IEC 61850 Process Bus
IEC 61850 Process Bus
IEC 61850 Process Bus
454 www.GEDigitalEnergy.com
IEC 61850 Process Bus
The IEC global communications standard IEC 61850 Process bus technical attributes
“Communications networks and systems in substations” defines,
in Part 9, the message formats and time synchronization A practical process bus system designed around IEC 61850 Part
requirements for transmitting raw sampled values over digital 9 communications, must be complete and comprehensive for all
communications. However, IEC 61850 focuses on transparency protection and control applications, fit for purpose for the utility
and standardization of data communications. The standard does switchyard, simple and intuitive to design and install, open and
not define Implementation issues such as suitable architectures, non-proprietary, scalable, reliable, testable, and maintainable. The
reliability, data sharing, maintainability, testability, and scalability. architecture of a process bus system determines how all these
desirable attributes will be met.
Application goal of IEC 61850 In a possible architecture, the process interface unit (PIU) provides
process bus all data acquisition and control points. The PIU is the landing point
www.GEDigitalEnergy.com 455
IEC 61850 Process Bus
Scalability
Process bus architecture
A successful system needs to be scalable, from a single zone of
The design of the process bus system, then, determines the
protection to an entire substation, with the capability to continue
success of the system. Some key attributes require a more detailed
expanding one zone at a time as required. An expansion or
discussion.
modification should not raise any network congestion concerns, or
Comprehensible and complete architecture other problems. The system must be both feasible and economically
attractive in both retrofit and green-field situations.
Any component of the system, including PIUs, protective relays,
communication infrastructure, datasets, time synchronization, and Testability and maintainability
so on can be designed only after a complete architecture is created
The system needs to be provisioned to facilitate testing and
demonstrating the ultimate shape of the system. The architecture
maintenance. Testing is defined here as verification and
needs to be simple and intuitive for all affected disciplines in the
IEC 61850 Process Bus
When increasing the number of electronic devices and connections Cyber security
in a system, the system’s reliability decreases with the increasing
The system needs to be secure from a cyber security point of view.
device count. This can be demonstrated using typical Mean Time
The high data rates of the process bus traffic and the requirement
To Failure (MTTF) data and running calculations on hypothetical
of very high availability of this data create challenges for known
process bus architectures. Results clearly show that each
cyber security solutions such as intrusion detection or encryption.
additional element in the system will increase the failure frequency.
Cyber security issues, if left unattended, may either slow down
In a properly designed architecture compensating measures, which
adoption of the solution by creating the need to augment it later
often increase system complexity and cost, should not be required
for compliance, and/or may create extra cost and effort for the
to make up for artificially reduced reliability.
user when deploying and running the system. The best solution is
Minimal co-dependencies to develop an architecture which does not introduce issues related
to cyber security in the first place.
Today, a single zone of protection can be taken out of service for
upgrades, troubleshooting, periodic testing or maintenance without
impacting the rest of the secondary system and without an outage
in the primary system (for applications where there is a redundant
protection system). A zone of protection can be engineered and
deployed with minimal interactions with respect to other secondary
systems. This separation has proved an indispensable foundation
of practical protection engineering, and needs to be retained in the
next generation solutions. Without proper consideration, a firmware
upgrade for a single digital component of the system may result
in unexpected system behavior and ultimately may trigger a
firmware upgrade to adjacent devices. Such domino effects created
by co-dependencies are undesirable, may introduce latent failure
modes and ultimately would become obstacles in acceptance of
the system.