View
222
Download
2
Category
Preview:
Citation preview
2017
Intelligent Distributed Controls for Successful Microgrid Implementation
Peter CurtissDirector of Applied Solutions
IPERC
1
2017
Origins
• IPERC had its beginnings in “smart” control of military energy systems
• Initial projects demonstrated need for resilient controls and cyber security
• Battlefield energy use is very expensive in both human life and dollars
• How do we increase the safety and reliability of power to front-line facilities?
2
2017
Challenges
• Minimize custom configuration requirements
• Reduce conventional fuel use
• Ensure power to critical loads
• Provide meaningful user feedback
• Emphasize cyber security
3
2017
Solution
• Develop a “plug-and-play” distributed control system
• Treat each device in the grid as a smart component
• Automatic recognition of devices
• Automatic implementation of control algorithms
• Develop custom hardened platforms
4
Initial proof of concept in 2007 demonstrated
automated control using Rolls-Royce HUMS series
2017
Tactical grid demonstration
5
Analog gensetand ECU
Digital gensets and ECUs
Intelligent PDU Gateway 9 kW load bank
Grid Connect Unit
DRASH Jul 2010
2017
How it works
Single board computer
Grid component
Peripheral devices
Grid component
Digital or analog signals
Modbus,
CAN, DNP
TCP / UDP
Configuration files
Peripheral devicesPeripheral
devicesGrid
components
Serial
Single board computer
Grid compone
nt
Peripheral devices
Grid compone
nt
Configuration files
Peripheral devicesPeripheral
devicesGrid componen
ts
Single board computer
Grid compone
nt
Peripheral devices
Grid compone
nt
Configuration files
Peripheral devicesPeripheral
devicesGrid componen
ts
Single board computer
Grid compone
nt
Peripheral devices
Grid compone
nt
Configuration files
Peripheral devicesPeripheral
devicesGrid componen
ts
Network
2017
Communication protocols
• System creates a uniform communication layer between controller and devices
• Agnostic to equipment
• Treats all microgrid assetsin a consistent fashion
page 7
Data acquisition and control decisions
Communication layer
DMS
Generator
PV inverter
Energy storage
Switchgear
• Modbus over serial
• Modbus over TCP
• DNP3
• CANbus
• BACnet
2017Process models
Models are used to aggregate values and to provide representation of state of microgrid
• “Smart” data streams includes additional information about the device and meaning of the values
• Templates of process models specify how this metadata can be used to dynamically create associations between data
• A priori knowledge of quantity and types of devices is not necessary
• Models are re-created if equipment enters or leaves the grid
2017Control strategies
Knowledge and expertise embedded in templates that use metadata to create process models
• Templates can include actions to be taken when the model outputs cross certain thresholds
• Models can be simple…
• Simple summation of loads
…or complex mappings
• Implementing load shedding based on available generation capacity and on expected and requested loads.
Proprietary 9
Custom strategies developed for particularly complex or sensitive operations
• Multiple feeder distribution systems with tie breakers
• Specification of droop reference parameters in systems with energy storage
• Contingency operations
2017
How it works
Single board computer
Model host
Request manager
Web server
Data storage
Comms
Single board computer
Model host
Request manager
Web server
Data storage
Comms
Single board computer
Model host
Request manager
Web server
Data storage
Comms
Each host remains in constant communication with all other
hosts
2017
Typical processes
• Entering islanded mode
• Utility outage (black start)
• User request (soft transition)
• Restoring grid-tied mode
• Asset dispatch / curtailment
• Load shedding as appropriate
• Storm preparedness
• Contingency management and recovery
• Ancillary services offerings when grid-tied
page 11
Custom processes are developed for scheduled events, ancillary
services offerings when grid-tied, handling of electric vehicles, etc.
2017
Data archive and availability
• Each host archives all measured and calculated values
• Audit logs used for analysis of potential security problems
• User ID
• Successful and unsuccessful attempts to access security files
• Date/time and type of event
• Success or failure of event
• Successful and unsuccessful logons
• Denial of access resulting from excessive number of logon attempts
• Blacklisting a user ID, terminal or access port and the reason for the action
• Activities that modify, bypass, or negate safeguards controlled by the system
page 12
2017
Hardware
page 13
• Size: 12.0” x 9” x 4”
• Weight: 10 lbs.
• Includes:
– Single-board computer– Digital and analog input/output– Communication interfaces– Hosted software
• Extended temperature
• Embedded GPS
• 9 to 36 VDC input
1.9 GHz processor, 2 GB RAM120 GB solid-state drive
Headless LinuxFanless, 10 watts
2017
Graphical user interface
• Designed in-house by IPERC
• No custom software required, viewable with any browser with secure login
• Allows for remote system monitoring and data downloads
page 14
• Schematic
• Data tables
• Graphing
• Control actions
• User management
• Alerting
2017
User roles
User Type
AdminView-only
user
View/
Control userAuditor Data User
Menu Option
User admin X
All values X X X X X
Main screen X X X X X
Refresh X X X X X
Execute commands X
Download data X
Download logs X
Change password X X X X X
Logout X X X X X
page 15
There is no direct access to the individual IPC hosts. All user interaction is through GUI.
2017
Cybersecurity
• Cyber security is a constantly moving target with no fixed solutions, only robust processes for implementing deep, multi-layered, evolving defenses
• Baseline concept: Assume that firewalls and intrusion detection will be defeated
page 16
The control system must function even with attackers inside
• Applicable frameworks:
• NIST 800-82, Guide to Industrial Control System Security
• NIST 800-53, Risk Management Framework; App I Security Controls, Enhancements, and Supplemental Guidance
• DoDI 8500.2, DoD IA Certification and Accreditation Process
• CNSSI 1253 App I, ICS Security Overlay
• For DoD installations, computer and network hardening must comply with relevant and up-to-date STIGs
2017
17
PHYSICAL
• Controlled Access
• Environmental Protections
• Locked Enclosures
COMPONENT
• Operating System Hardening
• Firmware Updating
• Encrypted Data
• Host Intrusion Detection
• Auditing
0101010101010101010101010101010010101011
SYSTEM PERIMETER
• Firewalls
• Intrusion Detection
• Hardened switches
• Secure remote monitoring
COMMUNICATION
• IPv6
• Encryption
• Peer-to-peer authentication
• Whitelisting
• Enclaving
Defense in Depth
2017SPIDERS Program
page 18
2.4MW microgrid built around wastewater treatment plant Completed January 2013
4.2MW microgrid built around mission-critical base command centersCompleted October 2013
SPIDERS I – Joint Base Pearl Harbor-Hickam, Oahu, HI
5.8MW microgrid encompassing entire Navy Pacific Command baseCompleted August 2015
SPIDERS II – Fort Carson, CO
SPIDERS III – Camp Smith, Oahu, HI ATO Issued
ATO Issued
Smart Power Infrastructure Demonstration of Energy Reliability and Security
2017
Ameren Microgrid
page 19
• IPERC microgrid controller manages the assets when islanded
• System communicates with Schneider EMA to manage the assets when grid-tied
• System exchanges data with Ameren DMS
• Droop mode influenced by microgrid control system to ensure proper charging / discharging of energy storage when islanded
• Over 40 different processes implemented
2017Ameren microgrid
page 20
2017
Ameren Microgrid
page 21
2017Ameren Microgrid
page 22
2017
Summary
• Plug-and-play microgrid control made possible by use of “smart” data streams and pre-defined templates of expected behavior
• Use of distributed controls offers resiliency and allows the use of smaller, less expensive CPUs
• Contingency handling often dominates the control strategies
• Cyber security can be a substantial effort
page 23
2017
Thank youpeter.curtiss@iperc.com
page 24
Recommended