Experience with Testing and Configuration of IEC 61850 Multivendor Protection Schemes

Authors: Rene Aguilar and James Ariza, Megger, USA

A test device must be able to subscribe as well as publish GOOSE messages. The IED being tested will publish or send a GOOSE to tell the breaker to trip. The test device subscribes to the GOOSE issued by the IED under test and reacts to it according to the test procedure.

Some of the challenges facing the testing of IEC 61850 include the lack of knowledge that protection specialists have of the standard, and also understanding the functionality and implementation of the test system used. In order to know what GOOSE messages to monitor, the user has to be aware of the basics of IEC 61850. For example, SCL (Substation Configuration Language) files contain all the information of how the substation is configured but most importantly what GOOSE messages are available.

A. Description Languages – SCL Files -Part 6 of the IEC 61850 standard introduced a common language used to exchange information between different manufactures. This guarantees interoperability and enhances the configuration phase. Each proprietary tool must support the export of the IED’s description into this common, XML-based language. The development process of a project based on IEC 61850 depends on the availability of software tools that make use of the SCL language.

SCL specifies a common file format for describing IED capabilities, a system specific caption that can be viewed in terms of a single line diagram, and a substation automation system description. Part 6 of IEC 61850 introduces four types of common files. These files are the IED Capability Description (ICD), Configured IED Description (CID), Substation Configuration Description (SCD) and System Specification Description (SSD) files.

The configuration can be performed by a manufacturer’s independent tool. Some manufacturers have advanced their proprietary software tools in a way that they can be used as IEC 61850 system configurators, however, there are also some third party tools available. All ICD files get imported into the IEC 61850 system configurator, which allows the configuration of GOOSE messages by specifying the senders (publishers) and the receivers (subscribers) of messages. The system configuration tool creates the SCD file, which includes the one line diagram of the station and the description of the GOOSE messages.  Each IED Configuration Tool must be able to import an SCD file and extract the information needed for the IED - the GOOSE messages that a particular IED will subscribe and publish (Figure 1).

It is important to know that in addition to the configuration information specified by part 6 of IEC 61850, the configuration of an IED should be completed with a proprietary IED configuration tool and can have either a proprietary format or a standard CID format.

A common misconception between vendors is what type of SCL file should be generated. Some of the IEDs will only export an ICD file while others export a CID file. Technically, these two file types are similar, the difference is how each one is generated. However, this creates a challenge when trying to configure the entire system. The download process of putting the final configuration into the IED has not been strictly standardized by IEC 61850. Manufacturers use one of the following ways to load the configuration file to their devices:

  • FTP protocol
  • IEC 61850 file services
  • Proprietary protocols designed for file transfer

B. Substation IT Network Security - As communications in the substation take on more critical roles in the protection and control task of the utility, it is important for the protection engineer to understand the basics of the IT network, the behavior and characteristics of components like Ethernet switches, Ethernet ports, and router, as well as being familiar with terminology such as LAN, VLAN, IP address, Mac Address, Network Topologic, firewalls, etc.

Many experienced protection engineers find discussion of IT network issues to be dense and perhaps intimidating, because until now they have not faced the need to understand the behavior and performance characteristics of IT Networks. Ethernet switches are as important to understand as protective relays in order to achieve availability, dependability, security and maintainability goals of the substation.

A security concern is the method an IEC 61850 substation is tested. The concern is the direct connection of a PC to the substation bus during the test. The issue is that a PC might be infected with a virus that could create GOOSE traffic on the network. This could lead to critical messages being delayed due to excess traffic. The generation of GOOSE messages from a PC could potentially trip out the substation.   To avoid some of these issues, several utilities have dedicated PC’s that are only allowed to be connected to the LAN when performing tests. This will prevent a possible compromise of the network due to an infected PC. It is also important that the tester be familiar with his testing tools and knows whether or not it will generate GOOSE messages from the PC.

Another solution is to use the test set as a firewall between the substation and the PC.  This could be done if the test set has available two Ethernet ports completely isolated from each other. One of the ports can be used to control the test set from the PC, while the other is connected to the actual substation LAN. In this manner, only the test set will be allowed to publish or subscribe to GOOSE messages. This helps to prevent the possibility of tripping the substation due to a loose GOOSE.

Power. Flexible. Easergy.
Let?s start with organization in protection testing