Solutions for SCADA system Communication

Reliability in Photovoltaic Power Plants

Hu Guozhen1 2, Cai tao1 , Chen Changsong1, Duan Shanxu1
1. College of Electrical and Electronic Engineering, Huazhong University of Science Technology, Wuhan 430074, Hubei
Province, China;
2. Huangshi Institute of Technology, Huangshi 435003, Hubei Province, China
Abstract Supervisory Control and Data Acquisition (SCADA)
Systems are used in photovoltaic (PV) power plants for monitoring,
control, remote communication purposes. The ingredient of SCADA
system in PV power plants is introduced in this paper. In order to
improve security and reliability of the SCADA system in PV plants,
this paper provides two effective solutions, security access control
strategy and redundancy mechanism. The proposed security access
control strategy adopts some measures, such as security authentication,
data encryption, as well as role-based access control. These measures
can solve communication security issues between the SCADA system
remote terminal units (RTU) and SCADA configuration server.
Furthermore, Device and network redundancy is presented in the
SCADA system. And redundancy switching mechanism has been
implemented through four redundancy services. The availability of the
SCADA system can be validated through SCADA configuration
server.
Index Terms: Supervisory Control and Data Acquisition SCADA
Photovoltaic (PV)
Remote terminal units (RTU)
Security
certification Redundancy

I.

also related to reliability of SCADA system ( R SCADA ). At

present, many literatures study the reliability of PV array and
converter [4]-[6]. But there are little literature considering
reliability of SCADA system in PV power generation system.
In [3], Risk assessment of SCADA in power systems has been
performed and it points out that the unreliability of SCADA
system would bring about greater economic losses. This paper
concentrates on the reliability of SCADA system and provides
appropriate solutions to improve the reliability.
PV Plant1

Grid
or
Load

PV-subnet

...
SCADA-RTU

PV
Plant 2

PV
... Plant
N

INTRODUCTION

With the wide use of renewable energy resource (RES),

traditional energy resource structure have been adjusted and
modulated. Solar energy becomes ideal alternative energy of
traditional fossil energy for its wealthy resource, wide
distribution and availability in environmental protection [1] [2].
In recent years, Supervisory Control and Data Acquisition
(SCADA) system has been widely applied in power system
substation automation and becomes a focus of electric utility.
At the same time, SCADA system has been used in PV power
generation area, especially in large-scale application of PV
plants.
Photovoltaic power generation system can be divided into
stand-alone PV system and grid-connected PV system.
Grid-connected PV power systems (PV power plants) consist
of PV array, converter, energy management system (EMS), and
other several parts and so on. A typical distributed network of
PV power plants is shown in Fig. 1. SCADA system is a critical
sub-system of Energy Management System (EMS) in PV
power plants. Its core part is Remote Terminal Unit (RTU).
By considering that the system shown in Fig.1 is formed by
a set of sub components, its total reliability RTotal can be
expressed: RTotal

PV plants efficient operation is not only related to

reliability of PV arrays and converter ( R pv and Rconverter ), but

R pv R converter R SC AD A

,(((

SCADA
Configration
Server

OPC
DB

Fig.1.Distributed network of PV power plants

The reliability of SCADA system is mainly affected by

two factors: communication security and device failure.
Distributed SCADA system communication network security is
related to entire photovoltaic power plants security. Illegal or
wrong information could disturb decision-making instructions,
even lead to system malfunction. IEEE Power Energy Society
(PES) has set up a special working group to study SCADA
system network information security issues [7]. Device failure
is also an important factor to affect the reliability of SCADA
system. To solve device failure issues, there are two ways:
improving device mean time between failures (MTBF) and
providing device redundancy. Though improving device
hardware and software MTBF is a good solution, it can not
eliminate the impact of damage to equipment in unexpected
condition (such as component failure, misoperation). In
long-distance communication condition, if the disable device
can not be replaced timely, PV power plants will stop running
and the losses are serious. In PV power generation system
device redundancy scheme should take investment cost into
account. However, the cost of SCADA system in actual budget



,3(0&

only takes one tenth of the whole investment. At the same time,
considering the important role of SCADA system in PV power
plants, device redundancy can be seen as a feasible method to
solve equipment failure and improve the reliability of SCADA
system.
This paper focuses on improving communication reliability
of SCADA system in PV power plants through adopting
effective security strategy and redundancy mechanism. Section
2 presents the component of SCADA system in PV power
plants. Section3 studies security communication mechanism in
distributed PV power plants network. SCADA system
redundant structure is shown in section 4, and in this section
redundancy switching mechanism is discussed. Finally, some
functions of the SCADA system were verified through SCADA
server configuration software.
II.

SCADA SYSTEM STRUCTURE

In this study, the structure of a grid-connected PV

generation system is depicted in Fig. 2. The design scheme that
one DSP chip integrated system controller with local SCADA
RTU was adopted. This design scheme improved control
performance and saved system costs. Control circuits, PWM
drive circuit, as well as signal conditioning circuit were omitted
in Fig.2.
39$UUD\

,QYHUWHU

communication latency (about 0.5-2s) and low reliability.

Nowadays in industrial communication area, there are a
number of fieldbus (such as PROFIBUS. HART, FF.etc).
Among these fieldbus, industrial Ethernet fieldbus displays its
predominant advantages in many fields for its high
transmission rate, strong compatibility and network
management. Combining with actual network requirement of
PV power plants, our system adopted industrial Ethernet
fieldbus which was based on TCP (UDP) / IP protocol as work
communication bus. And RS485 was adopted as redundant
communication bus at the same time. As shown in Fig.2, Port1
was Ethernet communication interface (RJ-45). Port2 was
RS485 communication interface and A / B were RS485
differential signal output.
III.

COMMUNICATION SECURITY

A. Security communication strategy

Distributed PV power plants are an open network
communication system .If processes are monitored and
controlled by devices connected over the SCADA system then
a malicious attack has the potential to cause significant damage
to PV power plants. A set of communication mechanism
between SCADA RTU with SCADA server was presented in
Fig. 3.
SCADA
Server

SCADA-RTU
idc

D1

KDC

DCT

T1

D2

T3

T5

V dc
C1

Link request

Link respond

ACT1

LCL
Filter

C2

ACT2

Security certificate

Apply key

ACT3

Security certificate
Request or Respond
Apply or Distribute Key

Device announcement
T4

T6

T2

Date or Service
ACK

PT1

PT
PWM1

PWM6

Fig.3.Security communication mechanism

temperature
irradiance

SCADA -RTU
Port 1: Ethernet
(RJ45)

Port 2: RS485

Fig.2. SCADA in grid-connected PV system

As shown in Fig.3, before data communication between

SCADA RTU and server, a secure connection should be
established to ensure that unauthorized entities cant gain entry
into the network. Firstly, RTU sent link request message to
SCADA server and could not do any operation before getting
back link respond message from SCADA server. In order to
identify whether the RTU was a legal device or not, RTU
requested to the server for certification and applied for a new
security key. SCADA server identified the RTU through Key
distribution center (KDC) (KDC could be an independent
server or integrated with the SCADA server). If the RTU was
legal device, KDC distributed a new sub-key return to the RTU.
After completing security certification operation, if the
equipment was identified as a security device, RTU began to
broadcast device announcement message. In order to improve
communication quality of SCADA system, Confirm
mechanism was provided. When RTU didnt receive ACK in
one cycle after performing a data or service message sending
operation, it should perform a retransmission and didnt need to
re-establish connection.

Local SCADA system in PV power plants is composed of

data acquisition unit, RTU, and communications unit. The
SCADA system could measure and collect PV array
temperature, irradiance, DC output voltage and current, inverter
output AC voltage and current relay switch state and so on.
Data acquisition unit consisted of current transformer (DCT
and ACT) and voltage transformer (PT). The design of SCADA
system communication unit depended on the selection of
communication method. At present in RES power generation
system several communication methods were adopted in
remote monitoring, such asRS485, Internet, GSM, GPRS, GPS,
industrial fieldbus [8]-[10].
Although GSM, GPRS, and GTS have their unique
advantages, the high costs of investment cause these
communication methods not to be suitable for PV power
systems. The costs contain device investment and additional
communication costs. Internet WEB communication is B. security measure
The proposed communication mechanism involved three
extensively used in many areas, but it is also not suitable for
security
measures.
sending control information in power systems for its high

,(((



,3(0&

1) Security certification. Security certification performed the

operation of validating Security License. Security License
included device authority (License ID, Authorized device list,)
and key information (key type, key length). It was used to
identify the device privileged.
2)Encryption. Data encryption can prevent data destruction or
illegal wiretapping. Ethernet data packet encryption process in
SCADA system is shown in Fig. 4. AES (Advanced Encryption
Standard) algorithm was adopted to encrypt Ethernet media
access control access layer protocol data unit (MAC-PDU).
And XOR algorithm was used to encrypt application layer
protocol data unit (APL-PDU). Both these two encryption
algorithm carried with transmission key distributed by KDC.
Thus the encrypted PDU could avoid malicious damage or
illegal eavesdropping.

announcement service, Synchronization request service,

Synchronization service and Device Switching service [11].
These services aimed at industrial Ethernet fieldbus, not for
RS485.
RS485 Centralized
Controller

Gateway
Switch

6&$'$578

2 $OWHUQDWH
1 GHYLFH

6&$'$578
$FWLYH 1
GHYLFH
2

2 6&$'$578
1 $OWHUQDWH
GHYLFH

6&$'$578
$FWLYH 1
GHYLFH
2

...

...

$FWLYH%XV

PV2

$OWHUQDWH%XV

Port 1
TCP/IP
Port2 Modbus

PV1
...

Fig.5. SCADA system redundant topology

KDC

Redundant
state
announcement
service
(R_DeviceActiveAnouncement) is broadcasted in every cycle
Transport Key
by active device. Synchronization request service
(R_SynRequest) is sent by new device to request configuration
MAC-PDU
PDU
APL-PDU
information and operating information. Synchronization service
(R_Syn) implements the function that active device sends
configuration and operating information to new access device.
PDU with Key
When the active device was malfunction, alternate device
Fig.4. Data packet encryption process
3) Role based access control. In Power generation systems, broadcast device switching service (R_DeviceSwitch) message.
different users should have different rights. Role based access And the service included PD Tag, active device IP and failed
control (RBAC) strategy was introduced. Three roles device IP.
(administrator, operator and ordinary user) were set in this C. Redundancy switching
system. Ordinary users could only view parameters of the 1) Device redundancy switching
Active device
Alternate device
system and didnt have the authority to change the parameters.
But operators could modify the parameters. System
R_SynRequest
R_SynRequest Resp(+)
administrator was the highest authority owner, who took charge
Work
R_Syn
of SCADA system control strategy, and had the rights of adding
or reducing users number and their privileges.
R_Syn Resp(+)
Device message
AES
encrypt

IV.

XOR
encrypt

...

REDUNDANCY MECHANISM

R_DeviceActiveAnouncement

To further enhance the reliability of SCADA system,

redundant technology was presented.
A. redundancy topology
SCADA system redundant topology in PV power plants is
shown in Fig.5. Redundant system consisted of two sets of
redundant bus (based on TCP / IP Ethernet fieldbus and based
on Modbus RS485 bus). The active device and alternate
device should be produced by the same manufacturers and be
the same type. Type and communications port number of
device could be assigned by SCADA Server configuration.
Under normal circumstances, active device was running. And
when this device was malfunction, alternative RTU was
enabled through redundancy switching operation. Ethernet
and RS485 Bus switched through different port (Port1 and
Port2). The realization of network redundancy and device
Redundancy switching operation depended on corresponding
redundant services.

R_DeviceActiveAn ouncement

T
T
T

Fault
Active device

Fault device
R_DeviceSwitch

Fig.6. Redundancy switching mechanism

Active RTU, alternate RTU and their communication port

can be assigned by SCADA configuration server when devices
powered on .Device switching mechanism was shown in Fig. 6.
In normal condition, alternate RTU sent Synchronization
request service message (R_SynRequest) to active device.
Active device gave a respond back to alternate device after
receiving this message, and then called redundant
synchronization service (R_Syn) which was used to send to
device information and data to the alternate device. Active
device should broadcast a device announcement service
message
(R_DeviceActiveAnouncement)
in
each
communication cycle T. This message included time stamp. If
alternate device did not receive this message in two cycle
(check the time-stamp), device redundancy switching service
B. redundancy services
In order to achieve redundancy switching operation, four (R_DeviceSwitch) would be triggered immediately. Alternate
services was defined as follows: Redundant state device became operating device, and the active device was

,(((



,3(0&

defined as fault device.

2) Network redundancy switching
Available communication network is a prerequisite for
device redundancy. Aiming at network failure, RS485 serial
communication bus was designed as redundant network bus in
SCADA system. Generally, all messages should be sent in TCP
/ IP Industrial Ethernet fieldbus in PV power plants. In each
Cycle (T) RTU sent a device announcement message in
communication network. If configuration server didnt receive
this announcement in four communication cycle (double time
of redundancy switching time), the server judged that the active
Ethernet was malfunction and switched to RS485 bus
automatically. And communications port switched from Port
1to Port2. RS485 bus based on Modbus communication
protocol followed "inquiry - response" mode. In this mode
Configuration server sent inquiry command to RTU and waited
to receive information from RTU.

Fig.10.The service messages were captured through a protocol

analysis softwareEthereal. When active device (128.128.2.17)
was malfunction, alternate device (128.128.2.15) was switched
to be active device and sent device announcement messages.

Fig.10 Device switching process

VI.

CONCLUSIONS

In this paper, a complete SCADA system of PV power

plants has been present. Concentrating on the communication
reliability of SCADA system, security communication strategy
and redundancy mechanism have been provided. Security
V. EXPERIMENTAL TESTS
The complete three-phase PV generation system was set up communication strategy ensured reliable communication
in laboratory as shown in Fig.7. PV modules were placed on between SCADA RTU and server. It can avoid the system
the roof of our department. RTU in SCADA collected data and being disturbed or breached by invalid message. Simultaneity,
the realization of redundancy mechanism improved the
sent to remote PC (configuration server).
reliability of SCADA communication network. The proposed
two methods are used in grid-connected PV generation system
in Laboratory and could be effectively employed in RES
remote communication areas.
REFERENCES

Fig.7 Experimental set-up in laboratory

Fig.8 shows security access monitoring interface of

SCADA system. Before operating in this interface, the user
must enter his/her user ID, password, and priority. If either user
ID or password is wrong or incorrect, the user was refused to
access. Fig.9 shows the page of devices running state. ST2bak
is a redundancy device of ST1.The parameter and
communication state of ST2bak, such as device cycle, active
tag, enable operate time, can be seen in Fig.9.

Fig.8. Security access interface

Fig.9 Redundancy device running state

Redundancy device switching process was shown in

,(((

[1]J. M. Carrasco, L. G. Franquelo, J. T. Bialasiewicz, E. Galvn,R. C. Portillo,

M. . Martn Prats, J. E. Len, and N. Moreno-Alfonso,Power-electronic
systems for the grid integration of renewable energy sources: A survey, IEEE
Transaction on Industrial Electronics, Vol.53, No.4, pp.10021016, Aug.
2006.
[2] Benghanem, M.Maafi, A.Data acquisition system for photovoltaic systems
performance monitoring, IEEE Transactions on Instrumentation and
Measurement, Vol.15, No.1, pp.30 33, Feb. 1998.
[3] Hamoud, G. Chen, R.-L. Bradley, Risk assessment of power systems
SCADA, IEEE Power Engineering Society General Meeting, 2003, Vol.2, Jul.
2003.
[4]Zimmermann, C.G, The Impact of Mechanical Defects on the Reliability of
Solar Cells in Aerospace Applications,IEEE Transactions on Device and
Materials Reliability,Vol.6,No 3,pp.486-494, Sep. 2006.
[5]Calogero
Cavallaro,Angelo
Raciti,Antonino
Torrisi,
Reliability
improvement of photovoltaic power conversion systems by an optimal
remote-management controller, Fourth IEEE International Caracas
Conference on Devices, Circuits and System, Aruba, Apr 17-19,2002.
[6] Chan, F, Calleja, H ,Reliability: A New Approach in Design of Inverters
for PV Systems.10th IEEE International Power Electronics Congress, pp.16,
Oct. 2006.
[7] Vinay M. Igure, Sean A. Laughter, Ronald D.Williams, Security issues in
SCADA networks, Computers & Security.Vol.25, No. 7, pp. 498-506, Oct.
2006.
[8] Krauter, Stefan,Depping, Thomas. Satellite monitoring system for remote
PV-systems, Conference Record of the IEEE Photovoltaic Specialists
Conference, 2002, pp. 1714-1717.
[9]Gagliarducci, M,Lampasi,D.A,Podesta, GSM-based monitoring and control
of photovoltaic power generation , Measurement: Journal of the International
Measurement Confederation, Vol.40, No.3, pp.314-321,Apr.2007.
[10] Wang Li,Liu Kuo-Hua, Implementation of a web-based real-time
monitoring and control system for a hybrid wind-PV-battery renewable energy
system, Engineering Intelligent Systems, Vol.15, No.2, pp.99-105, Jun. 2007.
[11]IEC 62409: Specification of EPA system architecture and communication
for industrial measurement and control system[S], 2006.



,3(0&