www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Advanced Cyber-Security: Universal solution for Grid IoT OT/IT Integration Ameen Hamdon, President, SUBNET Solutions Inc
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Universal solution for Grid IoT Integration
• Grid IoT Universal Solution Background – Historical Vendor Specific Issues and Complexity
– Evolving List of Capabilities needed in a Universal Solution
– Reoccurring risks and issues of Smart Grid Integration Projects
• Benefits of Universal Solution – Multi-Vendor, Multifunction Smart Grid Integration Standard
– Vendor Choice = Competition, Innovation, Savings
– Integrated Integration
– 200% to 500%+ ROI Potential
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SYSTEM Intelligence
Objectives for Universal Grid IoT Integration Solution
SubSTATION Intelligence
All Your Primary Equipment and Device Vendors All Your Top Tier OT and IT Management Systems
All Your Various Data Communication Options
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SYSTEM Intelligence
Specifically Multi-Vendor vs Vendor Specific
SubSTATION Intelligence
Universal
Grid IoT OT/IT
Integration
Solution
Need A Multi-Vendor, Multi-Function Integration Solution
All Your Primary Equipment and Device Vendors All Your Top Tier OT and IT Management Systems
All Your Various Data Communication Options
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SYSTEM Intelligence
Multi-Function Integration vs Multiple Single Function
SubSTATION Intelligence
Multi-Function Integration 1. SCADA Data Collection 2. Non-SCADA Data Collection 3. Secure Remote Access 4. Password Management 5. Configuration Management 6. Firmware Management
Need A Multi-Vendor, Multi-Function Integration Solution
All Your Primary Equipment and Device Vendors All Your Top Tier OT and IT Management Systems
All Your Various Data Communication Options
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Unified Device Integration and Security
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Grid IoT Represents that Latest Wave of Connected Grid Solutions
FLISR IVVC Equip Mon Inverters Line Monitors
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Thousands of IoT Devices being Deployed: Benefits
- Many New Smart Grid Devices
- New Vendors entering the Market
- New Innovative Product Offerings
- Many New Smart Grid Applications
- The Connected Grid offers many Benefits
- Large Investor-Owned Utilities (IOUs) with Budgets of 100Ms, 1B+ Grid Modernization Budgets
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Intelligent End Point IEDs
Business Intelligence Systems
Networking Communications Equipment
Can OT Devices Keep Pace with IT Technology (Evolving Security and Integration)
Life Span
5 years
Life Span
10 - 20 years
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Lessons Learned from Connected Grid v1.0
Vendor Specific Technology – A Constant Challenge
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
“Necessity
is the
mother
of
invention”
Famous Proverb
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
of 1965
• A significant disruption in the supply of electricity on November 9, 1965 @ 5:16 p.m.
• Affected • Connecticut, Massachusetts, New Hampshire
• Rhode Island, Vermont, New York, New Jersey
• Ontario, Canada
• Over 30 million people Affected
• Task Force Created to Investigate the Blackout
Northeast Blackout
Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_1965
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
2nd November 9, 1965 Event . . .
• Approximately 7 hours prior to the Blackout, a lesser known event occurred in Western Canada
• At 8:05 a.m. Mountain Time
• My Twin Brother was Born
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
• Task Force created to Investigated Blackout
• Task Force Conclusions:
• Lack of voltage and current monitoring was a contributing factor
• Task Force Recommendations
• EPRI and electric power industry developed new metering and monitoring equipment & systems
• These systems became the modern SCADA
Northeast blackout of 1965
Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_1965
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SCADA Vendor A’s Solution
SCADA Vendor A’s Protocol
Vendor Specific SCADA Protocol Issues
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SCADA Vendor B’s Protocol
Vendor Specific SCADA Protocol Issues
SCADA Vendor B’s Solution
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SCADA Vendor C’s Protocol
Vendor Specific SCADA Protocol Issues
SCADA Vendor C’s Solution
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SCADA Vendor D’s Protocol
Vendor Specific SCADA Protocol Issues
SCADA Vendor D’s Solution
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SCADA Vendor E’s Protocol
Vendor Specific SCADA Protocol Issues
SCADA Vendor E’s Solution
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The Vendor Specific SCADA RTU
Only okay if you only use
that One Vendor
SCADA Vendor X’s Protocol
What if have more that one vendor???
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Partial List of Vendor Specific
Protocols
ABB Spa Bus
ABB RP-570
ABB RP-571
ABB Indactic 33/1
ABB Indactic 33/41
ABB Indactic 33/41 Ext.
ACS 3100
AEP Synchronous
AEP Asynchronous
ASEA ADLP 80
ASEA ADLP 180
ASW LS RTU1
Amtrak SDLC
Avista Inp 1000
Bailey MPC
Boeing SDLC
CAE Micro RTU1
CAE HDLC
CDC Type 1
CDC Type 1-12 bit adrs
CDC Type 1 ASCII
CDC Type 2
CDC Type 2 synchronous
CDC Type 2 extended
CDT Types 1, 2, 3, 4, 5
Cegelec HN Z 66 S 11/15
Compumech CD-4150
Conitel 300
Conitel 2000
Conitel 2020
Conitel 2025
Conitel 2100B
Conitel 2100H
Conitel 2100M
Conitel 3000
DYNAC DYNET
Ferranti Van Comm
Fuji
Getac/ 7020/4-BCH
Getac/Betac 7020-LP
Getac/Betac SDLC
Harris 5000/6000
Harris Micro 2
Harris Micro 3
Honeywell 7000
Modbus ASCII
Modbus RTU
Modbus TCP
Moore 9000
Newfoundland
OPC-XML DA
PG&E 2179
Pert 26/31
QEI/Quindar QPLH1
QEI/Quindar Quics II
QEI/Quindar Quics IV1
Quantum DNP 1/QDIF
RainWise Serial
Recon 1.1
Redac 70D
Redac 70H
Redsad
Rockwell 5010
Rockwell 5011 (standard)
Rockwell 5011 (PSI)
Rockwell 5012
Rockwell 5020
SCADA Consultants
Scadapac 1
Scadapac 5
SCA 2500
SCI RDACS1
SEL Fast Meter
SEL Fast Message
SEL Interleiaved
SES 92
SES 92 (GRE)
SES 92 IP (GRE)
Siemens Sinaut 8-FW/DPDM
Southern Services
Southwestern PS Co. SPS
Systems Control 5
Systems Control 5.2
SC1801 5.4.1
SC1802 5.5
SC1803 6
Systems Northwest 11.1
Systems Northwest 111
Systems Northwest Distribution
Toshiba
Telegyr BOA
Telegyr BOA Byte
Telegyr MPS9000 Async
Telegyr MPS9000 Sync
Telegyr Telegyr 800
Telegyr Telegyr 8979
TLC 11M
TRW 850
TRW 9550
TRW System 9
Valmet (Tejas) Series 3
Valmet (Tejas) Series 5
Valmet (Tejas) Series 5 extended
Westinghouse Wisp+
Westinghouse Wisp+
Weston Recon 1
1st Connected Grid Wave SCADA – 1970+
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
STATION
Intelligence
SYSTEM
Intelligence
Protocol C
Any Protocol
Universal SCADA Data Management Solution =
Replace Vendor Specific RTU with Specifically Multi-Vendor RTU/ Gateway
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Vendor IED Support Matrix
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Harris 5000, 6000 ? ? ? ? ?
5 Alstom Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Defining Interoperability
Past Three Decades Operational SCADA Data Collection
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
August 14, 2003 History Repeats
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Northeast Blackout of 1965
Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_1965,
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Northeast Blackout of 2003
• A significant disruption in the supply of electricity on August 14, 2003 @ 4:10 p.m.
• Affected • Northeastern United States
• Midwestern United States
• Ontario, Canada
• Over 55 Million People Affected
• Task Force Created to Investigate the Blackout
Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Northeast Blackout of 2003
• Task Force Recommendations
– Improve Monitoring • Improved Access to Fault Information
• Need Better Time Stamped Data and Data Quality
• Improve Cyber and Physical Security (NERC CIP) • Improve IED Access Management
• Password Management
• Firmware Management
• Improve Reliability • Better Testing and Device Configuration
Controls
• IED Configuration Management Reference: http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
STATION
Intelligence
SYSTEM
Intelligence
Protocol C
Any Protocol
Total SCADA Data Management Solution =
Requires a Multi-Vendor SCADA Protocol Solution
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
STATION
Intelligence
SYSTEM
Intelligence
Event File C
Total Device Event File Management
Requires a Multi-Vendor Event File Solution
Centralized Event Files
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
STATION
Intelligence
SYSTEM
Intelligence
Login PW C
Total IED Access Control
Requires a Multi-Vendor
IED Access Control Solution
Centralized Access Control
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
STATION
Intelligence
SYSTEM
Intelligence
PW Change C
Total Password Management
Requires a Multi-Vendor
Password Management Solution
Centralized Password Management
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
STATION
Intelligence
SYSTEM
Intelligence
Config C
Total Device Configuration Management Solution =
Specifically Multi-Vendor Configuration Management
Centralized Config Management
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Northeast Blackout of 2003
• 1965 = Vendor Specific Protocol Communications
• 2003 = Vendor Specific Fault Records Collection
• 2003 = Vendor Specific IED Access Management
• 2003 = Vendor Specific Password Management
• 2003 = Vendor Specific Configuration Management
• 2003 = Vendor Specific Operating Systems Security
• 2003 = Vendor Specific Firmware Management
The Vendor Specific
Issue Repeating Itself
Over & Over Again
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Beyond SCADA Integration. Today we need to deal with the complexity of…
• Fault File Management
• Remote Engineering Access (CIP-005, CIP-007)
• Password Change Management (CIP-005, CIP-007)
• Configuration Management (CIP-010, PRC-005)
• IED Documentation Management is even complicated
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Defining Interoperability
Today Operational
Firmware Management
Configuration File Management
Password Change Management
Secure Remote Access Management
Non SCADA Data Collection
SCADA Data Collection
& Maintenance
+
Device
Management
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Vendor IED Support Matrix
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Harris 5000, 6000 ? ? ? ? ?
5 Alstom Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Vendor IED Support Matrix Need IED Access, Password, Config & Firmware Management
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Harris 5000, 6000 ? ? ? ? ?
5 Alstom Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
IED Vendors have long history of providing vendor specific solutions…
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Alstom Harris 5000, 6000 ? ? ? ? ?
5 Eaton Cooper Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
IED Vendors have long history of providing vendor specific solutions…
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Alstom Harris 5000, 6000 ? ? ? ? ?
5 Eaton Cooper Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
IED Vendors have long history of providing vendor specific solutions…
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Alstom Harris 5000, 6000 ? ? ? ? ?
5 Eaton Cooper Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
IED Vendors have long history of providing vendor specific solutions…
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Alstom Harris 5000, 6000 ? ? ? ? ?
5 Eaton Cooper Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
IED Vendors have long history of providing vendor specific solutions…
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Alstom Harris 5000, 6000 ? ? ? ? ?
5 Eaton Cooper Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Function IED Management
IED
Access IED
Passwords IED
Configurations IED
Firmware
Auditable Process Control
Management
Control IED Access and who is authorized to access what IEDs
Control IED Passwords and who authorized to knows what passwords
Control IED Configurations and who authorized to change what configurations
Centralized IED Firmware Control
Active Monitoring & Alerting
Alert Unauthorized IED Access attempts
Monitor IED Password Changes
Monitor IED Configuration Changes
Monitor IED Firmware Changes
Automated Change
Management
Updates with AD Users and Group changes
Automate IED Password Changes
Automate IED Configuration Changes
Automate IED Firmware Changes
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Vendor IED Support Matrix Need IED Access, Password, Config & Firmware Management
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? ? ? ? ?
2 ABB RP-570, 571.. ? ? ? ? ?
3 SEL SEL FM, SEL ASCII.. ? ? ? ? ?
4 GE Alstom Harris 5000, 6000 ? ? ? ? ?
5 Eaton Cooper Proprietary ? ? ? ? ?
6 Schneider Tejas III, V, … ? ? ? ? ?
7+ etc More…. ? ? ? ? ?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Vendor IED Support Matrix Multiple Control, Monitor, Automate Use Cases
Vendor
Protocol Matrix
Event File Collection
Mgmt
IED Access Mgmt
Password Change Mgmt
IED Config Change Mgmt
Firmware Change Mgmt
1 Siemens L&G 8979, Spa-Bus ? C M A C M A C M A C M A
2 ABB RP-570, 571.. ? C M A C M A C M A C M A
3 SEL SEL FM, SEL ASCII.. ? C M A C M A C M A C M A
4 GE Alstom Harris 5000, 6000 ? C M A C M A C M A C M A
5 Eaton Cooper Proprietary ? C M A C M A C M A C M A
6 Schneider Tejas III, V, … ? C M A C M A C M A C M A
7+ etc More…. ? C M A C M A C M A C M A
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
One SUBNET Utility Customers’ IED Support Matrix
89 Different IEDs
17+ Use Cases Defined To Date
Advanced/ Automated Functions
Login Logout Passwords Configurations Firmware Events SOE Logs Discover
Au
tom
ated
logi
n
Au
tom
ated
logo
ut
Ch
ange
Dev
ice
Pas
swo
rd in
ga
tew
ay
Ch
ange
Pas
swo
rd
Bac
kup
co
nfi
g
Res
tore
Co
nfi
g
Ge
t C
on
fig
sum
mar
y
Ret
riev
e fi
rmw
are
vers
ion
Co
mp
are
firm
war
e
Up
dat
e fi
rmw
are
Ret
riev
e n
ew e
ven
t fi
les
Ret
riev
e SO
E fi
les
Ret
riev
e d
evic
e lo
gs
Dis
cove
r C
on
nec
ted
d
evic
es
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Evolving SUBNET’s Unified Grid Intelligence is a continual process. Always new devices, Always new use cases…
New IEDs every month
New Use Cases every year…..
Advanced/ Automated Functions
Login Logout Passwords Configurations Firmware Events SOE Logs Discover
Au
tom
ated
logi
n
Au
tom
ated
logo
ut
Ch
ange
Dev
ice
Pas
swo
rd in
ga
tew
ay
Ch
ange
Pas
swo
rd
Bac
kup
co
nfi
g
Res
tore
Co
nfi
g
Ge
t C
on
fig
sum
mar
y
Ret
riev
e fi
rmw
are
vers
ion
Co
mp
are
firm
war
e
Up
dat
e fi
rmw
are
Ret
riev
e n
ew e
ven
t fi
les
Ret
riev
e SO
E fi
les
Ret
riev
e d
evic
e lo
gs
Dis
cove
r C
on
nec
ted
d
evic
es
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Many Different IoT Devices, Old and New, 20 year old IED
10 year old IED
3 year old IED Dozens of
Different Vendor IEDs
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Function Integration Evolution
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Function Integration Evolution
Today Operational
Firmware Management
Configuration File Management
Password Change Management
Secure Remote Access Management
Non SCADA Data Collection
SCADA Data Collection
& Maintenance
+
Device
Management
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Expanding Integration Systems
Remote Engineering
Access
Password Change
Management
Non-SCADA Data
Collection
Configuration and Firmware Management
Firmware Management
Configuration Management
Password Change Management
Secure Remote Access
Non SCADA Data Collection
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Interdependency of Systems
Remote Engineering
Access
Password Change
Management
Non-SCADA Data
Collection
Configuration and Firmware Management
Interleaving of Operational and Non Operational Device Access
Non-SCADA Data Collection may require knowledge of device password
Passwords may be stored in the configuration
Access to a device requires knowledge of the device password
Extracting a configuration from a device requires remote access
Password changes requires remote access
Access to a device requires knowledge of the device password
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Grid IoT: Grid Integration v3.0
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Typical Utility Grid IoT Execution Project Team for Each Solution
FLISR IVVC Equip Mon Inverters Line Monitors
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SYSTEM Intelligence
Utility Standard Typically
Your Utilities BI System Standards
Your Utilities OT System Standards
Your Utilities Comm System
Standards
Your Utilities IED Edge Integration
Standard????
Does this exist??
Or is this done in a - Project Specific
- Vendor Specific way>
ADMS
OSIsoft PI or eDNA
SAP, Maximo?
SCADA Vendor
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR of Things: Select Edge Device
SYSTEM Intelligence
SELECT FLISR IEDS
ADMS
OSIsoft PI or eDNA
SAP, Maximo?
SCADA Vendor
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR of Things: Determine Communication Network
SYSTEM Intelligence
SELECT FLISR IEDS
Determine Comms FLISR IEDs
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR of Things: Determine SCADA Interface
SYSTEM Intelligence
SELECT FLISR IEDS
Determine Comms FLISR IEDs
Determine FLISR SCADA DATA Collection
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR of Things: Determine Historian Integration
SYSTEM Intelligence
SELECT FLISR IEDS
Determine Comms FLISR IEDs
Determine FLISR SCADA DATA Collection
Determine Historian FLISR Data Collection
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR of Things: Determine Integration with other BI
SYSTEM Intelligence
SELECT FLISR IEDS
Determine Comms FLISR IEDs
Determine FLISR SCADA DATA Collection
Determine Historian FLISR Data Collection
Integration FLISR Data to Maximo, ESRI
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR of Things: Determine IED Management
SYSTEM Intelligence
SELECT FLISR IEDS
Determine Comms FLISR IEDs
Determine FLISR SCADA DATA Collection
Determine Historian FLISR Data Collection
Integration FLISR Data to SAP, Maximo, ESRI
Determine how to manage FLISR Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Repeat for Implementing VVC
SYSTEM Intelligence
SELECT VVC IEDS
Determine Comms VVC IEDs
Determine VVC SCADA DATA Collection
Determine Historian VVC Data Collection
Integration VVC Data to SAP, Maximo, ESRI
Determine how to manage VVC Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Repeat for Implementing Fault Indication (Fault In)
SYSTEM Intelligence
SELECT FaultIn IEDS
Determine Comms FaultIn IEDs
Determine FaultIn SCADA DATA Collection
Determine Historian FaultIn Data Collection
Integration FaultIn Data to SAP, Maximo, ESRI
Determine how to manage FaultIn Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Repeat for Implementing Smart Inverter Integration
SYSTEM Intelligence
Select Inverter IEDS
Determine Comms Inverter IEDs
Determine Inverter SCADA DATA Collection
Determine Historian Inverter Data Collection
Integration Inverter Data to SAP, Maximo, ESRI
Determine how to manage Inverter Devices? IED Access Control, PW Mgmt, Config Mgmt, Firmware Mgmt
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Typical Result: Implemented Many Project Specific, Vendor Specific Systems
SYSTEM Intelligence
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
FlISR IEDS Vendor 1
FLISR DATA Collection
FLISR Data Historian
FLISR BI Integration
FLISR Device Mgmt
VVO IEDS Vendor 2
VVO DATA Collection
VVO Data Historian
VVO BI Integration
VVO Device Mgmt
CFI IEDS Vendor 3
CFI DATA Collection
CFI Data Historian
CFI BI Integration
CFI Device Mgmt
Smart Inv Vendor 4
S Inv DATA Collection
S Inv Data Historian
S Inv BI Integration
S Inv Device Mgmt
XFMR Mon Vendor 5
XFMR DATA Collection
XFMR Data
Historian XFMR BI
Integration XFMR Device
Mgmt
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
FLISR DATA Collection
FLISR Data Historian
FLISR BI Integration
FLISR Device Mgmt
VVO DATA Collection
VVO Data Historian
VVO BI Integration
VVO Device Mgmt
CFI DATA Collection
CFI Data Historian
CFI BI Integration
CFI Device Mgmt
S Inv DATA Collection
S Inv Data Historian
S Inv BI Integration
S Inv Device Mgmt
XFMR DATA Collection
XFMR Data
Historian XFMR BI
Integration XFMR Device
Mgmt
Extend Your Utilities Integration Standard Closer to the Edge
Your Utilities BI System Standards
Your Utilities OT System Standards
Your Utilities Comm System
Standards
Your Utilities IED Edge Integration
Standard??
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
FlISR IEDS Vendor 1
VVO IEDS Vendor 2
CFI IEDS Vendor 3
Smart Inv Vendor 4
XFMR Mon Vendor 5
FlISR IEDS Vendor 2
VVO IEDS Vendor 2
CFI IEDS Vendor 2
Smart Inv Vendor 2
XFMR Mon Vendor 2
FlISR IEDS Vendor 3
VVO IEDS Vendor 3
CFI IEDS Vendor 3
Smart Inv Vendor 3
XFMR Mon Vendor 3
Integrated Integration
• ANY IED SCADA and Non-SCADA-DATA Collection
• ANY IED Historian Data Collection • Any IED Integration with BI • ANY IED Device Management
• IED Access Control • Password Management • Configuration Management • Firmware Management
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
FLISR DATA Collection
FLISR Data Historian
FLISR BI Integration
FLISR Device Mgmt
VVO DATA Collection
VVO Data Historian
VVO BI Integration
VVO Device Mgmt
CFI DATA Collection
CFI Data Historian
CFI BI Integration
CFI Device Mgmt
S Inv DATA Collection
S Inv Data Historian
S Inv BI Integration
S Inv Device Mgmt
XFMR DATA Collection
XFMR Data
Historian XFMR BI
Integration XFMR Device
Mgmt
Extend Your Utilities Integration Standard Closer to the Edge
Your Utilities BI System Standards
Your Utilities OT System Standards
Your Utilities Comm System
Standards
Your Utilities IED Edge Integration
Standard??
ADMS
OSIsoft PI or eDNA
SCADA Vendor
SAP, Maximo?
FlISR IEDS Vendor 1
VVO IEDS Vendor 2
CFI IEDS Vendor 3
Smart Inv Vendor 4
XFMR Mon Vendor 5
FlISR IEDS Vendor 2
VVO IEDS Vendor 2
CFI IEDS Vendor 2
Smart Inv Vendor 2
XFMR Mon Vendor 2
FlISR IEDS Vendor 3
VVO IEDS Vendor 3
CFI IEDS Vendor 3
Smart Inv Vendor 3
XFMR Mon Vendor 3
Integrated Integration
Remote Engineering
Access
Password Change
Management
Non-SCADA Data
Collection
Configuration and
Firmware Manageme
nt
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Multi-Vendor System Level Down Approach is Key
Devices Up Integration Approach System Level Down Integration Approach
SYSTEM Intelligence
Asset MS
Historian
FLISR
IVVC
XFMR Mon
Inverters
CFI
Eng Access
Dev Mgmt
Fault Data
FlISR IEDS
Vendor 1
VVO IEDS Vendor 2
CFI IEDS Vendor 3
Smart Inv
Vendor 4
XFMR Mon
Vendor 5
FlISR IEDS
ADMS Data
VVO IEDS ADMS Data
CFI IEDS ADMS Data
Smart Inv
ADMS Data
XFMR Mon
ADMS Data
FlISR IEDS
Historian Data
VVO IEDS Historian Data
CFI IEDS Historian Data
Smart Inv
Historian Data
XFMR Mon
Historian Data
FlISR IEDS
Asset Mgmt
VVO IEDS Asset Mgmt
CFI IEDS Asset Mgmt
Smart Inv
Asset Mgmt
XFMR Mon
Asset Mgmt
FlISR IEDS
Device Mgmt
VVO IEDS Device Mgmt
CFI IEDS Device Mgmt
Smart Inv
Device Mgmt
XFMR Mon
Device Mgmt
SUBNET PSS
IoT Data Collection
SUBNET PSC
IoT Device
Management
SYSTEM Intelligence
Asset MS
Historian
FLISR
IVVC
XFMR Mon
Inverters
CFI
Eng Access
Dev Mgmt
Fault Data
FlISR IEDS
Vendor 1
VVO IEDS Vendor 2
CFI IEDS Vendor 3
Smart Inv
Vendor 4
XFMR Mon
Vendor 5
FlISR IEDS
ADMS Data
VVO IEDS ADMS Data
CFI IEDS ADMS Data
Smart Inv
ADMS Data
XFMR Mon
ADMS Data
FlISR IEDS
Historian Data
VVO IEDS Historian Data
CFI IEDS Historian Data
Smart Inv
Historian Data
XFMR Mon
Historian Data
FlISR IEDS
Asset Mgmt
VVO IEDS Asset Mgmt
CFI IEDS Asset Mgmt
Smart Inv
Asset Mgmt
XFMR Mon
Asset Mgmt
FlISR IEDS
Device Mgmt
VVO IEDS Device Mgmt
CFI IEDS Device Mgmt
Smart Inv
Device Mgmt
XFMR Mon
Device Mgmt
Integrated Integration
Remote Engineering
Access
Password Change
Management
Non-SCADA Data
Collection
Configuration and
Firmware Manageme
nt
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Universal Grid IoT Integration Project Example 1
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Project 1 – Electric Utility, North Eastern US Universal Grid IoT Data Concentration
• Service Area
– 26,000 sq. kilometer service territory
– 80,000 kilometers of Distribution circuits
– 12,800 kilometers of Transmission lines
– 1.4 million meters (transitioning to Smart Meters)
• Deploying 7000 Grid IoT devices
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Thousands of Grid IoT Devices being Deployed
FLISR
IVVC
XFMR Mon
Inverters
CFI
• 7000 Devices Being Deployed • Rollout = Approximately 3 Devices added per Day • Didn’t want ADMS to poll all 7000 (Cost, Disruptive) • Didn’t want ADMS to be middleman for Historian (Cost, Disruptive)
SYSTEM Intelligence
Asset MS
Historian
ADMS
Eng Access
Dev Mgmt
Fault Data
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Add in Universal Grid IoT FEP for both OT (ADMS) and IT (Historian, SAP, Analytics)
FLISR
IVVC
XFMR Mon
Inverters
CFI
1. Add in Separate IoT FEP Poll Devices 2. IoT FEP Polled for OT Data by ADMS 70 Devices vs 7000, 5% of Data 3. IoT FEP Supplies Data Directly to Historian and Asset Management
SYSTEM Intelligence
ADMS
Asset MS
Historian
Eng Access
Dev Mgmt
Fault Data
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Case Study – Electric Utility, US
• All operational SCADA data such as Volt, Amp, Status goes to DMS and displayed to System Operators.
• Telemetry not required by DMS goes directly into the PI System. Saves on licensing costs and network traffic.
• DMS also send data to PI, which is useful for calculated outputs.
• A simplified architecture reducing multiple and proprietary data collectors.
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Universal Grid IoT Integration Project Example 2
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Project 2 – Canadian Provincial Utility Universal Grid IoT Device Management
• Generation – 41 Dam sites,
– 30 Hydro Facilities
– 9 Thermal units
• Transmission – ~18,000 km of lines
– ~260 substations
• Distribution – ~56,000 km of distribution lines
– ~1.8 million customers
– Service Area: 944,735 km2 (364,764 sq mi)
• Deploying 7000 Grid IoT devices
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Thousands of Grid IoT Devices being Deployed
FLISR
IVVC
XFMR Mon
Inverters
CFI
• 7000 Devices Being Deployed • Was doing Traditional ADMS Data Collection • Needed Multi-Vendor Device Management (Avoid Truck Rolls) • Needed Cyber Security (Password Management)
SYSTEM Intelligence
Asset MS
Historian
ADMS
Eng Access
Dev Mgmt
Fault Data
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Expand IoT FEP for Engineering Access / Device Mgmt
FLISR
IVVC
XFMR Mon
Inverters
CFI
1. Adds Secure Remote Access 2. Adds Password Management 3. Adds Configuration and Firmware Management 4. Specialized Technology able to manage Essentially Any Device
Asset MS
Historian
Eng Access
Dev Mgmt
Fault Data
SYSTEM Intelligence
ADMS
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR Dollars: Vendor Specific
SYSTEM Intelligence
Automated Recloser SW /w IED Implement Vendor Specific
Device Management System
$40K/switch Qty = 1000 = $40,000,000
FlISR IEDS Vendor 1
FlISR IEDS ADMS Data
FlISR IEDS Historian Data
FlISR IEDS Asset Mgmt
FlISR IEDS Device Mgmt
$45K/switch? Qty = 1000 = $45,000,000
Phase 2: Install another 1000 units
Phase 1: Install 1000 units
ADMS
Asset MS
Historian
Eng Access
Dev Mgmt
Fault Data
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
The FLISR Dollars: Specifically Multi-Vendor
SYSTEM Intelligence
Automated Recloser SW /w IED Implement Multi Vendor
Device Management System
$40K/switch Qty = 1000 = $40,000,000
FlISR IEDS Vendor 1
FlISR IEDS ADMS Data
FlISR IEDS Historian Data
FlISR IEDS Asset Mgmt
FlISR IEDS Device Mgmt
Phase 2: Install another 1000 units
$25K/switch? Qty = 1000 = $25,000,000
Phase 1: Install 1000 units
ADMS
$35K/switch? Qty = 1000 = $35,000,000
Potential of up to $15M in Savings (over 35%)
New Lower Cost Competitor Option
Asset MS
Historian
Eng Access
Dev Mgmt
Fault Data
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Total Universal Grid IoT Solution Both Universal Data Collection AND Device Management
FLISR
IVVC
XFMR Mon
Inverters
CFI SYSTEM
Intelligence
ADMS
Asset MS
Historian
Eng Access
Dev Mgmt
Fault Data
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Total Universal Grid IoT Solution Both Universal Data Collection AND Device Management
FLISR
IVVC
XFMR Mon
Inverters
CFI SYSTEM
Intelligence
ADMS
Asset MS
Historian
Eng Access
Dev Mgmt
Fault Data
Extend your Utilities’ integration solution to enable standardized integration and Security to any Device
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SUBNET Grid IoT Security and Integration Key Benefits
• Benefits of Universal Solution Benefits Extend Life of Current Install Base
• Multi-Vendor Competition Savings (2X to 5X+ ROI)
– Make Primary and Edge Device Vendor Compete with Multi-Vendor Integration
– Enable Vendor Choice, Avoid Vendor Lock In
• Ensure Maintenance of Grid IoT Infrastructure is cost effective
– Device OT and IT Data Collection Grid IoT Devices
– Centralized Device Management of Grid IoT Devices
– Focus on integrating your systems not trying to multiple Integrate Systems
• Have a Security and Integration Standard for all your Smart Grid projects
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
Q&A Session / Contact Details
Ameen Hamdon President, CEO Mobile: +1 403 270-8885 Email: [email protected]
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SUBNET Company Overview
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SUBNET Company Overview • Our Company:
– Private and Founded in 1992
– Software Engineering
– Smart Grid Industry
– HQ: Calgary, Alberta
• Clients:
– 200+ Utilities Worldwide
• Transmission
• Distribution
• Generation
• Renewable Energies
– 50+ Value Added Resellers (VARs)
• Core Expertise:
- Device Management for all your Transmission, Distribution, Generation, Asset Monitoring infrastructure
- Grid IoT Modernization
- Multi-Vendor IED Integration Solutions
- NERC CIP IED Security
- Substation Automation & HMI Solutions (DNP3, IEC 61850, 101/104, OPC, etc.)
• Partners
- OEMs
- Technology Partners
- Networking Partners
- Data Partners
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SUBNET Operations 2017
Philadelphia
England
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
OT
IT
SUBNET’s Vision Substation Integration, Automation and Cyber Security
NETWORK
TECHNOLOGIES
SUBSTATION
TECHNOLOGIES
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SUBNET Does Not Provide…
Intelligent End Point
IEDs
Common Utility Business Intelligence
Systems
Networking Communications
Equipment
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SYSTEM Intelligence
SUBNET Provides Software to Securely Connect IEDs to Business Intelligence Systems
SubSTATION Intelligence
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SYSTEM Intelligence
SUBNET Unified Grid Intelligence for a Specifically Multi-Vendor Smart Grid
A
N
Y
D
E
V
I
C
E
A
N
Y
N
E
T
A
N
Y
S
Y
S
T
E
M
A N Y I N T EG R AT I O N P R OJ EC T
SubSTATION Intelligence
www.SUBNET.com © Copyright 2016 SUBNET Solutions Inc.
SUBNET Unified Grid Intelligence: Any Grid Project, One Integration Solution