Secure Communication in Smart Grids

The challenges of designing future power grids are defined by the integration of all participating producers, consumers and prosumers. Here, generation of renewable power takes place at all voltage levels. For the growing sophisticated secondary distribution area, solutions have to be developed that meet the requirements of modern information and communication technologies – data management and cyber security in particular.

There is a trade-off that has to be managed between “conventional” grid expansions and upgrading with adequate protection and automation technology. Obviously, digital secondary systems are going to spread over the lower voltage levels where new tasks and jobs arise for the grid operators and their staff members. Sustaining voltage balance and ranges, management of shortages and island operation, control of reactive power levels as well as facing overloads act as typical future challenges that have to be met by the grid operators increasingly.

With SPRECON, Sprecher Automation provides an innovative, cost-effective and modular platform for automation and protection of primary systems. Beside traditional applications such as SCADA, telecontrol, substation automation and power system protection, Sprecher also introduces sophisticated solutions for secure and smooth operation of smart grids. Here, approved concepts are applied as integrative and homogenous solutions with high functional density. Exemplary application highlights are automated secondary substations and infeed management solutions for renewables.


Scheme of a secondary substation


Smarte Compact Modules

The compact SPRECON-E-T3 automation modules provide multiple functions for cost-effective and secure power supply. SPRECON-E-T3 consists of a basic system which drives cyber security, a communication device (GPRS), signalling, command and measured-value processing, network monitoring as well as sophisticated automation and protection functions for various control tasks. Additionally, SPRECON-E-T3 supports connection of smart meters and low power sensors. The measuring module for the connection of low power sensors is also applied within an Austrian guiding project called “iniGrid” which uses the system for research purposes in active distribution grids. Here, SPRECON is implemented into the secondary distribution area of Linz Strom Netz GmbH, a local utility of the Upper Austrian capital, where secondary substations are automated.

SPRECON-E-T3 features modular and step-by-step development of intelligent secondary substations in order to meet the new arising demands. The system also excels through a high level of flexibility in terms of future extensions.


Cyber Security

The growing networking density together with the growing number of grid participants amplifies the attack vector on energy systems. SPRECON systems have been developed for critical infrastructures such as energy, information & communication technologies, transportation & traffic as well as water supply.

Regarding IT security, SPRECON systems as well as all relevant business processes of Sprecher Automation have been already prepared to meet the specific demands. This especially applies to the German market. Here, the systems and processes are ready for upcoming certifications by the German Bundesnetzagentur – the Federal Network Agency for Electricity, Gas, Telecommunication, Post and Railway (IT security catalogue according to § 11, article 1a of the German Energy Economy Law). For exisiting information security management systems (ISMS) the following functions have already been implemented into the SPRECON devices:

  • Encryption of all Ethernet communication directly by device (process and service interfaces)
  • https access for integrated web server according to OWASP
  • Deactivated web server by default (activatable via SCADA by telecontrol protocol)
  • Device-wise authentication based on standards by the German Federal Office for Information Security
  • Integrated firewall directly implemented into the protection and control devices

SPRECON control and remote control devices support VPN tunnelling for all IP-based services and protocols. The system provides consistent security and encryption by the CPU. Together with the integrated modem or any other existing network it supports secure IP connections. The high-performance CPUs feature VPN tunnel setup and data encryption either by IPsec or OpenVPN. Both technologies can be applied which allows applications under specific conditions such as specific platforms, network components or cryptographic requirements. VPN connections – as usual for various projects – can be used for telecontrol or for communication with SCADA systems. They secure communication on station bus level. Full hardening is achieved through encryption of network services such as NTP.

SPRECON also features a firewall which is directly integrated into the firmware and therefore into the devices. The combination with existing firewalls increases security in accordance with the Defense-in-Depth principle. Furthermore, the system allows firewall extensions at application level in order to monitor communication via domain-specific protocols such as IEC 60870-5-104 or to block telegrams of unauthorised devices in advance to prevent compromising.

All user rights are managed within the SPRECON devices. Here, user or group administration is strictly separated from device configuration. The independent user or group administration therefore supports separation of service and IT department responsibilities. Moreover, the devices allow integration of LDAP- and RADIUS servers, where all adaptions regarding user or user groups as well as authorisations can be easily managed centrally.

SPRECON systems also support the Syslog Protocol which allows transfer of system messages via the network in order to analyse them upon applied regulations.

For years, Sprecher Automation has been realising modern and highly efficient smart grid solutions for various grid operators. Many well-known utilities – i.e. Dortmunder Energie- und Wasserversorgung GmbH (DEW21), TEN Thüringer Energienetze GmbH, Stadtwerke Mössingen, Stadtwerke Haltern am See GmbH and Stadtwerke Mosbach GmbH – trust in Sprecher’s internationally approved SPRECON platform.

The latest projects were infeed management for wind farms, PV power plants and thermal power stations of EnergieNetz Mitte GmbH, regionetz GmbH and Westfalen Weser Netz GmbH, where many different customer demands had to be met such as power reductions in steps of 0/30/60/100% (regionetz) or stepless reduction together with additional reactive power control including mA output (Westfalen Weser Netz).