tepco iec, inc. · s / per year) tepco power grid. state of new york. state of ... alstom grid....
TRANSCRIPT
TEPCO IEC, Inc.
This document may contain confidential information of TEPCO IEC,Inc. and Tokyo Electric Power Company Holdings, Incorporated (TEPCO) /or other companies. We prohibit the use of the contents of this document for any purposes other than its original purpose and acts of disclosure to third parties without our permission. TEPCO IEC,Inc.
© 2017 TEPCO IEC,Inc.
©TEPCO Power Grid, Inc. All Rights Reserved.
Efforts to stable power supply
© 2017 TEPCO IEC,Inc.
3
2014~
1.1. Power System Enhancements & Advancements over the years
2018~ Next Gen. SCADA
~2017~2010s~1970s
Improvements were implemented as the demand for SCADA increased over the years.
TEPCO is usually the one to define the specification of the SCADA they want to be developed.
TEPCO shall define the entire specification for Next Gen. SCADA, and do RFP.
8.4
20.2
31.9
46.7
0102030405060
1950
1957
1961
1965
1969
1973
1977
1981
1985
1989
1993
1997
2001
2005
2009
2013
[GW]Peak Demand(daily peak at generation end)
History of SCADA
© 2017 TEPCO IEC,Inc.
4
1.2. History of Substation Remote Monitoring & Control
~1970s
~2000s
~FY2017
FY2018~
49.1 70.7
88.4 95.6
97.3
98.3
99.9
755762
9921232
1584
1619
1580
5007009001,1001,3001,5001,700
0
20
40
60
80
100
1955
1975
1995
2002
2004
2006
2008
2010
2012
2014
2016
(Loc
atio
ns)
(%)
×500
×99
×10
800+
1,500+1,500+
1,500+
TEPCO has successfully created “unattended substations” as the no. of substations increased.
Control centers have been centralized by increasing the no. of substations that are controlled by SCADA.
Next Gen. SCADA will be able to perform supervisory control among 1,580 substations simultaneously.
More than one control center can be set up.
Automation rate in substations
×1
substations
© 2017 TEPCO IEC,Inc.
5
1.3. SAIDI & SAIFI
19
3625
1016
818
4 7 7 123 3 5 5 5 4 4 4 4 3
122 7 2 3 4 3 2
152
9 515
4
0.28
0.36
0.27
0.220.25
0.1
0.39
0.08
0.21
0.23
0.29
0.10.08
0.22
0.19
0.130.13
0.1
0.180.18
0.1
0.12
0.11
0.1
0.05
0.13
0.05
0.12
0.05
0.33
0.10.07
0.14
0.07
0
0.1
0.2
0.3
0.4
0.5
0
20
40
60
80
100
120
140
160
1981
1984
1987
1990
1993
1996
1999
2002
2005
2008
2011
2014
Freq
uenc
y of
out
ages
per
hou
seho
ld
(tim
es)
Dur
atio
n of
out
ages
per
hou
seho
ld
(min
utes
)
SAIDI SAIFI
Contracts are increasing but SAIFI and SAIDI are decreasing. SAIFI and SAIDI were high in FY 2010 due to the great east Japan
earthquake on 11 March 2011. SAIFI and SAIDI have been at normal levels since FY 2011.
22.74
26.6728.73
0
5
10
15
20
25
30
Num
ber o
f Cus
tom
ers
(mill
ion)
Number of Customers
© 2017 TEPCO IEC,Inc.
6
1.4. SAIDI & SAIFI (Cont’d)
4.0 20.0 21.0
133.8
32.8
83.6
61.0
0
20
40
60
80
100
120
140
160
(min
utes
/ per
yea
r)
A huge number of facilities were broken by the great east Japan earthquake in 2011, TEPCO overcame this situation and has been providing high-quality power until today.
0.07 0.16 0.13
1.06
0.29
0.90
0.65
0.0
0.2
0.4
0.6
0.8
1.0
1.2
(tim
es/ p
er y
ear)
TEPCOPow
er Grid
State ofN
ew York
State ofCalifornia
JAPAN
German
France
UnitedKingdom
TEPCOPow
er Grid
State ofN
ew York
State ofCalifornia
JAPAN
German
France
UnitedKingdom
Duration of Outage per contract of each country Frequency of Outage per contract of each country
As of the end of FY 2015
© 2017 TEPCO IEC,Inc.
Next Generation SCADA~ Aiming for a SCADA built with resilience ~
© 2017 TEPCO IEC,Inc.
From the many things we learnt from the great east Japan earthquake and in order to succeed in 2020 International events, TEPCO shall develop a next generation SCADA, which aims to accomplish not only a stable power supply but also a resilient power grid.
Resilient in face of natural disasters
Maintain an up-to-date & highly reliable design
Develop the Next Generation SCADA8
2020International Events
Reliable cyber security
© 2017 TEPCO IEC,Inc.
2.1. International standard Corresponding to the CIM Standard
Platform CIM Standard
EMS/DMS/NMS Core DBMS Import/Export
Network Manager No Yes
eTerra No Yes
PowerOnAdvantage/Reliance No Yes
Spectrum Power Yes Yes
ADMS/Oasys No Yes
Next Generation SCADA(Toshiba’s Middle ware) Yes Yes
Schneider Electric
Siemens
General Electric(GE)
Alstom Grid
Asea Brown Boveri(ABB)
The only two platforms with the Database (DBMS) adapted IEC61970 and IEC61968 are Spectrum Power and our TOSHIBA’s middle ware installed in Next Gen. SCADA.
© 2017 TEPCO IEC,Inc. 9
2.2. International standard Corresponding to the CIM Standard
By designing DBMS with CIM, it is possible to drastically reduce DB conversion cost at system replacement.
OS
DB (Original)
Application CIM I/F(MW)
OS
DB (Original)
Application CIM I/F(MW)
Replace
Huge Cost
International standard
OS
DB (IEC61970/61968)
Application
OS
DB (IEC61970/61968)
Application
Replace
Low Cost
CIM I/F(MW)
CIM I/F(MW)
© 2017 TEPCO IEC,Inc. 10
Server 1 Server 2
Client 1 Client n
Server 1 Server 2 Server 3
Client 1 Client n・・・・・ ・・・・・
Transmission CC ×10Distribution CC ×56
Transmission CC ×10Distribution CC ×56
2.3.
Next Generation SCADA
Flexible Redundancy Flexible redundant configuration depending on the degree of importance
Realizing redundant configuration using basic SCADA to suit the needs Realizing not only redundant servers, but also widely distributed servers All the clients consist of Thin-Client. Next Gen. SCADA consists of 10 transmission control centers and 56 distribution
control centers. Redundant servers can be distributed and placed in different places.
© 2017 TEPCO IEC,Inc. 11
2.4. Cost Down Complete thin client configuration realizes overwhelming cost reduction
Next Gen. SCADA has achieved overwhelming downsizing that has never existed before.
Three servers can realize about 50 GW of power transmission system and all operation of power distribution system.
The control center has a thin client configuration, so flexible design of the control center is possible.
TCC 1
TCC 2
TCC 10
・ ・ ・
Wide area Communication Network
average 5 to 6
CommunicationNetwork 1
DCC 1
DCC 5
average 5 to 6
DCC 6
DCC 10
average 5 to 6
DCC 51
DCC 56
CommunicationNetwork 2
CommunicationNetwork 10・ ・ ・
・ ・ ・
DataCenter 1
Wide area Communication Network
・ ・ ・
Server1
DataCenter 2
Server2
DataCenter 3
Server3
TCC 1
Thin-Client
TCC 2
Thin-Client
TCC 10
Thin-Client
DCC 1
Thin-Client
DCC 6
Thin-Client
DCC 51 Thin-Client
DCC 5
Thin-Client
DCC 10 Thin-Client
DCC
56 Thin-Client
CommunicationNetwork 1
CommunicationNetwork 2
CommunicationNetwork 10
・ ・ ・
・ ・ ・
・ ・ ・
Next Generation SCADAUp to now SCADA
© 2017 TEPCO IEC,Inc. 12
2.5.
Server 1 Server 2 Server 3
Client 1 Client 2
Substation Substation
Server 1 Server 2 Server 3
Client 1 Client 2
Substation Substation
Master
Next Gen. SCADA enables stable operation even in a state of “Split-Brain Syndrome”. The Control Center keeps running as long as there is at lest one master sever
connected to the network. Since “Slave” is synchronized with “Master”, it can be shifted to single master mode
when “Split –Brain Syndrome” happens, automatically.
Master Slave Slave Master Slave
High Redundancy
Event of failure
After recovery
High Redundancy Allows stable operation in a state of Split-Brain Syndrome
© 2017 TEPCO IEC,Inc. 13
2.6.
Server 1 Server 2 Server 3
Substation Substation
Client 1
GW
Sub-Area Network× 10 Network
Wide-Area Network× 1 Network
×10 Locations
×56Locations
Number of TC*1 = MAX 48
It can be configured with redundancy of the network freely depending on the importance of SCADA
e.g. Next Generation SCADA
Main network consists of 2-route optical fibers.
Wide-area network configures ring-groups with OPGWs and under ground cables.
Considering of using micro-wave as back up.
Four route transmission will be used for GW transmission which collects RTU’s data.**1~4 route transmission designs are available
Multiple transmission Up to four can be chosen freely to route transmission
*1 TC : Tele-Control
© 2017 TEPCO IEC,Inc. 14
2.7.
SCADA
SubstationTCP/IP
Substation
HDLC orCDT etc. GW
TCP/IP
SCADA
The communication system between SCADA and substations should be highly reliable. Currently, Internet Protocol (IP) transmission is mainly used between SCADA and substations. TCP/IP is used in many SCADAs. TCP/IP is also used in Next Gen. SCADA, however there are some problems.
TCP/IP
Accomplish conditions ・Orderliness・Continuity
Concerned conditions ・Real-time・MTU restriction
Using UDP?
UDP/IP・Real-time・1:N Communication・Orderliness・Continuity
PMCN having advantages of both TCP/IP and UDP/IP is employed.
PMCN (Protocol for Mission Critical industrial Network use)
Duplicated transmission support Adopted a communication system with enhanced reliability
TC : IP Transmission
TC : None IP Transmission
GW : IP Transmission
© 2017 TEPCO IEC,Inc. 15
2.8. What's PMCN? PMCN is a protocol that enables maximum use of the Internet protocol in mission-critical
monitoring and control system.
Obtaining data orderliness Implementation
TCP/IP
Physical LayerData Link Layer
Network LayerTransport Layer
Session LayerPresentation Layer
Application Layer
UDP
PMCN
Mounted on the UDP Standardized by The Japan Electrical
Manufacturers‘ Association (JEMA) Library, etc. are provided from JEMA
Obtaining data continuity TCP/IP
Obtaining data in real-time UDP/IP
Duplicated transmission support None
1:N communication* (*Multicast Communication) UDP/IP
Data transmission support without MTU restriction None
Ability to implement
© 2017 TEPCO IEC,Inc. 16
2.9. e.g. Duplicated transmission support
(Fragment)
SEQ Num 1SEQ Num 1
A-LAN
Wait for the rest of the A-LAN data of SEQ num2.
B-LAN
SEQ Num 2SEQ Num 2
SEQ Num 1
SEQ Num 2
SEQ Num 2
SEQ Num 3
SEQ Num 2
SEQ Num 1
SEQ Num 2
(Fragment)
SEQ Num 3
SEQ Num 2
SEQ Num 2
SEQ Num 3
SEQ Num 4
SEQ Num 3
Disposal
Disposal
Disposal
Disposal
Disposal
Reception processing (TCP Layer)
SEQ Num 1
(Fragment)
SEQ Num 2
(Fragment)
SEQ Num 2
SEQ Num 3
SEQ Num 4
Retransmission request(SEQ Num3)
Can’t receive split packets from different LAN.
Can’t be received until the reception processing of SEQ Num2 is completed.
In the case where duplicated transmission is realized using TCP / IP
© 2017 TEPCO IEC,Inc. 17
2.10. e.g. Duplicated transmission support (Cont’d)
(Fragment)
SEQ Num 1SEQ Num 1
A-LAN
Wait for the rest of the A-LAN data of SEQ num2.
B-LAN
SEQ Num 2SEQ Num 2
SEQ Num 1
SEQ Num 2
SEQ Num 2
SEQ Num 3
SEQ Num 2
SEQ Num 1
SEQ Num 2
(Fragment)
SEQ Num 3
SEQ Num 2
SEQ Num 2
SEQ Num 3
SEQ Num 4
SEQ Num 3
Disposal
Disposal
Reception processing (PMCN Layer)
SEQ Num 1
(Fragment)
SEQ Num 2
(Fragment)
SEQ Num 2
SEQ Num 3
SEQ Num 4
Possible to receive a split packet from B-LAN.
SEQ Num 4
Disposal
Disposal
In the case where duplicated transmission is realized using PMCN + UDP / IP
The sequence number is managed by the PMCN.
© 2017 TEPCO IEC,Inc. 18
2.11. TEPCO's GW enables highly reliable transmission by converting various non-IP
transmissions to IP. (DNP 3.0 is also possible) In FEP efficiently many data format has been converted to IEC61970/61968.
SubstationTC*1 TC*1
HDLC
IF*2
TCP/IP
LAN-IF*3
Token Ring
RTU*4
TCP/IP
SAS*5
TCP/IP
GW
SCADA
TCP/IP PMCN+UDP/IP
Multi-Transmission Protocol Developed The GW that supports a number of protocols
FEP1 FEP2 FEP3
CDT
TCP/IP TCP/IP TCP/IP
Data Format ProtocolJapan Original CDT
HDLC (Compliance) HDLC or TCP/IP
Japan Original Token Ring
IEC60870 (in future) TCP/IP
IEC61850 (in future) TCP/IP
IEC61970 TCP/IP
Only Protocol Conversion
*1 Tele-Control *2 IP method of Tele-Control *3 Token-Ring *4,*5 in future
© 2017 TEPCO IEC,Inc. 19
2.12. Goal for strong SCADA
Power Control Technology Able to perform an operating support function which suits the needs of clients
Function that auto-creates operation sequences From current to the future network, operation sequences are automatically created by indicating the facilities users want to be operated
Control areas are flexibleBackup control can be performed from the other control area in the case of emergency
Audio guidance functionAn audio guidance is carried out to announce the faults and confirm the operation
Training simulator function Operation training is available using operation clients. It is also available to simulate previous faults and display faults flexibly.
Notification to asset management departmentIt can make information from the control center available to the asset management department
© 2017 TEPCO IEC,Inc. 20
~ Aiming for a SCADA secured from Cyber threats~
Next Generation SCADA
© 2017 TEPCO IEC,Inc.
22
3.1. Constructing Organization for Comprehensive SecurityOrganization and Operations are important for comprehensive security. We must consider not only cyber attacks, but internal crime like information theft.
TEPCO, McAfee and TOSHIBA are teaming up to develop world-class electric power control system with security in mind.
To introduce advanced technology developed by TEPCO and TOSHIBA, including multifactor authentication with IC card and Biometrics etc.
Commit 1 To Develop SCADA with Cutting-edge Security Controls
Commit 2 To Create An Organization with Governance and Management
Separation of governance organization (CSIRT) and management organization (SOC) clarify our Responsibility, Role and Authority. Consequently, flexible operations are done against any risk.
Governance: CSIRT
Management: SOC
ManagementFeedback
CIO/CISO Audit
Evaluate
Plan Build Run Monitor
MonitorDirect
Business Needs
TEPCOPower Grid, Inc.
© 2017 TEPCO IEC,Inc.
23
3.2. A SCADA secured from Cyber threats TEPCO has conducted a risk assessment during the request for proposal phase. TOSHIBA, together with a Security consultancy has also conducted a risk assessment. The assessments were made in line with Japan’s domestic guidelines , NIST SP 800-
82 Rev2 and the ISO/IEC14408
Enable security measures selection depending on security level of SCADA
Strengthening of firewall Implementation of Security measure at Network gateway and Logging function
Installation of IDS / IPS Defends widely from Intrusion Detection to Intrusion Prevention
Block of unused LAN ports and USB ports Block LAN ports and USB ports logically.Block Important Facilities physically.
Two-factor authentication function Implementation of Two-factor authentication, IC card authentication and Biometric authentication
Access control Enable flexible access control setting by use of IC card
© 2017 TEPCO IEC,Inc.
24
3.3. A SCADA secured from Cyber threats (Cont’d)
Login authentication for Server system Login authentication and Logging during system maintenance
Encryption of authentication information Encrypt IC card information and Biometric information
Sequential control Implementation of system which protects field devices in substations from illegal control
Employment of White list system Prevent execution of unauthorized program
Construction of Log management infrastructure
Implementation of Event data search function, access permission setting function, etc.
© 2017 TEPCO IEC,Inc.
25
3.4. Two-factor authentication function Strengthening security measures by implementing a combination of non-contact IC
card and biometric authentication as compared to the two-factor authentication used in conventional ID & Password systems.
If the Employee Card is compatible with the non-contact IC card(ISO/IEC18092 Compliance), it is also possible to use the Employee Card.
Palm vein authentication
IC card authentication
500kV Substation SCADA
© 2017 TEPCO IEC,Inc.
26
3.5. Biometric authentication by palm vein
1. Control is allowed through IC card authentication and palm vein authentication.
2. Configuration changes and approval of the control operations can be carried out only through IC card authentication.
3. Operator control authority will vary depending on the IC card.4. If both the card and the palm vein is not authenticated, SCADA does not
output a control signal.5. Operators can be controlled from anywhere in the control center by
setting an IC card ID.6. All operations will be recorded through individual operator logs.
Authentication accuracy
FAR (False Acceptance Rate) 0.00001%
FRR (False Rejection Rate) 0.01% (Including one retry)Source ©FUJITSU LIMITED 2016
© 2017 TEPCO IEC,Inc.
27
Next Gen. SCADA
MainServer
authenticationServer
IC Card
BiometricDevice
Thin-ClientControl Center
IC Card
BiometricDevice
Thin-ClientControl Center
IC Card
BiometricDevice
Thin-ClientControl Center
3.6. Flexible access to Control Center By matching the IC card details with a definable range of operations, users can set
which operations are controllable and accessible for each employee. This function can be set through employee IDs and departments as the Operation
Area and Control Center Client are not fixed.
Configuration changes can be granted the authority to either Control Center to grant privileges to employees.
Next Gen. SCADA
MainServer
authenticationServer
IC Card
BiometricDevice
Thin-ClientControl Center
IC Card
BiometricDevice
Thin-ClientControl Center
IC Card
BiometricDevice
Thin-ClientControl Center
Emergency
© 2017 TEPCO IEC,Inc.
~ Aiming the strong SCADA to business innovation ~
Next Generation SCADA
© 2017 TEPCO IEC,Inc.
Implementation of functions flexible enough to suit varying needs
Adopting IEC61970 in network modeling and Database Configuration
4.1. Create a flexible SCADA fit for work restructuring TEPCO has been developing SCADA systems based on the idea that supervisory control
technologies and company /utility/customer structures are always changing In order to create flexible and resilient SCADA systems that can keep up with the fast-changing
industry, TEPCO aims to continuously adapt to market-defined standards and globally standardized technologies.
TEPCO shall develop the new generation SCADA systems using its reputable craft and know-how in power management technologies, and not just depend on existing solution packages offered by current vendors .
A variety of choices is available to address a wider range of customer needs, in a more customized approach
Development of power management technologies in software modules
Configuration of data models using IEC61970; less vendor dependency
Implementation of PI System
Implementation of OSIsoft’s PI System, which is an industrial standard for enterprise historians is available.
© 2017 TEPCO IEC,Inc. 29
TEPCO IEC, Inc.
© 2017 TEPCO IEC,Inc.