Search

EP-4238201-B1 - ELECTRICAL POWER SYSTEM WITH IMPROVED FUNCTIONAL SECURITY

EP4238201B1EP 4238201 B1EP4238201 B1EP 4238201B1EP-4238201-B1

Inventors

  • APOSTOLOV, ALEXANDER
  • Klien, Andreas

Dates

Publication Date
20260513
Application Date
20211025

Claims (12)

  1. Method for operating at least one switching element (110, 210) of an electric power system (1), said switching element (110, 210) being arranged on a primary element of the electric power system (1) that guides the primary currents and primary voltages, whereas the switching element (110, 210) is operated by an automation system (400) of the electric power system (1), wherein the method comprises the steps of - sending a switching command from the automation system (400) to the switching element (110, 210) for triggering a tripping operation of the switching element (110, 210), - detecting values of at least one electric process parameter (PP) of the electric power system (1) by a measurement unit (106, 206), whereas the at least one process parameter (PP) is a cyclic electric signal of given frequency and nominal value, - streaming sampled values of the detected values of the at least one process parameter (PP) over a data communication bus (130, 131, 230, 231) in data messages of a data communication protocol implemented on the data communication bus, - evaluating the streamed values of the at least one process parameter (PP) by a fault detector (300) connected to the data communication bus (130, 131, 230, 231), in order to detect an electric fault in the electric power system (1), - sending a fault present indication to the switching element (110, 210) by the fault detector (300) when an electric fault is detected, said fault present indication being sent, and received by the switching element (110, 210), before the tripping operation of the switching element (110, 210) is triggered upon receipt of the switching command, - triggering the tripping operation of the switching element (110, 210) received as the switching command from the automation system (400) only if a fault present indication has been received.
  2. Method according to claim 1, further comprising the steps of - connecting the automation system (400) to the data communication bus (130, 131, 230, 231), - connecting the switching element (110, 210) to the data communication bus (130, 131, 230, 231), - sending the switching command for triggering a tripping operation in a data message over the data communication bus (130, 131, 230, 231) to the switching element (110, 210).
  3. Method according to claim 1 or 2, further comprising the steps of connecting the measurement unit (106, 206) and/or the switching element (110, 210) to the communication bus (130, 131, 230, 231) via a process interface unit (107, 207).
  4. Method according to one of claims 1 to 3, further comprising the step of sending the fault present indication in a fault data message (DMF) over the data communication bus (130, 131, 230, 231).
  5. Method according to claim 3, characterised in that the process interface unit (107, 207) receives measured values of the at least one process parameter (PP) from the measurement unit (106, 206), samples the at least one process parameter (PP) with a given sampling rate and sends the sampled values in data messages over the data communication bus (130, 131, 230, 231).
  6. Method according to one of claims 1 to 5, characterised in that the data messages with the sampled values of the at least one process parameter (PP) are received and evaluated by the automation system (400) to detect an erroneous state of the electric power system (1), whereas the automation system (400) sends the switching command to the switching element (110, 210) when it detects an erroneous state.
  7. Method according to one of claims 1 to 6, characterised in that the electric fault is detected in the fault detector (300) by comparing at least one actual value of the at least one process parameter with a corresponding past value of the at least one process parameter of a past cycle of the process parameter (PP).
  8. Method according to one of claims 1 to 6, characterised in that the electric fault is detected in the fault detector (300) by comparing an actual value of the at least one process parameter with a mean value of a number of corresponding past values of the at least one process parameter of past cycles of the process parameter (PP).
  9. Electric power system with at least one switching element (110, 210) arranged on a primary element of the electric power system (1) that guides the primary currents and primary voltages and with an automation system (400) that is configured to operate the switching element (110, 210), whereas the automation system (400) is configured to send a switching command to the switching element (110, 210) for triggering a tripping operation of the switching element (110, 210), and with a measurement unit (106, 206) that is configured to detect values of at least one electric process parameter (PP) of the electric power system (1), whereas the at least one process parameter (PP) is a cyclic electric signal of given frequency and nominal value, and the measurement unit (106, 206) is connected to a data communication bus (130, 131, 230, 231) over which sampled values of the at least one process parameter (PP) are streamed in data messages of a data communication protocol implemented on the data communication bus (130, 131, 230, 231), characterised in that a fault detector (300) is provided in the electric power system (1) that is connected to the data communication bus (130, 131, 230, 231) and that is configured to evaluate the streamed values of the at least one process parameter (PP), in order to detect an electric fault in the electric power system (1), in that the fault detector (300) is arranged to send a fault present indication to the switching element (110, 210) when an electric fault is detected, said fault present indication is sent to and received by the switching element (110, 210), before the tripping operation of the switching element (110, 210) is triggered upon receipt of the switching command, and in that the switching element (110, 210) is configured to trigger the tripping operation of the switching element (110, 210) received as the switching command from the automation system (400) only if a fault present indication has been received.
  10. Electric power system according to claim 9, characterised in that the automation system (400) and the switching element (110, 210) are connected to the data communication bus (130, 131, 230, 231), whereas the automation unit (400) is configured to send the switching command for triggering a tripping operation in a data message over the data communication bus (130, 131, 230, 231) to the switching element (110, 210).
  11. Electric power system according to claim 9 or 10, characterised in that the measurement unit (106, 206) and/or the switching element (110, 210) is connected to the communication bus (130, 131, 230, 231) via a process interface unit (107, 207).
  12. Electric power system according to claim 10, characterised in that the fault detector (300) is configured to send the fault present indication in a fault data message (DMF) over the data communication bus (130, 131, 230, 231).

Description

The present invention pertains to an electric power system with at least one switching element arranged on a primary element of the electric power system that guides the primary currents and primary voltages and with an automation system that operates the switching element, whereas the automation system sends a switching command to the switching element for triggering a tripping operation of the switching element, and with a measurement unit for detecting values of at least one process parameter of the electric power system, whereas the at least one process parameter is a cyclic electric signal of given frequency and nominal value, and the measurement unit is connected to a data communication bus over which sampled values of the at least one process parameter are streamed in data messages of a data communication protocol implemented on the data communication bus. The invention pertains also to a method for operating such an electric power system. Electric power systems, like a power grid, e.g. for high and medium voltages, are widely used and basically comprise electric power generating stations, power transmission lines and electric power substations. The need to transmit power over longer distances, to perform voltage conversion in a transformer substation or to distribute power requires complex electric systems. For illustration, electric power substations for power distribution in high and medium voltage power networks include primary devices, sometimes also called field devices, such as electrical cables, lines, bus bars, switches, breakers, power transformers and instrument transformers. These primary devices may be operated in an automated way via a Substation Automation (SA) system responsible for controlling, protecting and monitoring of substations or parts thereof. The SA system comprises programmable secondary devices, so-called Intelligent Electronic Devices (IED), interconnected in a SA data communication network, and interacting with the primary devices via a process interface. Interaction between a primary device and a secondary device can be made by a so-called Process Interface Unit (PIU). Similarly, a wide variety of electric power systems may have an associated power utility automation system which includes IEDs that perform functions of controlling, protecting and monitoring operation of the respective electric power system. SA systems and power utility automation system are sometimes also generally designated as protection, automation and control (PAC) system. Communication between IEDs or PlUs and between IED or PIU and other components of an electric power system may be performed according to standardized data communication protocols. For illustration, the IEC standard 61850 "Communication Networks and Systems for Power Utility Automation" decouples the substation-specific application functionality from the substation communication-specific issues and to this end, defines an abstract object model for compliant substations, and a method how to access these objects over a communication network via an Abstract Communication Service Interface (ACSI). The continuously growing digitalization and automatization of the electric power industry helps to significantly improve the efficiency of digital protection, automation and control systems. At the same time, it is opening the possibilities for malicious intrusion into the electric power system, substations or power plants by people located anywhere in the world. Cyber security for such systems is therefore becoming a major concern. With an increasing degree of automation and with increasing usage of interconnected IEDs in electric power systems, there is also an increasing need to reliably detect critical situations in the protection, automation and control (PAC) system. Examples for such critical events include security intrusions, operator errors, timing issues, hardware faults or any critical or incorrect state of the electric power system and/or its power utility automation system. WO 2016/149699 A1 describes an electric power system with an IED that makes decisions to trigger a switching element. The decision logic in the IED considers not only the result of a fault detection but considers also fault transients at monitored points of the power system. This can improve the reliability of the tripping decision. This approach can however not protect against malicious activities in the power system, that inject, for example, malicious switching commands into the power system. In the field of computer networks in classical information technology (IT), Intrusion Detection Systems (IDSs) are used to monitor the network or the activity of systems in order to detect intrusions into the network or into network devices or malicious activities of unauthorized third-parties. An IDS monitors and analyses the data communication in the computer network. IDSs are designed to identify possible incidents, log information and report possible attempts. The