Centralized Protection

Centralized Protection & Control – Uncovering the Potential

by Jani Valtari, Sushil Joshi, ABB, Finland

There is a growing need for flexible protection and control products, and for flexible solutions and services to support and manage those products. The concept of centralized protection and control (CPC) is not new, but only the advancements in computing technology and international standards have made it a feasible alternative for modern substations. CPC units can be deployed in several different architectures, depending on the other solution components used and overall solution requirements. The main expected benefits from the solution are related to increased flexibility and performance and reduced overall life-cycle costs.

The latest report of the Intergovernmental Panel on Climate Change (IPCC) emphasizes that to fight climate change our energy system needs to be completely reshaped at an unprecedented speed. New renewable and intermittent energy resources will be connected to the energy system, consumption will be managed with demand responses, and new storage devices will be deployed and used. All this needs to happen without risking the security of the power supply. It means that the protection and control functionality of our power networks must be enabled to manage continuous changes during the lifetime of devices. This is a tremendous challenge to the protection and control system, which needs to become more flexible and be able to reconfigure faster.

The requirement for increased flexibility creates a need to also evaluate substation protection and control architectures with different design principles. In computer science, separation of concern (SoC) is a design principle which simplifies development and maintenance by splitting the overall functionality into individual sections, which can be reused, as well as developed and updated individually. One of the key benefits is the ability to improve or modify without having to know the details of other sections, and without having to make corresponding changes to those sections. Conventionally the sections in substation automation architectures have been physically separated to different protection and control relays. However, the availability of Centralized Protection and Control (CPC) units makes software managed sections available too, with the aim of increased flexibility and more reliable and quicker deployment of protection and control systems. Figure 1 outlines the separation of concern design principle.

History of Centralized Protection and Control

Protection in power systems has been subject to several technological advancements. From electromechanical mechanisms to the microprocessor intelligent electronic device (IED), relaying has been an essential aspect to the continuing development of a more flexible, interconnected and smart power system. As mentioned in IEEE PES PSRC WG K15 working group report, the CPC system architecture for the secondary system is not a new concept and dates back almost to the beginning of the widespread adoption of computers for business with the first proposal published in 1969, and the first installation as a field proof concept in 1971.

In the beginning of 1970s, the application of centralized substation protection based on a centralized computer system was proposed. This constitutes an important milestone in the history of power system protection. However, the idea has not been widely applied beside few exceptions in low voltage (LV) systems with an integrated approach, since there were no available computer hardware/software or communication technologies to support such an idea. In recent years, the dramatic growth in the signal processing capability of relay platforms, and the availability of suitable communication standards for electric substations, have provided a new opportunity to revisit the concept of the centralized protection and control system. Figure 2 shows the different eras of protection relays.

Enablers for Centralized Protection & Control

Electrical substations play a major role in building a reliable power network. Their basic functions have remained unchanged for years. There is a need to monitor, control and protect different elements of a distribution network. The technical solutions on the other side are constantly changing e.g., the technology for data processing and communication. The key technical enablers supporting the emergence of centralized protection and control are described below.

IEC 61850 Station and Process Bus: IEC 61850 standard have made fast and standardized Ethernet-based communication more available. The station bus as defined in IEC 61850-8-1 allows for the elimination of copper wires between numerical protection relay units on the horizontal level i.e. relay-to-relay communications. The process bus as defined in IEC 61850-9-2 allows sharing of digitized information from instrument transformers or sensors in a standardized way to other relays and/or CPC units. This has enabled shifting of protection and control functions between different relays and/or CPC units at the substation level.

Merging Unit: The interface of the instrument transformers (both conventional and non-conventional) with a relay and CPC unit is through a device called Merging Unit (MU). Intelligent Merging Unit (IMU) has also been proposed as a general term for relay with MU capabilities. MU is defined in IEC 61850-9-1 as interface unit that accepts current transformer (CT)/voltage transformer (VT) and binary inputs (BI) and produces multiple time synchronized digital outputs to provide data communication via the logical interfaces. IEC 61850-9-2LE or IEC 61869-9 defines a sampling frequency of 4 kHz (in 50 Hz networks) and 4.8 kHz (in 60 Hz networks) for raw measurement values to be sent to subscribers. Apart from acting as interface unit between primary equipment and CPC or relay, MU can also host IOs (input/output) to handle feeder based digital signals. It can communicate the digital status of primary equipment, like the circuit breaker, isolator, earthing switches, to network devices as well as receive trip and open or close signals from an external unit.

Substation Time Synchronization: With Ethernet-based technology it is possible to achieve software-based time synchronization with an accuracy of 1 ms quite easily, and without any help from HW. This is also what the IEC 61850 standard refers to as the basic time synchronization accuracy class (T1). An older and more common protocol is the SNTP (Simple Network Time Protocol), which is suitable for local substation synchronization in relatively small systems. However, if the SNTP server is behind multiple Ethernet nodes, the latency increases, which reduces the accuracy of the time synchronization. Therefore, SNTP is not an ideal solution for system-wide implementation. Normally a GPS or equivalent time synchronization resource is required in every substation. IEEE 1588v2 and IEC 61850-9-3 deal with these issues and makes it possible to achieve a time synchronization accuracy of 1 μs. This is required if an IEC 61850-9-2 process bus is used.

Communication Redundancy: High availability and high reliability of a communication network are two very important parameters for architectures utilizing a CPC system. IEC 61850 standard recognizes this need, and specifically defines in IEC 61850-5 the tolerated delay for application recovery and the required communication recovery times for different applications and services. The tolerated application recovery time ranges from 800 ms for SCADA, to 40 µsec for sampled values. The required communication recovery time ranges from 400 ms for SCADA, to 0 for sampled values. To address such time critical need for zero recovery time networks, IEC 61850 standard mandates the use of IEC62439-3 standard wherein clause 4 of the standard defines Parallel Redundancy Protocol (PRP) and Clause 5 defines High-Availability Seamless Redundancy (HSR). Both methods of network recovery provide “zero recovery time” with no packet loss in case of single network failure.

CPC Deployment Options

Deciding on the conventional protection and control architecture, or CPC architecture for a substation project depends upon many parameters, including but not limited to substation protection philosophy, defined specifications, time critical applications for protection and control, redundancy requirement at the physical, functional or communication level, flexibility to adapt the changes our power distribution grid is facing today, etc. Traditionally the protection has been distributed in multiple different Numerical Protection Relays (NPR, De-centralized – Figure3) but in CPC all the safety critical intelligence is in one device (Centralized – Figure 3).

For risk mitigation, it is extremely important to consider possibilities for redundancy. The most obvious redundancy possibility is to duplicate the central device. This ensures that in case of device failure, fully functional protection remains available. Since the central protection devices can have identical configurations, the engineering and maintenance remains efficient. Also, during update procedures and testing, the redundant unit can handle protection while the other unit is out of service. A more detailed illustration of the centralized architecture is shown in Figure 4, with a redundant communication network based on PRP. In this case MU and CPC system sends or receives data on both LAN A and LAN B. The multiple paths of PRP are two redundant networks and the networks are completely independent.

Another redundancy possibility is to combine both approaches by using bay level backup protection with the CPC unit. This approach is shown in Figure 3 as Hybrid. The idea of the combined solution is to use simplified protection at the bay level and all the substation-wide and advanced protection in the central device. The protection system still has the flexibility of central protection and the control concept, as new functionalities and extensions can be updated in a single location. The hybrid solution is also a possibility for existing installations since adding just the central device can introduce new functionalities for the complete substation. Furthermore, since the bay level relays contain protection functionality, the n-1 criteria can be fulfilled without redundant CPC units and without redundant communication. An example illustration of the Hybrid architecture is shown in Figure 5.

The hybrid arrangement comprising both centralized and decentralized architecture for a medium-voltage substation secondary system is quite recent, since Intelligent Merging Units have not been available earlier for mass market. It is based on the principle of distribution of partial or full duplication of protection and control functions between bay and substation levels. The hybrid approach also makes it possible to introduce next level functionality in the substation, like remote assets management, remote configurations, upgrades, analytics and advanced inter substation applications. As shown in Figure 5, all the relays considered for hybrid configurations need to be capable of handling IEC 61850-9-2 SAV communication profile, which means these relays can also function as merging units for an existing feeder.

Functional and Physical Redundant Hybrid architecture: The next architecture shown in Figure 6, is utilizing mix of relays and MU to get process level information to the CPC unit. Apart from relay and MU, separate Process Units (PU) are considered for highly critical feeders for the redundant or parallel circuit breaker tripping channel to route CPC unit’s protection trip commands. This architecture is truly utilizing the benefit of decentralized and centralized protection schemes. There may be dual relay and/or MU deployment for a bay to achieve a higher degree of functional or physical redundancy, not shown in this article

Centralized Protection and Control Applications

There are multiple applications and functions, that either benefit from centralized architecture or even require it. The most obvious indication of station-level functionality is the communication requirement. If the functionality requires horizontal and/or vertical communication, in other words, if information needs to be exchanged between several units, it is beneficial to implement the functionality at the station level. Also, one indicator is the function maturity and the expected ‘functional life cycle’ of the application. If there are changes expected in the requirements for the function, either through legislation or from the business environment, the function would benefit from centralized architecture, where updating is faster and cheaper to do.

A proposed list of the CPC system functionality:

  • Protection and analysis functionality utilizing measurements from multiple bays:
    • Differential protection e.g. for bus bar
    • Sensitive directional earth fault protection e.g. for intermittent faults
    • Protection against faults with low fault current magnitude: e.g. high impedance earth faults
    • Islanding operation and Loss-of-Mains protection when islanding is not allowed
    • Fault locator
  • Other supporting substation functionality:
    • Station-wide disturbance recorder
    • Automatic recalculation of protection parameters based on topology and DG changes, adaptation of protection application
    • Advanced condition monitoring and asset management support
    • Cyber security monitoring and protection
    • Station-level self-supervision

In addition, other potential development fronts in the CPC system architecture are related to User Experience, Cloud connectivity and Cyber Security.

Better User Interface (UI) and User Experience (UX): Availability of a CPC unit makes it possible to concentrate all substation data (real time data of protection and control scheme, various primary equipment status, various measurements from protection CTs or sensors) at a point of user interface in a substation. A CPC unit can offer web-based dedicated user interface, which offers multiple HMI options throughout the substation over secured LAN or even remote access through secured VPN and internet. Since all substation data is available at a central location, this allows for improved user experience with e.g. centralized alarms, events and disturbance recording for all the bays, more efficient and safe control and operation of primary equipment, centralized engineering, the handling of protection settings and configuration storage of substation devices.

Advanced Functionality and Remote Connectivity: Advanced protection and control functionality can be implemented at substation level thanks to higher processing and computing capacity of the CPC unit hardware. With remote or cloud connectivity of CPC or Hybrid configuration, it becomes possible to analyze large amount of data being generated in the substation by these connected devices. Various advanced analytics algorithms can be deployed in the Cloud to equip the substation workforce with more extensive data.

Cyber Security: Technological misuse and abuse have become a serious concern in all areas where computers are used and networked. The CPC system’s key equipment such as relays, MUs and CPC units are not exceptions when it comes to cyber threats. Increased awareness and cyber security advancements to safeguard electric grids against such cyber-attacks can be implemented by authentication and authorization, auditability and logging as well as product and system hardening. Firewalls, intrusion detection or prevention systems, or VPN technology should help to protect the CPC system’s key equipment. Verified malware prevention software can protect central computers against attacks and viruses. Another possibility to protect the central computer is application white listing, which can provide a heightened degree of security for the CPC system configuration.

CPC Installation based on Hybrid Architecture

The pilot for the CPC with hybrid architecture was realized during 2017-2018, and was implemented in the substation of Noormarkku – 110kV/20kV substation with double bus-bar and one power transformer (Figure 7).

Functionally the target in the pilot was to upgrade the protection functionality in the substation without large modifications to the existing protection and control relays. Due to extensive underground cabling there was a need to improve the earth fault protection in the substation, but otherwise the functionality in the existing relays was sufficient for current needs, including required MU functionality. CPC unit was made the main protection device and bay level devices remained as backup. Commissioning was done in May 2017 and the analyzed piloting period was 28.6.2017 – 2.1.2019. It started from the moment when field tests were finalized, and the CPC unit was set as the main protection system of the substation and ended based on initial agreement at the end of 2018.

During the piloting period there were 99 short circuits and 69 earth faults. From the short circuits 74 were cleared by the low stage protection, and 25 by the high stage protection. Table 1 shows the results, which also indicate which devices sent the trip signal.

During the piloting period there were 17 earth faults, which were only tripped by the CPC unit and not by relays. No malfunction was found in the CPC unit device, relay functionality either did not trip early enough, or the fault criteria was not fulfilled. Also, the multifrequency admittance-based protection in the CPC unit is more sensitive to some fault types, especially to intermittent earth faults, which may result in faster fault reaction. The results show that the CPC technology is reliable and efficient, meeting the existing requirements. The pilot was also a showcase of a modern retrofit project because the existing relay-based protection was preserved, and new earth fault protection functionality was introduced to the substation within one new CPC unit.

Summary and Future Views:

Traditionally, protection relays are always seen as CAPEX driven components of the power system. With the SoC design principle for protection and control schemes and technology advancement in data processing, computing and substation communication, the dividing lines between the relay, as we know today, and the CPC system are likely to get blurred, implying that a more software-oriented approach to protection and control solutions will be enforced. This technological shift can bring fundamental change in a way the protection and control relay business model exists today. It is possible that new revenue streams like Software as a Service (SaaS), Infrastructure as a Service (IaaS), Cloud-based services, Big Data and analytics-based services, Digital Twin based simulation services, etc., will be introduced for protection and control of distribution grid and substations.


Jani Valtari is working as a Technology Center Manager for ABB Distribution Solutions in Vaasa, Finland. He has a Doctor of Science degree in Electrical Engineering from Tampere University of Technology. He has held several development, research and management positions in ABB, and within the research community in Finland. He has authored many conference papers and been inventor in international patents. His primary areas of interest are innovations in smart grids and new substation technologies.

Sushil Joshi is a Global Product Marketing Manager for Middle East market with ABB Industries LLC, Dubai. He has been with ABB since 2006 and working in the profile of product marketing/sales of ABB’s distribution automation products and digital solutions. He has overall 15 years of experience in power systems, protection relays and distribution automation products and solutions. He has received his bachelor’s degree in Electrical Engineering from Sardar Patel University in India. He has authored many conference papers and his current focus areas include IEC61850 based solutions and Centralized Protection and Control.”