In order to auto­mate, mon­i­tor and con­trol a sub­sta­tion and its intel­li­gent devices in real time from a cen­tral mon­i­tor­ing sta­tion, the sub­sta­tion must be con­nect­ed to a Super­vi­so­ry Con­trol and Data Acqui­si­tion (SCADA) system.

The SCADA pro­vides grid oper­a­tors with an HMI (Human Machine Inter­face) to visu­al­ize col­lect­ed data and facil­i­tate the sub­sta­tion main­te­nance and operation.

North Amer­i­can Elec­tric­i­ty Reli­a­bil­i­ty Cor­po­ra­tion (NERC), and its pre­de­ce­sor North Amer­i­can Elec­tric­i­ty Reli­a­bil­i­ty Coun­cil, is a non-prof­it organ­i­sa­tion whose goal is to ensure the reli­a­bil­i­ty of elec­tric­i­ty sup­ply across North Amer­i­ca by devel­op­ing tech­ni­cal stan­dards for pow­er sys­tem oper­a­tion. NERC devel­oped the so-called CIP (Crit­i­cal Infra­struc­ture Pro­tec­tion), a set of nine stan­dards to imple­ment cyber­se­cu­ri­ty in pow­er sys­tems. NERC-CIP stan­dards cov­er tech­ni­cal and non-tech­ni­cal aspects, such as the use of encryp­tion or per­son­nel aware­ness and train­ing, and have been adopt­ed worl­wide as a ref­er­ence frame­work for cyber­se­cu­ri­ty in pow­er systems.

NTP stands for Net­work Time Pro­to­col, which is a pro­to­col used to syn­chro­nize the clocks of net­worked devices over the Inter­net or oth­er networks.

NTP is designed to pro­vide accu­rate and reli­able time syn­chro­niza­tion for a wide range of appli­ca­tions, includ­ing indus­tri­al con­trol and oth­er time-sen­si­tive sys­tems. NTP works by exchang­ing time syn­chro­niza­tion mes­sages between devices, using a hier­ar­chi­cal sys­tem of time servers to ensure accu­ra­cy and reliability.

NTP is wide­ly used across the Inter­net and oth­er net­works to syn­chro­nize the clocks of devices with a ref­er­ence time source, such as an atom­ic clock or GPS receiv­er. This allows devices to main­tain accu­rate and con­sis­tent time, even in the face of net­work delays and oth­er fac­tors that can affect clock accuracy.

NTP is a key com­po­nent of many mod­ern com­put­er sys­tems and net­works, and is often used in con­junc­tion with oth­er time syn­chro­niza­tion pro­to­cols and tech­nolo­gies to pro­vide a reli­able and accu­rate time source for crit­i­cal applications.

PKI stands for Pub­lic Key Infra­struc­ture, which is a set of tech­nolo­gies, process­es, and poli­cies used to man­age dig­i­tal cer­tifi­cates and pub­lic-key encryp­tion. A PKI enables secure com­mu­ni­ca­tion over untrust­ed net­works by pro­vid­ing a frame­work for ver­i­fy­ing the iden­ti­ty of users, devices, and servers, and for ensur­ing the con­fi­den­tial­i­ty, integri­ty, and authen­tic­i­ty of infor­ma­tion exchanged over the network.

A PKI typ­i­cal­ly con­sists of sev­er­al com­po­nents, including:

1. Cer­tifi­cate Author­i­ty (CA): A trust­ed third-par­ty that issues dig­i­tal cer­tifi­cates to users and devices, which are used to authen­ti­cate their iden­ti­ty and estab­lish secure communication.
2. Reg­is­tra­tion Author­i­ty (RA): A com­po­nent that ver­i­fies the iden­ti­ty of users and devices before issu­ing dig­i­tal certificates.
3. Cer­tifi­cate Repos­i­to­ry: A data­base or direc­to­ry that stores dig­i­tal cer­tifi­cates issued by the CA.
4. Cer­tifi­cate Revo­ca­tion List (CRL): A list of dig­i­tal cer­tifi­cates that have been revoked or are no longer valid.
5. Cer­tifi­cate Pol­i­cy: A set of rules and guide­lines that gov­ern the issuance and man­age­ment of dig­i­tal cer­tifi­cates with­in the PKI.

A PKI is wide­ly used in many appli­ca­tions and indus­tries, includ­ing pow­er con­trol, e‑commerce, online bank­ing, and secure email. PKI pro­vides a secure and reli­able method for ver­i­fy­ing the iden­ti­ty of users and devices, and for pro­tect­ing sen­si­tive infor­ma­tion from unau­tho­rized access or interception.

IEC 61131 is an inter­na­tion­al stan­dard that describes Pro­gram­ma­ble Log­ic Con­trollers, a type of pro­gram­ma­ble indus­tri­al automa­tion sys­tems. IEC 61131 PLC sys­tems embed­ded in RTUs allow the imple­men­ta­tion of cus­tom func­tions by pro­cess­ing dif­fer­ent inputs and gen­er­at­ing outputs.

Com­mon exam­ples are an RTU auto­mat­i­cal­ly con­nect­ing capac­i­tor banks when the reac­tive pow­er exceeds a thresh­old or per­form­ing load shed­ding when the fre­quen­cy devi­ates. The pro­gram itself can be writ­ten in five dif­fer­ent pro­gram­ming lan­guages, described in part 3 of the standard.

PLC accord­ing to IEC61131‑3 is sup­port­ed in all iGrid prod­ucts, includ­ing the iRTU/iGW series and the iCon­trol SCADA system.

PPC (Pow­er Plant Con­troller) is a con­trol loop that reg­u­lates the amount of ener­gy inject­ed to the grid by a gen­er­a­tion plant, to make sure that com­plies with both the set­points and the grid codes dic­tat­ed by the TSO. The PPC receives the set­point from the TSO del­e­gate office and receives feed­back from a meter installed at the Point of Injection.

A pro­tec­tion relay is an elec­tron­ic device which con­sti­tutes an an essen­tial com­po­nent in elec­tri­cal pow­er sys­tems, being designed to detect abnor­mal oper­at­ing con­di­tions or faults in the pow­er sys­tem and ini­ti­ate appro­pri­ate actions to pro­tect the equip­ment and ensure the safe­ty and sta­bil­i­ty of the elec­tri­cal network.

The main func­tion of a pro­tec­tion relay is to mon­i­tor elec­tri­cal para­me­ters such as cur­rent, volt­age, fre­quen­cy, pow­er, and oth­er rel­e­vant quan­ti­ties with­in the pow­er sys­tem. When the relay detects a fault or abnor­mal con­di­tion, it sends a sig­nal to the asso­ci­at­ed cir­cuit break­er or oth­er switch­ing devices to iso­late the faulty sec­tion from the rest of the network.

Here are some key fea­tures and func­tions of a pro­tec­tion relay:

1. Fault Detec­tion: Pro­tec­tion relays con­tin­u­ous­ly mon­i­tor the elec­tri­cal para­me­ters of the pow­er sys­tem. They ana­lyze these para­me­ters and com­pare them to pre­de­fined set­tings to iden­ti­fy abnor­mal con­di­tions, such as short cir­cuits, over­loads, volt­age sags, over­volt­age, under­fre­quen­cy, and oth­er faults. The func­tions exe­cut­ed by the pro­tec­tion relays are defined by stan­dariza­tion bod­ies, like IEEE with its stan­dard IEEE C37.2
2. Selec­tiv­i­ty and Coor­di­na­tion: Pro­tec­tion relays are designed to pro­vide selec­tiv­i­ty and coor­di­na­tion in the elec­tri­cal net­work. Selec­tiv­i­ty ensures that only the clos­est cir­cuit break­er to the fault loca­tion is tripped, min­i­miz­ing the impact on the rest of the sys­tem. Coor­di­na­tion allows for sequen­tial oper­a­tion of relays and cir­cuit break­ers to iso­late faults in a cas­cad­ing manner.
3. Relay Log­ic and Algo­rithms: Pro­tec­tion relays employ var­i­ous log­ic schemes and algo­rithms to deter­mine fault con­di­tions accu­rate­ly and reli­ably. These schemes may include time-based, cur­rent-based, or volt­age-based tech­niques to dif­fer­en­ti­ate between fault and nor­mal oper­at­ing conditions.
4. Com­mu­ni­ca­tion and Inte­gra­tion: Mod­ern pro­tec­tion relays often fea­ture com­mu­ni­ca­tion capa­bil­i­ties, enabling them to exchange infor­ma­tion with oth­er relays, con­trol sys­tems, and mon­i­tor­ing devices, with com­mu­ni­ca­tion pro­to­cols like IEC 61850, DNP3.0 or IEC 60870–5‑103. This facil­i­tates remote mon­i­tor­ing, cen­tral­ized con­trol, and coor­di­nat­ed pro­tec­tion across dif­fer­ent parts of the pow­er system.

IEEE 1588 is a stan­dard for pre­ci­sion clock syn­chro­niza­tion of net­worked devices. It is also known as Pre­ci­sion Time Pro­to­col (PTP).

The IEEE 1588 stan­dard pro­vides a mech­a­nism for syn­chro­niz­ing the clocks of devices con­nect­ed over a net­work with sub-microsec­ond accu­ra­cy. This is par­tic­u­lar­ly impor­tant in appli­ca­tions such as indus­tri­al automa­tion, finan­cial trad­ing, telecom­mu­ni­ca­tions, and oth­er real-time sys­tems where accu­rate tim­ing is critical.

The stan­dard defines a pro­to­col that enables devices to syn­chro­nize their clocks to a com­mon ref­er­ence time, known as a grand­mas­ter clock. This is achieved by exchang­ing tim­ing mes­sages between devices over the net­work, and adjust­ing the local clock of each device to align with the grand­mas­ter clock.

IEEE 1588 has sev­er­al dif­fer­ent pro­files, each tai­lored to spe­cif­ic appli­ca­tions and net­work topolo­gies. It is wide­ly used in indus­tri­al con­trol sys­tems, pow­er dis­tri­b­u­tion net­works, and oth­er crit­i­cal infra­struc­ture applications.

The per­for­mance ratio (PR) is a met­ric used to eval­u­ate the effi­cien­cy and per­for­mance of a pho­to­volta­ic (PV) pow­er plant. It rep­re­sents the ratio of the actu­al ener­gy out­put of the PV sys­tem to the the­o­ret­i­cal or expect­ed ener­gy out­put under stan­dard test con­di­tions (STC). The per­for­mance ratio is expressed as a percentage.

The per­for­mance ratio takes into account var­i­ous fac­tors that affect the ener­gy pro­duc­tion of a PV plant, includ­ing sys­tem loss­es, envi­ron­men­tal con­di­tions, and equip­ment per­for­mance. It pro­vides a mea­sure of how effec­tive­ly the PV sys­tem con­verts sun­light into usable electricity.

The Inter­na­tion­al Elec­trotech­ni­cal Com­mis­sion (IEC) defines the IEC 61724 stan­dard which out­lines the pro­ce­dures and guide­lines for the assess­ment of the ener­gy yield of PV sys­tems. This stan­dard pro­vides a frame­work for mea­sur­ing, cal­cu­lat­ing, and report­ing the per­for­mance ratio of a PV plant. It’s worth not­ing that the exact cal­cu­la­tion method­ol­o­gy and para­me­ters for deter­min­ing the per­for­mance ratio may vary slight­ly based on project-spe­cif­ic require­ments and local reg­u­la­tions. How­ev­er, the IEC 61724 stan­dard pro­vides a wide­ly accept­ed frame­work for per­for­mance ratio assess­ment in the PV industry.

The per­for­mance ratio cal­cu­la­tion con­sid­ers sev­er­al fac­tors, including:

1. Sys­tem loss­es: These loss­es include elec­tri­cal loss­es, such as wiring and invert­er loss­es, as well as loss­es due to shad­ing, soil­ing, and mis­match between PV modules.

2. Tem­per­a­ture loss­es: PV mod­ules expe­ri­ence reduced effi­cien­cy as their tem­per­a­ture increas­es. Tem­per­a­ture loss­es account for the decrease in per­for­mance due to high­er mod­ule temperatures.

3. Irra­di­ance loss­es: The actu­al solar irra­di­ance received by the PV mod­ules may devi­ate from the ref­er­ence con­di­tions assumed dur­ing the per­for­mance esti­ma­tion. Irra­di­ance loss­es account for the devi­a­tion between the actu­al and ref­er­ence irra­di­ance levels.

By con­sid­er­ing these fac­tors, the per­for­mance ratio pro­vides an assess­ment of the over­all per­for­mance and effi­cien­cy of the PV sys­tem, tak­ing into account real-world con­di­tions and loss­es. A high­er per­for­mance ratio indi­cates bet­ter per­for­mance and effi­cien­cy of the PV plant.

Sam­pled Val­ues are one type of Eth­er­nent mes­sage used in dig­i­tal sub­sta­tions, used to trans­mit infor­ma­tion of ana­logue nature in dig­i­tal for­mat. A typ­i­cal appli­ca­tion is mea­sur­ing AC ana­logue cur­rents and volt­ages; the cur­rent and volt­age are mea­sured with current/voltage trans­form­ers and deliv­ered to a merg­ing unit that will sam­ple them at a giv­en samplig rate and gen­er­ate the cor­re­spond­ing Sam­pled Val­ues mes­sages. These sam­pled val­ues mes­sages are then pub­lished in a mul­ti­cast Eth­er­net mes­sage in the process bus of the sub­sta­tion LAN so that all IEDs need­ing this infor­ma­tion may sub­scribe to it and receive it (for exam­ple pro­tec­tion relays). Sam­pled val­ues are described in detail in IEC 61850–9‑2 (“Sam­pled Val­ues over ISO/IEC 802.3”) and IEC 61869–9 (“Dig­i­tal Inter­face for Instru­ment Transformers”).

Sequence of events record­ing (SER) is per­formed by micro­proces­sor based sys­tems, which mon­i­tor col­lect­ed data inputs and record the time and sequences of the changes.

Sequence of events recorders rely on exter­nal time sources such as GPS or radio clocks to record the exact time of state of each change.

SNTP stands for Sim­ple Net­work Time Pro­to­col, which is a sim­pli­fied ver­sion of the Net­work Time Pro­to­col (NTP). Like NTP, SNTP is a pro­to­col used to syn­chro­nize the clocks of com­put­ers or oth­er net­worked devices over the Inter­net or oth­er networks.

SNTP is designed to pro­vide basic time syn­chro­niza­tion ser­vices with low­er over­head and few­er fea­tures than NTP. SNTP is often used in sit­u­a­tions where a high degree of accu­ra­cy is not required, or where the net­work infra­struc­ture may not be able to sup­port the more com­plex fea­tures of NTP.

While SNTP pro­vides less pre­ci­sion than NTP, it still pro­vides accu­rate time syn­chro­niza­tion with­in a few hun­dred mil­lisec­onds. SNTP uses the same time syn­chro­niza­tion mes­sages and algo­rithms as NTP, but with few­er options and set­tings. SNTP can also syn­chro­nize time with NTP servers, allow­ing devices that sup­port SNTP to take advan­tage of the more accu­rate time sources avail­able with NTP.

SNTP is com­mon­ly used in small net­works or embed­ded sys­tems, where the resources avail­able for time syn­chro­niza­tion are lim­it­ed. SNTP is also used in Inter­net of Things (IoT) devices, net­worked sen­sors, and oth­er low-pow­er or low-band­width appli­ca­tions, where the over­head of NTP would be too high.

Secure Shell is a secure client-serv­er admin­is­tra­tion pro­to­col which allows remote access to IEDs through an authen­ti­ca­tion mech­a­nism. This pro­to­col was cre­at­ed as a secure replace­ment for Tel­net and makes use of both asym­met­ric and sym­met­ric encryp­tion algo­rithms with 128 bit keys. SSH is an essen­tial com­po­nent of cyber­se­cu­ri­ty and is imple­ment­ed in all iRTU/iGW series for secure access to the devices.

A syn­chrocheck is a pro­tec­tive relay func­tion used in pow­er sys­tems to detect and pre­vent dam­age to gen­er­a­tors and oth­er equip­ment dur­ing syn­chro­niza­tion. Syn­chro­niza­tion is the process of con­nect­ing a gen­er­a­tor to the elec­tri­cal grid, and it is crit­i­cal to ensure that the volt­age and fre­quen­cy of the gen­er­a­tor match those of the grid before it is con­nect­ed. If there is a mis­match, it can cause severe dam­age to the gen­er­a­tor and oth­er equipment.

A syn­chrocheck relay is designed to detect the dif­fer­ence in volt­age and fre­quen­cy between the gen­er­a­tor and the grid. It com­pares the volt­age and fre­quen­cy sig­nals from the gen­er­a­tor and the grid and ensures that they are with­in accept­able lim­its before allow­ing the gen­er­a­tor to be syn­chro­nized with the grid. If there is a mis­match in volt­age or fre­quen­cy, the syn­chrocheck relay will pre­vent the gen­er­a­tor from being con­nect­ed to the grid.

In addi­tion to pre­vent­ing dam­age to the equip­ment, syn­chrocheck relays also help to ensure a smooth and sta­ble trans­fer of pow­er from the gen­er­a­tor to the grid. They are an impor­tant com­po­nent of the pro­tec­tive relay sys­tem used in pow­er systems.

TPM stands for Trust­ed Plat­form Mod­ule. It is a hard­ware-based secu­ri­ty solu­tion that pro­vides a secure foun­da­tion for var­i­ous secu­ri­ty func­tions such as authen­ti­ca­tion, encryp­tion, and key management.

A TPM is a microchip that is installed on the RTU’s moth­er­board and it is designed to work with the device’s oper­at­ing sys­tem to pro­vide a secure envi­ron­ment for sen­si­tive data and operations.

The TPM gen­er­ates and stores cryp­to­graph­ic keys, which can be used for a vari­ety of secu­ri­ty pur­pos­es, such as encrypt­ing data or ver­i­fy­ing the integri­ty of the sys­tem. The TPM can also be used for secure boot, which ensures that the sys­tem only boots from trust­ed sources, and for mea­sur­ing the integri­ty of the sys­tem at boot time.

TPMs are com­mon­ly used in enter­prise envi­ron­ments to pro­tect sen­si­tive data and ensure com­pli­ance with secu­ri­ty reg­u­la­tions. They can also be used in con­sumer devices, such as lap­tops and smart­phones, to pro­vide enhanced secu­ri­ty for per­son­al data and transactions.

One of the key com­po­nents of the IEEE 62443 stan­dard is the use of hard­ware-based secu­ri­ty solu­tions, such as Trust­ed Plat­form Mod­ules (TPMs), to pro­tect sen­si­tive data and oper­a­tions. TPMs can be used to secure indus­tri­al automa­tion and con­trol sys­tems (IACS) devices by pro­vid­ing a trust­ed com­put­ing envi­ron­ment, ensur­ing the integri­ty of the sys­tem, and pro­tect­ing cryp­to­graph­ic keys and oth­er sen­si­tive information.

In par­tic­u­lar, the IEEE 62443–2‑4 stan­dard includes rec­om­men­da­tions for the use of TPMs to imple­ment secure boot and to pro­tect the con­fi­den­tial­i­ty and integri­ty of IACS data. The stan­dard rec­om­mends that IACS devices should have a hard­ware-based root of trust, such as a TPM, to ensure that the device boots from a trust­ed source and that the integri­ty of the sys­tem is main­tained through­out its operation.

UDP (acronym for User Data­gram Pro­to­col) is a lay­er 4 trans­port pro­to­col com­mon­ly used in IP net­works. Unlike TCP (Trans­mis­sion Con­trol Pro­to­col), UDP is a con­nec­tion­less pro­to­col, there is no con­nec­tion set­up or con­nec­tion release. This makes it very ade­quate for the trans­port of short, urgent or spon­ta­neous mes­sages, like SNMP; or when retrans­mis­sion is not fea­si­ble, like for exam­ple VoIP. UDP is used in some DNP3.0 pro­files, spe­cial­ly in mobile net­works, at the expense of less effi­cient han­dling of lost packets.

VPN (acronym for Vir­tu­al Pri­vate Net­work) is a com­mu­ni­ca­tions tech­nol­o­gy that allows client-serv­er secure com­mu­ni­ca­tion over unse­cure chan­nels. A com­mon exam­ple is remote access to a sub­sta­tion over an unse­cure com­mu­ni­ca­tions net­work, e.g. a pub­lic tele­com oper­a­tor. Both the client attempt­ing to access and IED serv­er at the sub­sta­tion must use a VPN soft­ware with embed­ded encryp­tion algo­rithms that pro­vide user authen­ti­ca­tion, data con­fi­den­tial­i­ty and data integrity.