NOJA Power’s Synchronism-Check a Solution to Cyber Attack
The industry’s most comprehensive Automatic Circuit Recloser firmware enhances its protection functions by incorporating synchronism check function, which is the key element in securing the switching operations against cyber-attacks and unsafe operations
Brisbane, Qld, Australia – November 1st, 2016 –With the release of Firmware 1.15, NOJA Power has included Synchronism-Check to further enhance its OSM series ACR and also strengthen the security of power systems operations against unsafe operations and malicious attacks.
Security in power system operations against cyber-intrusion, malicious attacks, and unauthorised operations is one of the main concerns of the utilities and distributed generator providers. Following a released video by CNN from Aurora Generator Test in Idaho National Laboratory, which pictured how a cyber-attack could cause severe damage to a generator, many utilities and generation providers have been concerned of being the susceptible victims. The severity of Aurora cyber-attack in power systems would be analogous to the effect of shifting a car into reverse while driving at high speed on a highway.
The aurora cyber-attack is “the process of intentionally opening a switching device and closing it out-of-synchronism to cause damage to the connected power system including generators, motors, and transformers”. In this context, out-of-synchronism means the difference between the frequency, magnitude, and phase angle of the voltages on both sides of an open switch are not within the tight predefined synchronism limits. When an out-of-synchronism close initiates electrical overcurrent and excessive torque, it causes stress on the mechanical shaft of the rotating equipment. The resulting stress is conducive to life-cycle reduction and damage to the rotating equipment. If this process continuously occurred several times, it would damage the generators and other equipment severely. This vulnerability may exist in any electric network that is unprotected against this threat.
Implementation of synchronism-check (ANSI 25 Device) and auto-synchroniser (ANSI 25A Device) in the latest firmware release, 1.15, in NOJA Power’s OSM series relieves the distributed generators’ providers and utilities of being the victim of these malicious attacks. The NOJA Power OSM series are fully type-tested by independent laboratory KEMA and provide a comprehensive suite of automation and protection features using voltage, current and frequency measurements on all bushings. The synchronism-check function is the most powerful supervision scheme designed for medium voltage level OSM series to prevent the Aurora attack, any malicious attempts, and unsafe operations.
For the safe and robust connection of generators to the gird, three key parameters of voltage signal, i.e., frequency, magnitude, and phase angle of the gen-sets and the grid must match. The Aurora attacks looks at the possible opportunity of connecting two parts of the network when these parameters are uncoordinated.
The Aurora attack initiates the close by taking advantage of the time delay between recognition of out-of-synchronism and initiation of the required protection actions. The time delay of traditional protective relays to block the reclosing is about 15 cycles, which can create a window of vulnerability for any malicious attempt. The Aurora attack may also launch in slow auto-reclose operations in medium voltage levels in systems where the generators almost match the demand. In this case, if the tiebreak switchgear is open, the out-of-synchronism takes longer to occur.
The Aurora attack can target any switch or breaker in the tie-points away from the generators in medium voltage levels as displayed in the following figure. Unfortunately, if an attack occurs on the transformers’ secondary side, generators’ protective relays cannot monitor and detect out-of-synchronism as they are typically located on the primary side.
Utilities, generator providers, and relay manufacturers must provide good engineering practices to remove the Achilles heel and secure the power system operation. Utilities and generator owners can remove the Aurora threat by applying basic security procedures such as managing passwords, securing all SCADA communication channels, encrypted communications, localising security information, and physical securities. On the other hand, relay manufacturers must put an effort to remove any susceptibility by providing the concise and reliable protection functions to eradicate this threat.
NOJA Power Solution for Aurora Vulnerability
The medium voltage OSM series, equipped with synchronism-check, provide a basic solution for Aurora vulnerability. NOJA Power’s synchronism-check function is fast and reliable which protects against unsafe and harmful interconnection of the unsynchronised parts of the network. NOJA Power’s implementation of synchronism-check immediately starts checking the synchronism conditions once the switch is open, and only allows a close if the monitored synchronism parameters over a predefined amount of time are within the predefined tight limits.
The following figure illustrates NOJA Power’s synchronism-check protection function. The synchronisation settings allow the user to configure and coordinate the difference in voltage magnitude, phase angle, and frequency of both sides to a tight limit. All fields, like other settings in the controller, are password protected, which only allows authorised people to change settings. The controller detects the dead and live conditions and gives the user the wide range of automation flexibilities.
For auto-reclose operations, the relay controller continuously monitors synchronism-conditions in 80 ms windows (4 cycles in 50 Hz) and if any parameter within these windows is out-of-synchronism, then it will block the close and transitions the switchgear to lockout. The user could also set the manual close sync-check window from 0-60 sec if required based on the safety procedures and protection requirements. This continuous check over a predefined amount of time in both manual close and auto-reclose operations eradicates any malicious or unwanted attempt to close the switch out-of-synchronism.
“Cyber security is of increasing concern and network fortification building in functionality like auto-synchronisation is another measure that can be taken to further secure distribution networks which are increasingly becoming the backbone of electricity grids worldwide as more renewable generation is connected at the distribution level of the grid.” says Neil O’Sullivan, NOJA Power’s Group Managing Director.
The synchronism-check operational regions
NOJA Power OSM series ACRs are the world’s safest reclosers that offer Synchronism check function as the vital solutions for interconnection of the distributed generations to grid. The OSM series ACRs monitor synchronism conditions in medium voltage levels to remove any vulnerability to unsafe operations, malicious attempt, and cyber-attacks.