Professional Documents
Culture Documents
An Open Source IEC-61850 Toolkit for Utility Automation and Wind Power Applications
Stanley. A. Klein, Member, IEEE
Abstract
development of an opensource Toolkit for constructing IEC61850based systems for a variety of utility automationapplications.DevelopmentoftheToolkitwas originally focused on control system cyber security, but the Toolkit is now being extended to address grid integrationofwindpower. Thepresentationwillprovideanoverviewofthe Toolkit,provideanoverviewof61850anditsbenefits, describetheToolkitarchitectureandfunctionality,and discussissuesinusingopensourcesoftware. Issues addressed in the presentation will include selection of open source components, development of toolkitspecific components, and development challenges
The initial development was done underaDepartmentof HomelandSecurityPhaseIISmallBusinessInnovation Research(SBIR)contract.OSECSinitialintentionwasto addresselectricutilitySCADAsecurityissuesby encouragingelectricutilitiesandtheirequipmentprovidersto migratetothemoreeasilysecuredIEC61850familyofutility automationstandards.IECisintheprocessofdeveloping andadoptinganewstandardforwindpower(6140025)that isbasedon61850,andOSECSiscurrentlyexpandingtoolkit functionalitytofacilitategridintegrationofwindpower. IEC61850isacoreenablingtechnologyfortheSmartGrid. TheToolkitisfocusedonmakingthegridbothsmarterand morecybersecure.Itdoessoby:
and issues, such as variability of open source documentation, open sourcelicensinganditsinteraction withsoftwarearchitectureandbusinessmodel,andopen sourcepackaginganddistribution.
Index Terms open source, SCADA, 61850, toolkit, wind power,6140025
Providing61850protocoldriversfortheManufacturing MessagingSpecification(MMS)andforWebServices Providing61850supporttools,includingmanagement toolsfor61850SubstationConfigurationLanguage Supportingextensionsforwindpowerandother alternativeenergy Enablinguseofconventionalsecuritycapabilities,suchas encryption,firewalls,intrusiondetectionsystems,anda secureoperatingsystem Supportingcompliancewithemergingsecuritymandates, particularlyNERCCIP002009 Leveragingleadingedgeopensourcetechnologies
I. INTRODUCTION
Thesolutionisparticularlyfocusedonutilities,distributed resourcesowners,andtheirsupplierswhoneedtobeableto assessthebenefitsof61850beforefullscaledeployment. II. OVERVIEW AND BENEFITS OF IEC-61850 IEC61850providesanobjectmodellayeredoverstandard communications.Namedobjectsreplacenumberedpoints, andstandardizedobjectsdescribesubstationcomponents.A portionofeachobjectnameisstandardized,withtherestof thenamebeingassignedbytheusingutility.Thestandard includesanXMLbasedSubstationConfigurationLanguage. InterfacesareunderdevelopmenttootherXMLbasedIEC enterprisestandards.Figure1showsanexampleof61850 naming. Roanoke_238KV_LB99A_CTRL/ MMXU1.PhV.phsB.CVal.mag.f Where: "Roanoke_238KV_LB99A_CTRLisautility defineddevicename MMXU1.PhV.phsB.CVal.mag.fisthe61850 standardnameforthefloatingpoint magnitudeofthecomplexvaluethatisthe PhaseBvoltagemeasuredbymeasurement unit(MMXU)number1ofthedevice Figure 1: IEC-61850 Naming Example
Theuseofnamedobjectsin61850bringsnumerousbenefits incost,security,andoperations.Resultingsystemsareeasier toinstallandmanage.Plugandplaycomponentdiscoveryis madefeasiblebytheabilityofdevicestoreportinformation preloadedduringinstallation,suchastheirlocationinthe powersystem,aswellasdirectoriesoftheirnamedobjects. Theflexibilityinnamingobjectssimplifiessystemupgrade. Accesscontrolpoliciesaremucheasiertoexpressand enforce.Objectnamingvastlyincreasesthescopeof operationalinformationthatcanbepotentiallysupported. Thelayeringallowsuseofastandardnetworkinfrastructure thateliminatestheneedforpointtopointsubstationwiring andenablestheuseofconventionalsecuritytools.Resulting systemscanprovidestandardsupportforencryptionand othersecurityfunctions.
III. T OOLKIT ARCHITECTURE AND FEATURES Figure2illustratesthecoreToolkitarchitecture.Atitsheart areawebserviceengine,anMMSclientprotocolstack,and rolebasedaccesscontrolonmessagespassingthroughthe engine.ThewebserviceengineoperateswithinaSOAP serverframework.Thewebserviceengineprocesses commandsandinformationrequests,expressedinXML,and translatestoMMSforcommunicatingwithIEC61850 compatiblesubstationequipment. Theenginereferstoadatabasefortherolebasedsecurity permissionsofvariousobjectsandforlookingupthe addressesofindividualsubstationequipments.Therearetwo securenetworks,onelinkingcontrolcenterworkstations,and
SOAP/MMS Conversion
MMS
Substation Equipment
Core Engine
Net
possiblyinterfacestocorporateandotherfacilities,tothe controlcenterserveronwhichthetoolkitcoreengineis resident.Theothersecurenetworklinksthecontrolcenter andthesubstationequipment. Otherfunctionscanbeaddedasbuildingblocks,suchas scheduledequipmentpollingorintrusiondetection,andcan operatebyexchangingmessageswiththewebserviceengine. VariousotherfunctionsareincludedintheToolkit,suchas managementofrolebasedaccesscontrol(RBAC)policydata, managementofIntelligentElectronicDevicesettings,security tools,andadvancedapplicationssuchaspowerflowand contingencyanalysis. TheToolkitgoeswellbeyondIEC61850,Edition1initsuse ofXML.Itexpressestheobjectmodelsandaccesscontrol privilegesinXML,itdefines61850servicesinXMLbased WSDL,anditprovidesXMLbasedSOAPasamessaging methodalternativetoMMS.ThereareasetofXMLbased standardsforelectricutilityenterpriseobjectscalledthe CommonInformationModel(CIM)thatarecompanionsto 61850.UseofXMLandXMLrelatedstandardswithinthe ToolkitcanfacilitateintegrationwithCIMrelatedstandards. AlthoughtheToolkitwasapioneerinitsdefinitionof61850 SOAPmessaging,a61850basedSOAPmessagingsystemis beingdevelopedasanalternativecommunicationsmethodin 61400254.thecommunicationsprotocolmappingofthe IECwindpowercontrolstandard.Thewindpowerstandard alsouses61850styleobjects. IV. OPEN SOURCE COMPONENTS OSECShasusedfreelyavailableopensourcecomponents andtoolstoaccelerateToolkitimplementation.Abeneficial sideeffectofthisapproachistoensurethatthemostrecent securitytechnologyisalwaysavailableforintegration.As thesecuritytechnologyadvances,improvedcomponents becomeavailableforincorporationinToolkitbasedproducts. Unfortunately,notallrequisiteinfrastructurecomponentsare availablethroughtheopensourcecommunity.Underthe DHSPhaseIISBIR,OSECSaccomplishedthedevelopment, design,oridentificationofopensourcetoolstobeconfigured foranumberofcomponentsincluding: Opensource61850MMSclientstack Core61850SOAPserver,MMSinterface,andmessage RBAC Workstation61850SOAPmessagingclient Workstation61850SOAPobjectmodelandGUI RBACsecuritypolicymanagement
SELinuxplatformandsecurenetworkenvironment Substationintelligentelectronicdevice(IED)settings managementandsurveillance SCLmanagementtool,includinggenerationofobject namestoutilityspecifiednamingpatterns,thatcanbe basedonsubstationorwindfarmdesignpatterns AdditionalSCADAfunctions(polling,persistentdatabase, topology) Interfacetoadvancedapplicationfunctions(e.g.,power flow,contingencyanalysis)
gSOAPasthebasisoftheCoreEngine. Pythonforprogrammingworkstationclientapplications andancillarytools GNUC/C++forprogrammingserverapplications Enthought/wxWidgets/wxPythonorGTK+/PyGTKfor theworkstationGUI iptables(includedinLinux)fortheplatformfirewall MySQL,Postgresqlorotherforthepersistentdatabase ZSIfortheworkstationWebServicesclient PSAD,prelude,orotherforfirewallloganalysis Octave/PSATforadvancedpowersystemapplications, suchaspowerflow, andnumerousothers. V.LESSONSLEARNED
Opensourcesoftwareissubstantiallyaproductdeveloped andmaintainedbyvoluntarycommunities.Somepeoplehave theimpressionthatthemainopensourcecommunitiesare composedofhobbyists.However,itisusefultounderstand thestructureoftheopensourcecommunity,becausethereis majorparticipationbycommercialfirms,academia,and government. Someprojectsareinitiatedbyanindividual,othersare developedandmaintainedbymuchlargerandmore organizedgroups.Manymajoropensourceprojectsare fundedbycommercialorganizationsorareorganizedto maintainandimprovesoftwarethatwasformerlyproprietary andhasbeenreleasedasopensource.Commercial
consumingbutimportantactivityinbuildingasystem usingopensourcesoftware. Selectionofopensourcesoftwarerequiresparticularcare toavoidselectingdeadendsoftware.Itisespecially importanttoassessthescopeandactivityinthe communityofusersandmaintainers,andtolookatfactors suchastheactivityondiscussionlistsinordertoensure thatthesoftwareisstillbeingactivelymaintainedand improved. AsdescribedbyRosen[1],therearetwomainkindsof OpenSourcelicenses,theacademic(withminimal conditionsonuseofthesourcecode)andthereciprocal (requiringthatderivativeworksbemadeavailableunder thesametermsastheoriginalwork).Themajor reciprocallicenseistheGNUGeneralPublicLicense (GPL),publishedbytheFreeSoftwareFoundation (http://www.fsf.org).UnderthetermsoftheGPL,ifany significantGPLcodeisusedinaprogram,alllinked programsmustbelicensedundertheGPLiftheyare distributedtoothers.However,thisdoesnotapplyifa programisaseparatework,andislinkedbyinterfaces usedforseparateprograms.ThusaGPLprogramcan onlybeinterfacedtoprogramthatisnotGPLorGPL compatiblylicensedbymeanssuchasfiles,pipes,and messages,ordinarilyusedforinterfacingseparate programs.Thiscreatesaconstraintonarchitecturethat mustbecarefullymanaged. VI.REFERENCES
Packagedreleasesinformatssuchastar.gz,rpm,deb,and others Asoftwarerepository,usuallybasedonaconfiguration managementtoolsuchasCVS,Subversion,orrecently GIT Anemaillistfordevelopmentandsupportdiscussions, oftenwithwebarchiving Abugtrackingtool,suchasBugzilla,forformalentryand trackingofbugreportsandimprovementrequests Sometimesachatroomorwebforumfordevelopment andsupportdiscussions Documentation
Lessonslearnedthusfarintheprojectinclude:
Opensourcesecuritysoftwareoftenranksamongthebest ofbreedforvariousfunctions. Therearenumerouslanguagespopularforprogramming inopensourcesoftware,includingC/C++,Python,Java, Perl,andothers.TheToolkitusesC/C++andPython (whichhasfacilitiesforrelativelyeasyintegrationofC andC++code).Communitiesusuallydeveloparound languages.Withinalanguagecommunitythereare sometimesmultipleopensourceprojectsaddressinga givenareaoftechnology. Eachopensourceprojecthasdifferentgoals,approaches, strengths,andweaknesses.Availablesoftwarefrequently haspitfalls.Functionalitymaybeincompleteor erroneous.Theoriginaldeveloperswere"scratchingan itch."Somefunctionsandfeaturesimportanttoa potentialuserlookingatthesoftwaremaynothavebeen importanttotheoriginaldevelopercommunity.Asinany communityofvolunteers(includingIEEEitself)makinga suggestionoftenresultsinaninvitationtoimplementthe suggestion.Identifyingandevaluatingeachpotentially usefulopensourcecomponentprojectisatime