A solution to cyber attack

Incorporating a synchronism check function is the key element in securing switching operations against cyber attacks and unsafe operations.

Security in power system operations against cyber intrusion, malicious attacks and unauthorised operations is one of the main concerns of the utilities and distributed generator providers.

Following a released video by CNN from Aurora Generator Test in Idaho National Laboratory, which pictured how a cyber attack could cause severe damage to a generator, many utilities and generation providers have been concerned of being the susceptible victims. The severity of an Aurora cyber attack in power systems would be analogous to the effect of shifting a car into reverse while driving at high speed on a highway.

The Aurora cyber attack is “the process of intentionally opening a switching device and closing it out-of-synchronism to cause damage to the connected power system including generators, motors and transformers”.

In this context, out-of-synchronism means the difference between the frequency, magnitude and phase angle of the voltages on both sides of an open switch is not within the tight predefined synchronism limits. When an out-of-synchronism close initiates electrical overcurrent and excessive torque, it causes stress on the mechanical shaft of the rotating equipment.

The resulting stress is conducive to life-cycle reduction and damage to the rotating equipment. If this process continuously occurred several times, it would damage the generators and other equipment severely. This vulnerability may exist in any electric network that is unprotected against this threat.

Implementation of synchronism-check (ANSI 25 Device) and auto-synchroniser (ANSI 25A Device) in the latest firmware release, 1.15, in NOJA Power’s OSM series relieves the distributed generators’ providers and utilities of being the victim of these malicious attacks.

The NOJA Power OSM series are fully type tested by independent laboratory KEMA and provide a comprehensive suite of automation and protection features using voltage, current and frequency measurements on all bushings. The synchronism-check function is the most powerful supervision scheme designed for medium-voltage level OSM series to prevent the Aurora attack, any malicious attempts and unsafe operations.

Aurora vulnerability

For the safe and robust connection of generators to the grid, three key parameters of voltage signal, ie, frequency, magnitude and phase angle of the gen-sets and the grid must match. The Aurora attack looks at the possible opportunity of connecting two parts of the network when these parameters are uncoordinated.

The Aurora attack initiates the close by taking advantage of the time delay between recognition of out-of-synchronism and initiation of the required protection actions. The time delay of traditional protective relays to block the reclosing is about 15 cycles, which can create a window of vulnerability for any malicious attempt. The Aurora attack may also launch in slow auto-reclose operations in medium-voltage levels in systems where the generators almost match the demand. In this case, if the tiebreak switchgear is open, the out-of-synchronism takes longer to occur.

The Aurora attack can target any switch or breaker in the tie-points away from the generators in medium-voltage levels as displayed in the following figure. Unfortunately, if an attack occurs on the transformers’ secondary side, generators’ protective relays cannot monitor and detect out-of-synchronism as they are typically located on the primary side.

Target of Aurora attack

Utilities, generator providers and relay manufacturers must provide good engineering practices to remove the Achilles heel and secure the power system operation. Utilities and generator owners can remove the Aurora threat by applying basic security procedures such as managing passwords, securing all SCADA communication channels, encrypted communications, localising security information and physical securities. On the other hand, relay manufacturers must make an effort to remove any susceptibility by providing the concise and reliable protection functions to eradicate this threat.

The NOJA Power solution

The medium-voltage OSM series, equipped with synchronism-check, provide a basic solution for Aurora vulnerability. NOJA Power’s synchronism-check function is fast and reliable, which protects against unsafe and harmful interconnection of the unsynchronised parts of the network. NOJA Power’s implementation of synchronism-check immediately starts checking the synchronism conditions once the switch is open, and only allows a close if the monitored synchronism parameters over a predefined amount of time are within the predefined tight limits.

Using NOJA Power’s synchronism-check protection function allows the user to configure and coordinate the difference in voltage magnitude, phase angle and frequency of both sides to a tight limit. All fields, like other settings in the controller, are password protected, which only allows authorised people to change settings. The controller detects the dead and live conditions and gives the user the wide range of automation flexibilities.

For auto-reclose operations, the relay controller continuously monitors synchronism conditions in 80 ms windows (4 cycles in 50 Hz) and if any parameter within these windows is out-of-synchronism, then it will block the close and transition the switchgear to lockout. The user could also set the manual close sync-check window from 0–60 seconds if required, based on the safety procedures and protection requirements. This continuous check over a predefined amount of time in both manual close and auto-reclose operations eradicates any malicious or unwanted attempt to close the switch out-of-synchronism.

“Cybersecurity is of increasing concern and network fortification building in functionality like auto-synchronisation is another measure that can be taken to further secure distribution networks, which are increasingly becoming the backbone of electricity grids worldwide as more renewable generation is connected at the distribution level of the grid,” NOJA Power Group Managing Director Neil O’Sullivan said.

Image credit: ©stock.adobe.com/au/Nmedia