November 13, 2012
In many substation designs and in other apparatus, the various stakeholders are getting away from the hardwired control panels of the past in favor of soft controls and controls built into intelligent electronic devices (IEDs). Traditional pistol-grip control switches, large static panel displays-all the components typical in the past are going away.
In their place, increasingly, is some sort of a human machine interface, or HMI, which is essentially a terminal that provides visualization of what's going on in the substation, while providing controls for that substation without the traditional hard-wired controls. One crucial advantage of this approach is a significant reduction in control house and wiring costs. The control house footprint can be reduced, the amount of materials and labor can be reduced.
If the consulting specifying engineer's client is not familiar with soft controls, however, the client's operating procedures will need to change. For example, it's not unusual now to have protective IEDs, relays, built into the soft control-enabled substation, with manual open-and-close functions via push buttons right on the faceplate. In a hard-controlled system those control handles frequently were the physical mechanism that would be used when a device was tagged out for nonoperation. So in moving from a hard control panel to an IED- or an HMI-based control panel. the tagging rules and the safety rules of that end customer need to be revisited to ensure that the soft control panels and related procedures become standard operating procedures for that customer.
An additional concern for the end customer: the functionality of the HMI. For example, many HMIs are computer-based. If they reboot, the consultant needs to ascertain for his/her client the condition they reboot to. If there was a tag out or a lock out on the computer before it rebooted, will it reboot back into that same situation? Or will it reboot into a default condition that may not be the intended condition at that time by the end user? These issues require resolution by the engineer.
Many solutions for computer-based HMIs are built on standard operating systems. Microsoft Windows is a good example. But Windows needs periodic updating as Microsoft finds security gaps that need plugging. So provisions have to be made to update the HMI as needed.
A soft controlled substation, in a sense, brings with it traditional lifecycle expectations that run up against new lifecycle expectations for its operating system. When such a substation is built, the client probably expects the system to be in place for many, many years. It's not uncommon, however, for HMI software to be developed for one or two versions of the operating system. Over the lifecycle of that HMI, the operating system may go through a dozen changes. So the end user needs to secure hardware that will allow the older operating system of the HMI to continue to operate without a full-blown upgrade. In my experience, prudence dictates that the end user have a spare hard drive with the original operating system and the corresponding software package on hand so this could be put into a different computer platform in the event of a hardware failure.
Whether the client understands these issues depends on the sophistication of their operation. Industrial facilities with a degree of automation, perhaps from a programmable logic controller (PLC) system, will understand these issues. Commercial users without that degree of process automation need to be educated on critical issues. If you are building a substation for a data server farm or a financial institution, the client probably isn't aware of the issues pertinent to process control and they'll need to be educated.
The consulting specifying engineer may be asked by the client whether the control house can be eliminated altogether and the substation run through their enterprise-wide data system. The short answer is "yes," but the more difficult question is, "Does that make sense?" Does the client's enterprise system meet the requirements needed to operate the substation? It's one thing to integrate data into an enterprise-wide system; it's another to ensure that that enterprise-wide system has the priorities, capabilities, and facilities to provide the process control needed for the electric substation operation.
One last thing on the firmware updates: These invariably needed in an automated system, whether it's the HMI or the IEDs, whether it's for an operational issue or a cyber-security issue. The operator or owner of the substation has to be made aware that provisions will need to be made for periodic firmware upgrades. A nice, easy solution-to have that HMI connected to the HMI vendor's system and have the firmware updates done automatically-invokes cyber security concerns. Connecting an HMI to an enterprise network or the Internet for updates and upgrades produces cyber security concerns that didn't exist in that older, hardwired substation.
Thus the gains of saving significant, initial, capital investment costs need to be weighed against the complications and operational costs required by an automated system. The wise consultant needs to quantify the costs and benefits and educate his client. A joint decision on which way to go will avoid leaving the customer with unintended consequences and costs down the road. Assign hard values to those costs and benefits. You don't want to leave a client with unanticipated operations and maintenance costs that were hidden behind optimistic estimates of savings in capital expenditure.
Sam Sciacca is an active senior member in the IEEE and the International Electrotechnical Commission (IEC) in the area of utility automation. He has more than 25 years of experience in the domestic and international electrical utility industries. Sciacca serves as the chair of two IEEE working groups that focus on cyber security for electric utilities: the Substations Working Group C1 (P1686) and the Power System Relay Committee Working Group H13 (PC37.240). Sciacca also is president of SCS Consulting.