November 2017

1.0

Figure 7 - Open System Standard Platform 2.1.3.3.1. Hardware The SCADA/EMS architecture does not limit as to hardware of choice from leading manufacturers available in the market such as ALPHA, IBM, SUN, and HP to mention a few. This hardware shall support different operations system either UNIX, LINUX, or WINDOWS and shall conform to international standards as defined and recommended in Smart Grid interoperability requirement. 2.1.3.3.2. Operating System The operating system of the main server shall comply with the approved POSIX standards. Other than the main server supplier may use non-POSIX compliant Operating System such as MS Windows for the workstation and Web Application Server. 2.1.3.3.3. Open System Interface Detailed Application Programming Interface (API) documents for all hardware and software subsystems that are part of the SCADA/EMS shall be provided by the Original Equipment Manufacturer. sufficiently

These

detailed

interface to

permit

documents NGCP,

shall

including

be

NGCP

authorized third party OEM to replace SCADA/EMS hardware or software subsystems with enhanced hardware or software


SCADA/EMS

22

Date Issued:

Rev. November 2017

1.0

or to introduce new hardware and software that must interoperate with the SCADA/EMS. API shall conform to IEC 61970 and CIM. 2.1.3.3.4. Software The application program source code shall be written in a high level language and shall conform to ANSI standards without use of extensions except as approved by NGCP. All software shall use only POSIX operating system services or other fully documented system services. 2.1.3.3.5. Local and Wide Area Networks Local and Wide Area Networks shall be in conformance with Open System Interconnection (OSI) standards and protocols. LANs

and

WANs

shall

employ

wired

and

wireless

technologies with a reliable and high-speed connectivity to ensure

data

integrity

and

real-time

voice/video

communications. LAN shall use Layer 1 and 2 devices like repeaters, bridges or switches, whereas WAN shall use Layer 3 devices such as Routers or Multi-layer Switches and Technology. Fast Ethernet, switched Ethernet, and/or ATM protocols with profiles selected from OSI or the Internet suite (TCP/IP), OSI is preferred wherever it can be used, but both OSI and the Internet suite shall be provided to inter-operate with external subsystems. 2.1.3.3.6. System Interface The SCADA/EMS shall be connected as part of the overall NGCP system hierarchy as well as to external party. In addition, each SCADA/EMS shall interface with NGCP's LAN/WAN, NCC’s, RCCs, and ACCs’, and shall have the capability to interface with other NGCP and non-NGCP computer systems. Applicable communications protocols shall use mature standard protocols such as ICCP TASE 2, TCP/IP and IEC 61968-8:2015.


SCADA/EMS

23

Date Issued:

Rev. November 2017

1.0

The SCADA/EMS shall also connect to field devices such as substation

and Plant

RTUs and

Substation Automation

System (SAS). Appropriate communication interface shall conform

to

the

international

standard

on

Smart

Grid

interoperability. This communication interface standard shall include but not limited to DNP 3.0 and IEC 60870-5. 2.1.3.3.7. Database Definition and Population, and Access Database

definition,

performed Management initially

on

a

population network-based

System

conform

and

to

access

Relational

(RDBMS).

RDBMS

Structured

Query

shall

be

Database

interfaces Language

shall (SQL)

standards and directions with limited extensions as approved by NGCP. 2.1.3.3.8. Distributed Computing and Network Management The SCADA/EMS shall be fully compliant with distributed computing

and

network

management

offerings'

and

directions, such as the Open Software Foundation (OSF), OSF's

Distributed

Computing

Management

Environment

(DCE). 2.1.3.4.SCADA/EMS Maintainability 2.1.3.4.1. Hardware Maintainability The SCADA/EMS shall be designed so that a two (2) hour Mean-Time-To-Repair (MTTR) shall be achieved, measured from the time a qualified technician arrives on-site. All equipment shall be modular in construction and shall be supported with comprehensive diagnostic software routines including complete documentation for all equipment and software routines including and software. 2.1.3.4.2. Software Maintainability The SCADA/EMS shall be designed to allow on-line software module integration and on-line modification of database parameters with no effect or downtime on real-time system operation. Changes in database definition (including, but not


SCADA/EMS

24

Date Issued:

Rev. November 2017

limited

to,

additional

of

power

1.0 system

equipment,

modification of equipment characteristics, and modification or

addition

of

calculations)

shall

be

possible

without

regeneration of the entire database. 2.1.3.4.3. SCADA/EMS Availability Considering

the

criticality

of

the

SCADA/EMS

to

Grid

operation, a high level of availability shall be set forth for the SCADA/EMS. Hardware redundancy and other field proven SCADA/EMS equipment layout/configuration that attains high level

of

availability

shall

be

considered.

SCADA/EMS

availability shall be calculated as follows:

The total cumulative downtime of all critical functions on an annual basis shall not exceed four (4) hours and twenty-three (23) minutes (representing an availability of 99.95%, and not more than a total of forty (40) incidents of downtime for any one or more critical function shall occur in any one (1) year period. Over a 1-year period (8760 consecutive hours of operation), the SCADA/EMS shall be available for no less than 8755 hours and 37 minutes. In addition, there shall be no more than 40 incidents of unavailability over the same period.

Equipment availability shall be calculated as:

5.2 EMS Performance Requirements Performance of the SCADA/EMS requires measuring a number of performance metrics under differing activity levels and utilization of the system. These metrics shall be used to establish the suitability of the EMS to the requirements of NGCP which include among others the capability to


Page: 25 Rev.

November 2017

1.0

provide rapid and accurate response to transmission system events and provide dispatchers with the ability to monitor and control the power Grid system; and provide tools to conduct system study and analysis. Figure 1 shows the framework of the EMS performance requirements.

Figure 8 SCADA/EMS Performance Requirements Framework 5.2.1 Expansion Requirements The EMS shall be expandable/scalable in order to cope and perform under an increased or expanding workload. The system should scale well to be able to maintain or even increase its level of performance or efficiency when tested by larger operational demand. There are two (2) approaches in adding computing resources to the system, vertical and horizontal scaling. With vertical scaling, more power is added to the existing machine like expanding the main and bulk memory. In horizontal scaling, additional resources into your system is done by adding more machines to the network, sharing the processing and memory workload across multiple devices. 5.2.2 Fail-Safe Capability The EMS shall incorporate fail-safe capabilities to handle system activity levels that exceed the High Activity Level. Under these conditions, the EMS shall continue to process or maintain coherency of inputs obtained from remote inputs, local inputs, and user interface processes. Acceptable failsafe methods include sharing reserve PU resources or the graceful degradation of certain applications other than data acquisition, data


Page: 26 Rev.

November 2017

1.0

exchange, and the associated data processing to allow sufficient resources for power system monitoring and alarm handling. Entering a failsafe state shall always be alarmed and logged. 5.2.3 System Utilization System Utilization depends on the configuration of the EMS and the method of distributing functions among the processing units. Within this context, the system utilization requirements described below reflect NGCP’s requirements for expandability and resource loading safety margin for a SCADA/EMS. 1. Normal Activity Level Utilization a. The Utilization of any on-line PU or any PC/Workstations used for executing application functions shall not exceed 30%. b. The utilization of any on-line bulk memory device or controller shall not exceed 30%. c. The utilization of any on-line communication server (gateway, router, bridge, or communication network processor) in the EMS shall not exceed 30%. 2. High Activity Level Utilization a. The utilization of any on-line PU or any PC’s used for executing application functions shall not exceed 40%. b. The utilization of any on-line bulk memory device or controller in the EMS shall not exceed 40% c. The Utilization of any on-line communication server (gateway, router, bridge or communication network processor) in the EMS shall not exceed 40% d. The loading of any non-deterministic LAN shall not exceed 10%; the loading of any deterministic LAN shall not exceed 20%. 5.2.4 System Activity Levels The EMS performance requirements shall be verified under two different system activity levels. 1. Normal Activity Level Represents operating conditions of a system, wherein the servers are operating in a stable state at normal condition 2. High Activity Level


SCADA/EMS

27

Date Issued:

Rev. November 2017

1.0

Represent operating conditions wherein, the system is acquiring/processing the RTD on the Market (every 5 mins), multiple user are extracting data from the server at the same time or bulk digital and analog data processing during disturbance. Regardless of the activity level, the EMS shall at all times maintain the specified level of performance. These activity levels shall not cause the EMS to fail or produce erroneous results. 5.2.5 Performance Criteria Performance Criteria shall be measured at different system activity levels (Normal and High) and system utilization levels (Normal and High). The performance criteria shall include NGCP’s standard on: 1. Response Time 2. Completion Time 3. Periodicity 4. Scanning 5. Accuracy 6. Failure Recovery 7. Software Maintenance Requirements These performance criteria shall adopt the minimum performance requirements for measurement defined in IEEE Std. C37.1-2007. 5.3 SCADA/EMS Application Software The SCADA/EMS application software shall be a logically integrated system running

on one or more processing

units identified as

application processors. The SCADAEMS application software shall consist of the following major functional components: 5.3.1 SCADA Application Software 2.3.1.1.SCADA Data acquisition for the power Grid system shall be via multiported RTUs located in substations and power plants as well as microprocessor

based

substation.

Data

acquired

shall

be


SCADA/EMS

28

Date Issued:

Rev. November 2017

1.0

processed (i.e. limit checked, calculations performed, and alarms generated) and stored in the SCADA/EMS database for use by the Dispatchers and SCADA/EMS functions. 2.3.1.2.User Interface The User Interface (UI) of the SCADA/EMS shall provide effective approaches for interaction between all users and the SCADA/EMS. The SCADA/EMS shall be designed to provide rapid response to transmission system events and provide Dispatcher with the ability to monitor power system operations and control the power system. The user interface shall provide processing of Dispatcher and other user requests and shall perform display output

presented

to the

workstation

monitors

and

video

projection system. The User Interface shall be PC-based Workstation. The PCbased workstation UI shall be driving at least three (3) display monitors. The workstations shall include a keyboard and cursorpositioning device (e.g., mouse). 2.3.1.3.Web Based Graphical User Interface The Graphical User Interface (GUI) of the SCADA/EMS shall provide effective approaches for interaction between some users and the SCADA/EMS. It shall allow viewing of all standard system via a standard browser on a client machine. It shall allow also the user to call up and view any graphical world map display, substation one line or tabular display. Refresh of the dynamic data shall be on periodic basis every five (5) seconds. Security measure shall be provided to allow authorized users only. The web server machine shall be provided with web server application such as Apache or Microsoft IIS. The client machine shall use the standard Microsoft Internet Explorer of later version. No special plug-in or browser cookies are required. 2.3.1.4.Load Shed and Restore Load Shed and Restore function shall be provided. The Load Shed function shall consist of four packages:


SCADA/EMS

29

Date Issued:

Rev. November 2017

1.0

a. Under Frequency Relay Monitoring The SCADA/EMS shall include a function that monitors the Under Frequency Relays. The Under Frequency Relays are set to operate whenever the frequency drops below the pre-set stages for each relay. b. Manual Load Shed The manual load shed function shall allow the System Controllers to shed blocks of load via interactive display commands. Displays for interactive definition and review of blocks of load for shedding shall be available. c. Rotational Load Shed The SCADA/EMS shall include a rotational load shedding function. Each load subject to load shedding is assigned to one of the load blocks. d. Restore The load shed program shall include a restoration function that allows the System Controller to restore load that has been shed by the load shed function. 2.3.1.5.Post Disturbance Analysis The SCADA/EMS shall have the capability to collect predisturbance and post-disturbance data. The user shall be able to view, in a well-organized manner, disturbance data for analysis of power system disturbances. This tool shall enable the system controller to replay sequences, and to visualize the data evolution both in the schematics displays and in tabular forms. Disturbance data collection shall be automatically triggered upon detection of a defined condition or on demand by the user. The user shall be notified when a disturbance has been detected. 2.3.1.6.Sequence of Events The SCADA/EMS shall have sequence-of-events software for processing

sequence-of-events

(SOE)

data.

Preferably,

sequence-of-events data retrieval scans shall be separate from the status cycles. The software shall be capable of checking the incoming data for errors and shall request a re-transmission


SCADA/EMS

30

Date Issued:

Rev. November 2017

1.0

if an error is detected or acknowledge receipt if no error is detected. A time synchronizing feature shall be part of the SOE function. It shall control the transmission of synchronization signals to the RTU’s and MBSC’s. All RTU and MBSC’s clocks shall be maintained in synchronization with the master clock. 2.3.1.7. Equipment Outage Scheduling An Equipment Outage Scheduler shall be part of NGCP’s SCADA/EMS in order to pre-schedule equipment maintenance outage. The outage schedules shall be accessible to all application functions requiring the status of the equipment in the future or in the past. 2.3.1.8.Information Storage & Retrieval (IS&R) IS&R shall be a logically separate subsystem within the SCADA/EMS environment. It shall service a large number of information

users

while

ensuring

that

the

security

and

performance of the SCADA/EMS are not affected. IS&R shall accommodate

long-term

disk

storage

and

retrieval

of

information produced by the SCADA/EMS. The SCADA/EMS shall transfer data to IS&R on a cyclic basis and on demand. Any authorized, designated SCADA/EMS user shall be able to access all IS&R functions, review historical information, and edit historical information from any SCADA/EMS workstation. 5.3.2 Planning Analysis Applications 2.3.2.1.Assistant Decision-Making Application a.

Description The Assistance Decision Making (ADM) is an application that shall implement power Grid operation status analysis under various assumed conditions based on the system topology model. It shall calculate each network branch active and reactive power based on voltage phasor angle and voltage amplitude.

b.

Process Diagram


Page: 31 Rev.

November 2017

1.0

Figure 9 – ADM Process Diagram c.

Principles i. Data Input Principles The SCADA data and stability analysis data shall be the main input of ADM. It shall use SCADA data and Stability Analysis applications to target a potential disturbance or limit violation threat. ii. Process Principles •

ADM process shall analyze the controllable equipment to conclude the optimal dispatching strategies which satisfy multiple stability constraints.

•

ADM shall evaluate outages, power supply risk, closering operation risk and load power supply switching plan.

iii. Output Principles •

The ADM shall provide solution to limit violations and disturbances problem and foresee regulation strategies for power Grid operational security.

•

The ADM result shall be presented in graphical, tabular display for immediate use of dispatchers.

iv. Cyber Security ADM application shall be subjected to the approved security standard criteria. v. Hardware Architecture ADM application shall be subjected to the approved hardware configuration requirements.


Page: 32 Rev.

November 2017

1.0

2.3.2.2.Bus Load Forecast a.

Description The Bus Load Forecast (BLF) is an application used to forecast busload demand for certain day and hour. It shall compute the active and reactive demand of each area and individual loads.

d.

Process Diagram

Figure 10 - Bus Load Forecast Application Process Diagram e.

Principles i. Data Input Principles •

The result from the Load Forecast shall be an input to Bus Load Forecast.

•

All substation outages created in EOS shall be sent to BSLF so that load demand shall only be distributed to energized/online costumers.

ii. Process Principles •

BLF process shall compute the active power and reactive power demand using the historical data. It shall also consider the outages and see to it that no allocation shall be given to those loads with existing outage schedule.

•

The BLF shall automatically generate the bus load of the next day based on the system load forecast result in real-time mode.

iii. Output Principles •

The BLF shall display the bus load forecasted result and bus load distribution factor.


SCADA/EMS

33

Date Issued:

Rev. November 2017

1.0

•

Modification of the result shall include but not limited to the adjustment of active power of an area or an individual load independently, adjust the active power and reactive power for each load separate and multiply the conforming load with a coefficient

•

All results shall graphical form.

be

displayed

in

tabular

and

iv. Cyber Security BLF application shall be subjected to the approved security standard criteria. v. Hardware Architecture BLF application shall be subjected to the approved hardware configuration requirements. 2.3.2.3.Equipment Outage Scheduler a.

Description The Equipment Outage Scheduler (EOS) is application that shall be used to schedule generation, transmission or substation outages and shall be integrated in SCADA system and in other advanced applications.

b.

Process Diagram

Figure 11 - Equipment Outage Scheduler Application Process Diagram c.

Principles i. Data Input Principles Generation, transmission and substation outage schedules, caution tags and commissioning or decommissioning based on the Plan Activity Notice


SCADA/EMS

34

Date Issued:

Rev. November 2017

(PAN) shall scheduler.

be

created

in

the

1.0 Equipment

Outage

ii. Process Principles EOS shall save all the outages, caution tags and commissioning/ decommissioning created. A list of all the files created shall be available and an option to create grouped outages, copy planned outage, extend outages and cancel outages shall be available in the application. iii. Output Principles EOS shall save all the outages, caution tags and commissioning/ decommissioning created. A list of all the files created shall be available and an option to create grouped outages, copy planned outage, extend outages and cancel outages shall be available in the application. iv. Cyber Security EOS application shall be subjected to the approved security standard criteria. v. Hardware EOS application shall be subjected to the approved hardware configuration requirements. 2.3.2.4.Load Forecasting a. Description Load Forecast (LF) is an application that shall forecast the future system load requirement. It is an estimate of what the future load requirement for a given forecast horizon based on the available information about the state of the system using statistical methods. It is a vital tool for the operation and planning of an of electric power system. b. Process Diagram


Page: 35 Rev.

November 2017

1.0

Figure 12 - Load Forecasting Application Process Diagram c. Principles i. Data Input Principles 

Historical data load



Weather data (Temperature, Humidity, Wind Speed, Rainfall)



Forecast area, day and time



Special event

ii. Process Principles 

The total load requirements in the power system shall be predicted with statistical method.



Very Short-term Load Forecast (VSLF)



Short-term Load Forecast (SLF)



SLF Forecasting methods (Regression, Time Series, Pattern Matching and Artificial Neural Network)



Periodic and Manual Forecast generation options

iii. Output Principles 

Very Short-term Load Forecast (VSLF) shall provide an estimate for the hourly electrical demand for the next 24 hours in 5 minutes, 15 minutes and hourly intervals.



Short-term Load Forecast (SLF) shall provide an estimate for the hourly electrical demand for the present day and for the next seven days (extendable to 14 days) in 5 minutes, 15 minutes and hourly intervals.



LF display output shall be available in graphic and tabular displays.


Page: 36 Rev.

November 2017

1.0



LF provides analysis of forecast error.



LF results shall be available for Generation Schedule (GS) and Bus Load Forecast (BLF) as inputs to Planning Power Flow (PPF).

iv. Cyber Security LF application shall be subjected to the approved security criteria. v. Hardware LF application shall be subjected to the approved hardware configuration requirements. 5.3.3 Network Analysis Applications 2.3.3.1.Contingency Analysis a. Description The Contingency Analysis (CA) is an application that shall provide information about static state security under predefined or auto selected single or multiple contingencies. Power Flow and voltage violations shall be evaluated and the severity of the possible outage shall be calculated. CA shall be available in real-time mode and study mode. In real-time mode, it shall be based on the latest SE solution. In study mode, it shall use the DPF solution as base case or from the archived cases of the historical data. b. Process Diagram

Figure 13 - Contingency Analysis Application Process Diagram c. Principles i. Data Input Principles


SCADA/EMS

37

Date Issued:

Rev. November 2017

1.0



State Estimator data shall serve as real-time base case input for CA application for system pre-analysis.



Historical Case shall also be used as base case input for the CA application for system post analysis.



DPF case output shall be an input base case to CA process to determine the severe contingency event that shall possible occur in a given system condition.

ii. Process Principles Ranks the contingency events according to the degree of severity. The available contingency options shall include Line-1, Transformer-1, Generator-1, Bus-1 or a pre-defined multi-contingency. iii. Output Principles 

Displays the contingency according to severity index.



Events with high severity ranking shall be inputted back to the DPF application for simulation to address the indicated violations.



Results shall check limit violation of various types of equipment including active power or ampere flows of transmission lines, active power, reactive power, or ampere flows of transformers, active power output of generators, active power interchange, reactive power output of generators varying with different active output, and voltage magnitude at bus bars.

events

that

are

rank

iv. Cyber Security Contingency Analysis application shall be subjected to the approved security standard criteria. v. Hardware Architecture Contingency Analysis application shall be subjected to the approved hardware configuration requirements. 2.3.3.2.Dispatcher’s Power Flow a. Description The Dispatcher Power Flow (DPF) is an application that shall implements power Grid operation status analysis under various assumed conditions based on the system topology model. It shall calculate each network branch active and


Page: 38 Rev.

November 2017

1.0

reactive power based on voltage phasor angle and voltage amplitude. b. Process Diagram

Figure 14 - DPF Process Diagram c. Principles i. Data Input Principles 

SE data shall serve as real-time base case input for DPF simulation.



Historical Case shall also be used as base case input for the DPF application.



The Future Case shall be used as base case for running DPF using forecasted data. It shall select data from Market Operation (MO) or from System Operation (SO).



Data from SO shall consider inputs from Load Forecast (LF), Generation Schedule(GS), Bus Load Forecast (BLF) and Equipment Outage Schedule (EOS).


Determines the effect of one event or a combination of events in the system power flow.



Events(s) shall either be an energization/ outage of line(s), energization/ tripping of generator(s), change in the transformer tap positions, energization/deenergization of capacitor bank(s)/ reactor(s), changes in the generator’s generation, or changes in the area or system loads.


Displays the voltages, currents, active and reactive flows as a result of the simulated event(s).


Page: 39 Rev.

November 2017

1.0



Results shall be saved and shall be used as base case for future DPF simulation or as input for other advanced applications



Results shall be presented in graphical, tabular, and 3D visualization for immediate use of decision makers.

iv. Cyber Security Dispatcher Power Flow application shall be subjected to the approved security standard criteria. v. Hardware Architecture Dispatcher Power Flow application shall be subjected to the approved hardware configuration requirements. 2.3.3.3.Network Analysis In a power system, disturbance is unpredictable. No one exactly knows when and where a network disturbance will occur. The best approach is to be ready when such disturbance happens. A proactive action is to have a contingency plan that is ready when a system trouble arises. The acquisition of an appropriate application for network analysis is necessary to develop an appropriate strategy to respond before, during, and after the occurrence of system disturbance. These applications shall respond to the dynamic development and demanding requirement of the power Grid operations. Basically, these network analysis tools have the capability to monitor, analyze and optimize the power system operations. Benefits The Network Analysis applications shall specifically provide accurate real-time model for better monitoring and control of the power Grid. It shall have the capability to determine system Grid reliability in real-time with respect to overloads, voltage limits and voltage collapse. These applications shall be able to evaluate network control actions under a wide option of simulated conditions. It shall be able to maintain historical cases of system disturbance for post-analysis and for static contingency analysis.


Page: 40 Rev.

November 2017

1.0

Features All Network Analysis applications shall be usable both in realtime or in study modes. It shall support single or multiple simulations. The basic package of Network Analysis shall include applications required to build base cases and to perform static contingency analysis. These Network Analysis applications shall be configurable to be stand-alone and shall have the capability to be integrated to an existing SCADA/EMS system. a. Description Network Analysis applications shall be a collection of Advanced applications that are capable of performing intelligent system analysis. It shall use the power Grid operational data and results from other application modules to analyze power Grid operation under various operating conditions and to determine the possible impact when some of the power Grid equipment failed during operation.

Figure 15 Network Analysis Process Diagram b. Data Input Principles 

Network Modeling (NM) The Network Topology Analysis shall perform network modeling and topology analysis over the entire network of the power Grid. The generated network bus model,


Page: 41 Rev.

November 2017

1.0

electrical island model and topology analysis shall be an input to the State Estimator application. 

State Estimator (SE) The State Estimator shall estimate bus voltage and phase angle. I t shall detect suspicious data, verifies accuracy of real time measurements and calculates all branch power flows. It shall provide power flow solution for both the observed and unobserved parts of the entire power Grid. It shall use available real-time measurements, forecasted load and generation, scheduled voltages, and any operator entries to provide a complete and reliable network solution.



Generation Schedule (GS) The GS shall develop generation schedule for hour-ahead, day-ahead and week-ahead using inputs from System Operation and Market Operations. The GS shall utilize the per-plant week-ahead, day-ahead, hour-ahead, and the 5minutes Real-Time Dispatch (RTD) market generation forecasts, which is the generation requirement per plant for each Operation. The information shall be translated into generation requirement for each generating unit. The per unit distribution in a plant shall be according to the ratio of generator’s capacity or the current output from SE. The generator and line outage schedule shall be taken into consideration so that the units on shutdown will not be included in the distribution of generation. The output of the GS using market operation data shall be stored as saved case in repository storage which shall be accessed by DPF application.



Load Forecast (LF) The LF is an application that shall analyze and forecast future load requirements. The total load in the power system or part of it resulting in a consumption pattern shall be predicted with statistical method. The output of


Page: 42 Rev.

November 2017

1.0

LF shall be inputted to the Generation Schedule and Bus Load Forecast applications. 

Bus Load Forecast (BLF) The BLF is an application used to forecast busload demand for certain day and hour. It shall compute the active and reactive power demand of each area and individual loads using historical data. The BLF shall compute the active and reactive power demand using the historical data. It shall also consider the scheduled outages and see to it that no allocation shall be given to those feeder line with existing outage schedules. The BLF shall automatically generate the bus load of the next day based on the real-time system load forecast result.



Equipment Outage Schedule (EOS) The EOS is application that shall be used to schedule generation, transmission or substation outages. Its output shall be integrated to the SCADA system and to other Advanced applications.

c. Process Principles 

Dispatcher Power Flow (DPF) The DPF shall implement power Grid operation status analysis under various assumed conditions based on the system topology model. It shall calculate each network branch active power and reactive power based on voltage phasor angle and voltage amplitude. The DPF shall process input from SE as Real-time, from saved SE data as Historical Case and from forecasted planned operation as Future Case. The DPF shall include use the algorithm of Gauss Seidel or Newton Raphson for solving linear system of equations.



Historical Case It shall determine the archive SE data, steady-state conditions that may exist on the network under a wide


SCADA/EMS

43

Date Issued:

Rev. November 2017

1.0

variety of hypothesized conditions. It shall be used for conducting post analysis. 

Future Case It shall consider planned or forecasted operation. The Generation Schedule shall retrieve data either from Market Operation or from System Operation. The Bus Load Forecast

shall provide the schedule

connected

to

the

bus

bar.

The

of the feeders

Equipment

Outage

Schedule shall provide input regarding power plant and transmission lines on schedule for maintenance outage. d. Output Principles 

Contingency Analysis (CA) The Contingency Analysis shall provide information about static state security under pre-defined or auto selected single or multiple contingencies. Power flow and voltage violations shall be evaluated and the severity of the possible outage shall be calculated. Contingency analysis - determines the reliability of the network under specified contingencies. It simulates the steady-state power flow solution

and

checks

the

network

for

out-of-

range

conditions. Contingency analysis can also account for planned outages. 

Network Sensitivity Analysis (NSA) The Network Sensitivity Analysis shall consider

the

degree of influence between the key components involved in

the

power

flow calculation, such

as

bus

power

injection, branch power flow and bus voltage magnitude. The NSA shall refer to the power Grid operational data and mode to calculate the various types of network sensitivities. 

Short Circuit Analysis (SCD)


SCADA/EMS

44

Date Issued:

Rev. November 2017

1.0

The Short Circuit Analysis shall simulate different types of short circuit faults in the network and evaluate the impact of the fault in the power Grid. It shall calculate fault currents in the network so that it may be used to monitor potential fault currents that may exceed circuit breaker rating(s) in current operating conditions and network topology. This function can also be used to verify the circuit breaker capacity and protection settings. 

Security Constraint Dispatch (SCD) The Security Constraint Dispatch shall ensure economy and security of the power system operation. It shall eliminate limit violation by regulating the active power output of the generator. SCD provide regulation strategies in association the Automatic Generation Control functions and shall determine the most effective remedial actions that

can

be

implemented

at

minimal

cost

through

generation-dispatch to alleviate violations of active power operating constraints. 

Assistant Decision Monitoring (ADM) The ADM shall use the SCADA data to address potential disturbance or limit violation threat. It shall analyze the controllable

equipment

to

determine

the

optimal

dispatching strategies which satisfy multiple stability constraints.

It

shall

determine

limit

violations

and

disturbance issues during power Grid real-time operation or during anticipated conditions. 

Network Reduction The Network Reduction shall analyze the specified data section of the Grid to generate a network equivalent. The data section shall be provided by either State Estimator real-time data, Dispatcher Power Flow data, or from Historical Case. The essence of network equivalent to a subsystem is external node elimination, generation of the equivalent

branch,

and

the

determination

of

the


Page: 45 Rev.

November 2017

1.0

equivalent injection on the boundary. The NR shall reduce the dimensions of the external Grid to an equivalent data model. The equivalent data model shall be used to determine the influence of the external networks. NR shall consider

the passive network data as well as the

topological status of the external network. 

Dispatcher Training Simulator (DTS) The DTS shall provide training system that realistically models the power system network. It shall display various network conditions and simulates events during the training. Trainees’ response to the simulated events shall be evaluated, and further improved.

e. Cyber Security Network Analysis applications shall be subjected to the approved security standard criteria. f. Hardware Architecture Network Analysis applications shall be subjected to the approved hardware configuration requirements. 2.3.3.4.Network Reduction a. Description The Network Reduction (NR) is an application that shall create reduced models for power flow analysis. This shall be based on the requirement that power flow is as similar as possible in full and reduced Grid model. b. Process Diagram


Page: 46 Rev.

November 2017

1.0

Figure 16 Network Reduction Process c. Principles i. Data Input Principles 

The data shall be provided by State Estimator (SE), Dispatchers Power Flow (DPF), Planning Power Flow (PPF) or historical data.



The SE data shall serve as real-time base case input while DPF, Planning Power Flow (PPF) and historical case data shall also be used as base case input for the Network Reduction Application


NR process shall be designed to reduce the size of a network model by replacing sets of buses and their connected devices with a smaller but exact numerically equivalent network.



The process shall support symmetrical or asymmetrical short circuit calculations according to IEC60909. NR process shall be designed to reduce the size of a network model by replacing sets of buses and their connected devices with a smaller but exact numerically equivalent network.


The result shall display the equivalent data models and simulate the influence of the external networks and shall give the same short circuit or load flow results as the original network.



The NR result shall be saved and shall be used as base case for future DPF simulation or as input for other advanced applications.


SCADA/EMS

47

Date Issued:

Rev. November 2017

1.0

iv. Cyber Security NR application shall be security standard criteria.

subjected

to

the

approved

NR application shall be subjected hardware configuration requirements.

to

the

approved

v. Hardware Architecture

2.3.3.5.Network Sensitivity Analysis a. Description The Network Sensitivity Analysis (NSA) shall consider the degree of influence between the key components involved in the power flow calculation, such as bus power injection, branch power flow and bus voltage magnitude. The NSA shall refer to the power Grid operational data and mode to calculate the various types of network sensitivities. b. Process Diagram

Figure 17 - Network Sensitivity Analysis Process Diagram c. Principles i. Data Input Principles 

Historical case from auto saved State Estimator data or manually save case.



State Estimator Data



Dispatchers Power Flow Data- Real time



Dispatchers Power Flow Data – Planning

i. Process Principles


Page: 48 Rev.

November 2017

1.0



Determines the sensitivity of the affected devices as a result to an event. It shall utilize power Grid operational data and mode data to calculate various types of network sensitivities.



Calculates the sensitivity of the active generation output to active multiple lines and tie line interchange, unit reactive generation to bus voltage, transformer tap position to bus voltage, generator group output to active power flow of multiple lines, current network loss sensitivity and penalty factor, and other related sensitivity calculations.

ii. Output Principles

iii.



Sensitivity results



Tabular and graphical presentation Cyber Security

NSA application shall be subjected to the approved security standard criteria. iv.Hardware Architecture NSA application shall be subjected to the approved hardware configuration requirements. 2.3.3.6.Network Topology Analysis a. Description The Network Topology Analysis (NTA) is an application that shall detect and verify the physical topology of the Grid including the connectivity of the equipment. It shall perform analysis of the topological characteristics of the network graphs based on the data input and parameters. b. Process Diagram

Figure 18 - Network Topology Analysis Process Diagram


Page: 49 Rev.

November 2017

1.0

c. Principles i. Data Input Principles 

Network model based on the physical topology of the system.



Station list



Single line diagram



Node input



Device parameters and per unit calculation

v. Process Principles 

Verifies the connectivity of the equipment.



Identifies the buses and islands from the static topology with statuses of breakers and switches concerned. It shall also determine the island states (energized, de-energized etc.) according to the equipment connected in certain islands.



Supports fast search and calculation algorithms.

vi.

Output Principles 

Generates network wiring model, sets up network bus model and electricity island model and provides topology analysis results.



Display error and warning messages of the corresponding device and shall identify if it is fatal or not.



Display the statuses of breakers and switches concerned. It will also determine the island states (energized, de-energized etc.) according to the equipment connected in certain islands.

vii.

Cyber Security

NTA application shall be subjected to the approved security standard criteria. viii.

Hardware Architecture

NTA application shall be subjected to the approved hardware configuration requirements. 2.3.3.7. Security Constraint Dispatching a. Description


Page: 50 Rev.

November 2017

1.0

The Security Constraint Dispatching (SCD) is an application that shall ensure economy and security of the power system operation. It shall control generation facilities to produce energy at the lower cost to reliably serve consumers, recognizing any operational limits of generation and transmission facilities. When a stability threshold has violated the limit, SCD shall eliminate limit violation by regulating the active power output of the generator and when a stability threshold has been overloaded, it shall control certain generator to stop further overload situation. SCD shall provide regulation strategies about generator active power output to the Automatic Generation Control application. b. Process Diagram

Figure 19 - SCD Process Diagram c. Principles i. Data Input Principles 

State Estimator data



Dispatcher Power Flow Case data



Historical Case data

ix.

Process Principles 

Designed to be an optimization process that takes into account various system and customers’ requirements in selecting the generating units to dispatch so that a reliable supply of electricity at the lowest cost possible under the conditions prevailing in each dispatch time interval can be delivered.


SCADA/EMS

51

Date Issued:

Rev. November 2017

1.0



Allocates generation and transmission resources to serve the system load with low cost and high reliability.



Planning for next-day’s dispatch



Dispatching the system in real time

x. Output Principles 

Production of energy “at the lowest cost” and that consumers will be “reliably” served.



Keeps power congestion.



Ensures the reliability of the system and maintains the voltage and frequency.



Coordinates power flow, control, and monitor Grid operations.



Calculates dispatch prices and manage reserve.



Generates real-time dispatch schedule



Generates next-day dispatch schedule



Generates input for AGC



Generates input for NSA



Generates base-case data for Dispatcher Training Simulator

xi.

flow

within

the

limit

and

manage

Cyber Security

SCD application shall be subjected to the approved security standard criteria. xii.

Hardware Architecture

SCD application shall be subjected to the approved hardware configuration requirements. 2.3.3.8.Short Circuit Analysis a. Description The Short Circuit Analysis (SCA) is an application that shall calculate

fault

programmable

current criteria

sources for

to

fault

theoretical

or

points, using reconstructed

situations and scenarios. SCA uses the same solution


Page: 52 Rev.

November 2017

1.0

algorithm as Distribution Power Flow (DPF), representing all loads, capacitor banks and short circuit faults as constant impedances. When a fault occurs in an SCA context, the fault impedance will connect from the fault location to ground, or to another phase, depending upon the fault type. The positive, negative and zero sequence networks are created, and the fault current is computed using the DPF. A short-circuit fault in a power system is an abnormal condition that involves one or more phases unintentionally coming in contact with ground or each other. Performing the short circuit study provides the following benefits: 

reduces the risk a facility could face and help avoid catastrophic losses.



increases the safety and reliability of the power system and related equipment.



evaluates the application of protective devices and equipment.



identifies problem areas in the system.



identifies recommended solutions to existing problems.

b. Process Diagram

Figure 20 - Short Circuit Analysis Application Process Diagram c. Principles i. Data Input Principles 

State Estimator data



Historical Case data


SCADA/EMS

53

Date Issued:

Rev. November 2017

1.0



Per-phase quantities



Specific parameters needed to perform short-circuit calculations for



power systems standard

according

to

the

ANSI/IEEE

141


Calculate the extent of short-circuit current at various points of the power distribution system.



When a fault occurs in an SCA context, the fault impedance shall be connected from the fault location to ground, or to another phase, depending upon the fault type. The positive, negative and zero sequence networks are created, and the fault current is computed using the DPF.


Ensures that existing and new equipment ratings are adequate to withstand the available short circuit energy available at each point in the electrical system.



Ensures that personnel and equipment are protected by establishing proper interrupting ratings of protective devices.



Fault locations (substation, feeder, node/device)



Faulted phases (any combination of single, two and three phase to phase, and phase to ground)



Fault types



Fault impedance



Fault currents



Calculates fault current sources to fault points.



Determine both the switchgear ratings and the relay settings.



Presents voltage and current solutions, including fault current and its distribution in the faulted feeder sections in per–phase quantities, in graphic or tabular display.



Protects personnel and apparatus from the destructive effects of the resulting excessive current flow.

iv.Cyber Security


Page: 54 Rev.

November 2017

1.0

SCA application shall be subjected to the approved security standard criteria. v. Hardware Architecture SCA application shall be subjected to the approved hardware configuration requirements. 2.3.3.9.State Estimator a. Description The State Estimator (SE) shall perform real-time topology processing and estimation of the network state. SE shall calculate an estimated state of the power system based on the SCADA measurement using a least square fit algorithm. It shall convert raw telemetry data, manually entered or scheduled data together with the network model into reliable estimate of the state of the network, thus a realtime reliable power system model and operating conditions shall be available for a variety of other applications. b. Process Diagram

Figure 21 - State Estimator Process Diagram c. Principles i. Data Input Principles 

The communication system shall bring all data to a central location that shall extract the system model in real time using state estimation techniques.



The data shall include measurements generated by traditional SCADA equipment, PMU’s, Digital relays, and Digital fault recorders. These measurements shall be a combination of both scalar and phasor quantities.


Page: 55 Rev.

November 2017 

1.0

Adopts the IEC 61850 standard.


Fetches data values from SCADA operations model, processes topology, estimates the new state, detect bad measurements and returns estimated states to SCADA operations model.



Provides other applications with the current state of the power network.



Determines the approximate solution using weighted least squares state estimation model.

the


Generates a complete and consistent network representation indicating the device states and flow variables.



Determines the data error and provides the estimate based on the available measurements.



Produces specific alarms for any observed system abnormality.

iv.Cyber Security State Estimator applications shall be subjected to the approved security standard criteria. v. Hardware Architecture State Estimator applications shall be subjected to the approved security standard criteria. 5.3.4 Energy Management System (EMS)/ Advance Applications 2.3.4.1.

Dispatcher Training Simulator (DTS)

Electric power systems are facing a multitude of challenges such as growing regulatory and customer pressure for greater reliability, adoption of distributed renewable generation and energy storage, more frequent severe weather and outages, as well as aging workforce and infrastructure. To meet these challenges, the system operators-dispatchers must be well trained and ready to handle any scenario. One best option is to have a Dispatcher Training Simulator wherein all existing power dispatcher shall be subjected to a regular training, as well as those candidate student-dispatchers. DTS empowers


Page: 56 Rev.

November 2017

1.0

trainers and trainees to be properly prepared for a variety of situations. A Dispatcher Training Simulator shall contain an exact replica of the real-time model of the current power system network. A trainer-instructor interacts with the trainee as they perform system control operations under a number of controlled faulted and non-faulted case scenarios. The Instructor shall interact with the dispatcher trainee thru a two- way communication system to issue work instructions. He shall prepare case training scenarios-realistic situations where the trainee-dispatcher has to respond to the situation displayed on the screens. The trainee can manipulate the schedule and generation to control each area within normal operating parameters. Also, the voltage levels can also be changed by the use of common controllable devices such as tap changers, reactive devices, and generator excitation. In today’s dynamic environment, a number of power contingencies seem to grow daily as more demand are placed on the system. System operators must be prepared for possible system challenges, thus, DTS has become an important part of any control center. a. Description The Dispatcher Training Simulator (DTS) is an application that shall be used to train power system dispatcher in addressing power system scenarios. It shall be capable to simulate power system restoration exercises in response to pre-constructed scenarios involving major system disturbances and to a total system blackout. It simulates the behavior of the electrical network forming the power system under various operating conditions, and its response to actions by the dispatchers. Student dispatchers may develop their skills from exposure not only to routine operations but also to adverse operational situations without compromising the security of supply on a real transmission system. DTS empowers both trainers and trainees to be properly prepared for a variety of situations.


Page: 57 Rev.

November 2017

1.0

Figure 22 Dispatcher Training Simulator Process Diagram b. Principles i.

Data Input Principles 

Consistent system model and displays with the realtime system



Case Training scenarios



Actual Event Training scenarios



Total System Restoration from System Blackout



Utilizes real-world training scenarios


User interface and capabilities are identical to that used within the on-line system



Dispatcher Training Simulator (DTS) provides a training system that realistically models the distribution network and interacts with the trainee, simulating events in the control center. The DTS displays various network conditions and simulates events during the training. Trainees’ response to simulated events, generated automatically by the simulator, and his/her actions are tested, evaluated, and potentially improved.



Provides a realistic atmosphere and system responses to actual event and case scenarios.


SCADA/EMS

58

Date Issued:

Rev. November 2017

1.0



Evaluate the action of the student dispatcher in response to the given case scenarios.



The physical DTS environment shall be configured to match the control room environment in every possible details.



DTS Instructor creates scenario, issues command and evaluates performance



DTS Trainee respond to the instructor’s instruction and to the system current requirements.



DTS simulator shall be capable to run steady state and transient state simulations.



Utilizes real-world training scenarios


Empowers trainers and trainees to be best prepared for a variety of situations



Scenarios realistically model distribution network conditions



Training displays occurs on screens are identical to those used for actual operations



Records trainee’s actions and replay the training simulations



Evaluates responses to the given case scenarios



Enhances Grid Dispatchers confidence level



Capability to replay training simulations



Displays output presentations



Improve Grid Dispatchers competency

in

graphical,

tabular

and

3D

c. Cyber Security DTS application shall be subjected assessment of Section 4.4.6.7 Cyber Assessment (of Cyber Assets).

vulnerability Vulnerability

d. Hardware Architecture DTS application shall be subjected to the approved hardware configuration requirements shown in the Figure below.


Page: 59 Rev.

November 2017

1.0

Figure 23 - DTS Hardware Configuration 2.3.4.2.

Generation Schedule

The daily operation and planning activities of the system operation requires the scheduling of the power output of the generators in the power system. Managing this generation asset is becoming increasingly complex – particularly in the face of growing participation of different type of generators: thermal, renewable and distributed generation resources, in the system. System operation faces the challenge of scheduling the energy while considering the scheduling of ancillary services.

a. Benefits The Generation Schedule application shall specifically provide schedule for RTD, hour, day and week ahead projections using inputs from SCADA, state estimation, load forecast, outage schedule and market operations. It shall have the capability to determine the distribution of generation in each generating unit with respect to the available capacity of each generator.

b. Features The generation schedule shall provide an interface with the Dispatcher Power Flow so that users can study the generation requirements of power flow involving future scenarios. Generation Schedule is divided into two modes which are Market Operation mode and System Operation


Page: 60 Rev.

November 2017

1.0

mode. The Generation schedule utilizes the per-plant weekahead, day-ahead, and Real Time Dispatch (hour ahead) market generation forecast (generation requirement per plant for each Operation). The information will be translated into generation requirement for each generating unit. The per unit distribution in a plant shall be according to the present output from SE, SCADA or unit nomination of the plant. The generation outage schedule will be taken consideration so that the units on shutdown will not be included in the distribution of generation. The output of the Generation Schedule shall be displayed in table and can be exported to csv format.

c. Description Generation Schedule application shall be part of EMS advanced applications that are capable to provide and implement generation requirement for each generators. It shall have the SCADA capabilities needed to coordinate the real-time operations of the power plants. It shall have the capabilities to schedule energy while considering ancillary services.

Figure 24 Generation Scheduler Process Diagram

d. Principles i.

Data Input Principles


Page: 61 Rev.

November 2017

1.0

 SCADA The real time power output of all generators from the SCADA shall be used to determine the participation factor of the generator for real time dispatch and hour ahead projection.  State Estimator (SE) The power output estimation of all generators from the State Estimator Application shall be used for determining the participation factor of the generator for real time dispatch and hour ahead projection.  Equipment Outage Schedule (EOS) The generator that is schedule for outage in a particular time shall be inputted in the Generation Schedule algorithm.  Load Forecast (LF) The forecasted generation in the Load Forecast application shall be used for scheduling and shall be divided according to the participating factor of the generating unit.  Market Operation (MO) The data file from the Market Operation shall be used for scheduling in MO-RTD, HAP, DAP and WAP.  Plant Nominations Nominations of generators shall be used to determine the participation factor of the generators for day ahead and week ahead projection. 

Ancillary Services shall be used to determine the maximum power output of the generator for scheduling.

ii. Process Principles Generation shall have the capability to calculate participation factor for each generator. It shall have the capability to calculate and display the generation requirement for each generating unit. It shall also consider the generation outage from EOS so that the units on shutdown will not be included in the distribution of generation. It shall also calculate the system loss.


Page: 62 Rev.

November 2017

1.0

iii. Output Principles The output of Generation Schedule shall be the generation requirement of each generating unit in real time dispatch, in hour ahead, in day ahead, and in week-ahead projection for system operation and for market operation. iv. Cyber Security Generation Schedule application shall be subjected to vulnerability assessment of Section 4.4.6.7 Cyber Vulnerability Assessment (of Cyber Assets). 2.3.4.3.

Automatic Generation Control (AGC)

In an electric power system, Automatic Generation Control (AGC) is a system for adjusting the power output of multiple generators at different power plants, in response to changes in the load. Its main purpose is to maintain the system frequency close to a specified nominal value of 60 Hertz. The actual operation of the power system requires a form of speed control, and the basic controller for speed is the governor which maintains the energy generation of a generator in response to generator speed. The sudden loss of a generator can instantaneously create a large imbalance between generation and load. Balancing generation and load instantaneously and continuously is difficult because loads and generators are constantly fluctuating. This is due to minute-to-minute load variability results from the random turning on and off millions of individual loads. Regulation and Load following are services required to continuously balance generation and load under normal conditions. Load following and regulation ensure that under normal conditions, a control balance is able to balance generation and load. Regulation is the use of on-line generator, storage, or load that is equipped with the AGC that can change output quickly to track the moment-to-moment fluctuations in customer loads and to correct for the unintended fluctuation in generation. Regulation helps to maintain interconnection frequency, manage differences between actual and scheduled power flows between control areas, and match generation to load within the control area. Load following is the use of online generation storage, or load equipment to track the intraand inter-hour changes in customer loads.


SCADA/EMS

63

Date Issued:

Rev. November 2017

1.0

Ancillary Services relates to those functions performed by the equipment and people that generate, control, and transmit electricity in support of the basic services of generating capacity, energy supply and power delivery. It provides the resources required by system operator to reliably maintain the instantaneous balance between generation and load. Thus, power system reliability depends upon the ancillary services that system operators obtain to maintain generation and load balance under normal and contingency conditions. a. Description The AGC shall calculate the required parameters or changes to optimize the operation of generation units. The AGC software shall use real-time data such as frequency, actual generation, tie-line load flows, and plant units’ controller status to provide generation changes. The AGC system shall determine the parameters required for load frequency control and shall provide the required data on demand to maintain system frequency and power interchanges with neighboring systems at scheduled values.

Figure 25. Automatic Generation Control Process Diagram b. Principles i.

Data Input Principles 

Collect telemetry for all required quantities from SCADA



Unit measurements, output)

(Measurement

of

generator


SCADA/EMS

64

Date Issued:

Rev. November 2017

1.0



Tie line measurements (Measurement flows)



Area measurement (System frequency, Nominal Frequency, Time Error and Area Control Error)

of tie-line


Re-calculates the Area Control Error (ACE)



Calculates control allocation



Issues control to generators



Multi-level hierarchical and coordinated control



Close-loop control with ultra short-term load forecast to achieve advance control.



Online statistics regulation for speed and accuracy



Multiple unit control mode and flexible strategy for a hydro-thermal unit group



Original AGC standard



Closed-loop control with Security Constraints Dispatch (SCD) to achieve the desired correction.



Interfaces with SCADA system and provides supplementary control that automatically adjusts the active power output of electric generators in the power Grid in response to frequency deviation from the nominal value of 60Hz. The deviation shall be determined as the mismatch between generation and load in the power Grid. The generation-load mismatch and deviation in the tie-line flows shall be considered in the calculation of the Area Control Error (ACE) and shall be able to provide supplementary control appropriate to this situation.



Maintains system frequency to a specified nominal value



Maintains power interchange across boundaries of the operation area at the scheduled value.



Coordinates with the SCD to ensure the economy and security of power system operation.



Modes of Control (Flat Frequency Control, Flat Tie Line Control and Tie Line Bias)

control

strategy

adaptive

control to

CPS


SCADA/EMS

65

Date Issued:

Rev. November 2017

1.0



Unit Control



Base point mode (Auto, Sche, Base, Prop)



Regulation power mode (Off-Regulated, Regulated, Assistant, Emergency)


Regulates the system nominal value of 60 Hz.



Maintains net boundaries



Automatic time correction



Support standard control performance, criteria and CPS1, CPS2 criteria



Displays online statistics to show regulation response time, control accuracy, and other parameters that shall indicate AGC regulation performance.



Economic Control



Maintains net interchange



Monitor control performance



Regulates the system nominal value of 60 Hz.



Maintains net boundaries



Automatic time correction



Support standard control performance, criteria and CPS1, CPS2 criteria



Displays online statistics to show regulation response time, control accuracy, and other parameters that shall indicate AGC regulation performance.



Economic Control



Maintains net interchange

c. Enhanced AGC

frequency

interchange

interchange

power

equal

frequency

interchange

interchange

to a

across

A1,

the

A2

to

scheduled

to a

specified

power

equal

specified

across

to

A1,

the

A2

scheduled


Page: 66 Rev.

November 2017

1.0

Automatic Generation Control application at the master station shall be enhanced to cater the dispatching needs whenever the Market Operations real-time dispatch (RTD) tuned into a finer resolution. This application shall be utilized, in replacement of manual dispatch by the Grid Dispatcher, not only for frequency regulation but also for energy regulation. This shall have the capability of interpreting the MO RTD data through automatically selecting its different modes of giving commands based on the power plants’ schedule as energy or as an ancillary service provider or both. Commands from the enhanced AGC shall be dependent on the power plant type and its ramp rate. 2.3.4.4.

Automatic Voltage Control (AVC)

A look at historical perspective of the electric power industry shows that demand for electric power has been continually increasing. The need for electrical power was perked up by technological advancements that spawned new industries which, among others, also produced electricity consuming devices that caters to human needs and comfort. The steady growth of human population has amplified electrical consumption attributed to these devices. This phenomenon of increasing electrical power demand have also been manifested in the Philippines – more specifically Luzon, Visayas, and Mindanao. Rising demand gave rise to voltage issues - low voltage in some parts of the Grid during periods of high demand and high voltage during periods of low demand. The various voltage ratings of buses in the power system – generating unit buses, switchyard buses, substation buses, and distribution substation buses must be maintained within permissible limits to achieve satisfactory operation of all electrical equipment. Most of these electrical equipment can tolerate long term voltage variation within ±5% of the nominal value. Sustained operation beyond the permissible band can lead to shorter service life and may also interfere with the stable operation of synchronous and induction machines. Solution to mitigate the voltage issue was primarily focused on the installation of MVAR resources such as capacitor banks and static VAR compensators. Capacitor banks are put on line and off-line through dispatcher action depending on the voltage situation. However, an electric power Grid is dynamic


Page: 67 Rev.

November 2017

1.0

and complex. Manual dispatch of MVAR resources may no longer be sufficient to resolve at the right time the ever changing voltage issue which is also as dynamic as the power Grid. In the power Grid, frequency and voltage are the two major indicators of power quality. AGC plays particular emphasis on frequency control, while AVC focuses on voltage control. Central management of the MVAR resources with the capability to respond in real time to the voltage issues coupled with judicious installation of MVAR resources is a promising strategic approach to rectify voltage problems. The voltage reactive power optimization of the whole network is the core and foundation of the implementation of AVC system, therefore the voltage reactive optimization in AVC has a higher requirement on computation speed and robustness. The AVC system is a distributed control system, namely the hierarchy control of centralized decision, and SCADA is its core data processing and control system. Adoption of AVC for the regional control centers of Luzon, Visayas, and Mindanao is a necessary to address the issues of voltage collapse. a. Description Voltage control in an electrical power system is vital in the operation of electrical power equipment, to reduce transmission losses, and to maintain the ability of the system to withstand and prevent voltage collapse. The basic objectives of the AVC application are voltage stability and reactive power balance in the whole Grid. It maintains the voltage profile of a power system in an acceptable range and minimizes the operational cost by coordinating the regulation of controllable components. Automatic Voltage Control has an optimization algorithm that determines the optimal allocation of MVAR resources to maintain bus voltage values within permissible limits subject to Grid operational constraints. The results of the optimization runs are control commands to different MVAR resources – tap change in OLTCs at sending end and receiving end of transmission lines, breaker opening/closing for capacitor banks, static VAR compensators, excitation voltage control for generators, etc. – to maintain bus voltages within prescribed limits.


Page: 68 Rev.

November 2017

1.0

The AVC application principles shall be anchored on five (5) key factors, namely: 

Security The AVC system shall incorporate control interlocking between plant and station’s equipment to ensure operational safety. It must generate appropriate alarms when the threshold and operating limits are exceeded.



Reliability The reliability of the AVC system must be given primary consideration. The switching method between the master and backup servers must be done automatically and the process must be seamless.



Real-Time The AVC system shall be able to extract and process data in real-time mode. This is to ensure that when voltage exceeds the operating limit, the AVC system can immediately issue corrective action.



Expandability The AVC system must be able to expand the existing network model due to accommodate new power plants and transformers without affecting its usual operating performance.



Open-System The data interchange between AVC system and power plants and substations must be realized through various standards industrial protocols in the dispatch system. Likewise, AVC application shall conformed to international standards.


Page: 69 Rev.

November 2017

1.0

Figure 26. Automatic Voltage Control (AVC) Process Diagram/Framework b. Principles The framework of the Automatic Voltage Control (AVC) can be described as shown above. The framework shows the input, the process and the output. i. AVC Data Input 1. Grid models from the NETMODEL application using an IEC61970 standard CIM model. 2. Real-Time measurement data, including active power, reactive power, voltage measures and status from the SCADA application. The participating power plants and substations must need to input relevant control state, interlocking state and adjustable reactive power of units to the AVC application. 3. State Estimator that shall filter bad data and provide AVC with a reliable estimate of the state of the electrical network. 4. Historical data shall provide the data pool that will be needed for the AVC capability assessment on the response of various MVAR resources to AVC control commands.


Page: 70 Rev.

November 2017

1.0

5. AVC shall have also the capability acquire for hour, day and week ahead simulation case results. ii. AVC Process 1. The AVC shall have the capabilities for monitoring and control processing to include the following: a. b. c. d.

real-time data processing, on-line partitioning, operation monitoring, control decision-making and control implementation and interlocking settings.

2. The AVC shall be provided with a historical records and statistical information. This provides user inquiries, analysis and evaluation of the reactive power and voltage. 3. The control process of reactive power optimization automatic control system shall conform as shown in Figure 9. The system firstly collects the real-time operation data of whole power Grid from dispatch SCADA for the voltage and reactive power analysis, then it takes minimum power loss of whole power Grid as objective function and adopts the methods like power flow calculation to repeatedly obtain second-best solution within the scope of minimum numerical value and calculate the action times of capacitor and main transformer tap changer. When the action times reaches its minimum value, the corresponding solution is the optimal solution. The AVC system, based on that, forms three kinds of instructions including the switch instruction of transformer substation capacitor, regulating instruction of main transformer tap, and economic operation instruction of multiple main transformer. All of these instructions will be executed by the dispatch center of power Grid and the control system of SCADA monitoring center and that cycle repeats.


Page: 71 Rev.

November 2017

1.0

Figure 27. Control Process of Reactive Power Optimization a. The Principles of Optimal Control shall be applied whereby the voltage and reactive power integrated control is to comprehensively regulate the voltage and reactive power of power substation through two distinguishing variable, voltage and reactive power, so as to keep the voltage within qualified range and realize the reactive power balance at the meantime. Voltage and reactive power integrated device has set up the bounds of voltage and reactive power. Jiugong Diagram as shown in Figure 28 shall be used to establish bounds of voltage and reactive power. The bounds of voltage are set according to the acceptable voltage range, while the bounds of reactive power are based on the principles of keeping basic balance among each capacitance, capacitance deviation and reactive power, and keeping a relative balanced switch.


Page: 72 Rev.

November 2017

1.0

Figure 28. Jiugong Diagram b. AVC shall be provide with Open Loop and Close Loop capabilities 

Open Loop AVC monitors voltage and reactive power, then recommends strategy after the calculation and analysis, but do not send remote commands. Adjustment will be manually done by the control engineer.



Close Loop AVC monitors voltage and reactive power, recommends strategy after the calculation and analysis, then sends command to FES. The command will be executed immediately.

4. AVC Web Application shall be provided. The results of real time AVC information will be replicated at the DMZ zone to provide info plants and substation operator on duty. iii. AVC Output The output of AVC application shall l send remote control and regulation commands to the power plants and substations.


Page: 73 Rev.

November 2017

1.0

1. AVC shall support two control modes: a. Distributed Control Mode: The power system is divided into independent subsections owned by per Area Control Center (ACC) having its own area of responsibility for controlling. The AVC regulates orders that include the setting values or adjustment values of power plants, busbar voltage, and/or gateway reactive power. In centralized control mode, Regional Control Center (RCC) processes mainly the feedback of various kinds of information for the whole infrastructure, directs control instructions, and control and operate all the activities in the infrastructure. b. Centralized Control Mode: In this control mode, RCC processes mainly the feedback of various kinds of information for the whole infrastructure, directs control instructions, and control and operate all the activities in the infrastructure. AVC sends remote control commands that include capacitor and reactor switching, regulate orders on OLTC adjustment, setting values or adjustment values of synchronous compensator voltage or reactive power output and setting values or adjustment values of SVC voltage or reactive power output. 2. AVC shall also provide output results to the different plants and substations thru web base technology. This web base technology will provide information to control engineers on duty to monitor properly their MVAR devices that are being controlled by the control center. AVC shall also be provided with advance method of visualization to effectively manage and response to any voltage problem that may occur in the Grid. 2.3.4.5.

Variable Renewable Energy (VRE)

The share of variable renewables energy in overall power generation in the Philippines is rapidly increasing. Furthermore, the ambitious targets to transform the power sector towards renewables are on its way for implementation. These current resurgences of interest experienced in the


Page: 74 Rev.

November 2017

1.0

Philippines in the use of renewable energy is driven by the need to reduce the high environmental impact of fossil-based energy systems as well as incentives provided by the Philippines government in placing variable renewable energy. The VRE characteristics that require specific measures to integrate these technologies into NGCP power systems are:    

variability due to the temporal availability of resources; uncertainty due to unexpected changes in resource availability; location-specific properties due to the geographical availability of resources; and low marginal costs since the resources are freely available.

Reaping energy from variable renewable energy on a large scale is unquestionably one of the main problem and challenges facing the NGCP’s electrical Grid. Also, the variability and uncertainty of wind and solar generation are major complications that must be addressed before the full potential of these renewables can be reached. Thus, the structure and operation of existing power Grid infrastructures will require substantial transformation as the share of renewable power generation increases. These substantial transformations in the existing NGCP’s power Grid shall enable to:  

 





allow for a bi-directional flow of energy; that is top-down (from generators to users) and bottom-up (with end-users contributing the electricity supply) aimed at ensuring Grid stability when installing distributed generation; establish an efficient electricity-demand and Grid management mechanisms aimed at reducing peak loads, improving Grid flexibility, responsiveness and security of supply in order to deal with increased systemic variability; improve the interconnection of Grids at the regional, national and international level, aimed at increasing Grid balancing capabilities, reliability and stability; introduce technologies and procedures to ensure proper Grid operation stability and control (e.g. frequency, voltage,


75 Rev.

November 2017



Page:

1.0

power balance) in the presence of a significant share of variable renewables; and introduce energy storage capacity to store electricity from variable renewable sources when power supply exceeds demand and aimed at increasing system flexibility and security of supply.

The implementation of Smart Grid technologies can act as an “enabler” for these transformations by incorporating Grid elements of smart functionality to balance supply and demand, together with information and communication technologies to increase flexibility, improve reliability and efficiency and support the integration of renewables. Among of these technologies is an introduction of Advance Application so called VRE Forecasting, Monitoring, Analysis and Control which will address the required transformation as stated in item d and e above. a. Description The Renewable Energy Monitoring, Analysis and Control is an application developed on the context to implement comprehensive renewable energy monitoring, data analysis and control. The SCADA database model supports model description of renewable energy generation equipment such as wind turbine units and photovoltaic inverter units. The application functions comprise of Real-Time Operation Monitoring, Operation Statistics Analysis, and Dispatching Evaluation and Control. Control of the renewable energy can be done through AGC application. The conventional power plant and the renewable plant will combine together as control objects to response the variability of these resources. However, this application functions need to have some data input Data Management as well as Data Acquisition and Communication as shown diagram below.


Page: 76 Rev.

November 2017

1.0

Figure 29. Process Diagram/Framework for VRE Monitoring, Analysis and Control b. Principles 1.

Data Acquisition and Communication Data that will be collected from the different VRE’s shall conform to the requirement of the different applications. These data input are be defined in Section 2: Real Time Data Monitoring.

2.

VRE plant shall be required to have controller to perform following: a. Can receive new target values for active/reactive power from Grid operator SCADA/EMS system. b. Real Time Data Acquisition  Plant Operation related data  Weather Data c. Automatic reduction of active power at a deﬁned Grid frequency according to a deﬁnable characteristic curve. d. Ramp Rate Control 3. Communication Protocol The Power Plant Controller shall receive setpoints in digital and analog form via Modbus/TCP, IEC 60870-5-101, IEC 60870-5-104, IEC 61850 or DNP3. The measured values that the Power Plant Controller receives are


Page: 77 Rev.

November 2017

1.0

measured at the point of interconnection, and transmitted to the Power Plant Controller as analog values or via standard protocol 4. Other Protocol Supported IEC 61870-555 via SFTP for generator unit status data, power forecast curve and short-term power forecast curve.

c. Data Management 1. Analog data receive shall be processed according to its reasonableness check, multiple substitution processing, limit violation monitoring, zero-drift processing and abrupt change monitoring and so on. 2. Status data receive shall be processed according multiple types of COS alarms, disturbance judgment, double position status processing and so on. 3. All analogs (including calculated amount) and statuses have data quality code so that the degree of reliability of data can be reflected. 4. Real Time calculation shall be provided 5. Shall support different types of control and regulation including the following: a. Breaking and closing of circuit breakers and isolating switches; b. Adjustment of transformer tap c. Enable/disable and adjust reactive compensation devices; d. Enable/disable automatic generation control device of generator (local or remote); e. Control remote regulation of generator, including set point control, set value condition and pulse width output; f. DC power regulation; g. Sequence control i. Capability to store the real-time data to IS&R and Data Historian ii. Shall be provided with WEB base application to share VRE monitor, analysis and control output. iii. Capable to received data from VRE forecasting application.


Page: 78 Rev.

November 2017

1.0

iv. Capable to send VRE real time data to VRE forecasting application. v. SE data shall be used in the absence of VRE telemetered data. vi. Shall be compliant to latest version of CIM XML model and graphics standard. d. Application 

VRE Forecasting Tool This function shall assist the System Operations in producing and submitting to a Market Operator a VRE Aggregated Generation Forecast in accordance with the expected performance required by the Philippine Grid Code. These forecasts shall cover at least 24 hours and will be updated with the periodicity the System Operations considers suitable but, at least, once every trading period as indicated in the WESM Rules. The functionality shall include the following environment: 1. A development environment where NGCP will be able to develop VRE Forecasting Models using various prediction techniques and shall be capable to integrate real-time observations 2. A testing environment for the forecasting models without disrupting normal forecast production process and capability to adjust confidence levels and other factors for fine tuning 3. A production environment where NGCP will be able to access and export the 5-minute interval forecasts, the stochastic forecasts (ramp, prediction interval, and ensemble), as well as the forecast accuracy reports, such as Mean Absolute Percentage Error (MAPE) and 95th Percentile Error)



Real-Time Operation and Monitoring This function focuses on monitoring the real-time wind power, photovoltaic intensity, and renewable energy generation output status. The monitoring hierarchy shall follow the Unit/Plant/PlantCluster/Region/All Grid structure. Operational management data such as the generation schedule is also included in the function


Page: 79 Rev.

November 2017

1.0

process as reference data. This function also provides an alarming service for extreme situations such as intensive disturbance accidents occurring in wind power plants or photovoltaic power plants. 

Operation Statistics and Analysis This function performs statistics analysis on renewable energy generation characteristics data and generates key indicators. It calculates the generation capabilities based on real-time resource distribution.



Dispatching Evaluation and Control. This function comprehensively analyzes all related data in the system, and makes an overall evaluation of the wind/photovoltaic dispatching process including plant forecast, master station forecast, schedule, control, and operation.



Automatic Generation Control 1. Periodically interact with other applications to acquire analog, status measurements/state related to renewable energy power generation. Rationality validation will be conducted. 2. Renewable Energy AGC supports multiple-area simultaneously control. Control functions include: manual-set, frequency regulation, peak regulation, transmission line regulation, schedule tracking and etc. 3. Regulate active power of renewable energy power plants. Regulation applies grouping, multiple rule priority, proportion distribution strategies. It supports distribution among power plants within a plants cluster using priority distribution and proportion distribution. 4. Ensure the safety and stability of area internal transmission lines. Perform active power control over multiple transmission line targets and satisfies each power plant’s safety constraints. 5. Monitor the control command response of each renewable energy power plant. For power plant which does not react to the control center regulation commands, transfer its generation norm to other


Page: 80 Rev.

November 2017

1.0

renewable energy power plants which have abundant power generation capacity. Thus to maximally utilize the VRE power generation norm. 6. Send dedicated test signal to renewable energy plant to test the response characteristics of active power regulation control. Program will automatically record the detailed information for each test case. 2.3.4.6.

AS Compliance Monitoring

Ancillary Service Providers are NGCP’s accredited generating plants who offer active power service to provide necessary support to the transmission capacity and energy that are essential in maintaining power quality and reliability of the Grid such as: 

Primary Reserves are generator unit/s in Governor Control Mode (GCM) that response to frequency change, in which generator’s output are based from unit dead band and droop settings.



Secondary Reserves are generator unit/s in Automatic Generation Control Mode (AGCM) that is used to regulate the system frequency or maintain the tie-line MW loading, controlled by the SCADA Master Station



Tertiary Reserves are generator units that are being dispatched by the Grid Dispatchers to replenish lost Primary and Secondary reserves during emergency conditions or Grid disturbances.

These generators shall comply with the required MW output which are being evaluated by NGCP every intra-hour. Ancillary Service Providers are rated according to their schedule and performance based on their mode of operation (MOP), as either Governor Control Mode (GCM) or Automatic Generation Control (AGC) Mode. NGCP assesses the compliance of the Ancillary Service Providers based on their actual performance versus the computed/expected performance and releases the performance result monthly. a. Description


Page: 81 Rev.

November 2017

1.0

Ancillary Service (AS) Compliance Monitoring is an automated innovation to replace the manual practice in evaluating the ancillary service units that is done on a monthly basis. The application is intended to provide better Grid management by alerting Grid Dispatchers and concerned AS provider plants for all non-compliant ancillary service unit/s operating every intra-hour, thus providing the Grid Dispatchers options to replace/stop noncompliant units to ensure the quality of the System Grid. Users of this application will benefit from the real-time monitoring of compliance of all Ancillary Service Providers and report generation necessary for the monthly billing issued. All these benefits will be materialized through the algorithms embedded which with different calculations on: 1. 2. 3.

Primary Reserves as Governor Control Mode (GCM) Secondary Reserves Tertiary Reserve


Page: 82 Rev.

November 2017

1.0

Figure 30. Process Diagram of AS Compliance Monitoring Application b. Principles


Page: 83 Rev.

November 2017

1.0

The framework of the AS Compliance Monitoring described above shows the input, the process and the output of the application. c. Data Input Requirements Inputs required as detailed in the process flow diagram shown in Figure xxx will be used for AS provider’s compliance analysis or algorithm. All inputs necessary are discussed below. 1. Operating Mode – The schedule of AS providers as Primary, Secondary and Tertiary Reserves which are indicated in the current Market Operation data. Mode of operation of a generating unit, classified as Governor Control mode or Automatic Generation Control Mode, will determine what algorithm that will be used for the calculation. 2. RTD MW – Part of the Market Operator (MO) Data that provides the target MW generation of the unit for the prescribe time duration of the RTD. 3. Realtime Data – Realtime Data necessary for this application such as; the actual system frequency, generating unit’s active power output, droop settings, unit dead band, generator breaker status, alarms and events. 4. AGC Data – data necessary for the computation of AS compliance of units operating as AGC such as; desired generation, maximum step setting and control deadband. These data are computed values in current SCADA system and are not acquired from the field devices. 5. Generating unit’s Capacity – The current capacity of the generating unit for the prescribe time duration of the RTD that can also be acquired through MO data. 6. SO Intervention – This is a setting manageable during the operations, designed specifically to temporarily


SCADA/EMS

84

Date Issued:

Rev. November 2017

1.0

stop the calculation whenever a Grid disturbance happened or offline communication between Control Center and RTU occurs that affects the AS operation. d. Processing Requirements Compliance calculation shall be classified into three different types depending on the mode of operation of an Ancillary Service provider, which shall run independently from one another. The modes of operation are: 

Governor Control Mode (GCM) Compliance of AS providers operating in GCM shall be calculated based its accuracy to react to actual system



frequency Automatic Generation Control (AGC) Mode Compliance of AS providers operating in AGC Mode shall be calculated based on its accuracy to react to



ACG command Tertiary Reserve Compliance of AS providers operating

as Tertiary

Reserve shall be calculated based on its reaction every time the primary and secondary reserves are depleted and when the reserves return to its normal level e. Notification and Report Generation This application has the feature of real-time monitoring of AS providers compliance, calculate and post latest compliance every after intra-hour. Notification shall be issued every time the calculation result for a generating unit is non-compliant. f. Report Generation frequency Another feature of the AS compliance monitoring application is the report generation with a format same of what is used by the end user. This feature shall be made accessible at any time to ensure of the application’s high usability and availability. Calculation Reports shall be automatically generated every hour and/or customizable based from the Users preference. g. Data Output Requirements


Page: 85 Rev.

November 2017

1.0

All necessary output data from the calculation made by this application shall be made available on the dedicated display page. These shall include the following: 

Date and Time – It is the time when the generating unit has to react for frequency regulation or correction.



Name of generating unit – This is the SEIL name of the generating unit from an AS provider.



Mode of Operation – This is classified as: Primary reserve as Regulating reserve, Primary reserve as Contingency reserve, Secondary reserve as Regulating reserve, Secondary reserve as Contingency reserve and Dispatchable reserves. These can be seen on the MO data.



Generating power before the frequency regulation occurred – This is the generating power of a unit at the time when the system frequency breached the dead band or when AGC command is issued.



Expected Power – This is the active power calculated by the algorithm which will be the basis for the unit compliance for GCM or the desired generation calculated for AGC and the desired power instructed by the Grid Dispatcher.



Actual Power Output – This is the actual generating power captured upon reaching the time required for the unit to attain its expected power.



System frequency breaching dead band – The numerical value of this system frequency is the sum or difference of nominal frequency (60Hz for the Philippine standard) and the unit dead band.



Percentage accuracy – This is the quotient of Actual Power Output and Expected Power.


SCADA/EMS

86

Date Issued:

Rev. November 2017



1.0

Compliance result – This is either “Pass” or “Fail” depending on the requirement of the percentage accuracy.

h. Cybersecurity Ancillary Service Monitoring application shall be subjected to vulnerability assessment of Section 4.4.6.7 Cyber Vulnerability Assessment (of Cyber Assets). i. Hardware Requirements This application shall be subjected to the approved hardware configuration requirements considering all inputs, process and outputs discussed previously. Also, hardware configuration shall consider the number of data to be processed shown below.

Freq Numb er of data per hour

360 0

P (MW) 3600

GCM droop unit settin deadban g d 3600 3600

P (MW) 3600

AGC Desired Generati on 3600

32,400

Total data per hour

Table 1 – SCADA Data for GCM and AGC

Tertiary Reserve Market Operations P (MW) Number of data per hour Total data per hour

3600

breaker status 3600

Market Operation s RTD File 12 files

12 files

Control Deadban d 3600


Page: 87 Rev.

November 2017

1.0

Table 2 – SCADA Data for Tertiary Reserve and RTD Files The tables above show the total number of data available in SCADA that are to be processed in one hour for one generating unit.

2.3.4.7.

Wide Area Measurement System (WAMS)

For decades, traditional power system operation and control has been performed by systems built with a centralized architecture, using Supervisory Control and Data Acquisition (SCADA) systems and Energy Management Systems (EMS). These systems were designed to collect measurements at a data rate on the order of seconds. Due to these low data rates, SCADA systems are only able to provide snapshots of the power system in steady state rather than capturing the power system dynamics in real-time. SCADA/EMS solutions have performed well in the traditional power system operation and control where sufficient security margins and reserves are available. However, due to the increasing connection of power sources providing intermittent generation like VREs’, increasing consumption, increasing interconnection of Philippine Grids, and regulatory constraints on the deployment of new lines, modern power systems tend to operate much closer to their limitations than they used to. These changes necessitate greater Grid situational awareness on the part of the ICT systems supporting power system operation and control. Security and stability have always attracted the major interests of power system planners, designers and engineers responsible for reliable system operation. In last two decades, a number of blackouts occurred all over the world and significantly impacted national economies, as well as the approaches for ensuring secure power delivery. The analysis of these blackouts has concluded that the traditional protection and control principles cannot prevent and cope with cascading failures and limitations of approaches based on the usage of local information without a coordination of control actions. The development of Smart Grid, communication technology and phasor measurement units (PMUs) provide a strong technology support for this kind of applications.


Page: 88 Rev.

November 2017

1.0

Wide area monitoring systems (WAMS) are essentially based on the new data acquisition technology of phasor measurement and allow monitoring transmission system conditions over areas in view of detecting and further counteracting Grid instabilities. Current, voltage and frequency measurements are taken by Phasor Measurement Units (PMUs) at selected locations in the power system and stored in a data concentrator every 100 milliseconds. The measured quantities include both magnitudes and phase angles, and are time-synchronized via Global Navigation Satellite System (GNSS), e.g. GPS and GLONASS receivers with an accuracy of one microsecond. The phasors measured at the same instant provide snapshots of the status of the monitored nodes. By comparing the snapshots with each other, not only the steady state, but also the dynamic state of critical nodes in transmission and subtransmission networks can be observed. Thereby, a dynamic monitoring of critical nodes in power systems is achieved. This early warning system contributes to increase system reliability by avoiding the spreading of large area disturbances, and optimizing the use of assets. Thus, having a Wide Area Monitoring, Protection and Control Systems can significantly contribute to a more secure and reliable operation of power systems, efficiently coping with a number of system changes expected in Grid. a. Description Wide Area Measurement System (WAMS) is technology to improve situational awareness and visibility within power system of today's and future Grids. It uses real time synchrophasor data to measure the state of Grid that enables improvement in stability and reliability of power Grid. WAMS architecture plays an important role in these real time and data intensive systems. Proper selection of WAMS architecture helps immensely in achieving the benefits of WAMS technology namely increase in stability and reliability of Grid. The factors like PMU data acquisition, decision making based on PMU data and the enactment of actions based on decision making determine the architecture details of WAMS.


Page: 89 Rev.

November 2017

1.0

Figure 31. WAMS Process Diagram b. Principles i.

Data Input Principles The PMUs are devices that calculate synchrophasors, frequency, and the rate of change of frequency based on measured power system quantities.  

All above measurement definition shall be in accordance to IEEE standard C37.118.1. PMU shall have the following element as shown:

Figure 32. Elements of a PMU  



Time-tagging of the synchrophasor shall conform to IEEE C37.118.1. Total Vector Error (TVE) shall be used as the primary measure of the accuracy of the estimated synchrophasor . Shall support IEEE 1433, P1597 serial or Ethernet protocol.


Page: 90 Rev.

November 2017 

ii.

1.0

The structure and content of the PMU data frame shall conform to IEEE C37.118.2 standard.

Process Principles PDCs are components at the Data Management Layer. PDCs shall be designed to gather data from the connected PMUs, sort and align data, reject bad data, alter the frame rate of the PMU data (up or down sample the PMU data), and create snap-shots for a wider part of the power system from the PMU data, which is simultaneously recorded. 

 



 





A capability to filter out data with notable delays and then sort the timely data into a time synchronized dataset. Correlate phasor data by time tag and then broadcast the combined data to other systems Conform to streaming protocol standards (e.g., IEEE C37.118) for both the phasor data inputs and the combined data output stream. Verify the integrity and completeness of data streams from PMUs and properly handle data anomalies Buffer input data streams to accommodate the differing times of data delivery from individual PMUs. A local PDC shall be located physically close to PMUs to manage the collection and communication of timesynchronized data from local PMUs, send it to higher level concentrators, and store the data for use within local location. A local PDC shall store a small cache of local measurements to prevent against network failure. A PDC that aggregates data from multiple PDCs shall conduct real-time data quality checks and calculations at very high speed before the next set of values arrive. Conceptual Levels of PDCs


Page: 91 Rev.

November 2017

1.0

Figure 33. Conceptual levels of PDCs iii.

Output Principles Phasor data applications can shall be grouped into three categories: a. Applications to support real-time Grid operations by providing wide-area visualization and increased state awareness.  Wide-Area Situational Awareness,  Frequency Stability Monitoring and Trending,  Power Oscillations, Voltage monitoring and trending,  Alarming and setting System Operating Limits;  Event detection and avoidance,  Resource integration,  State estimation,  Dynamic line ratings and congestion management,  Outage restoration,  Operations planning b. Applications to improve system planning and analysis, including power system performance baselining, event analysis and model validation, and  Baselining power system performance  Event analysis  Static system model calibration and validation


Page: 92 Rev.

November 2017     

1.0

Dynamic system model calibration and validation Power Plant Model Validation Load Characterization, Special protection schemes and islanding Primary Frequency (Governing) Response

c. Response-based control applications that use realtime wide area information to take automated control actions on the power system.  Fast Reactive Switching  Coordinated Secondary Voltage Control  Inter-Area Oscillation Damping Controls  Equilibrium State Control iv.

Data Storage Data historians shall be used to manage large volumes of time-stamped measurement data, and shall be used to save and retrieve phasor data. The minimum possible size storage is 10 bytes per timevalue pair (4 bytes for time, 4 for data and 2 for flags) within a historian. Thus, a PDC that collects data from 100 PMUs of 20 measurements each at 30 samples per second, will require a little over 50 GB/day or 1.5 TB/month refer Table 3

Samples 2

Number of PMU’s and kbits/sec 10 40 100

per Second 30 57 60 114 120 229 Table 3. — Approximate

220 836 440 1,672 881 3,345 bandwidth (kbits/sec)

2,085 4,170 8,340 as a

function of PMUs and sampling rate (Assumes 20 measurement per PMU (16 are used for 8 phasors) Phasor data archived shall be at least one year to facilitate disturbance investigation and research. v.

Redundancy Requirement As phasor data becomes more critical, redundant PDC shall be required in both primary and backup control centers. Continuous availability is assured by increasing redundancy throughout the synchrophasor data system.


Page: 93 Rev.

November 2017

1.0

PDCs should be implemented as a redundant pair in control center environments to assure that there are no systemic data gaps as standard maintenance is performed on PDCs refer figure below.

Figure 34. Redundant PDC and Communications Conceptual Model vi.

Cyber Security WAMS shall be subjected vulnerability assessment of Section 4.4.6.7 Cyber Vulnerability Assessment (of Cyber Assets).

2.3.4.8.

Fault Information/Data System

a. Description It usually takes the dispatchers a lot of time to acquire fault information and make decision after the occurrence of outage contingency. Furthermore, when a subsequent multiple ccontingency (N-k) occurs, or breakers and protections fail to operate or misoperate, it is much more difficult to rapidly and accurately identify the fault type.


Page: 94 Rev.

November 2017

1.0

The purpose of the Fault Ino/Data System is to promptly and automatically diagnose the power Grid faults by fault information or data smart analysis, and to provide critical decision support for dispatchers to initiate corrective interventions and implement necessary action to restore the Grid to normal state or to retain stability of the power Grid. The Fault Info/Data System shall be linked to Protection Relays and Network Disturbance Monitoring Equipment (NDME) such as Fault Recorders, Transient Recorders, and Disturbance Recorders which currently send fault data to the existing Protection Management System (PMS). The system shall also have link to existing Geographical Information System (GIS) to gather spatial or geographical location data and to a weather station, the PAGASA, for weather updates and conditions. Data collected from the different sources shall be stored in an Open Platform for Communication (OPC) server with capability to analyse Common Format for Transient Data Exchange (COMTRADE) file from these different sources. Further, the system shall support communication protocols for remote control, protection access, fault recorder access and data transfer to master system. The Fault/Data system shall also be linked to the Front End System (FES) server of the SCADA/EMS system for collecting other relative fault data and information sent by a Remote Terminal Unit (RTU). Likewise, the system through the FES shall also collect substation or localized real time weather data from the existing weather monitoring equipment installed in various Area Control Centers. (ACCs). Figure xxx shows the Fault Info/Data System architecture.


Page: 95 Rev.

November 2017

1.0

Figure 35 – Fault Info/Data System Hardware Architecture

Figure 36 – Fault Info/Data System Process Diagram b.

Input Requirements Data input of the Fault Info/Data System includes information and/or data from Protection Relays, Disturbance Monitoring Equipment (NDME) , Geographic Information System (GIS), System Integration Protection System (SIPS), Weather Forecasting Tools, and Remote Terminal unit (RTU) including HVDC Real-time operation and HVDC Protection system. 1. Fault Info/Data The information/data collected from the aforementioned sources is useful to identify the Grid fault for immediate


SCADA/EMS

96

Date Issued:

Rev. November 2017

1.0

restoration to normal operating condition the affected equipment when fault occurs in the Grid Other info/data such as waveform files, the protection operation reports, and protection equipment settings, if needed, can be accessed or remotely accessed automatically or manually within an acceptable response time. 2. Protection Relays Data such as relay indications relay waveform (voltage, current, frequency), sequence of events, disturbance records, fault records, and transients records shall be collected from the protection relays installed in various substations 3. Network Disturbance Monitoring Equipment (NDME) NDME includes Fault Recorders, Transients Recorders, and Disturbance Recorders.

Data collected from these

recorders shall serve as an input to the system. 4. Geographic Information Spatial or geographic data, such as the location of transmission

lines,

substations,

converter

stations,

generating plants, and affected area of disasters shall be included. 5. Weather Information Forecasted weather data from the PAGASA and real-time weather data the such as rainfall, wind velocity, wind direction, wind pressure from the weather monitoring equipment installed at various Area Control Centers (ACC) and

disaster information such as, typhoon,

tropical cyclone, earthquake, flood etc., shall also be included as input data to fault info/data system.

6. System Integrity Protection Scheme (SIPS) Real-time operational data of SIPS shall include data of load at the shedding point, data of total load that can be shed,

loads

automatically

shed,

data

of

affected


Page: 97 Rev.

November 2017

1.0

generators, run back of generators, data of affected transmission lines, etc.

7. HVDC Operation Scheme Real-time operational data of HVDC Operation such as HVDC Modulation and HVDC Block, and fault data from HVDC Protection system such as malfunctions of valves and valve controls, commutation failures in inverters, and short circuit in the converter stations shall be included as input to the Fault Info/Data system. c. Process Principles The system shall be able to automatically diagnose the fault type and location using the fault information/data (e.g. fault recorder data, sequence of events). It shall have the capability to solve the problem of different sampling frequency and data synchronization of the fault recorders. The network protection configuration shall be considered in the system. Fault Info/data system shall collect all kinds of data from different devices or sources and makes concentrated data analysis and processing. The system shall perform advanced application functions such as preliminary analysis, waveform analysis, historical inquiry, protection action statistics analysis of system fault in global scope. The system shall have the capability to access and manage intelligent equipment produced by different manufacturers and of different types and with different communication protocols and shall collect data from the equipment and process them respectively. Basically, the fault info/data system shall form a unified data format which shall be process, and analyze to come up valid information vital for decision making. d. Output Requirements This system shall provide an overview of key information of fault and assess the fault type, which shall include fault occurrence, fault duration, fault clearing time, fault type,


Page: 98 Rev.

November 2017 fault location, fault indications, etc.

current,

affected

1.0 breakers,

relay

If the fault equipment involve transmission lines, the length of the lines should also be provided, and, if available, reclose operations and fault distance from both ends of the lines shall also be provided. Display output shall be in tabular form and graphs, trends, and curves shall be in two dimensions or three dimensions (visualization). The system should have links for dispatchers or protection group to easily access the waveform data, the protection operation reports, and protection equipment settings. It is recommended that this system has the capability to assess the operation correctness of related protections of the fault equipment whether correct or not.

SCADA/EMS and Automation Philosophy Page: 99 Date Issued:

Rev. November 2017

1.0

5.3.5 SCADA/EMS Application Requirement The SCADA/EMS application requirements for NCC, BNCC, RCC, BRCC and ACCs are summarized in Appendix E – SCADA/EMS Application Requirement Matrix. 5.3.6 SCADA/EMS Hardware Philosophy All hardware shall be manufactured, fabricated, assembled, finished and documented with workmanship of the highest production quality and shall conform to all applicable international quality control standards. In addition, all hardware components shall be new and suitable for the purposes specified, and shall be part of a family of compatible equipment to minimize training and maintenance costs. The hardware requirements are not meant to be restrictive. Alternative hardware better suited to the principles on functional, availability, capacity, expandability, performance, and other requirements of the above sections as well as the interoperability requirement of Smart Grid shall be provided if it represents a superior compromise between performance and cost. SCADA/EMS hardware requirements for NCC, BNCC, RCC, BRCC and ACCs are summarized in Appendix F – SCADA/EMS Hardware Requirement Matrix. 5.3.7 Maintenance Philosophy Condition-based maintenance (CBM) shall be applied for SCADA/EMS hardware components. This strategy monitors the actual condition of the asset to decide what maintenance needs to be done. This maintenance dictates that activities should only be performed when certain indicators show signs of decreasing performance or upcoming failure. Time-based maintenance (TBM) shall be applied for SCADA/EMS software and applications. This is performed on a calendar schedule (e.g. daily, monthly, etc.) which means time will be the trigger for this maintenance that should be planned and scheduled in advance. 5.4 Data Center 5.4.1 Data Storage Data should be routinely backed up preferably automatically, with multiple copies stored in separate physical locations. In the event of


Rev. November 2017

1.0

primary storage failure, SCADA can automatically switch to the backup system without interfering the operation.

Figure 37 – Data Storage Concept


Rev. November 2017

1.0

2.1.2.1. Big Data Sources Identification and Assigning type of data storage. Data source from different system should be stored according to its format and size. a. Real-time Data Source – Data source type has a minimum data resolution or data polling of 1 second such as RTU, gateways and terminal servers. Data of this type are stored on a Relational Database and Data Historian when sampled. Data protocols include DNP3 and ICCP. b. PMU data source – Phasor Measurement Unit are sampled in milliseconds resolution. The device measures electrical waves on an electricity Grid using a time source for synchronization. RDBMS data storage cannot fit into this type of data. A WAMS Storage shall be installed to handle data stream via IEEE C37.118 protocol collected from the Phasor Data Concentrator. c. Common data type source – This includes market related data which are in csv files or data stream (SFTP/FTP), reports (doc and xlsx) etc. File Server Storage is enough for this kind of data type. 2.1.2.2. Area Control System (ACC)/Substation Data Storage ACC’s will be the first to accept data from real time data sources via DNP3 protocol thus an ACC layer data storage with RDBMS database system will be installed. In the implementation of WAMS at substation, PMU data should be stored locally. In the event of link failure to the RCC, PMU data are still available locally and can be resynch to PDC server when link resume. a. Data Source for ACC are coming from real time data such as RTU, gateways via DNP3 protocol. Substation data source are coming from PMU devices.


Rev. November 2017

1.0

b. Data retention - A retention period should be define for the substation PMU data storage in order to recycle data space for incoming new data. Older data should be drop after synching to the master PDC server. 2.1.2.3. RCC Data Storage RCC shall be the main data storage. RCC layer data storage accepts data from ACC’s via ICCP protocol. Real time data are accessible in these servers and replicated to the data historian. Historian server shall be in redundant topology. WAMS storage receive PMU data stream from the substation PMU servers. RTD data files are archived at the File Servers which is FTP push from Market Operator with a pre -determined interval. a. Data sources 

ICCP protocol from ACCs



PMU data from Substation



Data file such as csv file from Market Operator

b. Data retention for WAMS storage PMU data are data space hungry which consume large data space for a shorter period of time. A data retention period shall be implemented. Computation for Data Storage for PMU shall be in accordance to the requirements of WAMS. c. SAN (Storage Area Network) – Provides high data capacity, scalability and flexibility feature with a dedicated high speed network that interconnects and present shared pools of storage devices to multiple servers. This allow each server to access shared storage as if it were directly attached to a server. SAN’s are primarily used to enhance storage devices such as disk arrays. d. PDC – receives and from multiple PMU’s aligned output data storage is attached to

time-synchronized phasor data to produce a real time, timestream. A network attached this server.

e. Shared storage – PDC and File Server will have common SAN storage to easily manage data.


Rev. November 2017

1.0

f. File Server Mirroring – File Server must be mirrored to at least one server to handle fault tolerance in case of failure and data are still available for usage. The mirror server shall be physically separated on different site. In this case it’s the backup RCC. g. Data Historian storage - Historian database are not relational but of flat file type. Data that are older than 1 year should be copied to File Server as backup. h. Offsite back-up system – This is the bottom layer of data storage which will provide long term back-up solution. Data that are beyond retention should be copied to an offsite backup such as optical drive. i. Optical Drive – is a disk drive that uses laser light or electromagnetic waves to write and read data to an optical disk. Copies of installers, system configuration and recovery system files should be copied to an optical drive. j. Offsite Backup timing 1. Full backup – Full up back should be implemented every month to optical media this include historians and relational databases. 2. Incremental Backup – Incremental backup should be implemented on data that are beyond the retention period. This should be recorded on the optical media drive. 3. Back up media cabinet – Storage and proper labelling should be done on all offsite media backup. k. Bare-metal back-up Other form of backup to perform in which data recovery and restoration are backup from a whole system without any requirement of previous installed software or operating system. Critical servers should have a bare-metal backup such as SCADA related and Historian servers. 2.1.2.4. NCC Data Storage Regional Control Center will consolidate their data to NCC for National Monitoring System. RCC’s will send data to NCC via ICCP protocol.


Rev. November 2017

1.0

a. Data Source for NCC including the ICCP protocol data from RCC b. Storage System including storage for the Historian, ICCP, and RDBMS servers 2.1.2.5. BRCC Data Storage BRCC will also store data receive from ACC’s via ICCP protocol, PMU data stream and Market related data file as duplicate of RCC function. In the event of RCC failure, BRCC can always ready to takeover. Same data storage architecture is applied to BRCC from RCC. a. Data Sources of BRCC including: - ICCP protocol from ACCs - PMU data from substation - Data file such as csv file from Market Operator 2.1.2.6. Storage Area Network Basic Architecture

Figure 38 – Storage Area Network Basic Architecture

5.4.2 Power Source and Grounding Protection 2.3.2.1.

Uninterruptable Power Supply (UPS) and Battery 2.3.2.1.1.

UPS and Battery Room


Rev. November 2017

1.0

The UPS and Battery System that supplies power for the SCADA/EMS equipment shall be housed separately. Provisions for controlled environment and monitoring system shall be provided as well as fire protection system and other safety measures. a. Configuration Characteristics 1. The UPS shall be redundant and shall employ the following approaches. i. Parallel Redundant UPS, all UPS in cluster are sharing the load ii. Isolated Redundant, in which the function of the failed UPS is taken over by a dedicated backup UPS. 2. The load of the UPS system shall not exceed 70% of the rated capacity 3. Software and hardware security features shall be included to ensure that only authorized users can access its data, and its functions. 4. The UPS shall be able to support the following communications: i. LAN and WAN protocols for intra-system communications and communication with other computer system ii. TCP/IP communications and OSI protocols. 5. Standard-based network management devices and tools shall be provided to monitor, manage and configure UPS connected in the LANs 6. Power quality shall be considered to determine the need for isolation transformers and Automatic Voltage Regulator (AVR). 7.

The UPS shall be provided with necessary interface (e.g. auxiliary contact for status and alarms) so that information can be integrated in the SCADA/EMS

8. The UPS shall be designed to provide easy troubleshooting and repair on a card replacement level for adequately trained technicians.


Rev. November 2017

1.0

9. Replacing a card shall not cause any critical function to become unavailable during or after the replacement procedure. 10. The capacity of the UPS shall be computed based of the proposed load plus the 20 percent requirement for the future load plus 30 percent reserve. 11. The UPS battery shall be GEL type VLRA with sufficient back-up time 12. The battery system shall be provided with OnLine battery monitoring system to determine the following information: i. Cell Voltages ii. Bank Voltages iii. Charging Current iv. Temperature v. Capacity vi. Dynamic-ohm 13. Power Supply for the UPS System shall comply as in Figure xxx or Figure xxx. 14. The UPS unit SHALL comply with IEC 60146-1-1, IEC 62040-1-2, IEC 62040-2, IEC 62040-3


Rev. November 2017

1.0

Figure 39. Typical Parallel Redundant

Figure 40 - Typical Isolated Redundant

2.3.2.2.

Grounding Protection

All SCADA/EMS and Automation equipment shall be designed for proper grounding system. This is to protect against potential damage caused by electrical surges and transient voltages. Thus, any metallic component that is part of the SCADA/EMS and Automation System infrastructure (such as computer and network equipment, racks, ladder racks, enclosures, cable trays, etc.) must be

bonded

to

the

grounding

system.

Along

with

these


Rev. November 2017

characteristics, all

grounding

conductors

1.0 should

be

copper,

components should be listed by an approved test lab such as UL, and local electrical codes must be adhered. To ensure long-term integrity of the grounding system, compression connectors shall be used. Ground resistance to earth shall be measured using methods outlined in Standard Handbooks for Electrical Engineers, or by following

procedures

recommended

by

vendors

of

ground-

measuring equipment. Electronic control systems ground shall be as low as practicable, but not more than 5 ohms. The conductor connecting the earth ground to the system ground shall be insulated and stranded copper wire, #4/0 AWG. This conductor shall follow the most direct path between the ground points. Sharp turns decrease the conductor’s ability to carry high currents, thus shall be avoided. Grounding

requirements

for

the

computer

equipment

and

peripheral devices are as follows: a) The cabinets of all computer equipment shall be connected to the system ground via a separate conductor. b) Rack frames for all computer peripherals shall be connected to the system ground via a separate conductor. c) The computer ground bus (supplied by the vendor, and usually located in the CPU cabinet) shall be connected to the system ground plate using an insulated #2/0 AWG (or larger) wire. The ground conductor shall run in conduit, using the shortest possible path to the ground plate. This line shall be separate from the cabinet frame ground. d) In all cases the computer ground bus shall connect to the building ground. Electrical codes and safety require all grounds be bonded together. The computer ground shall be connected to the building ground at only one place. The location of the connection should be as close to the computer system ground rod as possible. e) The grounding system shall comply with TIA-942, Telecommunications Infrastructure Standard for Data Centers and IEEE Std 1100 Recommended Practice for Powering and Grounding Electronic Equipment.


Rev. November 2017

1.0

Figure 41. Typical SCADA/EMS Grounding

2.3.2.3.

Power Source for Control Centers

There shall be main source and alternate source of power for the control center aside from the emergency generator. The power supply shall be the redundant source of power once the main source of power will be interrupted due to scheduled maintenance or force tripping. The alternate source of power shall be taken from a Distribution Utility/ Electric Cooperative. 1.1 Power Source No. 1, NGCP Station Service 1.2 Power Source No 2, DU/ Electric Cooperative 1.3 Power Source No. 3, Emergency Generator


Rev. November 2017

1.0

Figure 42 – Power Source for Control Centers 5.4.3 SCADA/EMS Equipment Operating Environment Philosophy Operating environment for the SCADA/EMS equipment shall be provided and equipped with electrical cabling, security access control and monitoring, structured

automatic cabling

fire

suppression

system,

system,

environmental

raised

monitoring

flooring,

and

room

insulation. 5.4.4 Precision Air Conditioning Unit (PACU) The PACU shall be redundant in hot-standby configuration, i.e. the standby unit shall take over automatically should the active unit fails. Precise equipment operating environment shall be maintained by utilizing processor-based temperature and humidity control. The PACU system shall be designed for 24x7 continuous operation to deliver optimum operating condition at all times. For large premises where several units of precision air conditioners are installed, the units shall be coordinated with each other to automatically control (increase/decrease) individual AC loads for efficient cooling. PACU shall have capabilities to be deployed with new features and be updated

for

new

software/firmware.

Vendor

support

facilities/contracts shall be available for support and maintenance. Remote monitoring and troubleshooting shall be available for quick fault resolution.


Rev. November 2017

1.0

5.5 Real-Time Monitoring and Control 5.5.1 Introduction Control and monitoring criteria for substations and power plants has to be established to support critical Operations of Power System Network, as well as support condition based monitoring to manage substation asset lifecycle. These criteria are technical requirements needed to be incorporated in the Substation Automation Systems and SCADA/EMS database to support dispatch operations, asset management and provide accurate and reliable data for spot market operation, network protection group, planning group and all other corporate groups that will use SCADA data. 5.5.2 Scope These criteria will cover the standard operational and monitoring requirements to be adopted by respective NGCP groups. These recommended criteria will be implemented to all Power Plants, Renewable Energy Plants (Wind, Solar, and Biomass technologies) and Substations (SAS & MBSC) to support RCC, ACC and substations operations with complete and reliable tools needed to efficiently and effectively operate the three major island Grids and eventually the Philippine Grid. Other technical information and data sources also considered in this report were taken from other SO disciplines, Market Operation and current SCADA practices. 2.5.2.1. Substation The amount of SCADA information at the substation shall be used depending to the following criteria: 1. All

necessary

real-time

information

and

condition-based

monitoring parameters of the substation shall be monitored and controlled at the NGCP Control Centers. However, this only involves selected critical status, analog and control points to ensure data transfer and SCADA/EMS efficiency. 2. Status and analog points shall also be forwarded to Market Operations for their commercial operations. 3. All monitoring and control points shall be comprehensively managed

at

the

substation

level

using

the

Substation

Automation System or HMI of the RTU-based System. This


Rev. November 2017

1.0

includes maintaining critical assets using condition-based monitoring. 4. Other corporate group users shall also monitor the substations thru the SCADA Web Server. 2.5.2.2. Directly-Connected Power Plants System parameters of Power Plants that are directly connected to the Grid shall be monitored at the NGCP Control Centers (NCC, RCC, ACC). Its outputs and controlling breakers shall also be controlled during System Grid Emergencies. The accuracy and reliability of this information is critical to the daily operations of the System Grid. Selected points shall also be forwarded to Market Operation for the generation and implementation of RealTime

Dispatch

(RTD)

by

Grid

Dispatchers

of

the

System

Operations. 2.5.2.3. Embedded Generators Necessary information from Power Plants that are not directly connected to the System Grid shall be monitored at NGCP Control Centers (NCC, RCC, ACC). This is primarily needed by Market Operations for their load forecasting and generation of Real-Time Dispatch (RTD). 2.5.2.4. High Voltage Direct Current (HVDC) Inter-regional power flow of the Philippines through HVDC shall be managed by the National Control Center (NCC). Monitoring and control shall be available to both NCC and RCC but selected status indications and analog points shall be monitored by Market Operations

for

its

load

forecasting

and

other

commercial

applications. 2.5.2.5. VRE Integration Due to the fluctuating nature unstable output of renewable energy sources, special monitoring and control points shall be required for this type of Power Plants as defined in the Philippine Grid Code. The sole purpose of this is to ensure Grid security and increase

forecast

predictability. Examples

of

this

data

are

weather and other meteorological data. In addition, these power


Rev. November 2017

1.0

plants, especially Large VRE plants shall be remote controlled to curtail its output during system Grid emergencies. 2.5.2.6. Ancillary Services (AS) Outputs of Power Plants that are capable and are participating as an ancillary services provider shall be controlled at the NGCP Control

Centers

(NCC

and

RCC)

depending

on

its

system

requirement. Special monitoring points shall also be required to accurately monitor its compliance. 2.5.2.7. Energy Storage System Certain monitoring and control parameters shall be managed at the NGCP Control Centers (NCC, RCC, ACC) to validate its output and contribution to the performance of System Grid. Special monitoring points shall also be required to accurately monitor its compliance. 2.5.2.8. Distribution Utilities To ensure overall System Grid accuracy and to satisfy Market Operations requirement, Distribution Utilities shall be visible to the NGCP Control Centers and Market Operations. 2.5.2.9. Critical SCADA Assets Vital SCADA installations and assets shall be monitored to ensure business and process continuity. Examples of which are Data Centers, Database,

UPS, PACU, SCADA

Servers, Video Wall

Displays and other critical assets. Conditioned-based monitoring shall also be implemented for efficient asset management. 5.5.3 Operational Requirement 2.5.3.1. Digital Input Binary data shall be used to represent real-time position and health of equipment and other necessary inputs to be monitored at the Substation Automation Systems, SCADA Master Stations, Market Operations and other end users. Examples of this are Local/Remote supervision, High-Voltage Equipment status, health and protection alarms and other necessary status indications that will be used in different monitoring applications.


Rev. November 2017

1.0

Critical monitoring points shall be monitored using Four- State status (Open, Close, In-transit, Invalid) to ensure the integrity of its actual position. This information shall contain a time-stamped with millisecond accuracy which is being triggered if a status or alarm changes state. 2.5.3.2. Analog Input Analog data shall be used to monitor dynamic changes of engineering values at the remote site, such as power, voltage, frequency and other useful information. 2.5.3.3. Digital Output a. Remote equipment shall be remotely controlled either at the substation or the Control Centers (ACC, RCC and NCC) depending

on

its

area

of

responsibility,

privilege

and

jurisdiction. b. Critical High-Voltage equipment’s and necessary Power Plant’s output shall be controlled using raise/lower commands from the above-mentioned Control Centers depending on overall system conditions. The said signal shall either be pulse width or number of pulses. c. Participating Power Plants’ output (voltage, power and etc..) shall be automatically controlled at the NGCP SCADA Master Stations. 2.5.3.4. Analog Output/Set Point Control a. A signal representing a desired or target value shall be sent and used by Control Centers (ACC, RCC and NCC) to regulate the output of High-Voltage Equipment’s and selected Power Plants. b. To support Grid Security, Variable Renewable Energy (VRE) Power Plants’ output (voltage, power and etc..) shall be controlled through analog output or set points coming from Control Centers (ACC, RCC and NCC) whenever necessary.


Rev. November 2017

1.0

2.5.3.5. Accumulators/Counters Accumulators shall be used to monitor total amount of specific data that had passed to the specific location of the monitored system. 5.6 Control Center Site Selection 5.6.1 Site Selection Criteria The criteria for selecting control center sites are as follows: 1. Physical environment 2. Access to Telecom and Backbone 3. Reliable Power Supply 4. Relocation of Employees 5. Business Environment which shall consider the following factors: a. Accessibility to clients and business partners b. Access to relevant information c. Accessibility of in-house information d. Proximity to related industry/bus sector e. Accessibility to shops and restaurants 6. Aesthetics which shall consider the following: a. Surrounding land use/zoning commercial, institution)

(residential,

industrial,

b. Presence of unsightly squatters, congestion traffic, etc, c. Overall building skyline (building structure groupings and development) d. Overall impact on view/location setting 7. Cost of Land which shall consider the following factors: a. Minimum acquisition cost based on prevailing market value in the vicinity b. Site development cost c. Minimum land parcel 8. Security which shall consider the following factors: a. Security of Surroundings b. Peace and order of the Area


Rev. November 2017

1.0

c. Proximity to police and military office Each criterion shall have an equal weight. 5.6.2 Evaluation Process Analytical Hierarchy Process evaluation technique shall be employed to rank the selected sites. 5.6.3 Economic Analysis An economic analysis for the top three sites shall be run to determine which site is the most economically attractive.

SCADA/EMS and Automation Philosophy Substation Automation System (SAS)

Page: 117

Philosophy Date Issued:

Rev. November 2017

1.0

6. Substation Automation System (SAS) Philosophy 6.1 Introduction Substation Automation System (SAS) includes all facilities and devices needed to monitor and control the equipment and devices in the substation and deliver this real-time information to control centers through digital technology. A system approach is being adopted in the formulation of the SAS Philosophy. As such, conditions and present configuration of the substation as well as that affect the performance of the Substation Automation System is given appropriate consideration. It shall be adopted for System Operations (SO), Operations and Maintenance (O&M) and Planning and Engineering (P&E) Group. The SAS described in this document provides the framework for the NGCP’s acquisition of a new substation, expansion of a substation with existing automation system also known as Microprocessor-Based Substation Control (MBSC), upgrade of substations with the conventional electro-mechanical control.

Figure 43. NGCP SAS Roadmap SAS roadmap shown above focuses on the evolution of technology to support the usage of less copper wire running from the switchyard to the control room. The past present practice consisted of CTs and VTs


Page: 118


Rev. November 2017

1.0

copper cable wiring, and status indications up to the RTU peripherals that are located in the control rooms. In the present design of the SAS (hybrid), copper cables and status indications are only terminated up to the Bay control level. In the future scheme of SAS, there will be two implementations based on the situation; SAS upgrading for the existing substations and SAS implementation for new substations. Following the SAS roadmap for new substation introduces the Smart Substation The SAS roadmap is designed to introduce the concept of Smart Substation for new substations. This kind of substation modern substation design utilizes the following equipment which are discussed in the succeeding sections: a. Non-conventional Instrument Transformers b. Intelligent Switch Gear c. Phasor Measurement Units d. Phasor Data Concentrator 6.2 Objectives The purpose of this document is to ensure consistency of SAS projects for NGCP facilities. The following items will be the guide for NGCP designers, consultants and contractors in the design and implementation of SAS: The purpose of this document is to have a guide and reference for Substation Automation System of NGCP for designers, consultants and contractors that can ensure uniformity and consistency in SAS projects for NGCP facilities. 1. Provide guiding concepts in the preparation of contract specifications relative to SAS control system hardware and software for SAS projects of NGCP. This covers both acquisition of new system as well as upgrades of existing automation facilities. 2. Formulate a comprehensive approach for development programs, designing, specifying, implementing, and testing SAS projects of NGCP. Potential benefits from this philosophical approach can best be realized through constant and consistent application to all projects that directly or indirectly deal with process control and integration. 3. Promote the use of appropriate standards for software, network architecture, communication and hardware within O&M facilities. 4. Support conditional-based maintenance by gathering information using through the use of remote access technology.


Page: 119


Rev. November 2017

1.0

All of the objectives cited, complements each other to achieve optimal degree of reliability, interoperability, and maintenance efficiency for NGCP’s SAS installations. This will strengthen NGCP’s capability to efficiently realize its corporate responsibility to the nation and all stakeholders. 6.3 Scope This philosophy covers the system requirements, design architecture, and performance criteria for the implementation of Substation Automation System (SAS). It includes the various equipment and devices necessary for instrumentation and control requirements of a substation. This These also includes the functionalities and features of the Substation Automation System (SAS) and Power Plant Interface. The philosophy is limited to the current available technology in the market and must be updated by NGCP as the need arises. This is to ensure that the system can adopt the latest technology available in the market appropriate to NGCP requirements. same, in order for the system to comply with the available latest technological advancement / development in the market. Review or revision on this specification shall be conducted every year to assess if the existing philosophy is still applicable. 6.3.1 New substation For new transmission substation project of NGCP, the SAS shall be included and implemented as part of the whole substation project. The new substation project shall apply the Conceptual Design of the SAS for the monitoring and control of the Substation Electric Process as shown in Figure 23. 6.3.2 Expansion For substation with existing automation (MBSC) system, the expansion project shall consider and evaluate the horizontal, and vertical expansion capability of the existing Substation Automation System. It shall also consider the scalability of existing system to process the Input-Output data including the additional data and processing from the additional bay devices. The expansion project shall apply and implement the Conceptual Design of the SAS as shown in Figure 23. 6.3.3 Upgrade

SCADA/EMS and Automation Philosophy Substation Automation System (SAS) Philosophy Date Issued:

Page: 120 Rev.

November 2017

1.0

For upgrade of RTU-Based Substation Control and Monitoring System to substation automation system, complete replacement of RTU devices and the I/O boards shall be considered and implemented. The project shall apply the Conceptual Design of the SAS as shown in Figure 23. The RTUBased Substation Control and Monitoring System shall be decommissioned after the completion and warranty period of the SAS. 6.4 SAS Philosophy 6.4.1 Conceptual overview of SAS Figure 23 shows the framework of the conceptual overview of the SAS. It is a holistic picture of the relationship and interaction of the key elements of SAS namely: new substation configuration, expansion characteristics, upgrade of substation with RTU-based monitoring system, performance characteristics, software platform, protocol and standards, maintainability, and availability.

Figure 44. SAS Conceptual Overview 6.4.2 SAS Hardware Architecture 3.4.2.1.

Remote level

Necessary interface shall be provided to the SAS for it to communicate to the Control Center.


Substation Automation System (SAS)

121


Rev. November 2017

1.0

Details regarding Cyber Security for remote access of the SAS system shall be in accordance to Chapter 4 - Cyber Security and Chapter 5 – Datacom of this Philosophy. 3.4.2.2.

Station Level (for revision c/o RDacanay)

The Station Level components shall be implemented using with industrial-grade multi-task computer in order to achieve the main functions

of

event

and

fault

reporting

/

recording,

local

substation operation of the substation, data historian and overall system configuration and maintenance. The entire substation is controlled and supervised from the Station Control Level at the Control Room. The Server, Gateway, Routers and Switches shall be installed in a separate room so that only

authorized

maintenance personnel shall have access for Grid security. Critical components shall have failure-safe redundancy to ensure systems reliability. Servers shall be housed and mounted in a 19” rack cabinet with KVM switch in each rack for the management of work stations and servers. Operators Work Stations (OWS), Engineering Works Station (EWS), Maintenance Work Station (MWS) and Data Server shall include

dual

high

resolution

monitors

for

crisp

display;

simultaneous presentation of several real-time display windows, data trend and historical information on the same monitor; the capability to navigate around a graphical model of the power system;

and

the

presentation

of

one-line

diagrams

and

geographical representations. Workstations shall be housed and mounted in a 19” rack cabinet with KVM switch in each rack for the management of work stations and servers. The Station Level shall be consistent with the following: a. Network topology The system shall use the double bus network topology. The redundant LAN shall be used as the backbone off the SAS system and serves as the hi-way of communication of all SAS equipment/devices. The backbone shall use the standards for Gigabit Ethernet using optical fiber. The IEEE 802.3z standard includes 1000BASE-SX for transmission over multi-mode fiber,



122


Rev. November 2017

1.0

1000BASE-LX for transmission over single-mode fiber, and the Network devices connected to it shall use Gigabit Ethernet transmission over Unshielded Twisted Pair (UTP) Category 5, 5e, or 6 cabling known as 1000BASE-T. All

Station

Level

and

Bay

Level

components

shall

communicate over the Fast Ethernet through IEC 61850 standards. The substation LAN must meet industry standards to allow interoperability and the use of plug-and-play devices. Openarchitecture principles should be followed, including the use of industry standard protocols (e.g., IEEE 802.x (Ethernet)). The LAN

technology

employed

must

be

applicable

to

the

substation environment and facilitate interfacing to processlevel equipment (IEDs, PLCs) while providing immunity and isolation to substation noise. b. SAS Server System components needed to maintain operation at the critical SAS functions shall be automatically use redundant configuration so that failure of one component will not result to the failure of the whole system. Transfer of all data and operation to backup equipment shall be

automatic

in

case

equipment/component

and

a

failure does

not

occurs

to

require

the

the

main

manual

operation to transfer from main to backup system in case of failure of the main equipment. The backup equipment shall remain in operation while the main equipment shall be in hotstandby. Transfer of data and operation from main to backup equipment or vice versa, can also be forced manually by the user for maintenance purposes. All computer equipment to be used for the implementation of a Substation Automation System (SAS) shall be the latest available industrial type computers (utility-grade). c. Storage Server Archive



123


Rev. November 2017

1.0

The Storage Server Archive shall be used for the Substation Control & Information Management System (SCIMS) which forms the basis for integrating all substation data including traditional SCADA data, protection data, IED data and support for substation automation sequences. Not only the Archives for messages, alarms, events and analog values, but also trends and reports are stored in a file system. The Storage Server Archive shall provide advanced tools for storing, retrieving, processing and displaying historical data derived from real time data. The servers shall be failure-safe redundant server computers configured

in

a

master-slave

principle

configuration

(monitored hot standby). Provision, however, shall be made such that both Archive Servers can be configured either to be the “master” or the “slave” computer. Transfer switching shall be performed automatically in case of failure of the master computer without the assistance of an operator. This shall be logged and alarmed. However, manual switching shall also be possible

for

maintenance

purposes. In case

of

transfer

switching, either manual or automatic, the system shall ensure that: 

No event is lost in the sequence of operation.



Control in progress is aborted, in full security, as well as for any failure in the system during a control sequence. A new one is refused during the transfer operation and failures are alarmed.

d. Gateway (GW) The Gateway shall be the system interface of the SAS to the Control Centers for monitoring and control. The system shall use DNP3.0 or TCP/IP DNP 3.0, IEC870-5-101, IEC870-5-104 protocols

to establish

communication

with

the

different

remote control centers. The Gateway shall be equipped with serial ports and Ethernet ports.



124


Rev. November 2017

The

Gateway

configuration,

shall

be

in

where

in

the

1.0

fail-safe event

redundant the

master

channel channel

downtime, the standby channel shall take over automatically. e. Operator Work Stations (OWS) Operator Work Station shall serve as an operator interface in the Station Control Level from where the whole substation can be monitored and controlled. Operators Work Stations (OWS), Engineering Works Station (EWS), Maintenance Work Station (MWS) shall include dual high

resolution

monitors

for

crisp

display;

simultaneous

presentation of several real-time display windows, data trend and historical information on the same monitor; the capability to navigate around a graphical model of the power system; and the

presentation

of

one-line

diagrams

and

geographical

representations. f. Maintenance Work Stations (MWS) Maintenance Work Station (MWS) shall be equipped with development tools. This workstation shall allow creating or making modifications on any of the SAS database including substation topology and all other maintenance operations and control functions. For any expansion of the Substation or any changes in the SAS structure, the maintenance personnel shall be able to perform customization engineering without the support of the SAS manufacturer. It shall have structure of the automation computer

system terminals,

(i.e.

number

printers,

and

internal

servers,

and

names

links

to

of the

automation level). Maintenance Work Station (MWS) shall also be bundled with application

software

such

as

LAN

and

serial

protocol

analyzers, for maintenance troubleshooting purposes. It shall be possible to use the workstation to monitor communications of all SAS equipment (Station Level and Bay Level) by selecting specific data streams, or portions of such data streams, both to and from a SAS device or equipment. The


Page: 125


Rev. November 2017

1.0

data shall be displayed in a form that is easy for the user to interpret. g. Engineering Work Station (EWS) Engineering Work Station shall be used for the substation analysis

during

disturbances.

It

shall

have

necessary

application software that will monitor, retrieve, and analyze data coming from the IED of BCU’s, BPU’s, BMU’s. Including? h. Time Synchronization (refer to Telecom Timesync Philosophy) A high quality Substation Clock receiving time synchronization signals from GNSS shall be provided as time source for the substation elements. IEEE 1588 (Precision Timing Protocol) shall be the implemented in the time synchronization for Station, Bay and Process Level Components of the SAS Substation Automation. i. Offline RDBMS The offline database shall be relational and maintained by a provider-furnished commercial RDBMS?. It is a centralized location connected to a network (must be independent from Workstation

where

authorized

network

users

and

heterogeneous clients are allowed to store and retrieve data. The data in the offline database shall be accessible using the latest SQL standard for relational database access. It should be flexible and scale-out where you can increase additional storage as needed. The system shall be able to store up to two years of recorded parameters/data in 1-minute intervals. j. Printer and Print Server It shall have a peripheral device which produces a hard copy of permanent readable text or colored graphics of documents stored in electronic form. The Operator Work Station units shall host the Print Server via the Substation LANs.


Page: 126


Rev. November 2017

1.0

k. Firewall A substation firewall shall be a substation-grade hardware component. Its primary function shall be used is to secure the help keep the SAS network secure and separated from the corporate network for security purposes. It shall determine the authenticity of network data based on a predetermined configuration whether to be allowed through or not in the SAS network. l. Large Monitoring Display An industrial-type (utility-grade) large Monitoring Display shall be used for as a central viewing and monitoring of the substation. It shall have a dual monitor to display the overall One Line Diagram of the entire substation and station auxiliaries. The Large Monitoring Display shall also be locally connected with the SAS Server of the substation. m.Network Switches /Routers Industrial-type (utility-grade) network Switches/Routers shall be connected to the Station Level components via copper connection. The communication architecture medium shall be a utilize redundant fiber optic connection between the network switches. To ensure delivery of time critical messages, the network switches shall meet the substation requirements for data traffic. It shall be IEC-61850 compliant and capable of GOOSE messages

for

interlocking

and

support

to

the

required

redundant network architecture. 3.4.2.3.

Bay Level

The subsystem devoted to acquisition function, control function and the Local Bay shall be combined to autonomous Bay Control Unit (BCU), Bay Protection Unit (BPU) and Bay Measuring Unit (BMU). Each BCU, BPU and BMU shall be able to have direct connections with all the other subsystems, including the other BCUs, via the



127


Rev. November 2017

1.0

optical LAN in compliance to 61850 Standards. Its functions shall include but not limited to the following: 1. Communication interfacing with relays, 2. Local bay control, For

IEDs

using

legacy

protocols,In

order

for

the

SAS

to

communicate to any IED in the substation that are not IEC-61850 compliant,

a

protocol

converter

equipped

with

adequate

programmable modules that can establish communications to those IEDs, shall be provided to establish communications. All data communication firmware/protocols identified in Chapter 5 shall be readily available to ensure proper connectivity and interfacing of the IEDs. In order to widely open the SAS to any IED that could be provided within the substation, an IED which act as a Protocol Converter / IED Wrapper shall be equipped with adequate programmable communication modules which could establish communication links on any of the existing digital or numerical protection relays which are not IEC61850 compliant. Protocols such as DNP 3.0, IEC 870-5-101, 103, 104 and Modbus shall be provided. a. Bay Control Unit Bay Control Unit (BCU) IED is designed for control and data acquisition of information from primary equipment. Besides

the

acquisition

and

control

functions

of

the

corresponding bay/s, each BCU shall manage the relevant interlocking and security functions. The following functions shall apply to bay-level processing: 1. Bay-level IEDs shall gather, pre-process, and store data locally. The BCU shall be compliant to IEC 61850. uses named

data

represents

it

in

engineering

units

and

hierarchically structures. 2. BCU applications shall be deployed within a bay or among a group of cooperating bays, like exchange of interlocking signals among numerical relays. The IEC 61850-compliant relays can be used together with those that are not,


Page: 128


Rev. November 2017

1.0

combining use of GOOSE messaging and traditional hardwired connections. 3. The BCU’s shall be certified to have passed IEC 61850 Part 10 Conformance Testing. Minimum requirement of one (1) BCU per PCB and maximum of three (3) BCUs per bay. However, for Smart Grid Substation one redundant BCU per bay due to the use of merging units and smart terminals. Each BCU shall be housed in a BCU or Substation Control Building with suitable temperature control system. It will be installed in a standard 19-inch enclosure cabinet and shall be made up of at least the following modules: 1. Power supply module 2. CPU module 3. Optical interface module 4. IED interface module 5. General I/O 6. Digital I/O cards 7. Analog input cards 8. Analog Output cards The IED’s shall have a display with free configurable bay single line diagram. It shall be possible to show single, double and breaker-and-a-half

configuration

of

bays

for

line/cable,

transformer, bus coupler, shunt reactor and capacitor bank feeders. Even indication of three-winding transformers shall be possible. Furthermore, the display shall have push buttons or soft-keys on the display for selection and operation of switchgear, entering of data to the BCU/BPU, selection of different displays and indication of measuring values, alarms and events. The switchgear operation mode and selection of local/remote operation shall be protected by operator’s code or a key operated switch.


Page: 129


Rev. November 2017

1.0

BCUs shall provide high adaptation capabilities in establishing communication with other IEDs installed within the bay, especially with digital protection relays (BPU’s) and IED meters (BMU). For the existing SAS, each BCU shall interface through digital I/Os and analog inputs with all devices of the bay: circuit breakers, disconnect switches, transformers and reactors (if any),

static

capacitors

banks

(if

any),

protection

and

synchronizing relays, auxiliary apparatus, transducers, etc. These IED’s shall operate independent of each other and those of the station control level. Outage of any subsystem shall affect and/or disable only the pertinent bay or section being controlled and supervised. Outage of the MBSC main system or interruption of the Substation Bus shall not disturb save operation of a bay from the related BCU. Faulty subsystem shall automatically drop from the operation and shall only limit the substation control level operations by the functions pertinent to this affected subsystem. However, the disabled functions of both substation and bay control level operation,

due

to

the

above-mentioned

failure,

can

be

performed locally at the “Bay’s Local Switchboard Panel” by manual means. Protection system must remain active and events can still be retrieved manually thru the protection equipment.

The Local Bay Control design shall be dependable and operational flexibility for local bay management shall be achieved. Indications for breakers disconnect, and earthing switches shall be provided. A minimum of two (2) Electronic Meter/ IEDs that conforms to NGCP’s IED Technical Standard shall be provided. A discrepancy type button switch shall be provided for opening & closing of breakers & disconnecting switches. Local remote switch shall also be provided for all equipment that is to be controlled (refer to Figure 24).


Page: 130


Rev. November 2017

1.0

Figure 45. Typical BCU Mimic Display For SAS Upgrading Scheme, BCU sizing requirements and quantity shall conform to the existing alarms, indications, and control requirements of the substation with an allowance of 30 percent for future expansion. For the current set-up, BCU Mimic Display shall be separately hardwired to the secondary field devices.

However, in the Smart Substation the BCU Mimic Display shall acquire information directly from redundant BCU. Equipment

naming

convention

shall

follow

NGCP

SEIL

convention. b. Bay Protection Unit Bay Protection Unit (BPU) IED is designed to sense power system

disturbances

and

automatically

performs

control

actions to protect the primary equipment. This type of IED shall be integrated to the SAS for monitoring of its events and alarms. The establishment of communication between the SAS and these BPU’s shall provide new functions for the configuration, the operation and the maintenance of the substation. These communications should also homogenize the display of the


Page: 131


Rev. November 2017

1.0

whole system at the Operator Work Station. The following list gives some potential new functions:

1. Reading the internal status of the digital relay. 2. Reading the time stamped event recording files directly within the digital relay. 3. Reading the analog measurements processed by the digital relay. 4. Reading the oscillographic files processed by the digital relay. Historical

archives

alarms/events

for

(COS/SOE)

digital is

made

and

analog

available

for

value

of

trending,

analysis, assessment, validation and confirmation. Please refer to Protection Philosophy for further details. c. Bay Measuring Unit (IED) (for revision c/o RDacanay) Bay Measuring Unit (BMU) shall be used to acquire analog measurements on the primary devices of the substation. It shall be able to obtain measurements from merging units, smart terminals, and NCITs. The BMU shall have a class accuracy in accordance to applicable NGCP Standards. It shall communicate using TCP/IP and/or serial ports and measure total harmonic distortion, voltage sag/swell as well as transient wave. Revenue meters installed at substations shall be capable to be integrated to the Substation Automation System for maintenance purposes. 3.4.2.4.

Process Level (for revision c/o RDacanay)

They are connected to the primary equipment at the process level through process bus. The process bus eliminates the conventional hard wiring between the process level devices and bay level devices such as protection and control units. The process bus communication is mainly based on the same services as that for station bus communication. There are only two additional services for the process bus. The first one is the fast and reliable exchange of tripping commands between protection devices and switchgear. The second one is the


Page: 132


Rev. November 2017

transmission transducers.

of These

instantaneous two

services

values need

1.0 from to

be

electronic executed

immediately on the communication stacks. For this reason, in the conceptual scheme, fast Ethernet has been chosen as basic technology for the process bus. All services that are common in station and process bus have been mapped in the same way. The SAS shall be designed for easy modification of both software and hardware and for easy extension of components for future expansion, i.e. additional Bay Control Units and software. The design shall be such that maintenance, modification or extension of components, modules and data transfer channels shall not require a shutdown of the whole substation control system. In worst case scenarios where there is a total system failure of Substation Automation System (SAS), substation control system can still be operated via local control panel with mimic and discrete type control switch for each bay. Protection system must be still active and events can still be retrieved manually thru the protection equipment.

Figure 46. Substation Automation System a. Merging Unit Merging Unit (MU) shall be used to interface from the physical analog signal world to the digital format. It acquires AC


Page: 133


Rev. November 2017

currents

and/or

voltages

from

conventional

1.0 Current

and

Voltage transformers (CTs and PTs) in the yard that are converted to optical signals and is transmitted as via the Sampled Values (SV) via network communication cables. The converted signal/s is used to synchronize and merge three phase current/voltage to achieve power impedance and line pilot protection. The dedicated physical connection of merging unit is directly connected to the Bay Protection Unit (BPU), whereas the bay controllers are separated from protection relays. b. Smart Terminal Smart Terminal is being used to convert optical to electronic signal to control the drive of circuit breaker and disconnect switches and to accept the status signal to transmit via the as GOOSE signals via network communication cable. This equipment analyses signals from bay controllers and protection relays and triggers the designated logic function to be performed according to the type of disturbance. Some of the soft logic function that can be performed by smart terminal are the following: 1. Trip Logic 2. Close Logic 3. Block Reclosing Logic 4. Control Loop Monitoring Logic 5. Control Loop Error 6. Abnormal Closing Circuit 7. Abnormal Tripping circuit 8. Incomplete Phase Signal 9. Accident Signal Merging unit and smart terminals are used to reduce copper cables and engineering works labour’s , thus improving reliability and simplification of to improve reliability and to simplify the secondary circuits. 6.4.3 SAS Application and Functions


Page: 134


Rev. November 2017

3.4.3.1.

1.0

Data Acquisition Function

The SAS shall capture and record all substation data as necessary for it to carry out its functional requirements. This shall

generally

consist

of

digital

inputs

from

primary

or

secondary substation items for indication and alarm purposes and analog from digital meters. The analog data shall come BMU (Bay Measuring Unit) and IED (Intelligent Electronic Device) meters. a. Binary Data Acquisition Functions: 1.

Equipment indications and alarm operations shall be derived from auxiliary or relay contacts associated with each item of substation or equipment.

2.

Items with two normal states such as circuit breakers and disconnect switches shall be represented by two source contacts (n-o & n-c) to provide a positive indication of state. Any invalid indication shall be alarmed.

3.

Equipment movements will be indicated and detailed on the event log and annunciate as an alarm condition if necessary.

4.

The SAS shall allow a variable filter time to be applied to double point inputs to prevent reporting of the normal transition state between their opened and closed status. The filter time shall be configurable.

5.

Visible and/or audible indication shall be provided to annunciate changes of equipment status with provision to deselect this facility when required (state discrepancy function).

6.

Single point alarm inputs shall be derived from auxiliary or relay contacts of momentary or sustained operation.

7.

The SAS shall provide a filtering process in the Bay Level which will define the minimum duration of any change of state to be taken into account. This filtering process must be flexible by configuration to ensure that only a single signal shall be processed. If any input changes state more



135


Rev. November 2017

1.0

than a defined number of times (N) in a given period (P), then it shall be automatically suppressed and indication of this presented to the operator. Selection of the variable N and P shall be carried out during system configuration. 8.

All valid digital changes of state shall be transferred to the corresponding Bay Level, to the Station Control Level and, when required, to the Remote Control Center. The last reported state of each digital input shall be available for display.

9.

All Sequence of Event (SOE) signals shall be time-stamped to millisecond accuracy. The timestamp may be applied by a real-time clock in the input/output modules or by the SAS with appropriate adjustment for delay between detection by the input/output module and registration in the SAS database.

b. Analog Data Acquisition Functions 1. The instrumentation requirements for the SAS will vary depending upon the substation configuration but are generally as follows: 

RMS Voltages



RMS Currents



Frequencies



Real, Active and Reactive Powers



Active and Reactive Energies

2. Analog quantities shall be derived from the IEDs (BMU and BPU) or any electronic field devices provided that the required accuracy is achieved. 3. All

required

corresponding

values

shall

Stations

data

be

transferred

base

point

to

and,

the when

required, to the Gateway mapping point, either on change of state or a polling. 4. Analog

resolutions

with

maximum

overall

errors

1%

(normal precision) and 0.2% (high precision) of full-scale


Page: 136 Rev.

November 2017

1.0

shall be provided for display locally and for transmission to the Remote Centers when required and possible. 5. The analog and to digital conversion shall have a linear over-range up to 125% of nominal full-scale. 6. All analog inputs shall be capable of being tested against upper and lower alarm levels which are defined during system configuration. Changes to limits shall be logged and transgression or any limit shall generate an alarm which is processed in the same way as single point digital input signal. 3.4.3.2.

Restitution Functions

a. Binary Data Output Functions 1. The control outputs from these modules may use double or single pole contacts, whichever is applicable; to switch interposing relays rated at direct or alternative external voltage source.by auxiliary supplies. 2. The closing time of these contacts shall be adapted to the various cases: from short pulse to extended pulse required for synchronizing controls. 3. Supervision of the control auxiliary supplies shall be provided. Any failure of these supplies shall be reported to the SAS. b. Analog Data Output Functions 1. The SAS shall provide analog output modules to drive external devices usually interfaced with conventional transducers. 2. These analog output modules shall comply with a large variety of voltage or current signal requirements in order to interface with these external devices.


Page: 137


Rev. November 2017

3.4.3.3.

1.0

Data Communication

Communication protocols between Station Level and Bay Control Level shall be in IEC 61850 Standard (Client/Server). Communication protocols between Bay Control Level and IED’s shall be in IEC 61850. For existing substation where the IED’s is not compliant with IEC 61850, a protocol converter shall be used to convert legacy protocols to IEC 61850 standards. Protocol converters shall have standard legacy protocols, as stated below. Master/Slave (legacy protocol) 1. DNP 3.0 2. MODBUS 3. IEC 60870-5-102 4. IEC 61850 (previous articles refer to Section 5) 3.4.3.4.

Data Presentation/Display Functions

The SAS shall be designed to perform but not limited to the following functions described below: 1. Monitor

and

Control

of

the

Substation

Primary

and

Secondary Equipment and to supervise all the necessary automatic functions by means of screen display, selection of activities performed by the keyboard, mouse 2. Display and acknowledgment of alarms, 3. Trending of digital/analog value functions, 4. Configuration control and maintenance, 5. Generation and editing of database, 6. Printing and display of reports, 7. Station,

Bay

and

Process

Level

components

self-

monitoring and diagnostics Display requirements shall provide a detailed display for each switchgear

bay

of

the

global

circuit

that

is

dynamically



138


Rev. November 2017

refreshable.

These

displays

shall

fit

1.0 with

any

possible

substation/switchyard configuration (radial, double or triple bus bar, one-and-a-half breaker scheme, ring, etc.) The drawing of each item on these displays (shape, color, position, etc.) shall be precisely reflective of its state in the field (open, closed, moving, validity, status of the corresponding control, etc.) The information concerning

the

represented

items

on

display

could

be

exhaustively displayed directly from the detailed displays. The color coding on diagrams, drawings, objects, text labels shall follow based on SEIL requirements. codes. Information/alarm and status indication on breaker/DS/ES display update shall be less than one (1) second. The SAS shall include help and function buttons for an easy printout of the displayed functions. The

SAS

shall

have

the

ability

to

provide

more

detailed

information in the form of pop-up windows for any display. a.

Alarm List Screen This screen shall show a backlog of the last alarms received. It may be divided in two screens, one for active alarms and one for historical backlog. It shall be possible to scroll back at least 200 alarms. Alarms shall be presented with date and time received, time acknowledged and time cleared together with fault signal descriptive text. If divided in two screens, the active list shall include all signals that are either not acknowledged or that are remaining. This screen shall have the facility to acknowledge alarms. The audible alarm shall be silenced by a function button on the keyboard, as well as by acknowledging from this screen. Off normal information shall contain descriptions of all devices that are not in their normal state. This shall include situations that have not been reset by the operator, SAS local switches in the local setting, devices for which control has been blocked, etc. This information shall be included in the alarm list.


Page: 139


Rev. November 2017

b.

1.0

Alarm/Event Management Alarms shall be used to report potentially harmful conditions requiring a response from the user. The system shall be capable of detecting and generating alarm conditions based on various changes in the states/values of the database points. Other key requirements: 1. The alarm conditions shall be detected even if the variables causing alarms are not currently on the display. 2. It shall be possible to filter alarms based upon location, priority and other user-selectable criteria. 3. When a new alarm is detected, all OWS shall immediately see the new alarm. 4. If the alarm is acknowledged on one OWS, then all OWS shall see that it was acknowledged. 5. Alarm limits shall be expressed in engineering units. 6. Alarm limits can be entered by the user, subject to restrictions, at configuration time or from the user's display during run-time. The ability to change alarm limits at runtime shall be a user-configurable option.

c.

Report Generation Customize report generated using SQL type queries to the archive, RTDB or logs with configurable hourly logs using spreadsheet charts in the reports, a “cut and paste” capability in general shall be provided. Inclusion of all configurable parameters for analog value printout shall be systematically generated, collected hourly and put to archive daily with selectable and configurable retention (FIFO) capability for one year and two years.

d.

Online Condition Monitoring and Management for Transformer and Other High Voltage Equipment SAS shall be capable of monitoring and controlling the transformer tap change mechanism (raised/lower) of the


Page: 140


Rev. November 2017

1.0

substations. It shall be capable of deriving tap positions indications of the transformers and shall provide indication in numeric

form

on

the

OWS

display.

All

condition–based

monitoring management systems for oil, winding temperature, bushing, dissolved gas, and partial discharge (PD) can be communicated

either

of

the

communication

protocols

enumerated below: 

IEC 61850



IEC 60870-5-101/104



Modbus



DNP

3.4.3.5.

Control Functions

The substation automation system shall provide the means of controlling the substation from the following points: 1. Substation Control Room (Station Level) 2. Bay Control Unit (Bay Level) 3. Local (Process Level) 4. Remote Control Centers Any control action initiated via the SAS from the above control points shall include software synchronizing, interlocking and security checks. During the remote control operation of Primary Equipment, a control check back indication coming from the relay of the Bay Control Unit shall be recorded in the alarm list/summary of the SAS. This will notify the Dispatcher/Substation Engineer that a command is issued via SAS to the Primary equipment. Control check back indication shall ensure that the command issued actuated the right relay. This shall also discriminate the command issued by SAS and protection equipment. The Substation Automation System (SAS) shall provide the means of ensuring that authorized personnel only have access to all the control functions via the Operator Work Station.



141


Rev. November 2017

3.4.3.6.

1.0

Control Mode Management

The selection between the “Substation Control Mode in Remote” and “Substation Control Mode in Local” shall be requested for clearance at the Control Center and will be switched by the Substation Engineer from the Operators Work Station. a. Substation Level Control in Local Mode The control of the Primary Equipment shall be performed directly

in

the

Substation

Control

Room

Operators

Workstation. This mode is termed as “Local-Substation Control Mode”.

This

system

shall

contain

all

functions

which

constitute to control of the whole substation. The visualization of the process and the control of the activities are achieved by Operator Work Station including appropriate graphic functions. The selection of the various functions will be executed by pointer devices such as mouse, pointer or function keyboard. The Station Level - OWS shall permit direct data exchange between the Bay/Process Level – IED for data acquisition and control function for fast and reliable exchange of tripping commands between IED devices and switchgear. b. Station Level Control in Remote Mode If the Substation Control Mode is in “Remote Position” at the Station Level Operators Work Station, Control Centers will be able to remotely control Substations Primary Equipment thru the Gateway. This system shall contain all functions which constitute to the needs of Control Center Dispatcher to control the Substation. c. Bay/Process Level Control Mode Facilities shall be provided which enables the individual substation equipment to be controlled by an operator from the switchgear bay control cubicle. These facilities are primarily required

during

commissioning

or

routine

maintenance

operations but may be used as a means of operating the substation equipment should the higher level means of control fail.



142


Rev. November 2017

1.0

d. Switchgear in Local Mode If any of the Primary Equipment has been selected to “Local Mode” it shall not be possible for the above equipment to be controlled from the Substations Work Station and Control Center.

Complementary,

Primary

equipment

within

the

substation could be in different control modes at the same time through its local / remote switch. Substation Control Mode shall be selected to “Local” once scheduled maintenance of the Substation Primary Equipment is in progress. Control Centers will not be able to control any primary equipment of the Substation. 3.4.3.7.

Supervision Functions

NGCP may require some additional features to be integrated in these standard platforms. Other recommendatory requirements deemed necessary shall be provided upon approval by both NGCP and SAS Vendors. The SAS software package must provide a means of creating and displaying color graphics displays that will be used by the user for

monitoring

and

control

functions.

This

shall

include

applicable libraries of defined dynamic objects and functions, logics, bar graphs and symbols and report generation formats. It shall have the inherent capability of displaying real-time values being read from the field devices in a variety of user-configurable formats

with

provision

for

scalability

and

redundancy

requirements. The HMI shall adhere to the latest recognized graphics standards or de-facto standards for windowing and presentation. The HMI activities shall normally be accomplished through window, tool bar, menu, icon operation using a mouse and keyboard. 3.4.3.8.

User Access Control

Access to the SAS shall be controlled via user authorization procedures and by assigning console access-areas and operating modes.


Page: 143


Rev. November 2017

1.0

As a minimum, access control shall allow the following mutually exclusive operating modes to be assigned: 1. Viewing: Access to the displayed information only. Any HMI not assigned to any other operating mode shall be assigned to the viewing mode automatically. Although any display may be accessed and viewed, all other operation shall be inhibited. 2. Operation: Access to the displays and control functionality. 3. Network Analysis: Access to the display only and perform retrieval of historical data. 4. Administrator: Capable of operation, network analysis and database modification of the SAS system 6.4.4 SAS Performance Criteria The SAS shall adopt the applicable requirements/provisions of performance monitoring requirements of IEEE Std. C.37.1-2007. 6.4.5 Expandability The system shall have expansion capability that allows future growth without requiring complete system replacement. The system shall allow incremental hardware and software upgrades that will keep-up with the current setup. 3.4.5.1.

Station Level 1. Additional Horizontal (Server, Workstations) 2. The system should have the capability to expand / interface addition SAS equipment without sacrificing the

system’s

performance

during

substation

expansions. 3. Additional Vertical (Memory, Processors) 4. All Processor Units of SAS equipment shall not be running more than 30% during normal operations with a minimum of 50% reserve memory, i.e. RAM, ROM in the ultimate development of the substation. This



144


Rev. November 2017

1.0

would allow the system to process additional data during the expansion of substation equipment. 3.4.5.2.

Bay Level

The Bay Level shall have the capability to expand additional I/O devices, for additional or expansion of process. Additional BCU, BPU and BMU and IED shall possible without interrupting the existing configuration. 3.4.5.3.

Process Level

The Process level shall have the capability to expand for additional Input/Output data-points like: Digital Status input, CTVT and Control Output. 6.4.6 SAS Standards 3.4.6.1.

Operating System Software

Operating system software shall be based on widely used operating system. LINUX operating system is required for the main server and Windows/Linux for workstations. NGCP shall be able to upgrade to higher levels (revisions) of operating system as they are made available without making modifications to the hardware, application software, support software, or the system executive services (except as provided for by the operating system suppliers). 3.4.6.2.

Full Graphic User Interface

The user interface shall use text editor program for Windows or Linux-based operating system. Database definition, population and access shall be performed on a network-based Relational Database Management System (RDBMS). RDBMS interfaces shall initially conform to Structured Query Language (SQL) standards and directions with limited extensions as approved by NGCP. Full conformance to SQL2 or later shall be provided and access shall be

performed

on

a

network-based

Relational

Database

Management System (RDBMS). RDBMS interfaces shall initially conform to Structured Query Language (SQL) standards and directions with limited extensions as approved by NGCP. Full conformance to SQL2 or later shall be provided.


Page: 145


Rev. November 2017

3.4.6.3.

1.0

Protocol and Standards

Figure below shows the summary of applicable protocol and standard for SAS:

Figure 47

In addition, the Contractor / Designer / Manufacturer of the SAS shall provide the list of monitoring and control data-points of the equipment to NGCP. This will be further reviewed by NGCP’s Network Protection Division (NPD), Maintenance and Testing Division

(MTD)

and

SCADA/EMS

Division

(SED)

for

the

implementation of monitoring and control data/points to the SAS for substation operators and Grid Dispatchers. 6.4.7 Maintainability


Page: 146


Rev. November 2017

1.0

The SAS shall adopt the applicable requirements/provisions covered under Section 2.1.3.4.1. 6.4.8 Availability The SAS shall adopt the applicable requirements/provisions of covered under Section 2.1.3.4.3. 6.4.9 Interconnectivity The system shall support connectivity and data exchange with other equipment by adhering to international data exchange standards and protocols. The data exchange between Master Stations and the Substation Automation System (SAS) / Data Acquisition and Control (DAC) system shall use DNP 3.0 protocol. DNP 3 over TCP/IP network shall be used on new systems. 6.4.10 Phasor Measurement Unit (PMU) SAS shall be provided with a phasor measurement unit (PMU) as necessary. Detailed requirement is described in Section 2.1.2.7. 6.4.11 Power Requirement The SAS shall adopt the applicable requirements in Section 2.3.1 Data Center.

6.4.12 Environmental Requirement The SAS shall adopt the applicable requirements/provisions in Section 2.3.3 Data Center.

6.4.13 Cyber Security The SAS shall adopt the applicable requirements/provisions in Chapter 4 Cyber Security.


Page: 147 Rev.

November 2017

1.0

SCADA/EMS and Automation Philosophy Cyber Security Date Issued:

Page: 148 Rev.

November 2017

1.0

7. Cyber Security 7.1 Introduction SCADA and substation automation systems increasingly play a very vital role in NGCP as it works towards efficient and modern operations. As SCADA systems become more powerful, the need to protect these from unauthorized access and threats becomes a very important consideration. The risks of security breaches are great if not attended to properly. Securing these systems however, is not a simple task: these systems are exposed at all times to access by different personnel and the need for data exchange with other systems requires interconnection to the external networks. 7.2 Objective NGCP recognizes that cyber security is one of the key elements that will enable NGCP achieve its corporate goals. Hence, it is important that SCADA and substation automation systems are guarded against cyber security threats to ensure that these systems always perform their functions securely and safely at all times to prevent disruption of power transmission services, damage to equipment, infrastructure and property; and loss of human lives. An integrated cybersecurity framework therefore should be defined to enhance the security and resiliency of the SCADA and Substation Automation Systems by managing cybersecurity risks in a costeffective way. This framework is based on NERC CIP which is comprised of eight standards. 7.3 Scope This Cyber Security Philosophy applies to all Critical Cyber Assets such as SCADA, SAS and next-generation Smart Substations including RTUs installed in the premises of the generators and distributors. Cyber security considerations shall be applied to the entire life-cycle of these cyber systems. This philosophy provides a cyber security framework for the identification and protection of critical cyber assets to support reliable operation of the power Grid system comprised of eight provisions under NERC CIP 002-009 including cyber asset


Page: 149 Rev.

November 2017

1.0

identification, security management controls, personnel and training, electronic security perimeters, physical security, system security management, incident reporting and response, and recovery plan for critical cyber assets. See Figure 1 Cyber Security Framework below.

Figure 48. Cyber Security Framework All other provisions are in conformance with NGCP ISMS ISO 27001:2013 standard.

7.4 Major Cyber Security Considerations 7.4.1 Critical Cyber Assets Critical cyber assets associated with the critical assets that support the reliable operation of the power Grid system require identification and documentation. 4.4.1.1. Critical

Identification of Critical Cyber Assets cyber

assets

are

to

be

identified

through

the

application of risk-based assessment that identifies and


Page: 150 Rev.

November 2017

1.0

documents the risk-based assessment methodology used to identify critical assets based on ISO/IEC 27001 Information

Technology – Security Techniques – Information Security Management System. The risk-based assessment shall consider cyber security assets including all SCADA/EMS assets and other automation system implemented by NGCP. 7.4.2 Security Management Controls Minimum security management controls shall be in to protect critical cyber assets. 4.4.2.1.

Documented Cyber Security Policy specific to

control system A cyber security policy that represents management’s commitment and ability to secure its critical cyber assets shall be developed and implemented. This cyber security policy shall be readily available to all personnel who have access to, or are responsible for, critical cyber assets. An ISMR with overall responsibility for leading and managing implementation of, and adherence to, the policy shall be assigned. The ISMR shall authorize and document any exception from the requirements of the cyber security policy. 4.4.2.2.

Information classification & protection program

A program to identify, classify, and protect information associated with critical cyber assets shall be implemented. The critical cyber asset information to be protected shall include, at a minimum and regardless of media type the following: a. Operational procedures b. Lists of critical assets c. Network topology or similar diagrams


Cyber Security

151

Date Issued:

Rev. November 2017

1.0

d. Floor plans of computing centers that contain critical cyber assets e. Equipment layouts of critical cyber assets f. Disaster recovery plan g. Incident response plans h. Security configuration information The adherence to the critical cyber asset information protection program shall be assessed. An action plan shall be implemented to remediate deficiencies identified during the assessment. 4.4.2.3.

Access Control Program

A program for managing access to protected critical cyber asset information shall be implemented. A list of designated personnel who are responsible for authorizing logical or physical

access

to

protected

information

shall

be

maintained. At least annually, access privileges to protected information shall be reviewed to confirm that access privileges are correct and that they correspond needs and appropriate personnel roles and responsibilities. 4.4.2.4.

Change Control & Program

A process of change control and configuration management for adding, modifying, replacing, or removing critical cyber asset hardware or software shall be established. Supporting configuration management activities to identify, control, and document all entity- or vendor-related changes to hardware and software components of critical cyber assets pursuant to the change control process shall be implemented. 7.4.3 Personnel and Training Only personnel with authorized cyber and physical access to critical cyber

assets, including

contractors

and

service

vendors, are

required to have an appropriate level of personnel risk assessment, training, and security awareness.


Cyber Security

152

Date Issued:

Rev. November 2017

4.4.3.1.

1.0

Awareness

A security awareness program to ensure that personnel having authorized

cyber

and

physical

access

receive

ongoing

reinforcement in sound security practices shall be established, maintained, and documented. 4.4.3.2. Cyber

Training security

training

program

shall

be

provided

for

personnel having authorized cyber or and physical access to critical cyber assets. This program shall be reviewed and updated as necessary. Training

shall

cover

the

policies,

access

controls,

and

procedures as developed for the critical cyber assets and include,

at

a

minimum,

the

following

required

items

appropriate to personnel roles and responsibilities: a. The proper use of critical cyber assets b. Physical and electronic access controls to critical cyber assets c. The proper handling of critical cyber asset information d. Action plans and procedures to recover or re-establish critical cyber assets and access thereto following a cyber security incident. 4.4.3.3. Personal Risk Assessment Personnel

risk

assessment

program

for

personnel

with

authorized cyber and physical access shall be implemented. Such program shall include the following: a. Identity verification and criminal check or may conduct more detailed reviews depending on the criticality of the position. b. Update each personnel risk assessment on a regular basis or as need arises after the initial personnel risk assessment


Cyber Security

153

Date Issued:

Rev. November 2017

1.0

c. Document the results of personnel risk assessments 4.4.3.4. Access Management A list of personnel with authorized cyber and physical access to critical cyber assets shall be maintained. a. Review and update the list of personnel with access to critical cyber assets for any change of personnel or access rights b. Ensure that the access list for contractors and service providers are properly maintained and updated. c. Revoke

access

to

critical

cyber

assets

for

resigned/terminated personnel and for personnel who no longer require such access to critical cyber assets. 7.4.4 Electronic Security The

identification

and

protection

of

the

electronic

security

perimeters inside of which all critical cyber assets reside, as well as all access points on the perimeter, are required.


Cyber Security

154

Date Issued:

Rev. November 2017

1.0

Figure 49 – SCADA/EMS Critical Cyber Asset ESP 4.4.4.1. Electronic Security Perimeter Every critical cyber asset shall be ensured to reside within the electronic security perimeter. Electronic security perimeters and all access points to these perimeters shall be identified. 1. Cyber assets used in the access control and monitoring of the electronic security perimeters shall be afforded certain protective measures. 2. Maintain the following: a. Electronic security perimeters b. All interconnected critical and

non-critical

cyber

assets within the electronic security perimeters c. All electronic access points to the electronic security perimeters, and


Page: 155 Rev.

November 2017

1.0

d. Cyber assets deployed to all access points for control and monitoring 4.4.4.2. Electronic Access Control Organizational and technical mechanisms for the control of electronic access at all electronic access points to the electronic security perimeters shall be implemented. These shall include the following: a. By default, all access rights are denied and explicit access permissions are specified. b. Only the required ports and services for operations and monitoring of cyber assets are enabled. c. Once external access has been enabled, a technical control at access points shall be established to ensure authenticity of access rights d. The required process shall include the following:   

access request and authorization authentication methods review of authorization rights

4.4.4.3. Electronic Access Monitoring Access monitoring and logging at any access points to the electronic security perimeters shall be implemented and documented through electronic means. The security monitoring process shall detect and alert for any attempts or actual unauthorized access and shall provide notification to concerned personnel/group. Where notification is not available, NGCP shall regularly review the access logs for any attempts or actual unauthorized access. 4.4.4.4. Cyber Vulnerability Assessment of Security Perimeter Cyber vulnerability assessment of the electronic access points to the electronic security perimeters shall be performed at least annually. The vulnerability assessment must include, at a minimum, the following: a. Identified vulnerability assessment process


Cyber Security

156

Date Issued:

Rev. November 2017

1.0

b. All ports and services required for operations at these access points are enabled c. All access points to the electronic security perimeter d. Controls for default accounts, passwords, and network management community strings a. Results of the assessment, the action plan to remediate or mitigate vulnerabilities identified in the assessment, and the execution status of that action plan. 7.4.5 Physical Security The implementation of a physical security program is intended to ensure the protection of critical cyber assets. Operational controls to manage physical access including access control, monitoring, logging, retention and review shall be implemented. Likewise, maintenance and testing of physical security systems functions are properly implemented. The physical security program shall adopt the existing

physical

security

plans,

policies

and

procedures

implemented by NGCP’s Security Department. 7.4.6 System Security Management This

addresses

system

security

by

specifying

technical

and

operational requirements in support of protecting Critical Cyber Assets against compromise that could lead to incorrect operation or instability of the power Grid system. 4.4.6.1. Ports and Services Processes that collectively address each of the specified requirements

related

to

ports

and

services

shall

be

implemented as follows: a. Enable only logical network accessible ports that are needed b. Ensure protection physical

against

input/output

the

ports

use used

of

unnecessary for

network

connectivity, console commands, or removable media. c. All idle sessions will be automatically disconnected when the allowable connection time is reached. 4.4.6.2. Security Patch Management


Cyber Security

157

Date Issued:

Rev. November 2017

1.0

Processes that collectively address each of the specified requirements related to security patch management shall be implemented. These

requirements

include

a

process

for

tracking, evaluating, and installing cyber security patches for applicable Cyber Assets. Security patches must be evaluated at

the

test

environment

for

applicability

prior

to

implementation. 4.4.6.3. Malicious software prevention Processes for Critical Cyber Assets that include the specified requirements concerning malicious code prevention (including deploying methods to deter, detect, or prevent malicious code) and mitigation of the threat of detected malicious code shall be implemented. Processes for updating, testing and installing the signatures or patterns shall be employed. 4.4.6.4. Security event and status monitoring Processes shall be implemented to address the specified requirements for security event monitoring, that includes: a. logging of events at the Cyber System level or at the Cyber Asset level for identification of, and after-the-fact investigation of b. Cyber Security Incidents that include detected successful login attempts, detected failed access attempts and failed login attempts, and detected malicious code. These processes must include generating alerts for security events that NGCP determines necessitate an alert, including detected malicious code and detected failure of event logging. 4.4.6.5. System Access Control Processes shall be implemented to address the specified requirements related to system access control, including: a. methods to enforce authentication of interactive user access


Cyber Security

158

Date Issued:

Rev. November 2017

1.0

b. enabled default or other generic account types, either by system, by groups of systems, by location, or by system types c. individuals

who

have

authorized

access

to

shared

accounts d. changing known default passwords per Cyber Asset capability or in accordance with the corporate password policy. e. password parameters for password-only authentication for interactive user access f. password-only authentication for interactive user access, password

changes

or

an

obligation

to

change

password on a regular basis g. number of unsuccessful authentication generating

alerts

after

a

threshold

attempts

of

the or

unsuccessful

authentication attempts. 4.4.6.6. Disposal or redeployment of Cyber Assets Specified requirements for Cyber Asset reuse and disposal shall be implemented. These processes shall require that prior to the release for reuse of the applicable Cyber Assets that contain Cyber System Information, actions must be taken to prevent the unauthorized retrieval of Cyber System Information from the Cyber Asset data storage media. These processes shall also require that prior to the disposal of the applicable Cyber Assets that contain Cyber System Information, action shall be taken to prevent the unauthorized retrieval of Cyber System Information from the Cyber Asset or destroy the data storage media. 4.4.6.7. Cyber vulnerability assessment (of Cyber Assets) Prior to adding a new applicable Cyber Asset to a production environment, active vulnerability assessment of the new Cyber Asset shall be performed. The results of testing and the results of the assessments of Critical Cyber Assets shall be documented,

including

the

action

plan

to

remediate

or

mitigate vulnerabilities identified in the assessments, the planned date of completing the action plan, and the execution status of any remediation or mitigation action items.


Cyber Security

159

Date Issued:

Rev. November 2017

1.0

7.4.7 Incident Reporting and Response Management 4.4.7.1. Cyber Security Incident Response Plan A cyber security incident response plan shall be developed and maintained. The cyber security incident response plan must address,

at

a. Process

a to

minimum,

characterize

and

the classify

following: events

as

reportable cyber security incidents. b. Response actions, including roles and responsibilities of incident response teams, incident handling procedures, and communication plans. c. Report of any cyber security incidents. d. Process to update the cyber security incident response plan of any changes. e. Process for ensuring that the cyber security incident response plan is reviewed f. Process to ensure that the cyber security incident response plans are being implemented or tested. 4.4.7.2. Incident Process Relevant cyber security incidents shall be maintained and kept. 7.4.8 Recovery Plans Recovery plans shall be in place for critical cyber assets, and these plans shall follow established business continuity and disaster recovery techniques and practices. NGCP shall comply with the following requirements. 4.4.8.1.

Recovery plan documentation

Recovery plans for critical cyber assets shall be created and annually reviewed. The recovery plans shall address at a minimum the following: a. Specify the required actions in response to events or conditions of varying duration and severity that would activate the recovery plans. b. Define the roles and responsibilities of responders.


Cyber Security

160

Date Issued:

Rev. November 2017

4.4.8.2.

1.0

Annual exercise of plans

The recovery plans must be exercised at least annually. An exercise of the recovery plans can range from a paper drill, to a full operational exercise, to recovery from an actual incident. 4.4.8.3.

Change Control

Recovery plans shall be updated to reflect any changes or lessons learned as a result of an exercise or the recovery from an

actual

incident.

Updates

must

be

communicated

to

personnel responsible for the activation and implementation of the recovery plans. 4.4.8.4.

Backup and Restore

The recovery plans shall include processes and procedures for the backup and storage of information required to successfully restore critical cyber assets. For example, backups may include spare electronic components or equipment, written documentation of configuration settings, tape backup, etc. 4.4.8.5.

Testing backup media

Information essential to recovery that is stored on backup media must be tested at least annually to ensure that the information is available. Testing can be completed off-site.

SCADA/EMS and Automation Philosophy Interface Date Issued:

Page: 161 Rev.

November 2017

1.0

8. Data Communications 8.1 Introduction The goal of SCADA/EMS is to be able to monitor and manage field equipment from a control centers to improve operating and Grid efficiencies, enhance safety and provide real-time information for dispatcher decision making. Achieving this goal requires a reliable communications infrastructure that connects field Remote Terminal Units (RTU) and Substation Automation Systems (SAS) back to control centers and connection between control centers. Ensuring reliable communications, regardless of location, is a key to the success of SCADA/EMS operations. This means that messages sent from the control center to the RTU/SAS, directly (point to point) or via one or more repeaters or from RTUs/SASs to the Control Center or between Control Centers, must be delivered timely and reliably. Furthermore, each message is to be confirmed for correctness and errors or communication failures shall be reported to the sending entity. 8.2 Smart Grid Communications As electric systems become more and more complex with the integration of two-way cyber secure communication technologies, it is inevitable that new technologies such as distributed sensors, advanced software for data management, intelligent and robust controllers will have its place on the future of Grid management. Measurement and monitoring using the WAMS from the generation down to the endpoints will be critical in changing and improving the energy system. The utilization of new technologies like wide range sensors, PMU leverage on the synchronized current/voltage amplitudes and phase angle measurement can prevent cascading failure in the network Grid. 8.3 Wired and Wireless Communications While a dedicated wired communication network is the ideal infrastructure for a low-latency network, it is also worth mentioning that in the absence of such infrastructure, an alternative wireless communication network can be considered. The use of both can fully utilize monitoring and synchronized measurements from multiple sites in the GRID. NGCP maintains its own private telecommunication network to serve its operational and corporate needs. This is a combination of microwave radio links, optical fiber links and power line carriers (PLC). While such communication links interconnect substations, major power plants and control centers, public telecom links are also utilized for connectivity of power plants and other entities that are not within the reach of NGCP


Interface

162

Date Issued:

Rev. November 2017

telecom infrastructure. These media communication satellite terminals.

includes

1.0 lease

lines

and

Figure 50 - SCADA System General Layout

8.4 Network Configuration 8.4.1 Separate/Dedicated Network SCADA/EMS shall be provided with separate and dedicated communication network to ensure reliability of data and to guarantee secured networks. Network reliability should be ensured by making use of redundant topology or alternate route and functionality to avoid data loss. Loss of data has potential to adversely affect power utility core operations. 8.4.2 Hierarchical Network Figures 51 and 52 illustrate the hierarchy of the SCADA/EMS data communication network. The master station level describes the communication philosophy between control center and its back-up. ACC level depicts the data communication between area control centers, regional and back-up regional control center. SAS/RTU level defines the data communication requirements in collecting data and control process from various plants and substation. The SCADA/EMS datacomm hierarchy will ensure consistent and reliable SCADA data communications of all control centers and data acquisition and control functionalities throughout NGCP.


Page: 163 Rev.

November 2017

Figure 51 – Scheme 1 - Data Communications Hierarchy

1.0


Page: 164 Rev.

November 2017

1.0

Figure 52 – Scheme 2 – Data Communications Hierarchy 5.4.2.1.

RCC Level

a. Communication infrastructure shall be provided for Luzon, Visayas and Mindanao Control Centers. Data exchange between these control centers shall utilized Inter-Control Center Communication Protocol (ICCP) and TCP/IP. Communication network shall be provided with sufficient capacity and redundancy to meet the performance, data exchange and control requirements. The failure of any communication equipment of the network shall not cause loss of data and information. b. In Figure 53 Scheme 1, communication between RCC Level and to its back up shall be provided with nonredundant network configuration and dedicated fiber optic connection or its equivalent link with sufficient capacity.


Page: 165 Rev.

November 2017

1.0

c. The Inter-Regional Control Center communication links shall be provided with sufficient bandwidth in consideration of the data exchange requirement between the RCCs. To ensure reliability, redundant communication paths shall be established between the RCCs. Ring topology shall be adopted in the interconnection of the regional control centers. Figure xxx shows the typical network configuration. d. In Figure 54 Scheme 2, communication between RCC Level shall be Ring Topology without the respective back-up.

Figure 53 – Scheme 1 – RCC Level


Page: 166 Rev.

November 2017

1.0

Figure 54 – Scheme 2 – RCC Level 5.4.2.2.

ACC Level

a. Communication infrastructure shall be provided between Regional Control Center and Area Control Center for Luzon, Visayas and Mindanao. TCP/IP shall be used as the protocol for data transport and data synchronization between control centers. The communication network shall be provided with sufficient capacity and redundancy to meet the performance, data exchange and control requirements. The failure of any communication equipment of the network shall not cause loss of data and information. b. The communication links between RCCs (Main and Back-Up) and ACCs shall be provided with sufficient bandwidth capacities for SCADA and WAMS applications. Depending on the regional telecom infrastructure, ring or mesh topologies shall be established to ensure that path redundancy between ACCs. Figure 55 and Figure 56 show the typical network configurations.


Page: 167 Rev.

November 2017

1.0

Figure 55 Scheme 1 – ACC Level

Figure 56 Scheme 2 – ACC Level 5.4.2.3.SAS and RTU Level a. Communication infrastructure shall be established between Area Control Center (ACC) and SASs/RTUs’. Real-time data


Interface

168

Date Issued:

Rev. November 2017

1.0

shall be collected directly from multi-ported RTUs and SAS gateways installed at the various substations and power plants within the ACC’s area of responsibility. This data will also be routed to the regional control center using DNP over IP as the standards protocol for data exchange. Tree or radial topology shall be adopted for ACC-RTU/SAS connectivity. b. Data transmission bandwidth shall be allocated in the consideration of data exchange requirement between the SAS/RTU and control centers. Figure 4.2.2.-5 depicts the network configuration at SAS/RTU level. For substations and plants with PMUs, bandwidth allocation shall consider the requirement in Table 4.2.2-1.

Samples per Second 30 60 120

2 57 114 229

Number of PMU’s 10 40 220 836 440 1,672 881 3,345

100 2,085 4,170 8,340

Table 4 - Approximate bandwidth (kbits/sec) as a function of PMUs and sampling rate

c. Data communication between ACC and SAS/RTU may be implemented via either switched (L2) or routed (L3) protocols.

Figure 57 – SAS and RTU Topology


Page: 169 Rev.

November 2017

1.0

8.5 Network Equipment/Hardware 8.5.1 Master Stations/ACC System 5.5.1.1.

IPSEC/SSL VPN

Before any remote access from any vendor/user/individual will be allowed, it is mandatory that a VPN machine or Firewall is available to provide encapsulation of data transfer so as to keep the transferred data private from other devices or user. This connection can either use the IPSec or SSL Protocol in the secure connection. 5.5.1.2.

Routers

The routers in the Master station shall be sufficient enough to handle the required bandwidth connection. Provisions/spares slots shall be provided for future use. Router shall be redundant for Control Centers. 5.5.1.3.

Terminal Servers/Serial Converters

To handle the redundancy requirement, the terminal server shall be equipped with a switching module that will determine the active channel. This terminal server shall switch seamlessly and shall not allow any loss of data/information when switching from active to the standby unit. 5.5.1.4.

Next Generation Firewall

A secured firewall between the SCADA network and the Internet (external users) shall be established. As the single point of traffic into and out of SCADA network, a firewall shall effectively monitored and secure the SCADA System. It is needed/ required that firewall and router shall separate the SCADA network from external/other network. Another function of this appliance is the intelligent dropping of unwanted traffic like the Distributed Denial of Service Attack and Intrusion Prevention System for the network. 5.5.1.5.

Uni-Directional Gateways

Hardware enforced unidirectional gateways (e.g. data diodes) are increasingly deployed at the boundary ICS and IT networks, as well as between Safety Instrumented System (SIS) networks and control networks. Unidirectional gateways


Page: 170 Rev.

November 2017

1.0

are a combination of hardware and software. The hardware permits data flow from one network to another, but is physically unable to send any information at all back into the source network. The software replicates databases and emulates protocol servers and devices. 8.5.2 Remote/RTU/MBSC Stations 5.5.2.1.

Router

To establish a separate and dedicated IP network for the SCADA’s Data Acquisition Network, a network of routers including at the substation level shall be provided. This remote station router need not be sophisticated and expensive router. This router shall be capable of handling large throughput and have a redundant connectivity. 5.5.2.2.

Next Generation Ruggedized Firewall for Endpoints

A secured firewall connection from the remote stations can have benefit in such a way that it can have a tunneled/encrypted connection going to the master station thereby eliminating the exposure of sensitive information/data when configured in IP/VPN setup. A specific policy or traffic can also be defined to secure connection from the source to the destination. 8.6 Data Communications Protocol Standards 8.6.1 Master Station Protocol 5.6.1.1.

Distributed Network Protocol (DNP 3.0)

The main protocol to be used in communicating to the RTUs and SAS gateway shall be DNP 3.0 protocol. This protocol shall be both via serial and over TCP/IP. 5.6.1.2.

Inter-Control Center Protocol (ICCP)

The SCADA/EMS system shall include an ICCP network system. It shall be fully compliant with Conferencing Blocks 1,2,4,5, and 7 of the IEC TASE.2 specifications, Version 1996-08 or later version. 5.6.1.3.

Secure File Transfer Protocol (SFTP)

Secure File Transfer Protocol (SFTP) shall be used only for sending and receiving data from one server to another server and vice versa (i.e. NGCP to Market Operator) as long as process interval required is not less than five (5) minutes.


Page: 171 Rev.

November 2017 5.6.1.4.

1.0

Transmission Control Protocol/Internet Protocol (TCP/IP)

TCP/IP shall be the main protocol for data communication. 5.6.1.5.

WAMS Protocol

The fast growing interest and acceptance of the Wide-Area Measuring/monitoring System (WAMS) in the field of power industry due to its great potential for improving the supervision, protection and control of the power system shall be incorporated in NGCP’s SCADA system. NGCP’s SCADA system shall be ready to implement and use synchrophasor technology. 5.6.1.6.

IEC 60870-101/104

For flexibility and in anticipation of possible shift to the IEC standard, the Master Station SCADA system shall be equipped with the capability to communicate with the remote stations using the IEC- standard for communicating to IEDs/RTUs/MBSCs in the remote stations. 5.6.1.7.

IEC 61850

Is a standard for vendor agnostic engineering of the configuration of Intelligent Electronic Devices for electrical substation automation systems to be able to communicate to each other. 5.6.1.8.

OPC-UA (Unified Architecture)

Is a machine to machine communication protocol for industrial automation developed by the OPC Foundation. 8.6.2 Remote Station Protocol 5.6.2.1. Distributed Network Protocol (DNP 3.0) (serial and IP based). See Section 5.6.1.1 5.6.2.2. WAMS Protocol. See Section 5.6.1.5 5.6.2.3. IEC 60870-101/104. See Section 5.6.1.6


Page: 172 Rev.

November 2017

1.0

9. Interface 9.1 Introduction NGCP SCADA/EMS Systems are currently interconnected to other internal and external Sub-systems. Different kinds of data depending on its application are exchanged at its interfacing nodes thru SCADA Open Standard and TCP/IP protocols, examples of which are SCADA real-time data, snapshot data, engineering data and status exchanged with other control centers, and other vital data information necessary to support System Operations and Market Operations functionality. Implemented protocols shall be referred to the applicable IEC interoperability communication standards for Smart Grid. Internal interfaces are connections within NGCP. This are inputs/outputs from substation field devices such as RTU’s and Gateway, Inter Control Center data exchange between SCADA regional groups, as well as customer and end-user interfaces at the NGCP Corporate Network side. External interfaces are non-NGCP connections that are presently integrated to the SCADA/EMS Systems. These are 3rd party suppliers, power plants and other privately owned companies. With this connection, SCADA System is open to the broader environment and therefore exposed the system to hazards from uncontrollable actions by others as well as unauthorized access or intrusions. However, this external connection/interface cannot be avoided/ eliminated in order to meet customer requirements and even the system administrator’s remote access during emergency situations. In order to protect the system from any unauthorized access and intrusions, certain external interface requirements must be established and implemented to maintain the SCADA System always available and operational. Internal and external connection between SCADA and Other Networks outside NGCP shall be based on the SCADA Cyber Security Philosophy and NGCP Network Interconnection Policies.

9.2 Internal Interface a. Connection from substations to SCADA Master Stations shall be through SCADA industrial Open Standard protocols like DNP V3.0 and IEC-60870-5-101/104.


Page: 173 Rev.

November 2017

1.0

b. Inter Control Center Protocol (ICCP) TASE2 shall be used for other internal control center connections. c. The SCADA/EMS System and any 3rd party software that needs to be integrated to it shall be based from open systems protocols like Common Information Model (CIM). d. SCADA/EMS shall have a common storage for this newly integrated system using open systems protocol for easy retrieval of SCADA historical information. e. Demilitarized zone (DMZ) shall be the intermediate network between SCADA and Corporate networks. Data transfer shall use protocols such as FTP, SFTP and web services and corporate users shall access SCADA data through servers installed in intermediate network. 9.3 External Interface 9.3.1 Market Operations Market Operations and NGCP System Operations currently is exchanging data through File Transfer Protocol. It is through this connection that SCADA real-time data is currently being forwarded to them every 5 minutes for their commercial operations, then forward to System Operations for the implementation of the Real-Time Dispatch (RTD). Relevant SCADA web displays are also available to the Market Operator through a secure portal. To support its growing demand for a more reliable and faster data transfer, Inter Control Center Protocol (TASE2), Secured File Transfer Protocol or any protocol in-line with the Smart Grid interface standards and that will support the data requirements of NGCP and WESM shall be applied. 9.3.2 Distribution Utilities and Other Utilities To ensure the overall security and reliability of the System Grid, as well as to support the data needs of WESM’s Market Operations, certain monitoring points at the internal network of distribution utilities shall be monitored at the SCADA/EMS. Data acquisition shall be via an inter-control center protocol or a dedicated Remote Terminal Unit (RTU) installed at the substation or connection point of the distribution utility. The said equipment


Interface

174

Date Issued:

Rev. November 2017

1.0

shall be compliant to NGCP’s requirement and standard, as well as address the Cyber Security Philosophy. 9.3.3 Maintenance and Support Users (SCADA Personnel, Vendor & Third Parties) Remote access to the SCADA Systems shall be interfaced through a Virtual Private Network (VPN) equipment that is linked to the SCADA network. External connection and third party support shall be given access only with proper clearance from the NGCP Management. 9.3.4 Power Plants Interface Power Plants that will be monitored and controlled by a control center (e.g NCC, RCC, BRCC and ACC) shall follow the requirement and standards so as to achieve a high degree of security as well as monitoring and control performance. This shall be through SCADA industrial Open Standard protocols like DNP V3.0 and IEC60870-5101/104. This requirement and standard shall be implemented to all Power Plants through constant and consistent application to all projects that directly or indirectly deals with Power Plants process control. To define the delineation of responsibilities between NGCP and the power plants, NGCP shall provide RTUs for conventional power plants without plant automation systems. For the power plants that are capable to be monitored and controlled via their automation systems, gateways shall be provided.

9.3.5 External Data Requirements External data sources shall pass through the intermediate network and shall be unidirectional. These inputs include weather data and other

information

necessary

to

provide

a

more

accurate

forecasting and application for a more reliable and secure power Grid. 9.4 Time Synchronization Time synchronization of all computing devices for SCADA/EMS systems of the NGCP control centers, substation automation


Interface

175

Date Issued:

Rev. November 2017

1.0

systems and other mission critical data acquisition systems shall conform to the standard as depicted in section 5.4 of the Telecom Philosophy. The preferred time synchronization method throughout the NGCP utilities is a dedicated substation Grid clock for each applicable station. Bay and Process level devices such as BCU, protection relays, RTU, SER and other intelligent electronic devices equipped with built-in time synchronization interface shall connect directly through the substation Grid clock either through IRIG-B, PTP or NTP whichever is applicable. If time source with better accuracy

such

as

those

mentioned

is

not

available,

time

synchronization via communication protocol such as DNP3.0 shall be used.

SCADA/EMS and Automation Philosophy Labelling and Identification of SCADA/EMS

Page: 176

and Automation Equipment Date Issued:

Rev. November 2017

1.0

10. Labelling and Identification of SCADA/EMS and Automation

Equipment The SCADA/EMS and SAS equipment including the hardware, software and peripherals shall adopt standards and equipment labeling of the existing NGCP SEIL. The adoption of SEIL would provide a common understanding with regards to identification and functions of these devices/equipment. In as much as some of these equipment are not SEIL-identified equipment,

SCADA/EMS

and

Automation

equipment

naming

convention shall be standardized in reference to the existing SEIL standards and equipment will subsequently be labeled accordingly. This will establish a unified SCADA and SAS wide equipment identification system that will be used by all concerned functional groups of NGCP. The SCADA/EMS and Automation Equipment that need to be standardized shall include the following: 1.

SCADA/EMS and AUTOMATION Application Servers

2.

SCADA/EMS and Application Software

3.

Network Equipment

a.

Routers

b.

Switches

c.

Firewalls

d.

GPS

e.

VPS

4.

Network Cabling Identification and Color Coding

5.

Domain Name

6.

File Naming Convention

7.

IP Address Name and Grouping

SCADA/EMS and Automation Philosophy Labelling and Identification of SCADA/EMS and Automation Equipment Date Issued:

Page: 177 Rev.

November 2017

1.0

SCADA/EMS and Automation Philosophy Appendix A: Technology Roadmap Date Issued:

Page: 178 Rev.

November 2017

1.0

Appendix A: Technology Roadmap The technology road map is a conglomeration of three key elements – the strategic plan, tactical plan, and operational plan. The SCADA/EMS and SAS philosophy previously described can be viewed as the strategic plan - the objective of which is the enhancement of SCADA/EMS and SAS reliability

and

maintainability

through

hardware

and

software

commonality. Strategic Plan (SCADA/EMS and Automation Philosophy) will need to be updated or revised due to impact of Technological Advancement, NGCP Management Direction, Implementation of Smart Grid and the inclusion of Quality Assurance Control.

Figure 58 Technology Roadmap

The strategic plan however involves a long term horizon and needs to be translated into tactical plans with objectives geared towards the realization of the strategic objectives. This level in the technological road map generally involves the development of standards on user


Page: 179 Rev.

November 2017

1.0

interface, approved vendor/products, cyber security, etc. The standards are guideposts that marks the way for SCADA/EMS and SAS to contribute to the strategic objective. The tactical plan needs to be distilled further into operational plans for the day to day activities relative to SCADA/EMS and SAS. The operational plans will be described in the procedures, instruction manuals, guidelines, and policies that will steer the operational activities in a direction aligned with the tactical and strategic objective. User Interface Development Standards User interface standards for the RCCs, ACC and the SASs shall adapt the following standards which encompass aspects as device naming, single line displays, and alarm presentation: 1. 2.

Philippine Grid Code (GCR 4.9) Electrical Diagram Requirements NGCP Implementing Rules and Regulations for Standard System for Site and Equipment Identification Labeling (SEIL) Manual Revision 2

3. 4.

with Clarification IEC 60617: Graphical Symbols and Diagrams ANSI/IEEE Std. 316-1975 (Reaffirmed 1993): Graphical Symbols for

5.

Electrical and Electronics Diagram Standard Electrical Diagrams at the Connection Point of the Grid (NGCP-STD-PD-015)

With the standards in place and duly implemented, dispatchers and substations operators from Luzon, Visayas, and Mindanao shall be able to see similar nomenclature and displays when viewing SCADA/EMS system and SAS. The standardization can promote easy exchange of ideas among dispatchers and substation operators on such areas as system disturbance analysis and other subject matters crucial to efficient Grid operation.

Approved Vendors and Products NGCP shall have at most two (2) vendors/products for the SCADA/EMS resulting in the following: 

Common vendor/product for the Regional Control Centers and Backup Regional Control Centers but different for Area Control Centers


Page: 180 Rev.

November 2017 

1.0

Common vendor/product for the Regional Control Centers and Backup Regional Control Centers and Area Control Centers

NGCP shall have at most three (3) vendors/products for Substation Automation System (SAS). Two extreme possibilities can exist under this set-up: common SAS vendor/product for the regional centers and different SAS vendor/product for each of the regional control. Adoption of the 2 vendor/product for SCADA/EMS and 3 vendor/product for SAS is considered to be a good balance between the goal of having similar systems throughout NGCP and the wisdom of not being tied up to a single vendor/product. A methodology for the accreditation of vendors under this set-up shall be developed in coordination with TPD/SCMG. Cyber Security Standards NGCP cyber security standards and policies pertaining to security of Industrial Control Systems (ICS), including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS) shall be adopted in all SCADA/EMS and SAS installations and maintenance. These Standards shall cover user authentication, access to network resources, network

intrusion

detection

and

prevention, and

data

protection, including back up and disaster recovery. Implementation of cyber security in SCADA-EMS shall conform with ISO/IEC 27001:2013 “Information technology – Security techniques – Information security management systems – Requirements”. The following existing work and standards are applicable to the field of substation

automation

technology

with

high

consideration

on

availability, Smart Grid applications and criticality of performance: 1. 2.

NERC CIP-002 through CIP-009: Critical Infrastructure Protection ISA/IEC 62443: Network and system security for industrial-process

3.

measurement and control IEC 62351, Parts 3-6, Data, Communication Network and System

4.

Security CIGRE B5/D2.46 Application and management of cyber security

5.

measures for Protection & Control systems CIGRE D2.31 Security architecture principles for digital systems in Electric Power Utilities EPUs


Appendix A: Technology Roadmap

181

Date Issued:

Rev. November 2017

6.

1.0

IEC 62351 Parts 1-11 Power systems management and associated information exchange – Data and communications security

Wiring & Cabling Identification and Labeling Standards A wiring and cabling identification and labeling standards shall be developed. Wiring and cabling in SCADA/EMS and SAS installations of NGCP is quite substantial. Adoption of a standard on wire/cable identification

as

well

as

labeling

can

enhance

maintenance

effectiveness. The standard shall also cover the use and specification of appropriate wire/cable sizes and characteristics in the SCADA/EMS and SAS network. Application of the standard is a direction towards achieving a higher degree of commonality in the wires/cables used for SCADA/EMS and SAS. Spare Parts Management Standards A credible spare parts management is essential to an effective maintenance program. Thus, spare parts management standards shall be developed to support the SCADA/EMS philosophy. The standard shall cover spares management parameters such as spares inventory level to be maintained, re-ordering points, and inventory models to be adopted by NGCP. Documentation Standards The myriad of activities involved in putting into motion the operational plan for the realization of the objectives of the SCADA/EMS and SAS philosophy need to be properly documented. The goal of documentation is to have a readily available reference material on various aspects of the SCADA/EMS and SAS philosophy – from the tactical to the operational level. A documentation standard can promote to a high degree

consistency

in

what

is

to

be

documented,

how

the

documentation is to be carried out, storage period of documents, etc. The documentation shall include but not limited to single line diagrams used in the User Interface displays, local area network diagrams, single line for uninterruptible power supply, various standards to be developed by NGCP, and records of maintenance activities. Hardware/Software Standard Specification


Page: 182 Rev.

November 2017

1.0

Hardware and software components of the SCADA/EMS and SAS shall conform

with

the

prevailing

international

industry

standards

to

conceptualize overall system’s compatibility and interoperability and to be able to prescribe capabilities and functionalities with respect to strength, durability, reliability, electrical characteristics, insusceptibility to failure and suitability for the intended use. All data center and station components shall comply with the space layout, cabling installation, security and safety features, network infrastructure, and environmental conditions of NGCP Data Center Standard. IT equipment such as servers, workstations, printers, and etc. shall be managed in accordance with the IT corporate policies.

SCADA/EMS and AUTOMATION PHILOSOPHY Appendix B – Real-Time Monitoring

Page: 183

and Control Operations Matrix Date Issued:

Rev. November 2017

1.0

Appendix B: Real-Time Monitoring and Control Operations Matrix

A. General

B. Generator*

Plant*

C. Generator

D. Generator

Breaker*

Transformer*

None

None

None

   

G

CONTRO

None

Raise/ Lower **

L ANALOG/

None

ACCUM

STATUS

None

   

Total MW Total MVAR Total MVA Line to Line Voltage, per Phase voltage  Line Current, per phase Current  Neutral Current  Frequency  Power Factor  THD and TDD  Droop setting  Deadband setting  Gate Position/Limit (Hydro) Generator Protection Relay

ALARM

    

 Local/Remote  Open/Close/ In Transit/ Invalid

Total MW Total MVAR Total MVA Line to line Voltage, per phase Line Current, per phase Neutral Current Frequency Power Factor Tap Position

None

All alarms associated with tripping in accordance with the Network Protection Philosophy

* All real-time monitoring and control parameters shall be subject to agreement between the Generator and NGCP **Applicable to Generator under AGC


184


Rev. November 2017

E. High Voltage Bus*

CONTRO

None

L ANALOG/

 Bus KV  Bus frequency

F. SWYD Breakers/Substati on*

G. Transmission Line

 Breaker Trip/Close  DS Trip/Close None

None

ACCUM

   

     

STATUS

Energized / DeEnergized

ALARM

Page:


Total MW Total MVAR Total MVA Line to line Voltage, per phase Line Current, per phase Frequency Power Factor CTR/PTR Line MWH Line MVARH

None

1.0

H. Feeder Transformers

Raise/Lower

   

     

Total MW Total MVAR Total MVA Line to line Voltage, per phase Line Current, per phase Neutral Current Frequency Power Factor Tap Position CTR/PTR

 Local/Remote  Master/Follower

All alarms associated with tripping in accordance with the Network Protection Philosophy *If owned by Generator, subject to the approval and agreement between Generator and

NGCP


185


Rev. November 2017

I. 69kV Bus Breaker

J. 69kV Bus

 Breaker Trip/Close  DS Trip/Close

None

L ANALOG/

None

 Bus KV  Bus frequency

CONTRO

1.0

K. Feeder Breakers

 Breaker Trip/Close  DS Open/Close None

ACCUM

L. Feeder Lines/ Capacitor Banks/Reactors

None

   

     

STATUS

ALARM


None

Page:


Total MW Total MVAR Total MVA Line to line Voltage, per phase Line Current, per phase Neutral Current Frequency Power Factor Tap Position CTR/PTR

None

All alarms associated with tripping in accordance with the Network Protection Philosophy

SCADA/EMS and AUTOMATION PHILOSOPHY Appendix B – Real-Time Monitoring and Control Operations Matrix Date Issued:

Page: 186 Rev.

November 2017

1.0

ADDITIONAL REAL-TIME MONITORING AND CONTROL FOR VRE A. SOLAR Analog Control

Control Active Power Output Control Setpoint (MW) Reactive Power Output Control Setpoint (MVAR) Power Factor Control Setpoint (pf)

Status Control

Voltage Control Setpoint (kV) Start/Stop Plant Operation Enable/Disable Active Power Output Control Enable/Disable Reactive Power Output Control Enable/Disable Power Factor Control Enable/Disable Voltage Control Enable/Disable Automatic Active Power Control System Monitoring


Page: 187


Rev. November 2017

Analog Feedback

1.0

Active Power Output (MW) Reactive Power Output(MVAR) Power Factor Output (pf) Voltage Output (kV) Frequency (Hz) Solar Irradiance Global Horizontal Incident Incidental Solar radiation Air density relative humidity absolute humidity ambient temperature and back panel temperature Hub height Active Power Output Control Setpoint (MW) Reactive Power Output Control Setpoint (MVAR) Power Factor Control Setpoint (pf)

Status Feedback

Voltage Control Setpoint(kV) Start/Stop Plant Operation Feedback Enable/Disable Active Power Output Control Feedback Enable/Disable Reactive Power Output Control Feedback Enable/Disable Power Factor Control Feedback Enable/Disable Voltage Control Feedback Enable/Disable Automatic Active Power Control System Feedback Local/Remote VRE Control Feedback

* All real-time monitoring and control parameters shall be subject to agreement between the Generator and NGCP

B. WIND Analog Control

Control Active Power Output Control Setpoint (MW) Reactive Power Output Control Setpoint (MVAR) Power Factor Control Setpoint (pf)

Status Control

Voltage Control Setpoint (kV) Start/Stop Plant Operation Enable/Disable Active Power Output Control Enable/Disable Reactive Power Output Control Enable/Disable Power Factor Control


Page: 188 Rev.

November 2017

1.0

Enable/Disable Voltage Control Enable/Disable Automatic Active Power Control System Monitoring Analog Feedback

Active Power Output (MW) Reactive Power Output(MVAR) Power Factor Output (pf) Voltage Output (kV) Frequency (Hz) Air density Wind speed Relative humidity Absolute humidity ambient temperature Hub height wind direction Active Power Output Control Setpoint (MW) Reactive Power Output Control Setpoint (MVAR) Power Factor Control Setpoint (pf)

Status Feedback

Voltage Control Setpoint(kV). Start/Stop Plant Operation Feedback Enable/Disable Active Power Output Control Feedback Enable/Disable Reactive Power Output Control Feedback Enable/Disable Power Factor Control Feedback Enable/Disable Voltage Control Feedback Enable/Disable Automatic Active Power Control System Feedback Local/Remote VRE Control Feedback


C. Battery Energy Storage System Control Analog Control Active Power Output Control Setpoint (MW) Reactive Power Output Control Setpoint (MVAR) Power Factor Control Setpoint (pf) Voltage Control Setpoint (kV)


189 Rev.

November 2017 Status Control

Page:

1.0

Start/Stop Plant Operation Enable/Disable Active Power Output Control Enable/Disable Reactive Power Output Control Enable/Disable Power Factor Control Enable/Disable Voltage Control Enable/Disable Automatic Active Power Control System Monitoring

Analog Feedback

Active Power Output (MW) Reactive Power Output(MVAR) Power Factor Output (pf) Voltage Output (kV) Frequency (Hz) relative humidity absolute humidity ambient temperature Percentage Droop Value Deadband Setting Value State of Charge Available Energy Mode of Operation Active Power Output Control Setpoint (MW) Reactive Power Output Control Setpoint (MVAR) Power Factor Control Setpoint (pf)

Status Feedback

Voltage Control Setpoint (kV) Start/Stop Plant Operation Feedback Enable/Disable Active Power Output Control Feedback Enable/Disable Reactive Power Output Control Feedback Enable/Disable Power Factor Control Feedback Enable/Disable Voltage Control Feedback Enable/Disable Automatic Active Power Control System Feedback Local/Remote VRE Control Feedback


REAL-TIME MONITORING AND CONTROL MATRIX FOR HVDC


Page: 190


Rev. November 2017

Parameters (Digital Output)

AC Line None

Bus bar None

Breaker Open/Close

Control

1.0

Transformer Tap Changer, Raise/Lower

(Analog Input)

Voltage

Voltage

Analog data

Current

Frequency

None

Tap Changer, position

P, MW

Voltage

Q, MVAR

Current

S, MVA

P, MW

Power- Factor

Q, MVAR

Frequency

S, MVA Power Factor None

None

Frequency None

None

Open

Tap Changer

Power Flow

Close

Local / Remote

(forward/reverse

In-transit

)

Invalid

(Pulse Input)

MW-HR

Accumulators

MVAR-HR

(Digital Input)

None

Status data

Alarms

AC Line

Bus

Breaker

Transformer

Protections

Protections

Protections

Protections

SCADA/EMS and AUTOMATION PHILOSOPHY Page:

Appendix B – Real-Time Monitoring

191


Rev. November 2017

Parameters (Digital Output)

AC Filter None

Control

Converter Control Thyristor (as Rectifier) DC Current-Control

DC Line None

DC Voltage-Control

1.0

Converter Control Thyristor (as Inverter) DC CurrentControl DC VoltageControl Extinction Angle-

(Analog Input)

Voltage

P, MW

P, MW

Control P, MW

Analog data

Current

Voltage

Voltage

Voltage

P, MW

Current

Current

Current

Q, MVAR

Frequency

Power Order

Frequency

Power Factor

Current

Power Factor

Firing angle, Alpha

Order

Firing angle,

(Pulse Input)

Firing angle,

Alpha

Gamma

Firing angle,

None

None

None

Gamma None

None

None

None

None

AC Filter

Converter

protections

Protections

Accumulators (Digital Input) Status data Alarms


REAL-TIME MONITORING AND CONTROL FOR CBM

ANALOG/

Temperature

STATUS

Pressure

ALARM

Moisture Liquid Level Dissolved Gas Partial Discharge

192 Rev.

November 2017

Power Transformer

Page:

Circuit Breakers

Trip, Close and Back-up Coil Monitoring Partial Discharge Travel and Velocity System Line Current and I2T Monitoring SF6 Gas Mechanism and Monitoring

1.0

SCADA/EMS and AUTOMATION PHILOSOPHY Appendix C Reference Standards Date Issued:

Page: 193 Rev.

November 2017

1.0

Appendix C: Reference Standards 1. 2. 3. 4.

NGCP Information Security Policy NGCP Data Center Standard Philippine Grid Code 2016 Edition IEC 61970 Energy management system application program interface (EMS-API) 5. IEC 61968-8:2015 Application integration at electric utilities System interface for distribution management 6. IEC 61850 Communication networks and systems in substations 7. NERC Critical Infrastructure Protection (CIP) CIP-002-1: Critical Cyber Asset Identification 8. NERC Critical Infrastructure Protection (CIP) CIP-003-1: Security Management Controls 9. NERC Critical Infrastructure Protection (CIP) CIP-004-1: Personnel and Training 10.NERC Critical Infrastructure Protection (CIP) CIP-005-1: Electronic Security Perimeters 11.NERC Critical Infrastructure Protection (CIP) CIP-006-1: Physical Security of Critical Cyber Assets 12.NERC Critical Infrastructure Protection (CIP) CIP-007-1: Systems Security Management 13.NERC Critical Infrastructure Protection (CIP) CIP-008-1: Incident Reporting and Response Planning 14.NERC Critical Infrastructure Protection (CIP) CIP-009-1: Recovery Plans for Critical Cyber Security Assets 15.CIGRE B5/D2.46 Application and management of cyber security measures for Protection & Control systems 16.CIGRE D2.31 Security architecture principles for digital systems in Electric Power Utilities EPUs 17. ISA/IEC 62443: Industrial communication network - Network and system security 18.IEC 62351:2007 Power systems management and associated information exchange –Data and communication security 19.IEC 62056 20. IEC 62056 Electricity metering data exchange – The DLMS/COSEM suite 20. IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems 21. IEEE 1547 Interconnecting Distributed Resources with Electric Power Systems 22. IEEE P2030 Guide for Smart Grid Interoperability of Energy Technology and Information Technology Operation with the Electric Power System (EPS), and End-Use Applications and Loads

SCADA/EMS and AUTOMATION PHILOSOPHY Appendix C Reference Standards Date Issued:

Page: 194 Rev.

November 2017

1.0

23. IEEE C37.118.1 Synchrophasor Measurements for Power Systems 24. IEEE C.37.1-2007 – SCADA and Automation Systems 25. IEC 60870-3 Telecontrol Equipment and Systems, Part 3: Interfaces (Electrical Characteristics 26. IEC 60870-4 Telecontrol Equipment and Systems, Part 4: Performance 27.IEC 60870-5 Telecontrol Equipment and Systems Part 5: Transmission Protocol 28. NIST Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security 29. ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements 30. NGCP Network Telecom Philosophy 31. NGCP Network Protection Philosophy 32. IEC TR 62357-1: 2006, Power system management and associated information exchange 33. NGCP Implementing Rules and Regulations for Standard System for Site and Equipment Identification Labeling (SEIL) Manual Revision 2 with Clarification 34. IEC 60617: 2012 Graphical symbols for diagrams 35. Standard Electrical Diagrams at the Connection Point of the Grid (NGCP-STD-PD-015)

SCADA/EMS and AUTOMATION PHILOSOPHY APPENDIX D SCADA/EMS Application Page: 195

Requirement Matrix Date Issued:

Rev. November 2017

1.0

Appendix D: SCADA/EMS Application Requirement Matrix

APPLICATIONS

SCADA/ EMS APPLICATION MATRIX

SCADA

Cyber Security Software

Web-based Application

Support Software

Other Software

AGC AVC

Network Analysis

Planning Analysis

CONTROL CENTERS National Control Center

Basic SCADA SCADA Topology Report Management System Support Software / Network Management Software Inter Control Center Communication Information and Retrieval (IS& R) Historical Data Collection and Storage Software Disturbance Data Collection and Retrieval Software Historical Data Client Software Web Application Program Disturbance Analysis and Playback Sequence of Events (SOE) Load Shed and Restore Operations Ticket, OT Network Security and Performance Monitoring Software Servers Security and Performance Monitoring Software Anti-Virus protection Cyber Security Integrated Monitoring System Web Application SMS alarm function Electronic Logbook Servers Operating Systems PC Workstation Windows Operating Systems Network Time Synchronization Distributed Backup and Archiving Utilities Application Development Software Oracle RDBMS Development and Utilities SCADA database editor and maintenance software SCADA Display Editor Report Generation Software RTU and Communication Maintenance Software Web-server management and Administration tools Network Model Maintenance Software EMS configuration and network utility software On-line help development software Office Automation Software Third party software Intelligent Analysis Ancillary Service Compliance Monitoring Automatic Generation Control, AGC

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Back-Up National Control Center Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Regional Control Center Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Back-Up Regional Control Center Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Area Control Center Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Y

Y

Y

Y

Y

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y




Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Automatic Voltage Control, AVC Network Modeling

Y Y

Y Y

Y Y

Y Y

Y

Network Topology Analysis, NTA

Y

Y

Y

Y

State Estimator , SE

Y

Y

Y

Y

Dispatcher Power Flow , DPF

Y

Y

Y

Y

Network Sensitivity Analysis, NSA

Y

Y

Y

Y

Contingency Analysis, CA

Y

Y

Y

Y

Optimal Power Flow, OPF

Y

Y

Y

Y

Short Circuit Analysis, SCA

Y

Y

Y

Y

Security Constrained Dispatch, SCD

Y

Y

Y

Y

SCUC+SCED

Y

O

Y

O

Generation Schedule, GS

Y

O

Y

O

Load Forecast Bus Load Forecast

Y Y

O O

Y Y

O O

Y Y

SCADA/EMS and AUTOMATION PHILOSOPHY APPENDIX D SCADA/EMS Application Page: 196


Rev. November 2017

Training

VRE Monitoring and Analysis

Wide Area Measurement System (WAMS)

REMARKS

1.0

Equipment Outage Scheduler, EOS

Y

O

Y

O

Dispatcher Training Simulator, DTS

Y

O

Y

O

Programming Development Software, PDS

Y

O

Y

O

VRE Forecasting Real-time Monitoring Operation Statistics Analysis Priority Dispatch Evaluation VRE Control PMU Data Communication

Y Y Y O Y Y

Y Y Y O Y O

Y Y Y O Y Y

Y Y Y O Y O

Historical Data Management

Y

O

Y

O

Grid Operation Dynamic Monitoring

Y

O

Y

O

Grid Disturbance Monitoring

Y

O

Y

O

SE using PMU

Y

O

Y

O

Power Oscillation Monitoring & Analysis

Y

O

Y

O

Oscillation Source Detection

Y

O

Y

O

Performance of Primary Frequency Regulation

Y

O

Y

O

Performance of Generator Excitation

Y

O

Y

O

Model Data Center

Y

Y: Recommended, O: Optional

Y Y Y O Y


APPENDIX F SCADA/EMS Hardware

197


Rev. November 2017

1.0

Appendix E: SCADA/EMS Hardware Requirement Matrix

CONTROL CENTERS

HARDWARE

SCADA/ EMS HARDWARE MATRIX

National Control Center

Back-Up National Control Center

Regional Control Center

Back-Up Regional Control Center

Application Server

Y

Y

Y

Y

Data Acquisition Server

Y

Y

Y

Y

Web Application Server

Y

Y

Y

Y

Dispatcher Training Simulator Server

Y

Y

Y

Y

Programming Development System Server

Y

Y

Y

Y

SMS Server

Y

Y

Y

Y

SODIP Server

Y

Y

Y

Y

Historian-Web Server

Y

Y

Y

Y

Historian-ICCP Server

Y

Y

Y

Y

IDAM Cyber Security Server

Y

Y

Y

Y

SIEM Cyber Security Server

Y

Y

Y

Y

AD Cyber Security Server

Y

Y

Y

Y

SCADA/AGC Server

Y

Y

Y

Y

EMS and RE Server

Y

Y

Y

Y

Information Storage and retrieval Server

Y

Y

Y

Y

WAMS Applications Server

Y

Y

Y

Y

Historian Applications Server

Y

Y

Y

Y

WAMS FES Server

Y

Y

Y

Y

Front-End Server

Y

Y

Y

Y

Front-End Server, ICCP

Y

Y

Y

Y

Front-End Server, RTU/IPS/IDS

Y

Y

Y

Y

Patch Management Server

Y

Y

Y

Y

Terminal Server

Y

Y

Y

Y

VRE Forecasting Server

Y

Y

Y

Y

Controller

RTU Serial Interface

Y

Y

Y

Y

LAN

NGCP/SO Corporate LAN

Y

Y

Y

Y

Workstations

Maintenance

Y

Y

Y

Y

Operations

Y

Y

Y

Y

Planning Studies

Y

Y

Y

Y

Cyber Security Monitoring

Y

Y

Y

Y

Servers

Remote ACC's

Area Control Center

Y


APPENDIX F SCADA/EMS Hardware

198


Rev. November 2017

1.0

VRE Forecasting

Y

Y

Y

Y

Firewall at Zone 1

Y

Y

Y

Y

Firewall at Zone 2

Y

Y

Y

Y

Firewall at Zone 3

Y

Y

Y

Y

Firewall at Zone 4

Y

Y

Y

Y

Firewall at Zone 5

Y

Y

Y

Y

Router at Zone 1

Y

Y

Y

Y

Router at Zone 2

Y

Y

Y

Y

Router at Zone 5

Y

Y

Y

Y

Switch at Zone 1

Y

Y

Y

Y

Switch at Zone 2

Y

Y

Y

Y

Switch, Core at Zone 3

Y

Y

Y

Y

Switch, Core at Zone 4

Y

Y

Y

Y

Switch at Zone 5

Y

Y

Y

Y

Data Diode

Data Diode

Y

Y

Y

Y

Video Wall

Video Wall Controller

Y

Y

Y

Y

B&W Network Printer Colored Network Printer Disk Array

Y Y Y

Y Y Y

Y Y Y

Y Y Y

GNSS (GPS, GLONASS)

Y

Y

Y

Y

Weather Transient Recorders, TR Remote Terminal Unit, RTU

Y Y Y

Y O Y

Y Y Y

Y O Y

Firewall

Router

Switch

Printer Storage Device Time and Frequency Source I/O Equipment

REMARKS: Y: Recommended , O: Optional

Y Y

Y O Y

SCADA/EMS and AUTOMATION PHILOSOPHY APPENDIX F Protocol and Standards Reference Architecture Date Issued:

Page: 199 Rev.

November 2017 Appendix F: Protocol and Standards Reference Architecture

1.0

SCADA/EMS and AUTOMATION PHILOSOPHY APPENDIX F Protocol and Standards Reference Architecture Date Issued:

Page: 200 Rev.

November 2017

1.0

SCADA EMS and Automation Philosophy_3rd Draft Working File Ao 09Nov

Recommend Documents