Attachment C – Draft text for P1547 revision (June 26-27, 2014 meeting)

The following information provides the draft text submitted and discussed at the P1547 working group meeting. This is for background/informational purposes only. It does not identify final disposition (accept in principle, revise, or reject its use). The respective individual author or discussion leader has recorded the WG feedback for their potential revisions of the draft text/topics.

P1547 Subclause and/or Topic / Author, or Onsite Discussion Leader / Draft below?
3.1 Definitions; Interfaces and interoperability issues; and security issues. / M. Siira / Yes
1.3 Limitations (with bearing on some definitions) / D. Forrest (R. Cummings could not attend) / No
4.1.6 Monitoring provisions / B. Escott / Yes
4.2.1 Area EPS faults / T. McDermott lead author (could not attend) / Yes
4.2.2 Area EPS reclosing coordination / T. McDermott lead author (could not attend) / Yes
VFRT (voltage and frequency ride through) 4.2.3 & 4.2.4 / R. Walling / Yes
4.2.3 Voltage (VFRT)
4.2.4 Frequency (FRT)
4.2.6 Reconnection/Reenergization / J. Berdner / Yes
4.2.6 Reconnection / B. Lydic / Yes
4.2.6 Reconnection / T. McDermott lead author (could not attend) / Yes
5.1 (new text) Interconnection test specifications and requirements
5.2 [new] Integration of DER w/EPS {protection} / M. Siira / Yes
4.4.1 Unintentional islanding / T. McDermott lead author (could not attend) / Yes
New 5.3 Power systems simulations (simulation & modeling) / D. Kurthakoti (David Lovelady could not attend) / Yes
(new) 5.1.7 Short circuit current;
(new) 5.1.8 Loss of load behavior / R. Walling (T. McDermott could not attend) / yes
Annex B. / R. Walling (T. McDermott could not attend) / Yes
New 5.3 Power systems simulations (simulation & modeling) / D. Kurthakoti (David Lovelady could not attend) / Yes

Definitions; Interoperability Issues; and Security Issues -- M. Siira

Add the following definitions to Clause 3.1

3.1 Definitions

data flow: Application-level communications from a producer of data to a consumer of data.

data link: A physical communication connection (wireless, cabled [including wire and fiber optic], etc.)

from a source to a destination.

data volume: The quantity of data to be transferred to accomplish an action.

distributed energy resource (DER): Source of electric power that is not directly connected to a bulk

power transmission system. DERs include both generators and energy storage technologies.

Domain: A major component of the electric power system that has a primary function – these include Generation, Transmission, Distribution, Customer, Markets, Utility Operation and Control, and Service provider

Entities: Logical description of elements of a system domain.

interface: A logical connection from one entity to another that supports one or more data flows

implemented with one or more data links.

interoperability: The capability of two or more networks, systems, devices, applications, or components to

externally exchange and readily use information securely and effectively.

latency: A measure of time delay experienced in a system, the precise definition of which depends on the

system and the time being measured.

load: The true or apparent power consumed by power utilization equipment. (IEEE Std C37.100™-1992)

Security; aspects of design that ensure The infrastructure is protected against unauthorized access and interference with normal operation. It consistently implements information privacy and other security policies.

Smart Grid: The integration of power, communications, and information technologies for an improved

electric power infrastructure serving loads while providing for an ongoing evolution of end-use applications

4.5Interoperability Principles

Interoperability is the standardization of interfaces within the infrastructure is organized such that

—The system can be easily customized for particular geographical, application-specific,or business circumstances, but

—Customization does not prevent necessary communications between elements of the infrastructure.

—Cybersecurity is an important attribute of any architecture moving forward

Since the formation of the original IEEE 1547-2003, there have been significant advances in developing communications and information technology standards. Additionally, NIST has published a roadmap that presents requirements and a vision for smart grid. A central requirement in smart grid is interoperability. This roadmap present a conceptual model of the Smart Grid along the 7 domains depicted in the following figure:

Smart Grid Conceptual Model

Source: Updated NIST Smart Grid Framework version 3.0; February 2014

This was taken closer to reality in the Development of IEEE 2030-2011 which introduced the Smart grid Interoperability Reference Model (SGIRM). This concept allows each of the domain in the conceptual model to be viewed from three perspectives; Power, Communications and Information technology. IEEE 1547-2003 also implements a three-architectural perspectives’ view in all its components.

One characteristic of interoperability as set in GridWise® Interoperability Framework includes a requisite quality of service: reliability, fidelity, and security. The Figure below depicts the GridWise Architecture Council (GWAC) stack on the left, where the OSI 7-layer model essentially maps into the technical levels of the GWAC stack. The right side of the figure lists cross-cutting issues are areas that need to be addressed and agreed upon to achieve interoperation. They usually are relevant to more than one interoperability category of the framework.

.

- GWAC Stack with cross cutting issues

4.6Security for DER Interconnection

4.7Introduction

The control of the power grid is based on the SCADA systems that control the balancing of generating and consuming electricity and display the status to the system operators. However, SCADA may have interconnections to the standard corporate intranets and Internet.

Although standards and guidelines are identified to support the implementation of minimum security measures that set a baseline for cybersecurity across energy sector, there are many security challenges that require solutions based on an effective security program. As described in IEEE Std. 2030-2011, an organization has to apply analysis and risk management methods to identify the appropriate solutions to ensure the security of the distributed energy resources including related systems and smart grid.

DERs are typically smaller electricity generation or ESS located in a community, business, or home. They can serve consumers’ energy needs locally and can provide support for the grid. Distributed generation includes combined heat and power, solar photovoltaic systems, and other small generators such as micro-turbines and fuel cells. Distributed ESS include batteries as well as thermal storage devices that heat or chill water to provide building services. Also, in this clause we discuss practices and techniques in a comprehensive security and privacy implementation for interoperable ESS.

4.8Security Issues

The electric power infrastructure is transforming from a system of power interconnections to a very complex diverse, interconnected, interdependent, and adaptive system. Besides regulatory mandates (e.g., NERC CIP in North America), guidelines from energy industry, and standards organizations, it is mandatory that security of DER systems and applications is addressed in the early phases of design and architecture and continues through implementation, testing, deployment, and operation. Effective security management is required to enable resilience, safety, and interoperability of applications. Security management includes risk management, information security plans and policies, procedures, standards, guidelines, baselines, information classification, security organization, and security education.

At the local level, DER systems must manage their own generation and ESS activities autonomously, based on local conditions, pre-established settings, and DER owner preferences. The lowest level includes the actual cyber-physical DER systems operated autonomously. This autonomous operation can be modified by DER owner preferences and/or by settings and commands issued by utilities. The configurations include the security profiles as defined by standard profiles. However, prohibiting the incorrect settings or modification of settings by an intruder are critical to ensure accuracy of data and quality DER functionality.

Security programs typically focus on protection of human life, safety, tangible and intangible assets. With a system that interacts with power generation, transmission, and distribution, security responsibility for interconnected ESS extends beyond the traditional walls of the data center. Therefore, the approach of understanding vulnerabilities and the associated attack vectors to exploit the critical systems and other systems is essential to building effective security mitigation strategies.

For the purposes of IEEE 1547 Revision, this standard acknowledges the practices outlined in IEEE 2030-2011 to result in interoperability. This standard will not outline in depth the application of the SGIRM, but refer to these concepts as needed.

------

20140626 – 0900 PDT Brian Escott

4.1.6 Monitoring and control provisions

The level of monitoring and control provisions required at each PCC (multiple sources/types of DR may be available within the DR unit) depends upon the type of DR and EPS characteristics. Table 4.1.6-1 lists several types of DR with other system parameters to help determine the Level of monitoring and control required. Table 4.1.6-2 lists the Levels and defines the monitoring and control functions required. Table 4.1.6-1 may be used as a guide, but the Level required for each PCC shall be negotiated between the DR operator / owner and the EPS operator depending upon system criteria such as penetration, size of DR, type of DR controls and protective relaying, and system parameters.

Additionally, the specific data flows or network paths will depend on which of the power systems domain is interacting with the DR:

  • Distribution - The distributers of electricity to and from customers.
  • Service providers - The organizations providing services to electrical customers and utilities.
  • Markets - The operators and participants in electricity markets.
  • Control/operations - The management of the movement of electricity.
  • Customers - The end users of electricity.

Do we need all the Types and Levels?

Type # / Level / Example of DR connected to the distribution system(This is redundant; the entire 1547 is distribution level…help with some better words, please, Clay. )
I-1 / 1 / Inverter based generation, no energy storage, less than 10kW, single phase, low penetration.
I-2 / 2 / Inverter based generation, no energy storage, less than 10kW, single phase, moderate penetration.
I-3 / 3 / Inverter based generation, with or without energy storage, 10-15kW, single phase, moderate penetration and/or voltage sensitive feeder.
I-4 / 4 / Inverter based generation, with energy storage, 10-20kW, single or 3 phase, high penetration.
I-5 / 11 / Inverter based generation, with or without energy storage, 3 phase, greater than 20kW, on sensitive feeders or high levels of penetration or where remote control is needed to maintain system integrity.
I-6 / 14 / Inverter based generation that also supports local loads, with or without energy storage, 3 phase, greater than 20kW, on sensitive feeders or high levels of penetration.
I-7 / 16 / Inverter based generation that also supports local loads, with energy storage, 3 phase, greater than 500kW, medium voltage, with no transformers, on sensitive feeders or high levels of penetration.
.
S-1 / 1 / Synchronous generation DG, any size, designed primarily to support local loads not intended to supply power to EPS. Parallels to EPS only for the purpose of transferring load to/from the EPS. Must have directional relaying and active anti-islanding protection. Maximum parallel time less than 30 seconds.
S-2 / 2 / Synchronous generation Sync DG, less than 20kW, single phase, low penetration, with directional relaying
S-3 / 15 / Synchronous generation Sync DG installed for primarily supporting local loads, also able to supporting the EPS via load curtailment, any size, with active anti-islanding functionality.
S-4 / 12 / Synchronous generation Sync DG installed for EPS support, any size, with sensitive relaying or active methods to support anti- islanding. with low levels of penetration.
S-5 / 16 / Synchronous generation Sync DG installed for EPS support, greater than 500kW, on sensitive feeders with high penetration.
S-6 / 5 / Synchronous generation Sync DG designed to provide local loads and to export to EPS. kW and kVAR regulated (not droop regulated) when exporting to EPS. With active anti-islanding functionality. Any size. Installed on a low to moderate penetration EPS.
Level / 1 / 2 / 3 / 4 / 5 / 10 / 11 / 12 / 13 / 14 / 15 / 16
Monitor / kW / X / X / X / X / X / X / X / X / X / X
kVAR / X / X / X / X / X / X / X / X / X
Volts / X / X / X / X / X / X / X / X / X
Status (Available? On line?) / X / X / X / X / X / X / X / X
Toggle mode from kW support to var support
Trend / X / X / X / X / X / X / X / X
Voluntary Separation from EPS / X / X / X / X / X / X / X
Control
And
Monitor / Direct Transfer Trip / X / X / X / X / X
Load Curtailment Command with kW/kVAR levels / X / X / X / X
DR Permitted to parallel / X / X / X
Trip on loss of communication link / X
Bring on available generation
Gen Curtailment command with kw/kvar levels.
Droop

The method of communication is independent on the content to be communicated. The method of communication shall be agreed upon between the DR operator and the EPS operator.

Definitions:

Status. Is the DR available to operate? Is it currently in parallel with the EPS?

Trend. Is the DR output increasing (+), stable (/), or decreasing (-).

Voluntary Separation from EPS. The DR operator has decided to voluntarily separate from the EPS. Examples of this could be DR testing, “storm mode” or financially motivated.

Direct Transfer Trip. The EPS operator is commanding the DR no longer operate in parallel with the EPS. The DR operator must immediately, with no intentional delay, separate from the EPS. The DR operator may elect to take the local load or leave it on the EPS.

Load Curtailment Command/kW. The EPS operator requests the local DR to provide support to the EPS via previously agreed upon methods to the kW/kVAR level(s) specified. kW/kVAR units shall be in percent of previously agreed upon units. Examples include peak shaving, peak lopping, or full Interruptible Rate agreement. In Interruptible Rate agreement mode, the kW/kVAR is not needed.

DR permitted to parallel. The EPS operator shall set this bit to inform the DR operator when the DR will be allowed on the EPS. If this is not set, the DR operator may move the local load from the EPS to the DR, but only in open transition mode. Examples of this might be for local testing, maintenance or a EPS with varying penetration levels when the DR’s operation might threaten the stability of the EPS.

Trip on loss of communications link. The DR shall immediately separate from the EPS in the event of the loss of communications. The DR may leave the local loads on the EPS or may move them to the DR via open transition. No parallel operation is allowed until the communications link is repaired.

------

20140625 Mark Siira

5.1 System Level Testing

Electric power distribution and transmission systems involve complex control, communication and coordination of multiple devices and subsystems. Because of this complexity and ongoing evolution of control software and communication, it’s increasingly important to acknowledge the importance of commissioning and systems integration testing as well as ongoing maintenance testing. Effective execution of these allows all parties involved in a project to know that the system will perform its intended function and that critical failures are unlikely to occur.

Testing is commonly undertaken at different levels during the commissioning of a facility depending on the critical nature of the equipment installed and the effect of downtime on the facility owner’s business. Additionally, testing is done on a recurring basis depending on the maintenance guidelines set by company policies, specific industries or regulatory agencies. Finally, testing is often done to validate corrective actions resulting from a facility power system failure or downtime of the facility owner’s business.

5.1.1 Types of Testing

Design Test

Thisdesigntest (sometimes referred to as type test) shallbeperformedasapplicabletothespecificinterconnectionsystemtechnology.Thetestshall beperformed on arepresentativesample,eitherinthe factory,atatesting laboratory, oron equipmentinthefield. Thistestappliestoapackagedinterconnectionsystemusing system components that are type-tested to a standardortoaninterconnectionsystemthatusesanassemblyofdiscretecomponents that are type-tested to a standard..

Commissioning Testing

The purpose of commissioning is to provide documented confirmation that the systems function in compliance with the criteria set forth in the project documents to satisfy the owner’s operational needs.

Commissioning testing may be performed in the following areas:

Power quality – Testing for the presence of harmonics, voltage, or frequency abnormalities.

Grid interconnection – Testing of the paralleling switchgear and other interconnection subsystems to ensure that the system meet required codes and standards, and perform in accordance with the electric power provider. Additionally, testing for the generators to perform under load and load transients and load transfer management.

Intentional islanding – If it is part of the system function, testing should be performed for intentional islanding transitions from grid connect to island and back

System Testing

During this phase, testing is performed to evaluate the performance of the system. In addition, any anomalies or issues identified in earlier Investigations that have not previously been resolved will be evaluated. Steps should be considered for further evaluation during system testing to determine root causes and possible solutions. It is recommended that the testing process include the verification and calibration of critical sensors. Typically, critical sensors are those sensors which are essential to the effective and efficient operation of the system.

Performance Assurance

This testing will evaluate methods of measuring system performance and verifying proper implementation to demonstrate the succESS of specific performance criteria. Each measure should have a verification methodology appropriate to the size and complexity of the measure. The identified verification methodology is then incorporated into a Measurement and Verification (M&V) Plan. The M&V plan is intended to provide a comprehensive protocol to verify the performance of the measure/system and confirm that the predicted performance have been achieved upon the completion of implementation.

Recurring Maintenance Testing

Maintenance tests are performed on regular intervals as determined by the facility owner's policies, the industry's recommended practices, and the regulatory agencies requirements. As a general rule, recurring testing comparable to commissioning tests can be performed on a scheduled basis and serves the purpose to ensure that all of the subsystems in a complex facility are operating as intended by the designers.

--

5.2 Integration of DER with EPS – Protection

The DER and EPS form an integrated power system. The protection of the EPS, and all connected equipment, requires appropriate protection systems for each DER along with EPS and protection systems for other equipment. Each DER has several protection requirements that are needed to properly protect the DER and the EPS. These protection systems may be standalone systems or may communicate with other systems. But in all cases they are coordinated in such a way to provide protection of the system.