B5-101

SUBSTATION CONTROL SYSTEM-PRESENT PRACTICES AND FUTURE TRENDS

R SUBRAMANIAN* H AL HOSANI
Abu Dhabi Water and Electricity Authority

(United Arab Emirates)

Summary

Developments in computer and communication technologies have enabled unmatched integration

of a wide range of substation functions within a computer control system. This new class of
application has gone through a great deal of effort into achieveing cost-effective, efficient,
secure and high performance of the utility power grid substation operations. The integrated
Substation Control System (SCS) became some years ago the technology of choice, which led to
the installation of a 3-level hierarchical control system in Abu Dhabi substations. The first 2
levels of control are performed locally within the boundary of the substation, and the third level
puts a larger number of substations under remote control from the Network Control Centre
(NCC), which is separated in most cases from the individual substations by large distances. In the
design of this serial link to NCC, the IEC 60870-5-101 standard has become the protocol of
choice for field installation on Abu Dhabi system.

The SCS application has achieved the operation of substations with an economic optimum. The
highlight of this paper is the description of the typical suite of hardware underpinning SCS system
and of its fundamental architectural concepts and issues. This paper brings the reader to the grasp
of the non-homegenous application of substation LANs, which exists today due the lack of
direction in the industry for defining a harmonious architecture supported by standardized
communication interfaces. It also demonstrates a desire for achieving both interoperability and
interchangeability of hardware devices from different suppliers within substations. In this respect,
this paper looks for the dawn of the IEC 61850 to provide seamless connectivity among a large
number of SCS systems with a higher level of interoperable capabilities. It lists some new
substation functions made feasible by the new IEC standard. The paper also gives some insights
into the development of a corporate database for giving timely and useful information to
personnel responsible for a wide range of engineering activities within the utility.

With the proliferation of SCS systems from a number of suppliers, ADWEA has been subject to
experiencing dismal control system performance in some of the substations. In hindsight of
ADWEA’s operational experiences, the authors of this paper perceive that SCS technology
requires to be pushed forwards with more rigorous hardware quality control and faultless software
debugging procedures, to make SCS operate with high performance of reliability and availability,
and meet the users’ high ergonomic requirements at any times of the substation operations.

* rspillai@adwea.gov.ae
 B5-102

AUTOMATED FAULT ANALYSIS USING ADVANCED INFORMATION TECHNOLOGY FOR DATA

INTEGRATION AND INFORMATION EXCHANGE

M. KEZUNOVIC T. POPOVIC
TEXAS A&M UNIVERSITY TLI, INC.

D.R. SEVCIK A. CHITAMBAR

CENTERPOINT ENERGY ENTERGY SERVICES
U.S.A.

Summary
Deregulation, liberalization, restructuring and privatization in the utility industry are simultaneously
happening around the globe. They represent different approaches to making the utility industry more
cost effective and responsive to customer needs. As a result, two important trends are recognized: the
introduction of more automated functions and the use of more advanced information technology. The
final aim is to provide better service to the customers and to reduce operating cost.
This paper illustrates how the existing fault analysis approach can significantly be enhanced through
the use of advanced information technology. In this context, the information technology relates to
solutions utilizing communications, processing, intelligent systems, computer networks, databases,
user interfaces, etc. The application functions can be improved to include broader view of the analysis
including data from multiple intelligent electronic devices (IEDs). This leads to a comprehensive data
integration resulting in efficient information extraction. Once the relevant information is extracted, it
can be distributed to multiple users responsible for maintaining the quality and reliability of the energy
supply service. All of this can easily be automated using information technology services selected to
best support the applications.
To illustrate the expected benefits of the use of information technology to support fault analysis
automation through data integration and information exchange, several implementations carried out by
the authors are presented. The examples include: comprehensive fault and power quality disturbance
analysis, enhanced just-in-time analysis of circuit breaker operation, and improved fault location
analysis using modeling, simulation and field data. The main goal of automated fault analysis is to
reduce the time needed to detect the fault, identify the fault type, and assess the performance of relays,
communication schemes and circuit breakers involved in the fault clearing. The main goal of the
power quality analysis is to assess the PQ disturbances automatically and to identify the ones that are
caused by faults (voltage dips). The main objective of automated circuit breaker analysis is to analyze
circuit breaker (CB) operation performance each time it operates. Detailed analysis of the breaker
operation is enabled by monitoring of additional control signals related to CBs and with an extensive
rule-based expert system. The main goal of the automated fault location is to use field data obtained
from recording devices sparsely located at various substation locations. Examples of recording devices
may include digital fault recorders (DFR), digital relays, or other intelligent electronic devices (IED).
The data captured by recording devices may include analog quantities such as voltage and current
waveforms and digital (contact) quantities such as breaker status and relay operation status. To solve
the fault location problem utilizing sparse data, the “waveform matching” approach is used. The
approach utilizes a genetic algorithm for finding the best match between the simulated and field-
recorder waveforms, which leads to an identification of the fault location.
The paper first gives the background of the enhanced fault analysis approach based on data integration
and information exchange. The use of information technology to automate the analysis based on data
integration and information exchange is covered next. Conclusions and references are given at the end.
 B5-103

Design of IEC 61850 based Substation Automation Systems

according to customer requirements

K.P. BRAND∗, C. BRUNNER, W. WIMMER

ABB Switzerland Ltd, Baden and Zürich

(Switzerland)

SUMMARY
The standard IEC 61850 „Communication Networks and Systems in Substations“ provides interoperability for
all functions in substations. All parts of the standards are ready 2004 and first devices and systems appear on the
market. Both the basic functionality and the design of Substation Automation systems (SA) based on customer
requirements are not changed by this standard, but inherent properties allow responding more specific to
customer requirements and designing optimized systems. The Ethernet based stack allows for scalable
communication architectures. The key optimizing the design process is the Substation Configuration description
Language (SCL). The customer specification has to include three areas of requirements: the functionality
needed, the performance requested, and all constraints to be considered. The constraints may include prescribed
devices to be considered, geographical extension, interfaces to switchgear and network control centers.
Constraints may be also redundancy requirements. The performance comprises topics like response times and
reliability. The functionality should be specified without reference to any implementation to allow for an
optimized solution. If redundancy is not a constraint it will result from the requested availability.
The paper describes how the design process starts from the single line diagram and the SA functions, how the
functional requirements modeled by Logical Nodes (LN) support the design, and how the non-functional
requirements control the grouping of LNs in Logical Devices (LD) and their allocation to physical devices. All
these requirements decide the architecture of the communication system. Depending on the constraints, two
alternative sequences of the design process are discussed. The SCL files used in each design step are mentioned
if applicable. Two design results for SA systems based on very different requirements are given. They proof that
functional and non-functional requirements together result in clear, optimized solutions. These samples give also
some indications for price tags.

∗
klaus-peter.brand@ch.abb.com
 B5-104

Incremental implementation of a utility-wide

protection information system
Nikolaus Lahner* ABB Switzerland, Sandor Csontos Elektra Baselland Liestal,
Santhanam Chari ABB Switzerland, Walter Baass, ABB Switzerland

Switzerland

With the introduction of numerical protection and control devices, valuable protection related data is collected
continuously in the numerical devices. To tap this data, utilities around the world have installed some systems to
either manually or automatically collect a part of this data. The installed systems however do not upload all the
data available in the numerical devices nor do all the systems provide an automated analysis of the collected
data.
A utility-wide protection information system is presented. This system connects to all substations for the
Summary
collection of data either periodically or event triggered, which provides the basis for wide area analysis and
utility-wide management of the power network to obtain a quick fault location. The centralized server is
provided with a suite of automatic analysis software to evaluate the data for fault location and to provide
decision support information to the operations and protection departments.
A case study of a utility’s needs and experience prior to, and after the installation is pointed out. Prior to the
installation of the system, field engineers lost a high amount of time travelling between manually operated
breakers. In some circumstances qualified personnel had to travel to the substation to manually extract the data
from the numerical devices. Occasionally the data in the protection devices was overwritten by subsequent
faults. This resulted in an extended time frame for obtaining an accurate analysis of the network status, and for
corrective action and power restoration.
In order to reduce the time frame for collection and analysis of the data and faster fault location and analysis, the
utility initiated a stepwise installation of the Protection Data Management System (PDMS). In case of a
permanent fault (autoreclosure unsuccessful) the field engineers can go directly to the location of the fault,
thereby considerably reducing the restoration time. If a successful reclose occurs the data is automatically
collected and analyzed. The maintenance staff can subsequently schedule a visual inspection to ascertain damage
and weak points in the system. This has eliminated the monthly visual inspection, which is now performed on
demand.
The paper also presents the incremental investment decisions of the utility to extend the system taking into
account the existing technical constraints.
 B5-105

IT Security for Utility Automation Systems

Bernhard Deck*
ABB Schweiz AG
Switzerland

Martin Naedele
ABB Schweiz AG
Switzerland

These days more and more automation systems, both systems for automating manufacturing processes and such
for controlling critical infrastructure installations for example in power and water utilities, are directly or
indirectly connected to public communication networks like the Internet. While this leads to productivity
improvements and faster reaction on market demand, it also creates the risk of attacks via the communication
network. The document surveys how network-connected plants and automation systems can be secured against
information system and network based attacks by state-of-the-art defensive means, and it will give an outlook on
future research.
Nowadays, realistic scenarios for network-based attacks on infrastructure/utility automation systems and
manufacturing/plant automation systems, with respect to both motivation as well as technical feasibility exist. In
contrast to business systems, which need to be available for business and protect their confidential data, for
automation system IT security the most important security objective is the integrity of the control system to
prevent physical damage and human injury.
The document presents arguments why a defense-in-depths approach with layered mechanisms is a better
strategy for securing systems than the often-used approach of placing a security "wall" around the system and
leaving the inside unchanged. It gives an overview of available security mechanisms, pointing out which are
specifically applicable to automation systems due to the specific operational characteristics of automation
systems.
It remains to remind that, as the saying goes, security is not a destination, but a journey - both the notifications
generated every day by an appropriate security system, and the whole architecture of the security system need to
be reviewed regularly to detect and adapt to new vulnerabilities and threats.
 B5-106

EHV TRANSMISSION LINE SHUNT COMPENSATION EFFECT ON

LINE PROTECTION AND SYSTEM AUTOMATION

SAMIR A. EZZ EL-ARAB MOHAMED A. EL-HADIDY*

EGYPTIAN ELECTRICITY TRANSMISSION COMPANY

(Egypt)

Summary

Shunt reactors connected to the Extra High Voltage (EHV) Transmission Lines (TL's) are necessary
for the control of the system voltage, and to prevent generating units, during emergencies, from
exposure to impermissible reactive power loading conditions. For the second purpose, shunt reactors
are connected to the TL’s without Circuit Breakers (CB’s). During system maneuvering or during the
dead time of the autoreclosure cycle, one/three phase(s) of the TL is/are switched off from the power
system. The existence of the reactors on the switched off phase(s) generates voltage oscillations that
can disturb the TL protective relays or system automation devices such as Distance Relays (DR),
Autoreclosure (AR), or Out-of-Step (OS) protection. This may lead to serious consequences like
system splitting or highly decreased system reliability.
In this paper this phenomenon is illustrated together with its effects on line protection and system
automation devices. Real incidents in the Egyptian Power System due to this phenomenon were
recorded using Digital Fault Recorders. The waveforms of the voltage oscillations are analyzed. The
factors affecting their magnitudes and frequency of the voltage oscillations are illustrated.
In this paper also, the disturbed performance of the protection and automation devices is analyzed. The
out-of-step relay operation criterion under these voltage oscillations is analyzed in detail using the R-X
complex plane, where both the relay characteristics and the calculated trajectory of the impedance
phasor seen by the relay are illustrated. An interesting performance of the out-of-step relay is
illustrated.
The performance of the starting and measuring elements of the distance protection which use
amplitude comparison and phase sequence comparison criteria is analyzed during the single phase
autoreclosure dead time, where voltage oscillations of the tripped phase can disturb the performance.
In this analysis, the capabilities of the digital fault recorder's software revealed the reasons behind the
strange performance of the autoreclosure device.
The deep and careful analysis of the power system incidents and malfunctioning of the line protection and
system automation, provided in this paper, encouraged to propose:
a- suggestions for overcoming the problems causing relay malfunctioning, and
b- recommendations for the designers of both protection systems and Digital Fault Recorder's software.

*
E-mail: dr_alhadidy@hotmail.com
 B5-107

Use of a Numerical Control System to Implement an Underfrequency Load Shedding and

Restoration Scheme

Barry John Kilcline* Velibor Salopek

ESBI ABB

(Ireland) (Finland)

Introduction
A requirement existed for widespread installation of Numerical Control Systems (NCS) onto ESB’s
sub transmission system. A detailed selection procedure was carried out, with a ‘MicroSCADA’
system emerging as the most suitable candidate for ESB’s applications. To gain maximum cost
benefit from the NCS installation, the possibility of carrying out a number of tasks currently
performed by traditional hard-wired schemes was examined. The decision was taken to implement
ESB’s Under Frequency (UF) Load Shedding and Auto Frequency Restoration (AFR) Schemes using
the NCS.

Numerical Control System

The layout of the NCS is as follows: two PCs are coupled in a dual redundant arrangement, with Bay
Control Units (BCU) communicating to the system via LON Bus. The BCUs provide metering,
position indication and local and remote operation of switchgear. Signals are extracted serially from
protection relays. Communications upward to National and Distribution Control Centres is provided
using the IEC 60870-5-101 protocol. Remote dial in access is provided for remote protection settings.

Existing Under Frequency Load Shedding and Restoration Scheme

ESB’s existing scheme initiates the automatic restoration (AFR) of feeders, which have been tripped
by Under Frequency (UF) conditions. The scheme is implemented on 38kV feeders in almost all of
ESB’s 110 / 38kV stations. It ensures that only those Circuit Breakers which have been tripped by the
UF function are reclosed and enables sufficiently small restoration steps to be chosen to avoid
relaxation oscillations. Loads can be given priority rankings, depending on the nature of customer
connected. The AFR Scheme allows for control of restoration step sizes, time rate of restoration load,
restoration pause (should more generation be lost while restoration is taking place), and the
implementation of an initial delay time.

Implementation of UF Load Shedding and AFR Scheme using NCS

The logical location for the implementation of the UF Load Shedding and AFR Schemes was on a per
bay basis, to safeguard against failure of central system disabling the scheme for the station. With
ESB’s hard-wired scheme, loads were shed and restored in one of four groups.

*ESB International, 18-21 St. Stephen’s Green, Dublin 2, Ireland; email barry.kilcline@esbi.ie
The scheme, implemented in each BCU, is built using IEC 1131 logic, combined with specific logic
blocks available within the BCU. Control of the state of the scheme is given using a physical On/Off
switch, the NCS screen, or from the Distribution Control Centres.

Benefits of the Scheme

The implementation of an NCS in general and UF and AFR schemes in particular have had significant
benefits for ESB. These benefits are detailed in the main paper.

2
 B5-108

DEVELOPMENT OF THE REMOTE MONITORING AND DIAGNOSIS SYSTEM

FOR HIGH VOLTAGE SUBSTATION

J. B. KIM*, M. S. KIM, J. R. JUNG, W. P. SONG, D. S. KIM I. D. KIM

HYOSUNG CORPORATION Doowon Tech. College

(Republic of Korea) (Republic of Korea)

Summary
As the recent trend of the power system based on the IPP(Independent Power Producer) / the
distributed generation and the advancement of IT(Information Telecommunication)
technology, the needs of domestic/abroad on the GIS(Gas Insulated Substation) and power
transformer attached the diagnosis function have been rapidly increased. “A monitoring and
diagnostic system for power apparatus ” being promoted introduction by KEPCO (Korea
Electric Power Corporation) and the other demander has aims such as the following ;
detecting the malfunction with a highly efficient sensors and a signal processing techniques,
in case of abnormal progress it prevents a emergent shut-off of electricity by warning, sets up
a plan of maintenance / repair by the diagnosis standard, prevention for recurrence of an
accident and a speedy recovery of an accident by judging both the cause of fault and a fault
location. Adding to that, the development of low-price and common intelligent diagnostic
system for preventing accident of the existing established power apparatus have been on the
needs for pre-estimate of the lifetime and for economic maintenance repair plan.
The intelligent diagnostic system is one which diagnose the degradation characteristic of
GIS and transformer with on-line using a highly efficient sensors and the signal processing
techniques, simultaneously optical communication and S/W techniques. For the development
this system, techniques such as the following are necessary.

1) Sensor application techniques to detect the malfunction of GIS and transformer

2) Diagnostic algorithm design techniques for judging the malfunction of GIS and
transformer
3) Networking and display technique to show the conditions of GIS and transformer

In this paper, we describe the actual instance of the remote monitoring and diagnosis system
together with networking and display system for 154kV substation in KOREA.

* hico-jbkim@hyosung.com
 B5-109

CONCEPTS FOR INTELLIGENT MONITORING AND CONTROL OF POWER GRIDS BY USE OF

NEW MEASUREMENT TECHNOLOGIES

K. UHLEN*, L. WARLAND J. O. GJERDE, KHOI VU Ø. KIRKELUTEN

SINTEF ABB STATNETT

(Norway)

SUMMARY

In critical situations leading to severe power outages, a common problem seems to be the limited time
available for the operators to assess a contingency situation, and the lack of time available to take
corrective actions to restore normal security level and thus avoid cascading outages. New
measurement devices and information systems have become available for use in transmission system
operation. Based on this technology, improved on-line monitoring, control and protection systems are
being developed that can increase security of operation.

The work described in this paper addresses this problem by demonstrating applications related to
o Wide area power system monitoring with focus on dynamic information and stability indices
o Distributed monitoring of voltage stability limits, possibly with local protection control.
o Automatic secondary control to optimise reactive reserves and simplify operating procedures in
critical situations.

This paper reports the initial phase of an Information Technology (IT) initiative to improve the
utilisation of the Norwegian power grid. We adopt a scalable approach, beginning with a focus on the
use of local intelligence (“agent”), and gradually integrating these agents into the existing IT
infrastructure. A main objective is to develop and test new applications for on-line monitoring and
control of network operation based on the use of Phasor Measurement Units (PMUs) and the Voltage
Instability Predictor units (VIP-units). In particular, the paper reports on the implementation and
testing of two new applications. One is the Voltage Instability Predictor for on-line tracking of
distance to voltage collapse, which is primarily a local device. The second is a Secondary Voltage
Regulation scheme for coordinated control of SVCs and synchronous condensers, which is presently a
control centre application.

The experience from the ongoing project has shown that it is possible to combine the academic ideas
with practical experiments. The cooperation between a research institute, an industry company, and a
grid company has been successful. Although the ideas of VIP and PMU have existed for some years,
only practical testing could show the products’ real life capability and effectiveness.
 B5-110

CONCEPT AND FIRST IMPLEMENTATION OF IEC 61850

F. Hohlbaum L. Hossenlopp G. Wong*

ABB Alstom Siemens AG
(Switzerland) (France) (Germany)

In response to the worldwide desire to reduce the ownership cost of the substation automation systems,
simplify the operation and maintenance in substations, and safeguard the investment of the utilities,
the standard IEC 61850 ‘Communication networks and systems in substations’ has been produced by
the International Electrotechnical Commission. Substation automation systems compliant with IEC
61850 are interoperable without the use of gateways in the communication network. IEC 61850 is
becoming the single international standard for substation communications, bringing benefits to the
utilities and manufacturers.
The approach of IEC 61850 is to subdivide functions into the smallest possible objects called Logical
Nodes. The data are exchanged following the rules which are called services. These generic data and
services are mapped to a mainstream communication stack comprising Manufacturing Message
Specification, Transmission Control Protocol/Internet Protocol (TCP/IP), and Ethernet. The
applications and the stack are separated, allowing the communication technology to be upgraded and
the existing databases of the applications to be left intact. This feature makes IEC 61850 future-proof.
The data and the services of automation systems are standardised, avoiding ambiguity between parties
at the specification stage. Ethernet simplifies wiring in substations, and in accordance with IEC 61850,
permits critical and non-critical data to be transferred over a single network. Readily available
industrial Ethernet components can be adopted and used with little further design work. Redundancy
can more easily be built into the non-master-slave automation system. Commissioning is simplified
through easy local and remote viewing of substation data. Not found in other communication
standards, the Substation Configuration description Language facilitates greatly the specification and
engineering of automation systems comprising devices from different manufacturers.
It is not conceived that utilities replace all their existing non-IEC 61850-based equipment with 61850-
based equipment overnight. Most utilities are building up their IEC 61850-systems step-by-step. Many
migration paths are possible to allow the substation to be gradually IEC 61850-compliant. For
example, existing equipment may be upgraded directly. Existing equipment may also be left intact,
and an interface is established between this and any new IEC 61850-compliant equipment which is
introduced when the substation is extended. Since 1998, demonstration projects in Europe and North
America have confirmed the feasibility of the standard, and one of the highlights was the test carried
out in real-life situations in 2002. The method of standardising communication in IEC 61850 has also
proven itself to be far-reaching, and is being applied in many other fields, particularly in the
monitoring of substation equipment. IEC 61850 is presently applicable within a substation, and work
is in progress to extend the method of standardisation up to the control centres.
Keywords:
Interoperability - Substation - Automation - Communication - Protocol
 B5-111

APPLICATION OF INTRANET TECHNOLOGIES

FOR POWER SYSTEM PROTECTION

A. TAKEUCHI F. KUMURA M. NAKAHARA

Chubu Electric Power Co. Kansai Electric Power Co. Kyushu Electric Power Co.

T. YOSHIZUMI M. USUI T. MATSUSHIMA*

Hitachi Ltd. TM T&D Corporation TM T&D Corporation
(Japan)

Summary
Among recent active technical innovations, the progress of data transmission technologies has been
marked, particularly in the field of internet/intranet technologies. These innovations have also rapidly
been applied, in recent years, to the power system protection and control area. At the same time,
promotion of efficiency in the field of power system protection and control is a major topic that have
been facing for many years. The recent move towards deregulation has accelerated the necessity to
promote efficiency in this area still further. Expanding intranet technology will play a significant role
in the promotion of this long-term goal for greater efficiency.
Remote operation and monitoring of the protection relay from the station are easily realized by
intranet use. Through this system, greater maintenance cost benefits are expected because many
protection relays over a wide area can be monitored and controlled without leaving the maintenance
station. In this system not only monitoring but also testing of relays from the remote station is possible,
during which accuracy of analogue input data is verified using an “agent technique”. In this test, by
comparing the data of duplicate systems, errors of input voltage and current data can be estimated.
This intranet remote control and monitoring system is already practically in use by electric power
companies. In this kind of system, error estimation of the input signal may enable prediction of
failures in the relay. Moreover, by watching for changes in errors, diagnosis of aging equipment is
possible and it may enable prolongation of equipment life.
Though intranet/internet technologies have great potential, security against external threats, including
actions of malicious persons, is an inevitable problem in applying such technologies to the power
system protection and control area. Although remote access to the relay using intranet technology will
be easy, the possibility of violations to protection relay security will increase proportionally. In this
paper, the basic philosophy and various security techniques are described. For example, applications in
Japanese utilities are limited to closed in-house intranet systems, concentrating on security to provide
separation from external threats. Moreover, additional countermeasures in the application level are
introduced in each system.
At present, limited experience exists in practical applications of intranet technologies to power system
protection and control because they are comparatively new techniques, and it has only been a short
time since they were introduced within power systems. However, they have great potential, and in the
near future they promise to perform important roles in the power system protection and control area.

Keywords: Intranet - Internet - Remote Operation - Remote Monitoring - Protection - Control -

Maintenance Cost - Agent - Security

* E-mail: tet.matsushima@tmt-d.co.jp
 B5-112

Economic Benefits by the use of Function Analysis as Maintenance- and

Investment Methodology in the Primary and Secondary System in High Voltage
Substations

AABØ Yngve* LUNDQVIST Bertil KJØLLE Gerd H SVENDSEN Arne B.

BKK Nett AS ABB Automation SINTEF Energy BKK Nett AS
Norway Sweden Research, Norway Norway

Summary
Norway was one of the first countries in the world where a penalty for energy not supplied (CENS [1])
was introduced. The main objective is to give incentives to the network owners to operate and
maintain the system in a socio-economic optimal way. The introduction created a drive towards more
cost effective solutions and influences all financial decisions in a grid company. However, the
principle behind this regulation is valid in all electrical network companies, even if regulations/
penalties are not (yet) introduced.
Increased utilisation of the network may increase the risk of having extensive interruptions or even
wide area blackouts like those in the western world in 2003 (North America, London, Southern
Sweden, Denmark and Italy). The socio-economic costs associated with interruptions and blackouts
are estimated to be about 250 million Euros per year in Norway. This amount comprises costs of the
small-scale interruptions (short ≤ 3 and long > 3 minutes) as well as the infrequently occurring
blackouts. These socio-economic costs are of the same order as the annual investments in the network
in Norway. Thus, the consequences of interruptions are relatively large. This has become an incentive
for better utilisation of numerical- and information technology to avoid disturbances and forced
outages.

There has been a technological revolution regarding protection and control equipment over the past
twenty years. The technology has changed from independent units of protection, control and
monitoring to the integration of these functions in one device. But in most cases, the technical and
economic benefits of this change have not been fully utilized.

This paper takes a closer look at the technical and economic possibilities that numerical- and
information technology can give. To illustrate the new possibilities, the concept of the “virtually
locked” station is introduced, where all actions and decisions are based on remotely retrieved data
from the station. The new approach is to utilize modern information technology, focusing on the cost
benefits of the function- and risk analysis methodology. The function analysis will give condensed
information on the status of the substation as well as the whole network, when the data are utilized in a
central system. Thus the station can be “virtually locked”. No actions will be based on traditional
methods with regular visits to the station for maintenance testing etc.

An additional benefit is the reduction of human errors. Unwanted operations, caused by personnel
working in the substations are a significant problem in most countries including Norway. The
“virtually locked” station keeps the personnel away from the substation and reduces the probability of
unwanted functions.

Most of the economic and technical benefits are on system level, illustrated with the new concept of
the “virtually locked” substation. It is also possible to delay investments, when the system can be
operated closer to the technical limits due to better information. The extensive information can also be
used for new functions, for example automatic load shedding and restoration systems to reduce the
probability of system/voltage collapse.
 B5-113

PROCEDURE FOR AUTOMATIC RESTORATION OF POWER SYSTEMS:

A CASE APPLIED TO THE BOA VISTA SUBSTATION

Joaquim Américo Pinto Moutinho (*)

Centrais Elétricas do Norte do Brasil S/A - ELETRONORTE

(Brazil)

Francisco Damasceno Freitas

Department of Electrical Engineering - University of Brasília - UnB
(Brazil)

This paper presents results of a procedure for system restoration. The process of automation
of a substation with voltage levels of 230/69/13.8 kV is studied. An algorithm is
implemented considering control logics and command followed on practical
instructions of operation. Some tests are carried out for validating the operational
procedures and the benefits of the automation process are observed. A bay is
represented in order to simulate local conditions and for evaluating the restoration
process. Restoration in a conventional and automatic way are verified. As a
parameter, an index based on time necessary for executing all operation for the
system restoration is established. The automatic process allows to reduce the time
dedicated to the system restoration in such way that is possible to obtain a reduction
on cost of not supplied energy. Furthermore, the probability of errors of the automatic
process is lesser than similar human operation.

Keywords:
System Restoration – Digital Technology – Cost Reduction – Substation Automation.
 B5-201

THE DESIGN AUDIT IN THE QUALIFICATION PROCESS OF PROTECTIONS

AND PROGRAMMABLE CONTROLLERS

J.M. GRELLIER *
ELECTRICITE DE FRANCE

(France)

The commercial availability of the digital electronic components being shorter and shorter,
the traditional methods of qualification of PLC become difficult to apply in their
completeness because delays for qualification become longer than the commercial availability
period. The products on the shelf are then manufactured with some components of
replacement... which thus were not submitted to the qualification process. The qualification
method by audit allows to decide between what is well designed and what is less convincing :
the test programs will target these last points.

The qualification method by audit comprises 4 items : Quality, Design, Components and
Software.
This paper describes the Design audit.
Its characteristic is to provide for each board of the equipment to qualify :
• an analysis of the components and software monitoring principles implemented by the
manufacturer,
• a list of the supervised components and software,
• an assessment of the unavailability of the main functions, possibly generated by running of
the monitoring tasks ;
• the tests strictly necessary to prove the correct implementation of the monitoring
principles.
This very technical part is preceded by a transverse questioning on the organisation, the
development, the modifications and the development of the manufacturing tools and test
tools.
This method, experimented by our engineers with several manufacturers, allowed, in a case,
to accept that the products are not anymore checked at the end of manufacturing, and, in
another case, to reject a product before even the manufacturing of the first prototype, which
allowed the manufacturer to modify the design with a minimum impact on the development
cost and the time to market.

*
jean-michel.grellier@edf.fr
Audit duration to be foreseen :
• Quality : from 4h to 2 days, whether the manufacturer is certified ISO9001, design
included, or not certified.
• Design: 1 day for a CPU board, from 2 to 4h for a power supply or I/O board ; the
duration is doubled if the system is redundant.

A table for design evaluation is proposed with notation and acceptance thresholds.
If all the totals are equal to or higher than 75% of the maximum marks, the tests on the only
weak points revealed by the audit shall be carried out.
If totals relating to boards lie between 50% and 75%, the others being equal to or higher than
75%, all the tests where the board is involved and tests on the only weak points of the other
boards shall be carried out. If the designer proposes an improvement plan, the tests will be
reduced after examination of the file or targeted audit.
If the mark "Organisation" lies between 50% and 75%, an additional audit is programmed.
If a mark is lower or equal to 50%, it is to be feared that the tests reveal defects requiring a
major resumption of the design. The supplier is then asked to implement an improvement plan
and the audit is performed again.

Keywords :
Audit – Design – Qualification – Protection – Programmable Controller
 B5-202

AUTOMATED SETTING OF RELAYS FOR TRANSMISSION LINE PILOT

PROTECTION

PAUL F. MCGUIRE* RUSSELL W. PATTERSON

DONALD M. MACGREGOR TENNESSEE VALLEY AUTHORITY
ELECTROCON INTERNATIONAL, INC. USA
USA
A. T. GIULIANTE GLENN R. HOLT
ATG CONSULTING, INC. OKLAHOMA GAS & ELECTRIC CO.
USA USA

Automated setting of complex modern relays improves productivity by applying utility rules
consistently, simplifying routine data handling and avoiding human error. Generic setting rules
calculate the primary settings for multiple overcurrent and distance elements, including fault-
detectors. The rules are in production use for overcurrent, stepped-distance schemes and directional
comparison pilot (teleprotection) schemes such as POTT, PUTT, and blocking schemes. They exploit
computer power by using more thorough fault studies than those previously conducted manually.

The setting rules are applied within a protection simulation environment, with a system database, a
detailed relay library, and a steady-state phasor fault analysis. The database contains the buses,
generators, lines, shunts, and transformers, the CTs and VTs connecting relays to the network, and
detailed relay models. The rules are encoded in a user-accessible macro language.

To set the relays with a desired margin of security (for zone 1) or reliability (for an overreaching pilot
zone), we first apply solid faults and compute how close the relay is to its operating limit, accounting
for infeed, mutual coupling, and variable generation and load. The desired reach margins on the
protected line are settable parameters, typically 0.8 for zone 1 and 1.2 for a pilot zone. Additionally,
these zones must not trip for faults on the secondary side of load transformers tapped on the protected
line. Zone 3 is reverse-directed to detect external faults behind the relay. Then it blocks the echo of
the permissive signal received from a facing pilot zone, which is at the other end of the protected line.
On every line behind the relay, zone 3 must reach at least far enough to cover the overreach region of
this facing pilot zone.

Overcurrent elements cannot be set precisely because fault currents can vary considerably with the
network configuration. The high-set instantaneous overcurrent pickup setting must exceed the
maximum relay current for a remote-bus fault, and the time-delayed pickup is set below the minimum
relay current. The fault studies that determine these limits can be quite complex, as the examples
show.

Where the automatic procedure cannot set an optimum value, the algorithm warns the engineer to
choose compromise settings. It is straightforward to change a setting parameter and repeat the
*
eii@electrocon.com
computations. Next, we use the complete relay model to study resistive faults graphically using the
new settings.

To illustrate the setting rules, we use an actual case in the Tennessee Valley Authority system with
two coupled 161kV lines and a Permissive Overreach Transfer Trip scheme. The model uses actual
relay comparator equations and internal supervising logic. Curves show how the largest detectable
fault resistance varies with fault location. For one chosen fault location, a "relay view" in the R-X
diagram plots the limits of apparent impedance as an expanded mho circle. Its diameter approximately
equals the reach setting plus the equivalent source impedance behind the relay. The "system view"
shows the line ohms and the actual limit of arc resistance that the relay can see. The setting rules limit
the pilot zone to avoid operation for secondary-winding faults on the tapped transformers, but the
relay will trip sequentially after the remote breaker has opened.

An output module for each relay manufacturer's model of interest converts the primary settings and
the CT and VT ratios to the named tap settings and saves the values in the database. Thus, the relay
model is "set" in the same way as the physical device. Import/export facilities can communicate with
a physical relay via vendor databases, or can send settings to a field engineer.

Keywords – Relay Setting - Protective Relaying - Transmission Protection - Pilot Relaying

2
 B5-203

A STEPPED-EVENT TECHNIQUE FOR SIMULATING PROTECTION SYSTEM

RESPONSES

A. GOPALAKRISHNAN*, D. M. MACGREGOR, J. J. QUADA, D. B. COLEMAN

ELECTROCON INTERNATIONAL, INC.

USA

This paper describes a technique for calculating the approximate time response of a protection system
subjected to an arbitrary fault. The method requires the sequence model of the network already
maintained by most utilities for short circuit calculations together with readily available information
about the protective devices. A series of steady-state calculations simulates the sequence of protective
device operations from the moment a fault occurs until the last breaker opens to clear it. Facilities
exist for simulating pilot protection schemes and single pole tripping.

The primary objective of the stepped-event method is to find miscoordinations easily. Since
miscoordinations can occur at any stage of the fault clearing process, it is necessary to account for
changes in voltage and current, and their impact on protective device operation, as various breakers
operate and open. Time overcurrent relay elements that were responding to the fault prior to a breaker
operation will be partially timed out when the breaker operates and will therefore operate differently
(usually faster) than one would otherwise predict. Supervised elements that were not permitted to
operate previously may now be started, or vice versa.

In the simulation process described in the paper, a fault is applied and the (steady state) electrical
quantities are computed for all protection devices “near” the fault. The tripping logic is evaluated for
all relays at each location. The predicted trip times of each relay panel (group of relays at a location)
are then computed and compared. The fastest relay panel or panels (if there is simultaneous
operation) are allowed to operate and the relevant breakers are opened. Since the network topology
has changed, the fault is reapplied and all electrical quantities are recomputed. The responses of all
protective device elements are re-evaluated. The simulation of partially timed out elements (time
overcurrent elements and timers) continues from the first event. Again, the tripping logic of each relay
panel is evaluated and the fastest are allowed to operate their breakers. This concludes the second
event. The stepped-event procedure continues in this manner until either the fault is cleared or no
further breaker operations are predicted.

The environment within which the stepped-event technique is implemented includes a number of data
models and software structures such as: detailed relay models and comparator equations, partial time-
overcurrent element time-out from one breaker opening to the next, internal and external supervision

*
eii@electrocon.com
between relay elements, actual CT and VT configurations, groupings of relays into relay panels,
tripping logic expressions associated with the relay panels and a relational database for storage of both
catalog data and data specific to a given utility.

Implementation of the stepped-event technique takes two forms:

1. An interactive simulation, typically initiated from a one-line diagram. This method is useful for
post-mortem analysis of fault events, or for special studies. After each breaker opening, the
simulation pauses for the user to give a continuation command. A number of reports are available
for the user to study: relay panel operating time, individual relay operating times, etc.
2. A batch implementation, in which there is no pause between breaker openings. The user defines
an area of the network where miscoordination studies are to be performed. In addition, the user
also specifies the types of faults to be applied, after which the simulation proceeds unattended.
Miscoordinations are reported.

Finally, two examples illustrating the interactive and batch methods of stepped-event analysis are
presented.

Keywords – Relay Modeling – Relay Coordination – Steady State Simulation – Pilot Protection –
Single Pole Tripping – Protection Engineering

2
 B5-204

INTERUCA Project: UCA interoperability for distributed control within electrical

substations

IKER CANALES * PEDRO IBAÑEZ JUAN TORRES ENRIQUE GARCIA

ROBOTIKER ROBOTIKER IBERINCO IBERDROLA
(Spain) (Spain) (Spain) (Spain)

FERNANDO COBELO JUAN A. URQUIZA JOKIN GALLETERO

ZIVP+C TEAM-Arteche GE Power Management
(Spain) (Spain) (Spain)

Electric, gas and water utilities are immersed in a moment of great changes, especially due to energy
markets liberalisation, so they must focus their efforts on improving efficiency and services and
reducing costs. Thus new substation devices are needed in order to increase functionality and decrease
costs. So far these equipments functionality is severely limited by a lack of standardisation and peer-
to-peer communication capability, because of the great number of existing proprietary protocols and
data solutions.

A real standardisation is therefore required. It is arising a need for an architecture based on a set of
standards and open protocols which helps for eliminating extra costs, and redundancies and
inconveniences related to the use of proprietary communication interfaces, so rejecting protocol
converters when integrating devices supplied by different manufacturers. In this sense, and taking
UCA 2.0 as starting point, IEC has recently finished the definition of standard distributed object-based
communications architecture IEC 61850, which not only keeps UCA 2.0 compatibility, but also
increases its functionalities, offering interoperability among devices supplied by different
manufacturers over the same data network, besides high-speed real-time data exchange and peer-to-
peer communications.

In view of all this interest generated by recent standard IEC 61850, and as a result of the initiative of
enterprises involved into substation control and protection equipments installation process
(manufacturers, engineering and utility), along with the participation of a technological center, in early
2001 the INTERUCA Project is proposed in order to test within a real pilot substation the kindness
of new IEC 61850 standard, previously adapting to it devices utilized for substation management,
control and protection, and trying both to achieve an efficient way to verify interoperability among
devices supplied by different manufacturers (message exchange through peer-to-peer communication
schemes, real-time data transmission, time synchronization,…), and to obtain experience at
interpretation of new standard IEC 61850, checking out the feasibility of its adaptation and finding out
their advantages and disadvantages given by its implementation.

* ROBOTIKER, Tecnalia Technology Corporation, E-48170 Zamudio - Bizkaia (Spain). E-mail:

iker@robotiker.es
 B5-205

Operation rules determined by risk analysis

For Special protection systems at Hydro-Québec

J.A. Huang* S. Harrison L. Wehenkel

G. Vanier F. Lévesque
A. Valette

Institut de Recherche d’Hydro-Québec Hydro-Québec TransÉnergie University of

Liege
(Canada) (Canada) (Belgium)

Summary

The operation criteria at Hydro-Quebec require that the power system remains stable without any
assistance of Special Protection Systems (SPS) following normal contingencies. These normal
contingencies are hence used to determine the secure transfer limits for the various corridors of the
system, in compliance with the Northeast Power Coordinating Council (NPCC) criteria.

In addition to these requirements, Hydro-Québec considers that it is also important for the system to
remain stable after certain extreme contingencies. The system stability is maintained by the automata
of Special Protection Systems. According to the event and the configuration of the power system, the
special protection system – the RPTC system (“Rejet de Production et Télé délestage de Charge” in
French) activates the generator rejection and remote load shedding scheme. The operation rules of
these protection systems are complex to establish because of the large number of network
configurations to be covered as well as the great quantity of possible events. Conventionally, the
settings of these RPTC systems were defined using deterministic techniques, which focus on the
worst-case scenarios. Therefore, it is difficult by the deterministic approach to find an optimal level of
generator rejection and remote load shedding. The approach by the risk analysis is a more effective
method for the design of these rules by ensuring a maximum degree of coverage while minimizing the
level of action taken by RPTC automata.

This approach is based on the analysis of a large number of real configurations of network (snapshots
of the network) periodically sampled over a long period of time (5 years). These data come from the
in-house data retrieval system installed in the Hydro-Quebec control centre.

Stability studies are performed for each network snapshot in order to determine the minimum level of
actions so that the network remains stable following the extreme contingency. These studies are
carried out under the control of software RSL (“Recherche Simultanée de Limites” in French) and the
generated results are stored in a database. Data mining techniques are applied to this database in order
to construct decision trees which can identify the relevant variables and their corresponding thresholds
to determine the automaton rules. These rules are then validated by simulation in order to be ensured
of the degree of coverage before being programmed in the field. Several examples of application of
this method are described in order to illustrate the potential of the method.

This method has provided operation and planning engineers an effective help to establish the rules of
automata and to optimize its operation.

Key words: Protection systems - Automatisms - Dynamic Security - Risk - Data Mining - Stability.
 B5-206

THE CHALLENGES MET DURING PROTECTION RELAY CERTIFICATION

D. THOLOMIER*, R ALLAIN, H. GRASSET, A. PERKS

AREVA T&D P&C SA, AREVA T&D Ltd
Lattes, France Stafford, UK

The paper examines the difficulties met during protection relay certification.
Alstom uses different type of simulator systems to:
• validate and certify new protection relays and algorithms,
• replay real transient fault records stored by numerical protection relays or disturbance recorder,
• validate relay settings and application in severe power system conditions (serie compensated line,
CT saturation, etc.),
• to conduct expertise or customer qualification tests.
Alstom has a strong history in the utilisation of analogue and digital simulation system and were the
first major relay manufacturer to install a fully digital real time simulator. In 1986, an Analogue
Transient Network System (TNA) and a MORGAT Digital Transient System developed by EdF were
installed at Alstom T&D Energy Automation & Information in Montrouge, France. In 1997, an RTDS
Simulator System was installed at Alstom T&D Energy Automation & Information in Stafford,
England.
The simulation of transient fault is used to solved a whole range of problems related to network
protection and its operation. Therefore the physical phenomena that occur in power system must be
simulated accurately and closed so much as possible to the reality. This simulation is necessary for
determining the characteristics of the relay and the limit of its operation behaviour in any severe
constraint (power swing condition, cross country fault, etc.).
Recently Alstom used ARENE, RTDS and NetSim (OMICRON) simulation systems to validate the
patented algorithms used in our new numerical busbar protection type MiCOM P740 to detect CT
saturation conditions.
This paper describes the difficulties met to simulate real behaviour of a conventional current
transformer (remanant flux, etc.) as the type of algorithm used, ensure the stability of protection in
case of saturation of the magnetic sensors during severe external faults. A detection of saturation can
require blocking of the protection until the sensor comes out of saturation and returns to the linear part
of its functional characteristic. With this intention, the detection algorithm models the transformer
functioning in the linear and saturated states. The principle which can be retained consists in
modifying the response to the signal from the sensor according to a predicted signal and to calculate
the image of the magnetic flux present in the secondary circuit of the CT.
This proved the importance to have certification tools closed to the power system reality knowing that
our customers used also such systems to qualify internally protection relays (for example EdF, TNB
Malaysia, etc.).
* damien.tholomier@tde.alstom.com
 B5-207

PROTECTION SYSTEMS DATA BASE

Stelian Gal, Eng. Ph.D. Florin Balasiu, Eng. Ph.D. Nicolae Chiosa, Eng.
Transelectrica-ST Sibiu Transelectrica-ST Sibiu Transelectrica-ST Timisoara

1. Introduction

The amount and complex structure of the data handled by protection engineers has always required a
very coherent document filing and inventorying system. Secondary wiring diagrams, protection relays data
sheets, settings information, protection device operation records etc., are just part of the library required for a
protection department.
The necessity of an information system, using up-to-date technology from the I.T. and data transmission
field, emerged from the need to increase the efficiency and quality of maintenance and development activities in
secondary sub-systems. The main component of this information system is the database, and its proper
organization and efficient operation play a major role in achieving the goal set.
The database has a compact structure, opened for future entries at company level, and allows the
performance of studies, trend evaluations, and maintenance planning, investments and financial management in
addition to good device operation.
A pilot project was implemented at Timisoara Power Transmission Subsidiary of “Transelectrica”
Authority, where several particular activities for application development and implementation were performed.
The project, built by the manufacturer together with the department’s specialists, members of GS-B5, will be
implemented at company level.
The database information users are protection engineers, maintenance engineers, disturbance analysis staff, designers and consultants.

2. Application overview

2.1. General data

The management software BDPRTOT is intended for database maintenance and query. The
database is a MICROSOFT ACCES ’97 file, placed in the application’s installation directory. The
software was developed using MICROSOFT VISUAL BASIC 6.0.
The application is network compatible and requires the following hardware:
- at least 10 MB hard disk space on each workstation;
- at least 20 MB hard disk space on the server;
- minimal requirements for workstations: Pentium compatible processor 133MHz, 32MB
RAM, 1,2GB HDD.
The following diagram shows the database architecture:

Server Workstation Workstation

„bdprot.mbd” „Admin” „Protection engineer”

Network Computer

Workstation Workstation Workstation Workstation

„Maintenance eng.” „Disturb. supervisor” „Operation” „Operation”

 2.2. Database parts

„Nomenclature” Section
This section stores the data required for application operation, in the form of nomenclature
tables, and contains the following information:
- protection devices location;
- protection devices types and their functions;
- keywords for different types of documents.

„Operation analysis” Section

This section contains information regarding post-event analysis, as follows:
– protection and automation signals, fault locators indications, etc. linked to the events,
reported by operation staff;
– disturbance recordings, event sequences acquired either from digital protection terminals
or digital disturbance recorders.

„Technical documentation” Section

This database component contains:
– the substations single line diagrams;
– block diagrams, basic and extended diagrams of the secondary wiring and of the
protection relays;
– technical data of the protection relays;
– various procedures for secondary wiring testing;
– operation instructions for protection systems;

3. Database applications
- Planning and performing of the maintenance operations
- Protection devices operation analysis
- Operation monitoring of the primary equipments (e.g. monitoring of circuit breaker
operation times, fault current magnitude during opening etc.)
- Power system state analysis (e.g. fault current magnitude recording, measured
impedances etc.)
- Reliability factors for Reliability Based Maintenance implementation
- State analysis of major incidents and faults.

4. Conclusions
The most important benefits of implementing the database „BDProt” are:
– time reduction for works preparation;
– better planning of maintenance activities for protection and automation installations, based
on operation behavior and relays parameters evolution;
– increased operation reliability of protection systems, due to early identification and
adjustment of protection relays performance deviations;
– database integration at company level.
 B5-208

AUTOMATED RELAY SETTING AND PROTECTION DATABASE

MANAGEMENT SYSTEM

B.W. Min* S.J. Lee M.S. Choi S.H. Kang S.H. Hyun H.P. Kim J.H. Roh J.W. Hong
Next-Generation Power Technology Center KEPCO

(Korea) (Korea)

KEPCO and Next-Generation Power Technology Center (NPTC) of Myongji University have
developed an integrated protection relay setting tool "PROSET2000" in 2000 and it has been used in
the field for three years, having gone through many revisions accommodating requests by the relay
engineers. This paper reports its main features and development details.
PROSET2000 runs on PC under WINDOWS2000(Server) and WINDOWS 98 or WINDOWS-
XP(Client) operating system and can perform a series of jobs required for the relay panel setting in
one environment. It has an open system architecture that has a database in the center and the
application programs around it. Each application’s MMI has been standardized and all the necessary
information to comprise the graphic screen is stored in the database for achieving the open MMI.
Owing to this, any new application program developed in the different programming tools can easily
be integrated into the system and any existing application program can be taken out without affecting
the operation of other programs. The relay setting module programmed in OOP paradigm can handle
almost all models of protection panels currently used in KEPCO. It automatically identifies the
appropriate setting rule and performs the fault calculation. The setting results are saved into the
database and the necessary documents – step report and setting summary are generated.
Among many improvements made since its field application, the more convenient and the more
friendly database management environment could be considered as the most significant one. Database
contains all the protection-related data and was constructed using ORACLE. The developed DBMS
has not only basic data handling functions such as data input, delete, change, backup, restoration, etc.
but also such various functions for the protection data management: a) PSS/E Data Generation
function to automatically generate the input data file for PSS/E. b) PSS/E Data Input function to read
the PSS/E data file into the database. c) Panel Data Copy function to copy data of one relay panel into
another relay panel. d) Setting Table Transfer function to extract the data of the specific relay panel
from the database and saves into the file in the text-format. The file data can also be read into the
database by using this function. e) Setting History Management function to save the old setting data as
the new setting is generated and saved into the database. f) 3-layered Tree-based Database Search
function to make the data search a lot easier. PROSET2000 has a client/server structure that provides a
remote access through the communication network and web-based viewing function of the database.
Many years’ field experience has proved its effectiveness and usefulness in achieving the accurate
relay setting and consistent data management improving the productivity of the relay engineers.
Keywords: Power System Protection, Protection Relay, Relay Setting, Database Management System

* Next-Generation Power Technology Center, Myongji University, Yongin 449-728 Korea

E-mail: minbu@mju.ac.kr
 B5-209

Integrating Protection Engineering and Management Tools for Utility Practices

Zainoren B. Shukri* Abdullah Asuhaimi Mohd Zin

TNB Transmission Division Electrical Engineering Faculty
Tenaga Nasional Berhad Universiti Teknologi Malaysia

(MALAYSIA)

K.L. Lo
University of Strathclyde, Scotland

(UNITED KINGDOM)
Summary: Integrated Protection Engineering and Management System (IPEMS) is a research project
to integrate various tools and application system used to manage protection system and its component
through out its lifetime. Its objectives are to increase engineering analysis efficiency and establishing
knowledge-based support system in the management of protective relay and control systems. Such
project is critical to Tenaga Nasional Berhad (TNB) due to declining numbers, interest and quality of
present power system protection engineers.

The pre-conception of IPEMS was based on the protection life-cycle management, referring to
ISO9001 standards model. The business processes were reviewed and modeled. Consequently, the
engineering analysis tools were remapped to the business process to ensure tools for competent
decision making, planning and implementation action are available. Various existing engineering and
management tools within TNB (stand-alone and enterprise-wide) were surveyed; current middleware
technologies and web-based solution were assessed, to develop the final integration strategies, i.e.,
engine coherency, data collaboration, consistent user-interface and e-portal.

With those strategies, the integration architecture was conceived. The detailed overview of IPEMS
was described comprising of the Office, Project, Functional Task, Document and Knowledge-based
management modules. It acts as a portal to the various engineering and management applications and
provides intelligent tools to search request from users, e.g., fetching data and process into
information, executing engineering applications and generates reports, knowledge-based assistant,
etc. Although there are current limitations with the commercially-of-the-shelf applications,
cooperation was sought from vendors to provide web-enabled applications in the near future
improvement. Detailed relay setting management within IPEMS was described. Its process was based
on the Malaysian Grid Code requirements to ensure settings calculation, verification, approval,
implementation, testing and auditing tasks are managed appropriately, as wrong application could
lead to large system disturbances.

The benefit of IPEMS as a web-portal to protection information (engineering and management)

system is expected to increase transparency among the users, inculcating better engineering culture.
In the next phase, artificial intelligence will be used to further enhance the proficiency and
competency of system protection engineers through knowledge-management.

Keywords: Lifecycle Management – Protection Engineering – Tools – Integration Strategy –

Integration Architecture – Web-portal – Settings Management