- Original research
- Open Access
Efficient maintenance testing in digital substations based on IEC 61850 edition 2
© The Author(s) 2017
- Received: 1 March 2017
- Accepted: 2 June 2017
- Published: 9 November 2017
Digital substations are mostly important in the future of the electric power industry which makes their testing a critical process to ensure the required reliability and security of the grid. The paper introduces the definition of a digital substation and efficient testing, as well as the requirements for isolation during testing. It later describes testing related features in IEC 61850 Edition 2 and testing methods that can be used in digital substations. Maintenance testing examples and testing tools requirements are also presented. And remote testing principles are described at the end of the paper. The proposed remote testing by controlling the test system in a remote substation from the convenience of the engineering office brings significant benefits by improving efficiency and safety, as well as reducing outage times.
- Digital substation
- Maintenance testing
- IEC 61850
The transition of the electric power industry towards a smarter grid is characterized with significant efforts to improve the efficiency in performing all tasks and reducing the duration of outages in case of events related to the operation of multifunctional protection IEDs [1–3]. The wide spread implementation of IEC 61850 based substation protection and the increased interest in digital substations based on the sampled values interface with the substation process is providing an opportunity to develop and implement protection, automation and control systems that can be tested remotely.
The testing of hardwired protection and control systems requires a crew to drive to (in many cases) a remote location to perform maintenance testing [4–6]. Replacing the hard wired interfaces with IEC 61850 based communications interfaces allows remote access to the substation for remote testing.
The replacement of part or all of the hardwired interfaces with communication links requires the development and implementation of methods and tools that maintain the same level of security during the testing process, while at the same time take advantage of all the benefits that IEC 61850 provides.
The paper first introduces the definitions of maintenance testing and remote testing and answers the question “Why do we need remote testing?” It then describes the principle requirement for isolation of IEDs from the point of view of the maintenance testing in an energized substation - related to the testing of a specific function element, a local protection scheme or a distributed function are discussed. The specialists involved in the testing of protection, automation and control schemes are used to a physical isolation of the test object based on the use of test switches that allow on one hand to open the circuit that trips the breaker and at the same time to replace the analog signals from the secondary of the current and voltage transformers with signals coming from the test equipment.
The second half of the paper describes the features in Edition 2 of IEC 61850 that can be used for virtual isolation of components of the protection scheme.
The last part of the paper discusses the methods and tools that can be used to perform the testing based on the IEC 61850 Ed. 2 definitions and how they meet the requirements for virtual isolation from a practical point of view [7–10]. The benefits and challenges related to remote testing of IEC 61850 communications based protection, automation and control IEDs and schemes are summarized at the end of the paper.
One of the main problems in the discussion of any subject is misunderstanding. It can be significantly reduced, or even eliminated, by clarifying the subject through a good definition.
2.1 Digital substation
An IEC 61850 based digital substation is a substation in which all interfaces between the primary equipment in the substation and the devices performing protection, automation, control, monitoring and recording are based on communications over the substation local area network using the models and services defined in the standard.
Stand Alone Merging Unit (SAMU) connected to the secondary of the conventional current and voltage transformers
Embedded Merging Unit (EMU) connected to the low power interface of non-conventional current and voltage sensors (may include optical interface)
The physical devices providing a binary monitoring and control interface for circuit breakers and switches are called Switchgear Control Unit (SCU).
The PIUs publish analog sampled values and binary or other status information of redundant substation LANs that may have a different architecture depending on the substation topology, criticality and many other factors. The logical Station and Process buses can be integrated or separated depending on the implementation requirements and philosophy.
The PIUs also execute commands to operate the breakers or switches. They also subscribe to GOOSE messages from the protection, automation and control IEDs in order to trip or close the breakers while clearing short circuit faults or for other purposes.
2.2 Effectiveness and efficiency
When we think about effectiveness and efficiency, there are many things that can be mixed, because some people think that they are more or less the same.
All of the discussions in the paper will be based on the following definitions, which are based on the research of many different definitions available on the Internet .
Effectiveness – the degree to which objectives are achieved, without consideration of the resources being used.
Efficiency – the extent to which a resource is used in order to effectively achieve an objective.
In the following sections of the paper we are going to analyze first what tools and methods need to be used in order to effectively test different types of protection and control devices, based on some specific examples.
After clarifying how we can make sure that the test object can be successfully tested, we are going to concentrate on how this can be achieved in the most efficient way.
2.3 Maintenance testing in case of incorrect protection system operation
One of the key requirements for correct maintenance testing is the reason for the test. Maintenance testing in general is that testing which is performed to diagnose and identify equipment problems or confirm that different actions taken to change settings, upgrade or repair the protection device or another component of the fault clearing system have been effective. The tests to be included in the maintenance test will depend on which of the listed above measures have been implemented.
Problems of the different elements of the fault clearing system can be of two main types – if the system does not operate when it has to and if it operates when it should not. These two types of problems are usually detected when the system is in service and an event occurs. The operation needs to be analyzed in order to determine the reason and take some corrective action to prevent future incorrect operation of the system.
2.4 Failure to operate
The main role of a protection relay is to detect when a fault occurs in the electric power system and to take the necessary actions to clear the fault by disconnecting the faulty equipment from the rest of the system. In some cases, such as transmission line or distribution feeder faults of temporary nature the protection system may also attempt to restore the pre-fault system topology using autoreclosing functions.
Failure to operate under fault conditions may have severe impact on the stability of the electric power system due to the increased duration of the fault caused by the operation of backup protection functions and the switching-off of healthy system components.
2.4.1 Undesired operation
As many system disturbances and blackouts have shown, one of their main causes have been operations of the protection system under non-fault conditions. These failures also need to be prevented since they may also have a negative impact on the stability of the electric power system and result in deterioration of the conditions and a wide area disturbance.
2.4.2 Maintenance testing requirements in case of incorrect operation
tests used to determine the reason for the operation
tests used to confirm that a required corrective action has been successfully implemented
the record in the failed relay may be affected by the failure of the device itself or a component of the fault clearing system – for example instrument transformers or the wiring between them and the relay
the sampling rate of the recording by the relay may be too low which will not correctly represent the abnormal system condition
After the reason for the incorrect operation has been determined, a corrective action is required, followed by maintenance testing to ensure that the measure has been successful. The maintenance tests in this case can be based on replay of the same files used to determine the cause of the incorrect operation, or some other tests to verify changes in settings or programmable scheme logic.
In digital substation maintenance testing the test equipment is required to publish the sampled values corresponding to the recording in the COMTRADE file.
The requirements for isolation depend mainly on what is being tested and the purpose of the test. In the case of maintenance testing isolation is required in order to avoid any undesired operation of protection IEDs caused by the execution of a test procedure in the energized substation.
Functional testing of individual IEDs used in the scheme
Functional testing of distributed functions within a substation
In an IEC 61850 based digital substation the physical isolation is not possible, so it is necessary to implements the test related features defined in the standard. Which features will be used will depend on the specific test case being executed.
In order to ensure efficient testing we need to identify the efficiency criteria, i.e. which resource should be minimized. The key parameter that we can use is the time that it takes to prepare, execute, analyze and document the results of the tests.
Functional testing methods can be divided into several categories. They are related to the complexity of the functionality of the individual devices being used in the different levels of the hierarchical system, as well as the types of distributed functions implemented in it. This requires the selection of the right testing method for the specific type of test, as well is the use of testing tools that can automate the testing process.
Functional element testing
A function in this case can be considered as a sub-system with different level of complexity, for example a system monitoring (SM) function, while the system is the complete redundant protection system.
Regardless of what is being tested, the test object needs to meet the requirement for testability. This is a design characteristic which allows the status (operable, inoperable, or degrade) of a system or any of its sub-systems to be confidently determined in a timely fashion. Testability attempts to qualify those attributes of system design which facilitate detection and isolation of faults that affect system performance. From the point of view of testability a functional element in a protection system is the unit that can be tested, because it is the smallest element that can exist by itself and exchange information with its peers in the protection system.
Another consideration is the purpose of the test and needs to clarify if the tests are performed in relation to acceptance of a new product or function to be used as a system monitor or process controller (or both), the engineering and commissioning of a substation component or the complete protection system or its maintenance. From that perspective different testing methods can be implemented even in the testing of the same functional element or function.
For example the testing of a system monitoring function during the user acceptance phase may focus on the testing of the measuring element characteristic using search test methods, while during the commissioning the operating times for different system conditions be the important ones achieved through transient simulation methods.
Black box testing
White box testing
An important aspect that needs to be considered during the testing is the availability of redundant devices performing the different protection system functions.
The following sections discuss in more detail the different testing methods listed above.
5.1 Black box testing
Black Box Testing is a very commonly used test method where the tester views the test object as a black box. This means that we are not interested in the internal behavior and structure of the tested function. Test data are derived solely from the specifications without taking advantage of knowledge of the internal structure of the function.
functional elements testing
protection system factory testing
protection system site acceptance testing
Since functional elements are defined as units that are the smallest that can exist independently and are testable, it is clear that black box testing is the only method that can be used for their testing.
The response of the test object to the stimuli can be monitored by the test system using the operation of physical outputs, communications messages or reports.
5.2 White box testing
White box testing is a method where the test system is not only concerned with the operation of the test object under the test conditions, but also views its internal behavior and structure. In the case of protection system it means that it will not only monitor the operation of the system at its function boundary, but also monitor the exchange of signals between different components of the system.
The testing strategy allows us to examine the internal structure of the test object and is useful in the case of analysis of its behavior, especially when the test failed.
In using this strategy, the test system derives test data from examination of the test object’s logic without neglecting the requirements in the specification. The goal of this test method is to achieve high test coverage through examination of the operation of different components of a complex function and the exchange of signals or messages between them under the test conditions.
This method is especially useful when we are testing distributed functions based on different logical interfaces. The observation of the behavior of the sub-functions or functional elements is achieved by through monitoring of the exchange of messages between the components of the test object.
The test scenarios however do not have to be different from the ones used under black box testing.
5.3 Top-down testing
Top-down testing is a method that can be widely used for protection system, especially during site acceptance testing, when we can assume that all the components of the system have already been configured and tested.
Top-down testing can be performed using both a black box and a white box testing method.
The testing starts with the complete system, followed by function or sub-function testing and if necessary functional element testing.
In the case of factory acceptance testing, when not all components of a system or sub-system are available, it is necessary for the test system to be able to simulate their operation as expected under the test scenario conditions. In this case the test system creates the so called Stubs for functions or functional elements that are not yet available.
Each functional element is tested according to a functional element test plan, with a top-down strategy.
If we consider a protection system implementation in IEC 61850 for testing using a top-down approach, we will start with the definition of the function boundary.
The testing of the individual components of a system function might be required in the case of failure of a specific test, which is shown in Fig. 7. The function boundary for each of these tests is different and will require a different set of stimuli from the test system, as well as monitoring of the behavior of functional elements using different signals or communications messages.
5.4 Bottom-up testing
Bottom-up testing is a method that starts with lower level functions – typically with the functional elements used in the system – for example PTOC.
This method is more suitable for type testing by a manufacturer or acceptance testing by the user.
When testing complex multilevel functions or systems, driver functional elements must be created for the ones not available. The test system must be able to simulate any missing component of the system when performing for example factory acceptance testing.
There are many similarities in the test scenarios used in the bottom-up, compared to the top-down method. The main difference between the two methods is the order that the tests are performed and the number of tests required.
In order to clarify the use of the above described methods, this section includes an example of the maintenance testing of a time overcurrent function element which is part of a distributed breaker failure protection scheme.
6.1 Distributed breaker failure protection scheme
Breaker failure protection is a scheme that is perfectly suitable as an example for the testing of protection schemes in digital substations due to the fact that it is distributed in nature and includes merging units (MU), protection IEDs and Switchgear Control Units (SCU) communicating over the substation LAN.
Breaker failure protection is a scheme that is typically used at the transmission level of the system due to the impact of such event on the stability of the electric power system. With the availability of built in breaker failure protection function in many multifunctional protection IEDs and the increasing requirements for decrease in the duration of distribution faults it is becoming commonly used in distribution systems in order to reduce the duration of voltage sags and improve power quality and the ride through capability of distributed energy resources.
The element RBRF1 in the multifunctional transformer protection relay (IED4) is associated to all feeders. When the distribution feeder protection relay (IED2) operates, it sends a GOOSE message indicating its operation requiring the tripping of the feeder breaker to clear the fault. This includes the data attribute
PTRC1.Tr.general = TRUE
As a result from
PTOC1.Op.general = TRUE
The transformer protection relay (IED4) subscribes to this message, and when it receives the change of value of a feeder protection functional element PTRC Tr data object to True, initiates the breaker failure protection function RBRF. As soon as IED 4 receives the GOOSE message
RBRF1.Str.general = TRUE
If re-trip of the breaker protected by IED 2 is implemented, IED4 will publish a GOOSE message with
RBRF1.OpIn.general = TRUE
If the re-trip still does not result in the breaker opening, after the breaker failure time delay times out it will publish a GOOSE message with
RBRF1.OpEx.general = TRUE
Each of the above attributes in GOOSE data sets must be paired with its corresponding quality attribute, for example
If the breaker fails to trip, the fault current will keep the level of the current above the pickup setting of the breaker failure detection element, the timer will time out and IED4 will trip the required breakers (the transformer breaker and the distribution bus sectionalizing breaker) to clear the fault as shown in Fig. 15.
The external trip of adjacent breakers is through any of the breaker controllers (SCUi) represented by IEDs 5 and 6 in the figure. They are required to clear the fault.
6.2 Maintenance testing of PTOC in a digital substation
The maintenance testing can be performed in several different ways depending on the protection testing philosophy of the utility.
6.2.1 Complete IED isolation
If it is to maintain the existing practice of isolating the complete device from the substation while performing the testing, we need to put the top level logical device PROT in Mod = TEST. However this does not correspond to the requirements for efficiency, because there will be no dedicated protection for the distribution feeder during the testing. In this case we need to set IED2 to
PROT.Mod = TEST
This will put the behavior of all protection and protection related logical nodes in TEST.
After that the IED2 needs to be set to
LPHD.Sim = TRUE
The test set will publish the sampled values TCTR1.AmpSv with
Simulation = TRUE
The test set will have to subscribe to the GOOSE message from IED2 containing
The first is used to determine the operating time for the assessment of the PTOC1 performance, while the quality attribute will be examined to determine if the Test bit is set to TRUE.
6.2.2 Partial IED isolation
The efficient approach is to put in test mode only the function element that we are testing, meaning that for IED2
PTOC1.Mod = TEST
By doing this the quality Test in PTOC1.Op.q will be set to TRUE, which will not result in the start of the RBRF1 during the testing.
In order to do the simulation without disabling the remaining protection functions we can take advantage of the TestRef attribute in InRef.
We need to set PTOC1 to
PTOC1.InRef.tstEna = TRUE
PTOC1.InRef.setTstRef = TestDev/TCTR1.AmpSv
In order to use this approach it is essential to verify that the IED’s communications interface can process simultaneously the sampled values from both the merging unit and the test device and make the simulated sampled values only to the test logical node – in this case PTOC1.
The test set will have to subscribe to the GOOSE message from IED2 containing
The first is used to determine the operating time for the assessment of the PTOC1 performance, while the quality attribute will be examined to determine if the Test bit is set to TRUE.
It is clear from the previous sections of the paper that the testing tools need to support the requirements for all the different types of test described earlier.
Hardware – the different test devices that generate analog signals or communications messages as required by the application
Software – the different software tools that are used for specific types of test, test configuration, power system conditions simulation, test assessment and documentation
To support the virtual isolation, the test devices should be configurable to operate in a “normal” operating mode, i.e. by sending messages with all test mode related data objects and attributes set to False. As described earlier, these will be all use cases when there is no need for virtual isolation.
In cases like maintenance testing or commissioning of new bay protection and control schemes in an energized substation, the test equipment should send messages with the simulation bit or test bit set to TRUE, in order to prevent undesired tripping of circuit breakers.
IEC 61850 based digital substation allow a significant improvement in the efficiency of maintenance testing. This is the result of the availability of testing related features defined in the standard which allow the isolation of the test object and testing system from the rest of the live substation without the need for physical switching or connections of equipment in the live substation.
long distance between the substation and the base of the test staff team
difficult terrain with bad roads
difficult weather conditions
requirements for reduction of outage time because of maintenance
The remote testing improves the efficiency by eliminating the need to travel to the substation to perform the testing. This leads to the significant reduction in the time spent by the testing team in relation to a specific maintenance test.
Additional savings in time are the result of eliminating the need for connecting the test equipment to the test object.
The ability to isolate only a function element that is being tested improves the efficiency of operation of the electric power system by eliminating the need for an outage during the testing.
Analog and digital interfaces between the process and the protection, automation and control system are communications based (IEC 61850 sampled values and GOOSE)
Support of virtual isolation of test objects
Remote secured access to the substation’s test system
Test computer which runs the testing software supporting IEC 61850 Edition 2 testing features and the required functional testing tools
Test devices performing simulation and evaluation of the results from each test
The need for locating a test computer and test devices in the substation is in order to be able to accurately measure the performance of all components of the tested scheme within the real communications architecture of the substation.
The interface to the test computer is over a private cloud and requires the use of cybersecurity technology available for remote access from the engineering station by an authorized and authenticated user.
The test engineer and technician accesses the test computer in the remote substation using a remote control tool with advanced cyber security features.
The remote access to the substation test computer needs to meet all cyber security requirements, including role based access.
Depending on the requirements for the test defined by the type of maintenance testing that needs to be performed the logical nodes, logical devices or complete IEDs are set in the required mode in order to ensure their virtual isolation.
In order to further improve cyber security it is recommended to connect the test computer and the Ethernet port of the test device used to control it to one isolated segment of the substation LAN, while the port of the test device which is used to publish the simulated messages and subscribe to the messages from the tested IEDs should be connected to the station/process bus network.
Edition 2 of IEC 61850 introduced many new features that further enhance the power of the standard.
There are new features that should make the life of the end user easier – assuming the features are supported by future products. They are designed to support not only automated configuration and execution of test procedures, but also remote testing for some specific test cases.
Using remote testing by controlling the test system in a remote substation from the convenience of the engineering office brings significant benefits by improving efficiency and safety, as well as reducing outage times. To achieve it, many new technologies or requirements should be further researched, the correlative testing interface software, platforms and core testing algorithms should all be improved.
The author AA contribution is introducing the definition of a digital substation and efficient testing, as well as the requirements for isolation during testing. And he also describes testing related features in IEC 61850 Edition2 and testing methods that can be used in digital substations in paper. Maintenance testing examples and testing tools requirements are also presented..
The author declares that he has no competing interests.
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
- Gopalakrishnan, A., Aquiles‐Perez, S., MacGregor, D., Coleman, D., McGuire, P., Jones, K., Senthil, J., Feltes, J., Pietrow, G., & Bose, A. (2013). Simulating the Smart Electric Power Grid of the 21st Century – Bridging the Gap between Protection and Planning (40th Annual Western Protective Relay Conference, Spokane, Washington).Google Scholar
- Apostolov, A. (2014). Functional Testing of System Integrity Protection Schemes (PAC World Magazine, pp. 46–51).Google Scholar
- Madani, V., Novosel, D., Horowitz, S., Adamiak, M., Amantegui, J., Karlsson, D., Imai, S., & Apostolov, A. (2010). IEEE PSRC Report on Global Industry Experiences with System Integrity Protection Schemes (SIPS). IEEE Transactions on Power Delivery, 25(4), 2143–2155.View ArticleGoogle Scholar
- IEEE. (2008). 1588 IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems.Google Scholar
- Meier, S. (2012). Impact of IEC 61850-9-2 process bus on substation automation systems, system design and experiences with NCITs, P&C Conference.Google Scholar
- IEEE Std C37.238, IEEE Standard Profile for Use of IEEE 1588™ Precision Time Protocol in Power Systems, 2011.Google Scholar
- IEC 61850-7-1 Communication networks and systems for power utility automation: Part 7-1: Basic communication structure – Principles and models[S], Edition2.0, 2011-07.Google Scholar
- IEC 61850-7-2 Communication networks and systems for power utility automation: Part 7-2: Basic communication structure – Abstract communication service interface (ACSI) [S], Edition2.0, 2010-08.Google Scholar
- IEC 61850-7-3 Communication networks and systems for power utility automation: Part 7-3: Basic communication – Common data classes[S], Edition2.0, 2010-12.Google Scholar
- IEC 61850-7-4 Communication networks and systems for power utility automation: Part 7-4: Basic communication structure for power utility automation – Compatible logical node classes and data object classes[S], Edition2.0, 2010-03.Google Scholar
- UCA International Users Group. (2004). Implementation guideline for digital interface to instrument transformers using IEC 61850-9-2[S].Google Scholar
- IEC 61869-9:2016 Instrument transformers - Part 9: Digital interface for instrument transformers[S], Edition1.0, 2016-04.Google Scholar
- Communication networks and systems for power utility automation – Part 6: Configuration description language for communication in electrical substations related to IEDs, IEC International Standard 61850-6, Ed. 2.0, Dec. 2009.Google Scholar
- Communication networks and systems for power utility automation – Part 8-1 Specific Communication Service Mapping (SCSM) – Mappings to MMS (ISO 9506-1 and ISO 9506-2 and to ISO/IEC 8802-3, IEC International Standard 61850-8-1, Ed. 1.0, May 2005.Google Scholar
- Apostolov, A. (2013). Improving the Efficiency of Testing of Protection Devices and Systems[C], CIGRE B5 Colloquium, Belo Horizonte, Brazil.Google Scholar
- Apostolov, A. (2016). Remote Maintenance Testing of Protection Devices and Schemes – Why We Need It and How We Can Do It? College Station: Texas A&M.View ArticleGoogle Scholar