Embed Size (px)
Citation preview
1
Abstract-- The Global demand for reliable energy and the numerous advancements in filling these demand has allowed for the development of the smartgrid. The Smart Grid is expanding the existing capabilities and the reach that Demand Side Generation, transmission and distribution has on the global demand fulfillment of electrical energy. The main advantage of the smartgrid is the infrastructure it provides for distributed generation, renewables, electric vehicles, and the demand side management of control loops. However, vulnerability is escalating as non-secure networks are introduced to the customers through Smart Meters and other field devices with IP capability. The ability of these field devices to go on the net have provided a target for malicious activity.
Index Terms—Cyber-Physical, FERC, Firm Load, ISO, LAN, Load, Generation, GAO, Demand Side Management, DOD, Microgrd, Power Distributed, NERC Penetration Testing, Synchronization, WAN
I. NOMENCLATURE
Cyber-Physical, Microgrid, Smart, Protection & Security.
II. INTRODUCTION
he Department of Defense (DOD) has identified seven areas that will define Smart
Grid security and protection. These seven areas are as follow:
TA. Attack ResistanceB. Self-HealingC. Consumer MotivationD. Power QualityE. Generation and Storage accommodationF. Enabling MarketsG. Asset Optimization
In our concentration the Distributed Generation is most relevant. Distributed Generation are MiICROGRIDS amongst other types in this class. MICROGRIDS are crucial to a utility when generation capacity approaches the Reserve Margin set by a utility in order to avoid an N-1 condition or beyond such as an N-1-1 condition. MICROGRIDS provide the contracted option to system planners to not shed firm loads but to instead call in and unload the grid through Load bearing buses in the proximity overloading areas of the grid. Generally there is a cost associated with unloading these buses but in light of brown-out or a possible black-out it is the preferred method of mitigation.
Areas of highest vulnerability are the same areas of increasing Distributed Generation Expansion. The Government Accountability Office (GAO) and The North American Electric Reliability Corporation (NERC) have questioned the positioning of cyber security and our ability to deal with those threats. The aim of GAO and NERC is to give and enforce baseline cybersecurity in the Bulk Power System.
At this point the main attacks have come against industrial control systems while other countries have confirmed targeted attacks on critical infrastructure such as Medical, Military and Database facilities.
Cyber-Physical Protection & Security of the U.S. Power Grid
Microgrids and Smartgrid Topologies and Countermeasures to Cyber attacks
E. Gonzalez, Member, IEEE,
2
As the internet of things pushes (Connection of devices through the Internet) its way onto Distributed Generation (DG) which has become a target for hacking and attacks that can damage the MICROGRIDS and force protective relays or Breakers to NOT disconnect from the utility grid when out of voltage range or phase desynchronization beyond tolerancesettings.
III. QUANTIFYING CYBER ATTACK- PROTECTIVE MEASURES FOR DISTRIBUTED GENERATION
The security of the grid must be viewed in the light of Cyber Physical Systems (CPS) that can and do quantify the attacks. CPS will also evaluate the appropriate countermeasures.
The Cyber Physical System functional composition (CPS)
1. The Physical components and control applications
2. The Cyber Infrastructure required to support the necessary planning, operational and market functions
3. The correlation between cyber-attacks and the resulting physical system impacts
4. The countermeasures to mitigate risks from cyber threats
This Area intentionally Left Blank
The Cyber Physical view of the power grid
Generation – Transmission Network – Distribution Network
Distributed Generation
-Industrial Loads
-Domestic Loads
Fig. 1 Cyber Physical view of the power grid
The CPS is comprised of
1. Electronic Field Devices2. Communication Networks3. Substation Automation 4. Control Centers
The Control Center handles real time monitoring, control and the Operational decisions (Minute-to minute) changes.
Independent System Operators (ISO) perform the coordination between utilities and the System Planners dispatch order. If a utility participates in Power Market they also interact with the ISOs that support Market Functions based on the real time generation being reported by the field devices distributed through the grid.
The specific Smart Grid cybersecurity that we are concerned in analyzing is the coupling between the power control applications and the cyber systems. Recall that fundamentally the inverter needs to be
WANISO Energy Market
Generation Control Center
Transmission Control Center
Distribution Control Center
3
disconnected within .16 seconds according to IEEE 1547 for any voltage or frequency deviations. These are comprised of two distinct items:
Division of the Command and Control Functions
1. Power Applications which are the collection of operational control functions necessary to maintain stability in the physical power plant.
2. Supporting Infrastructure which is the cyber infrastructure that includes software, hardware, firmware and the associated communications network.
Risk Assessment Methodology
This section will introduce the physical and cyber characteristics that identify the physical impacts from cyber-attacks.
Risk is defined in the traditional sense as the impact times the likelihood of the risk occurring [8]. The best way to address the likelihood is through the infrastructure vulnerability analysis. If this method is followed then the infrastructure that can limit or mitigate an attack to access the critical control functions. Upon discovering the potential vulnerabilities which then can be used to evaluate the overall physical impact on the system and how to best mitigate the attack.
This Area intentionally Left Blank
Risk Flow
Cyber-Physical Systems Infrastructure
Cyber Indicators -Penetration Testing -Vendor Advisors -Intrusion Detection Monitoring
Physical System Impact
Infrastructure Vulnerability Analysis
Power Applications -Impacted Computation/ communication -Control Function Impact
Power System Reliability -Frequency, Voltage, and rotator and angle stability -Loss of load Economic Losses Risk
Application Security
Infrastructure Security
Fig. 2 Risk Flow Analysis
A comprehensive analysis of vulnerability is:
1. Identification of cyber assets that include software, hardware, firmware and communication protocol flow chart above that can be used for risk mitigation
2. Penetration Testing3. Vulnerability Scanning
TABLE I
Control System Vulnerability /Weaknesses
Software/Product Security Weaknesses
Configuration Weaknesses
Network Security Weaknesses
Improper Input Validation
Permission, Privilege and Access Control
Common Network Design Weaknesses
Poor Code Quality Improper Authentication
Weak Firewall Rules
Permission, Privilege, and Access Control
Credentials Management
Network Component Configuration
Improper Authentication
Security Configuration and Maintenance
Audit and Accountability
Insufficient Verification of Data Management
Planning/Policy Procedures
Cryptographic Issues Audit and Accountability
4
ConfigurationCredential ManagementConfiguration and Maintenance
While damage can be done by penetration of the system control computer and eventual infection the most damaging is the inverters possible disconnection in a tripping condition.
There has been much work done on risk mitigation and are here tabled for reference and adaptation by Utilities and MICROGRID operators.
TABLE 2MICROGRID Attack Mitigation
Interdependency by Laprie et. al.
On Analyzing, escalating and common cause failures
Cyber-Physical Failures Kundar et.al.
On How attack based transitions lead to failure
Successful Cyber Attacks Ten et. al.
On Computing likely loss of load due to a successful cyber attack
Utilities and MICROGRIDS employ Petri-Nets and Attack Trees to determine the probabilistic weakness in substations and SCADA centers where shedding of firm load can be calculated and monitored.
Power Systems Control and Security Applications
1. Automatic Voltage Regulator2. Governor Control3. Automatic Generation Control
Within each of the power systems portions being Generation, Transmission and Distribution there are control loops vulnerable to attack. The critical portion here is to identify the vulnerable control loops and protocols of the communications systems. Of course an unexpected Firm Load Shed or N-1 condition can be caused by a smaller SCADA Control Center display such as a Home Screen Hijacking attack.
The attack does not need to be long lasting to have profound effects on the power system but only that it lasts long enough to unbalance the system and that the operators be locked out and unable to access their computers as the protective software eliminates the threat. An evolving threat is the Trojan Viruses that exist solely in memory banks. These viruses do not have to install themselves in the traditional sense but exist on memory blocks and can cross memory blocks to memory blocks evading eradication even after resets. An infected relay could thus trip or not trip and when infected the memory block holds the virus and while a technician may install a new settings file the memory block remains infected. A lethal infection of this kind does not require a binary file to remain as the infector. An example of this situation is a poweliks.trojan that attacks Window based systems. A dropper program infects a flash drive that downloads the payload. The dropper file deletes itself avoiding detection. An unsuspecting employee opens a picture of family on a computer and the dropper program gains access to the internet where it downloads the payload program and then deletes itself. In seconds the Power System is infected. As the interconnection and inter-dependency of the computers grow on the power grid the faster the viruses infects. A MICROGRID being less protected due to financial resources can have devastating losses and could affect the utility grid that will refuse to synchronize if found to be infected or simply unable to come into phase converse of this situation is also true.
5
The attacks are expected to come at the control loops that govern the power grid. Because the control enters receive field device data from the algorithms on-board they are ideal places of attack. Operational decisions are based on these field device’s measurements and if incorrect will profoundly impact the grid and operational decisions with monetary consequences or compliance with NERC, FERC or Contractual obligations that may be accessed to shed load when in fact there was never a condition to shed load.
In a typical Power System the field sensors data is denoted by yi (t) and control massages by ui(t). The variable yi (t) may be a voltage or a currents that come from substations or transmission lines and other devices such as generators, motors. Dedicated communication protocols carry the field device data to the SCADA center to be interpreted by computational algorithms that are collectively known as Energy Management Systems (EMS) that run in the control center. The decision variable say ui(t) are processed and transmitted to actuators that are associated with the field devices.
The communications links are vulnerable to attacks such as integrity attacks that corrupt the content of the communication, time delay attacks or denial of service attacks (DoS) such as overloading the EMS for access and desynchronization and timing attacks. Particularly dangerous is the desynchronization that cause frequency impacts and to a lesser extent Loss Of Load that can be recovered from but costly in terms of dispatch by system planners. The
available countermeasures are algorithms that detect corrupted data.
Generation Control and its Security
Control of generation falls under the control loops that involve the generator whose primary goal is to control power output and the terminal voltage. In a traditional Generator control loop which is under local automatic voltage regulation and the governor control unit.
Generation attack points
Automatic Voltage Regulation (AVR): Are used to improve power system stability by the control of the reactive power (var) that is absorbed or injected into the grid. This is a cost effective method that is preferred by utilities and MICROGRIDS for economic reasons and its automation features. As the peak demand normally occurs in the day time an AVR absorbs var increasing the voltage. During the off-peak hours the voltage is higher because there is less demand then an AVR injections reactive var which lowers the voltage. An Ethernet ink is currently used by way of Modbus to program the controller with the set-point voltages. The AVR control loops receive data from the generator and are compared to the set-points.
AVR Vulnerability can be attacked through its governor control loops because it is not dependent on the SCADA telemetry feedback and its infrastructure. Because the terminal voltage and the rotor speed are sensed locally the impact of an attack is inherently limited. Substation LAN attacks via USB keys are the most likely attack.
6
Automatic Generation Control (AGC):
The AGC is a secondary frequency control loop that concerns itself with the tuning of the system frequency from the nominal value. The AGC corrects tie-line flow and frequency deviations measured. The AGC ensures that each balancing authority area compensates for its own load change and the power exchange between control areas with their set values.
AGC vulnerability can be attacked because of its reliance on the tie-line and frequency measurements that are provided by the SCADA system. Denial of Service attacks are most likely in the AGC. A successful attack would impact system frequency, stability and economic operations associated with the AGC.
Transmission Control and its security
System Operators know that normal operations on the transmission lines operate at voltages greater than 13kV. Switching devices and VAR devices are of great concern to system operators. In a MICROGRID a voltage outside the voltage range could and does make the MICRODGRID fall out of synchronized with the utility.
State Estimation is a technique that estimates the values for voltage magnitude and phase angle. The system planner is dependent on the power flows and voltage magnitudes. These tasks are critical to operational decisions (The minute to minute decisions of generation needs). The Wide Area Network performs thousands and upwards of calculations depending on the utility or/ and MICROGRID sizes.
State Estimation Security and Vulnerability: State Estimation was developed for error detection but not malicious injections of corrupted data. There is a new need to have State Estimation deal with malicious attacks not of communications errors but attacks with malware. False data injections such as those created by Liu et al [27] provides a means to observe the State Estimation inability to detect existing corrupted data. Moreover, it provides the ability to correct the control algorithms before they fail under an actual attack. Injection of false data into a State Estimation Algorithm has been shown to go undetected in an IEEE 300 BUS system until it has reached a critical mass of 10 ten meters. The False Data Injection Attacks compromise operational decisions that in today’s competitive market structure can be worth billions in revenue lost or gained. One can conclude that below nine meters a False Data Injection is invisible to the network as of this writing. Bobba et al. has demonstrated methods to detect False Data Injections while Xie et al. has developed the successful deployment of False Data Injections for financial gains in the competitive market in which planners must operate. In Xie et al. there is a verified $8/MWh profit made per meter if a successful penetration of the State Estimation Control Loop is properly manipulated with the intent to financially attack a utility. Of course this is more profound in MICROGRIDS that can be infected but not show.
VAR Compensation The process of controlling reactive power injection or
7
consumption appears as a repetitive point of attack. Without the proper Volt-Ampere Reactive - var) compensation the transmission system does not function optimally and can cause thermal over-loads. The voltage fluctuations are thus dependent on the proper functioning of the VAR compensators on the end or near side of the transmission lines. As the Flexible AC Transmission System (FACTS) replaces the traditional synchronous condenser and mechanically switchable capacitors the thyristor based FACTS are more efficient but highly susceptible to attack.
VAR compensation Vulnerability and Risk mitigation: Philips, L.R et al. provide attack vectors on Cooperating FACTS Devices (CFDs). In the traditional sense of IT understanding of the vectors that can attack CFDs. There is a broader CFD attack that include the following:
1. Denial Of Service AttackDenial of cooperative operation which is the desired attack on an inverter to not disconnect and unbalance a 3 phase system damaging a MICROGRID and a utility. This is a Denial of Service (DoS) attack. Ideally the attack jams or restricts the FACTS devices by flooding the communications lines with data packets of corrupted data. The sum effect is the loss of the planner’s desire long term dynamic control capabilities.
2. Desynchronization which is a time based attack attempt to control the algorithms utilized by the CFD which are time dependent for frequency and voltage magnitude causing a
desynchronization. The steady state operation would thus be in jeopardy. That is to say that the three phase would fall out of phase and damage will penetrate the utility and connected MICROGRID(s).
3. Data Injection Attacks are based on the communication protocols. These attack send false field device data packages. In these attacks the necessary or unnecessary VAR compensation is compromised. IEEE-9-BUS system are provided by S. Sridhar and G. Manimaran
Because of the vulnerability of VAR compensation devices there is wide acceptance of WAN PMU based measurement systems to verify the phase angle and voltage. In the USA these devices are being installed but are not real-time thus a latency is inherent in their design. For additional reading on this please see Phadke and Thorp who identify other control applications that can enhance the detection that PMUs provide. Recall that a PMU using GPS can measure and time stamp a phase angle and voltage at the different ends. PMUs are being widely accepted as they are immune to viruses but can be damaged through wear and tear and age as well as lack of maintenance. The acceptance is high enough that an American Syncrophasor Initiative (NASPInet) aims at developing a WAN that will support PMU operation and integration.
Distribution Security and its Control: At its root level the distribution is near the final stage to where power gets to the customer. Recall that there are three main components to a power grid. The first
8
being the generation facility, the second is the transmission lines and then the distribution systems. As can be seen in the graphic below; there are other components that are part of the three main components.
Fig. 3 Illustration of Power Grid
Distribution is at the customer level and being at that level there is a higher requirement for protected control loops as in the case of MICROGRIDS and the Smart Grid itself. Direct and self-healing control loops are essential at this level.
Load Shedding is a situation when the utility is overloaded by demand or other conditions that place a higher demand than the reserve margin planned or contracted or both. The point being that the generation facilities cannot serve load demand and must shed firm load. By firm load it is meant those loads that are contracted to be served such as a residential or industrial customer. A customer may overload the grid in the case of a large manufacturing facility however unlikely but the reserve margin cannot keep up with the load. In this instance load is shedded meaning it is disconnected and not served. An attack on modern microprocessor based relays such as in a Trojan virus as poweliks.trojan that exists in memory only can be devastating. These modern relays depend on IP such as IEC
61850. This presents a possibility to alter the control logic that would result in tripping or not tripping by changing the settings files or time delays. Distribution feeders can be tripped and loads would not be served. An example is the Tempe Arizona 2007 incident where an outage occurred due to an improper settings file loaded onto a relay. The load shedding scheme was improperly configured. Another example is the Salt River Project where 141 breakers were opened due to an improper load shedding settings file. While these are employee errors they illustrate how far reaching a relay is and how easily todays IP capable relays are prone to attack.
Advanced Metering Infrastructure (AMI) and Demand Side Management is the future of power generation and load serving. Demand Side Management is MICROGRIDS. Demand Side refers to the customer or the demand. While Demand side is the term used to refer to the customers side of the load. Demand Side Management refers to the customer managing their own load. The questionable and area of most impact when speaking of protection is the different renewables that are integral to Demand Side Management. When a customer mixes Wind, Solar, Generators and other self-generating equipment it creates a need for even stringent control loops as the customers are heavily invested in the generation but are limited in recovering cost since they will island the facility only when needed and as demand grows the islanding will become ever increasing and common. Smart meters are integral to AMI technology. These meters provide real-time measurements
9
and logs of customer’s usage. Load Control Switching (LCS) is a feature of smart meters that are able to disconnect a customers in a load shedding event such as an N-1 or N-1-1 event. Great care is taken so this does not happen but heavy usage days such as the Northeast demands on the power grids elucidate the ease by which even a large power grid can be overwhelmed. These Demand Side Smart Meters also have IP capable functions prone to attack. The meters data management system (MDMS) is the valuable point. The current need to mix WiMAX, WI-Fi, Power Line Carrier (PLC) and RF meshes provide ideal conditions for data errors.
The cyber-physical concerns are magnified in the demand side management due to the Internet Protocols and the ease by which they can be accessed and attacked. A remote disable function even now used by utilities can and do pose a threat should the technology be replicated for malicious use. A delay function is built in to current smart meters but a malicious attack could base itself on Load Control Switching that is heavily dependent on precise time measurements.
Power Grid Security is a growing and very challenging area of study as the evolution of technology and economics meet to create conditions where utilities, MiICROGRIDS and states are attempting to find a common ground and common standard.
Future adaptations to cyber-physical layering
Risk Modeling
Cyber vulnerability
Impact Analysis
Risk Mitigation Algorithms
Attack resilient control loops
Intelligent Power Control System Algorithms
Coordinated Attack Defenses: Utilities function on a long standing N-1 condition threat. This means that a utility has established a protocol for failure of a single system and is able to handle a transformer outage. The transformer outage is the -1 condition. However, multiple attacks are not planned and cannot be predicted by the nature of the malicious intent. The North American Electric Reliability Corporation (NERC) has created a Cyber Attack Task Force (CATF) to measure the threat level and to ascertain feasible and cost effective countermeasures. For a detail treatment of future counter cyber initiatives see Sridhar et al.
Adoption of MICROGRID and impediments – The economic implications in economies of scale by the US Military
It is a well-established fact that purchasing power can and does influence market direction. The sheer size of the US Military budget currently stands at $610 Billion per year. This is the nearly equivalent to that of the combined budget of China, Russia, Saudi Arabia, France, Germany, India and the UK that stands at 601 Billion per year.
Military Installations domestic or deployed are not areas to evaluate novel concepts as those discussed above. These installations operate in real-time with geopolitical implications. These installations support
10
microelectronics research, large industrial military manufacturing plants, ship yards and aviation depots.
These installations are in need of alternative energy sources as military budget cuts are becoming the norm in an attempt to lower the national debt. The DOD owns over 300,000 buildings and a 2.3 billion square feet of building space. To compare this size it is 4 times the size owned by all of Wal-Marts owned or leased square footage. Operating this amount of space requires enormous utility bills. As of this writing the energy bill to the DOD is $4 Billion USD.
The historical method of the DOD fulfilling the need when over-demand occurs is to turn on diesel generators. However, these diesel generators hold approximately 72 hours of fuel. There is no doubt that the military needs to integrate renewables for security and cost reductions but how to best accomplish this is being explored by the DOD and they are watching the Commercial Off The Shelf (COTS) devices very closely that may pave the way for faster integration. While the DOD has committed to the installation of deep penetration PV by 2025in the order of 1GW per site. The DOD has committed to IEEE 1547.4 that require that PV inverters disconnect from the grid or shut down entirely. The legacy PV and other renewables of older types will require integration into MiICROGRIDS.
The largest concern to integration of MICROGRID and renewables is the security risk of cyber-security. Before the DOD can accept the MICROGRID- Renewables is the
accreditation process is acceptance by the Department of Defense Information Assurance Certification and Accreditation Process (DIA-CAP). The DOD does not currently have the policies and procedures to realize the benefits and monetary gains that the MICROGRID and renewables will have once realized and fully integrated.
Another unique facet of MICROGRID installation is the method of funding that installations receive during their fiscal year. Requisition funding is separated from O&M funding. Tenant occupying installations like Lockheed Martin at Plant #4 in Fort Worth are on different funding cycles which additionally complicate integration.
Long Term Grid outages such as deployment to battlefield theaters will require robustness. As the DOD has such a large imprint on prices it is unlikely that the DOD will pay any more for renewables than it can purchase for diesel generators. It is noteworthy to say that in a battlefield situation a new business model will be required for adoption. This is not to be taken lightly as the DOD can by its commitments send signals to the market of adoption of this MiICROGRID technology. Its purchasing power is so large that it dwarfs multiple nations entire GDP.
Fig. 4 DOD Defense Budget
11
Currently the DOD has two research facilities with the end goal of bringing MICROGRIDS to the DOD. The first is Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) while the second is the Joint Capability Technology Demonstration (JCTD) along with a much smaller third option being developed by the Environmental Security and Technology Certification Program (ESTCP).
The DOD has had three programs that island a grid of various scales in ever increasing size and complexity.
1. Joint Base – Pearl Harbor – Hickman (Hawaii 600 kW islanding test)
2. Fort Carson (Colorado) - 2MW load with integration of PV with battery storage
3. Camp Smith (Hawaii)- Islanding of an entire base that utilizes renewables
The DOD is currently funding smaller projects by contractors such as:
1. Raytheon and Marine Corps Air Station Miramar – Zinc Bromide
2. Lockheed Fort Bliss – Lead Acid3. PDE – Twentynine Palms –Sodium-
metal-halide4. Eaton Fort Sill – Lithium Ion
All these contractors are advancing battery technology.
Control function funding is being contracted to:
1. GE lead at Twentynine Palms2. Lockheed at Fort Bliss3. Eaton lead at Fort Sill
Market research is being funded by the DOD and contracted out to:
1. Honeywell – Load aggregation for reserve markets using Open ADR Protocols
2. Power Analytics – Along with San Diego Gas and Electric – Demand Response
An excellent treatment in more detail of the military process of adopting renewable – MiICROGRID installations can be found in S.B. Van Broekhaven, N. Judsen, S.V.T. Ngyuen and W.D. Ross in “ MiICROGRIDS Study: Energy Security for DOD installation MIT Lincoln Labs.
MICROGRIDS and the Governing Standards < 10MVA
The PV Inverter is the key element of grid-connected PV power systems. Its main function is to convert the DC power generated by the PV (Photo Voltaic) panels into grid-synchronized AC power.
5 Types
1. Module Integrated (50-400W range)2. String Inverters (.4-2 kW)3. Multi-String inverters (1.5 – 6kW)4. Mini-Central Inverters (100-10kW @
3Phase) as back up to small power plants in the 1`00kW range typically 6, 8, 10 and 15k.
5. Central Inviters (100-10,000kW @3Phase) back up for larger power plants in the 100, 150, 250, 500 and 1000kW range up to a 10th of a MW.
Due to high cost of solar the development of PV is driven by efficiency and not market prices (Cost) as is in the case of traditional power generation and distribution.
12
Drawbacks – Increased complexity in the following items
1. Need to boost the input voltage2. Better grid connection filters for
synchronization3. Grid disconnection relay4. DC Switch
In the electric drive industry driven by cost and 20 years older the full bridge topology is acknowledged as the standard.
The move to transformer-less PV. The initial method to boost efficiency was to remove the Galvanic Isolation typically provided by high frequency transformers in the DC-DC boost converter or by a low frequency transformer
In the US IEEE has developed IEEE 1547 Interconnection of Distributed Generation Specifically IEEE 929-2000 Recommended Practices for Utility Interface of Photovoltaic. Its recommendations have made its way into the Residential as well as commercial users. It has its origins in IEEE Standards Coordinating Committee 21 (CSC21) from 1981. Its recommendations are now in Fuel Cells, PV Dispersed Generation and Energy Storage (Which is growing by orders of magnitude). IEEE 929 was then adopted by UL as UL 1741 Known as Standard for Inverters, Converters, and Controllers for use in Independent Power Systems. The advantage of UL 1741 is that it addresses NEC Standards in Safety, Construction as well as Grid Performance. All these were incorporated into IEEE 1547-2003 known as Standard for Interconnecting Distributed Resources with Electric Power Systems. This is the interconnection standard adopted by States and Municipalities such as Texas’s PUCT (Detailed IEEE, IEC and VDE guidelines can be found in “Grid Converters for Photovoltaics and Wind Power Systems” by Teodorescu et al. Wiley 2011).
IEEE 5147/UL 1741 describes the test to detect the unintentional islanding where distributed resources (self-generating) continue to energize the island. The
Responses to abnormal Grid Conditions: Disconnection from the Grid
Inverters need to disconnect from the grid in the presence of abnormal grid conditions in terms of frequency, voltage or both. A tripping scheme is for the safety of utility workers and the general public. A MiICROGRIDS that that does not disconnect would allow a short to be made through a person or machine.
TABLE 3Disconnection Time for Voltage Variation
IEEE 1547Voltage Range (rms) Disconnection% Time (sec.)V <50 .1650 ≤ V≤ 88 2.00110≤ V≤ 120 1.00V ≥ 120 .16
TABLE 4Disconnection Time for frequency Variation
IEEE 1547Frequency Range (Hz) Disconnection time (sec.)59.3 ‹ f ‹60.6 .16
Responses to abnormal Grid Conditions: Resynchronization
TABLE 5Reconnection to the Grid for Voltage Variation
IEEE 1547 Reconnection time (sec.) after rip88 ‹ V ‹ 110 (%)AND .1659.3 ‹ f ‹60.6 Hz Min. delay of 3 min.
TABLE 6DC Current Injection Limitations
IEEE 1547 <10 mvaIDC ‹ 0.5 (%)Of the rated RMS current
13
The Power Quality of the PV, Wind Farm, Fuel Cell etc. Powered MICROGRID is subject to DC injections.
DC current injections from a MICROGRID with a DC output will saturate or can saturate the local distribution transformers. This would lead to thermal overloads on the transmission lines and the consequent trips issued by the relays to the breakers.
In traditional PV system the galvanic isolation mitigates these concerns but as the transformer-less systems are further adopted and penetrate the market the absence of galvanic isolation will have to adhere to IEEE 1547 DC injection maximums. IEEE calls for harmonic analysis by FFT with no maximum trip time condition. The DC component of the measured voltage should be below the loading conditions (1/2, 2/3 or 3/3) of the normal load.
TABLE 7Maximum current harmonics
IEEE 5147 AND IEC
Individual Harmonic Order (Odd)
h < 11
11 ≤ h ≤ 17
17 ≤ h ≤ 23
23 ≤ h ≤ 35
35 ≤ h
Total Harmonic Distortion THD (%)
(%) 4.0 2.0 1.5 .6 .3 5.0
In IEEE 1547 there is no Power factor limit but in IEC 61727 there is a minimum 0 .9 lagging power factor set at 0.9 when the output is greater than 50%. A lagging power factor is also missing from VDE 0126-1-1.
Anti-Islanding known as (AI)
This is a condition when a PV, Wind Farm, Fuel Cells or battery inverters do not disconnect from the grid after it has tripped. They stay on the grid for a small amount of time but long enough to cause great damage to the grid.
Equipment failure can and does cause this but deployment of ground fault protection. Even a known disconnection for maintenance can cause the following damage:
1. Re-tripping of the line of connected equipment due to out of phase closures
2. Utility line workers assuming de-energizing of the line during islanding that has in fact not disconnected.
The DR or distributed resource (private generating device) shall detect and cease to energize the island area within 2 seconds.
Fig. 4 RLC Adjustable Load Test
A. The RLC load shall be adjustable B. The RLC load shall be in parallel with
the Device Under Test (i.e. PV etc.) inverter
C. The resonant LC circuit should be adjustable to resonate at the rated grid frequency and that it shall have a quality factor of Qf = 1. (The reactive power generated by the Capacitor should equal the reactive power absorbed by the L (var) and should equal the power dissipated in R (W) at the nominal power P and rated grid voltage V.
DUT RLC load
Simulated Area
S3
S1 S2
14
D. The value for the local RLC load can be calculated as:
E. R = V2/PF. L=V2/2πfPQfG. C=PQf/2πfV2
Grid Synchronization in Three Phase Power Converters
The distributed power system industry has had tremendous growth. Three Phase Grid protected synchronization is on the horizon but is still left to battery storage. This is the new frontier being explored as the replacement for large and overloaded utilities.
Acknowledgment
The author gratefully acknowledges Dr. Wei Jen Lee and Mr. Zhaohao Ding for their great contribution to the understanding of this material.
References
Periodicals:
[1] Dave Robinson, “Microgrids for Energy Reliability,” BACnet, ASHRAE Journal, Nov. 2013
[2] Milad Falahi, “Dynamic Reactive Power Control of Islanded Microgrids,” IEEE TRANSACTIONS ON POWERSYSTEMS, VOL.28,NO.4, NOVEMBER 2013.
[3] Siddharth Sridhar, Student Member IEEE, Adam Hahn, Student Member IEEE, and Manimaran Govindarasu Senior Member, “Cyber–Physical System Security for the Electric Power Grid,” IEEE, Vol. 100, No. 1, January 2012, Proceedings of the IEEE
Books:
[4] R. Teodorescu et al. Grid Converters for Photovoltaics and Wind Power Systems, Vol I. Singapore: Wiley, 2011 p. 1 -60.
Technical Reports:
[5] SAYAK BOSE, “CYBER-PHYSICAL MODELING, ANALYSIS, AND OPTIMIZATION - A SHIPBOARD SMARTGRID RECONFIGURATION CASE STUDy,” AN ABSTRACT OF A DISSERTATION, Manhattan, Kansas, KANSAS STATE UNIVERSITy, 2012
[6] Scott Van Broekhoven, Nicholas Judson, James Galvin, and Jeffrey Marqusee, “Microgrids for Domestic Military Installations,” IEEE power & energy magazine July/august 2013.
Papers from Conference Proceedings (Published):
[7] Antonino Riccobono, Student Member, IEEE, and Enrico Santi, Senior Member, IEEE, “Comprehensive Review of Stability Criteria for DC Power Distribution Systems,” IEEE TRANSACTIONS ON INDUSTRY APPLICATIONS, VOL. 50, NO. 5, SEPTEMBER/OCTOBER 2014.
[8] DOUGLAS F. BARNES, ROBERT VAN DER PLAS, AND WILLEM FLOOR, “Tackling the Rural Energy Problem in Developing Countries,” Finance & Development, June 1997.
[9] Jessica Wentz and Chiara Pappalardo, “Scaling Up Local Solutions: Creating and Enabling Legal Framework for Public and Private Investments in Renewable Microgrids,” IEA 2013.
[10] Yi Han, “Microgrid Optimization, Modelling and Control,” Colorado State University, Fort Collins, Colorado, Fall 2014.
