Archives

• Security event reporting through the Syslog protocol for supporting Security

Information Event Management (SIEM) systems for centralized cyber security

monitoring.

There are two types of authentication supported by CyberSentry that can be used to

access the 889 device:

• Device Authentication – in which case the authentication is performed on the

889 device itself, using the predefined roles as users (No RADIUS involvement).

– 889 authentication using local roles may be done either from the front panel or

through EnerVista.

• Server Authentication – in which case the authentication is done on a RADIUS server,

using individual user accounts defined on the server. When the user accounts are

created, they are assigned to one of the predefined roles recognized by the 889

– 889 authentication using RADIUS server may be done only through EnerVista.

FASTPATH: WiFi and USB do not currently support CyberSentry security. For this reason WiFi is

disabled by default if the CyberSentry option is purchased. WiFi can be enabled, but be

aware that doing so violates the security and compliance model that CyberSentry is

supposed to provide.

Enervista Viewpoint Monitor does not currently support CyberSentry security.

With the CyberSentry security option, many communication settings cannot be changed

remotely. All communication settings can still be changed through the relay front panel.

CYBERSENTRY

The CyberSentry Embedded Security feature is a software option that provides advanced

security services. When the software option is purchased, the Basic Security is

automatically disabled.

CyberSentry provides security through the following features:

• An Authentication, Authorization, Accounting (AAA) Remote Authentication Dial-In

User Service (RADIUS) client that is centrally managed, enables user attribution, and

uses secure standards based strong cryptography for authentication and credential

protection.

• A Role-Based Access Control (RBAC) system that provides a permission model that

allows access to 889 device operations and configurations based on specific roles

and individual user accounts configured on the AAA server. At present the defined

roles are: Administrator, Operator and Observer.

• Strong encryption of all access and configuration network messages between the

EnerVista software and 889 devices using the Secure Shell (SSH) protocol, the

Advanced Encryption Standard (AES), and 128-bit keys in Galois Counter Mode (GCM)

as specified in the U.S. National Security Agency Suite B extension for SSH and

approved by the National Institute of Standards and Technology (NIST) FIPS-140-2

standards for cryptographic systems.

The following security features are available:

BASIC SECURITY

The basic security feature is present in the default offering of the 889 relay. The

889 introduces the notion of roles for different levels of authority. Roles are used as login

names with associated passwords stored on the device. The following roles are available

at present: Administrator, Operator, Factory and Observer, with a fixed permission

structure for each one. Note that the Factory role is not available for users, but strictly used

in the manufacturing process.

The 889 can still use the Setpoint access switch feature, but enabling the feature can be

done only by an Administrator. Setpoint access is controlled by a keyed switch to offer

some minimal notion of security.

Phasors, Transients, and Harmonics

All waveforms are processed eight times every cycle through a DC decaying removal filter

and a Discrete Fourier Transform (DFT). The resulting phasors have fault current transients

and all harmonics removed. This results in an overcurrent relay that is extremely secure

and reliable and one that will not overreach.

Processing of AC Current Inputs

The DC Decaying Removal Filter is a short window digital filter, which removes the DC

decaying component from the asymmetrical current present at the moment a fault occurs.

This is done for all current signals used for overcurrent protection; voltage signals use the

same DC Decaying Removal Filter. This filter ensures no overreach of the overcurrent

protection.

The Discrete Fourier Transform (DFT) uses exactly one cycle of samples to calculate a

phasor quantity which represents the signal at the fundamental frequency; all harmonic

components are removed. All subsequent calculations (e.g. power, etc.) are based upon the

current and voltage phasors, such that the resulting values have no harmonic

components. RMS (root mean square) values are calculated from one cycle of samples

prior to filtering.

Protection Elements

All voltage, current and frequency protection elements are processed eight times every

cycle to determine if a pickup has occurred or a timer has expired. The voltage and current

protection elements use RMS current/voltage, or the magnitude of the phasor.

Frequency

Frequency measurement is accomplished by measuring the time between zero crossings

of the composite signal of three-phase bus voltages, line voltage or three-phase currents.

The signals are passed through a low pass filter to prevent false zero crossings. Frequency

tracking utilizes the measured frequency to set the sampling rate for current and voltage

which results in better accuracy for the Discrete Fourier Transform (DFT) algorithm for offnominal

frequencies.

The main frequency tracking source uses three-phase bus voltages. The frequency

tracking is switched automatically by an algorithm to the alternative reference source, i.e.,

three-phase currents signal if the frequency detected from the three-phase voltage inputs

is declared invalid. The switching will not be performed if the frequency from the

alternative reference signal is detected invalid. Upon detecting valid frequency on the

main source, the tracking will be switched back to the main source. If a stable frequency

signal is not available from all sources, then the tracking frequency defaults to the nominal

system frequency.

Description of the 889 Generator Protection System

CPU

Relay functions are controlled by two processors: a Freescale MPC5125 32-bit

microprocessor that measures all analog signals and digital inputs and controls all output

relays, and a Freescale MPC8358 32-bit microprocessor that controls all the advanced

Ethernet communication protocols.

Analog Input and Waveform Capture

Magnetic transformers are used to scale-down the incoming analog signals from the

source instrument transformers. The analog signals are then passed through a 11.5 kHz

low pass analog anti-aliasing filter. All signals are then simultaneously captured by sample

and hold buffers to ensure there are no phase shifts. The signals are converted to digital

values by a 16-bit A/D converter before finally being passed on to the CPU for analysis.

The ‘raw’ samples are scaled in software, then placed into the waveform capture buffer,

thus emulating a digital fault recorder. The waveforms can be retrieved from the relay via

the EnerVista 8 Series Setup software for display and diagnostics.

Programming can be accomplished with the front panel keys and display. Due to the

numerous settings, this manual method can be somewhat laborious. To simplify

programming and provide a more intuitive interface, setpoints can be entered with a PC

running the EnerVista 8 Setup software provided with the relay. Even with minimal

computer knowledge, this menu-driven software provides easy access to all front panel

functions. Actual values and setpoints can be displayed, altered, stored, and printed. If

settings are stored in a setpoint file, they can be downloaded at any time to the front panel

program port of the relay via a computer cable connected to the USB port of any personal

computer.

A summary of the available functions and a single-line diagram of protection and control

features is shown below. For a complete understanding of each feature operation, refer to

the About Setpoints chapter, and to the detailed feature descriptions in the chapters that

follow. The logic diagrams include a reference to every setpoint related to a feature and

show all logic signals passed between individual features. Information related to the

selection of settings for each setpoint is also provided.

Overview

The relay features generator unbalance, generator differential, over excitation, loss of

excitation, 3rd harmonic neutral undervoltage, over and under frequency, synchrocheck

and other essential functions with a basic order option. Additionally available with an

advanced order option are overall differential (to protect the transformer-generator

combined), directional overcurrent elements, restricted ground fault, 100% stator ground,

out-of-step protection, rate of change of frequency, power factor, harmonic detection,

frequency out-of-band accumulation and others. An optional RTD module allows for

thermal protection and monitoring. An optional analog inputs/outputs module allows for

monitoring of generator excitation current, vibration and other parameters.

These relays contain many innovative features. To meet diverse utility standards and

industry requirements, these features have the flexibility to be programmed to meet

specific user needs. This flexibility will naturally make a piece of equipment difficult to

learn. To aid new users in getting basic protection operating quickly, setpoints are set to

typical default values and advanced features are disabled. These settings can be

reprogrammed at any time.

Operation

To put the 515 Blocking & Test Module into operation, additional parts have been provided:

• 1 package containing at least 28 terminal nuts

• 14 white tags for identification of each of the switches

The 515 provides a means of trip blocking, relay isolation, and testing of GE Multilin relays.

The 515 accomplishes this with a total of 14 switches. There are 6 single pole throw

switches for use with the output relays, and 4 groups of 2 switches each for use with the

current transformers as illustrated in Figure 1: Typical Wiring.

Isolation or opening of the relay’s output circuits is accomplished with the six switches

at terminals 1 through 6 and 15 through 20. These switches can be used to simply open

the protection relay’s output contacts and thus provide a means of blocking trips.

The 4 remaining groups of 2 switches at terminals 7 through 14 and 21 through 28 are

used for shorting of the CT inputs, injection of test current, and measuring of CT current.

The four groups correspond to Phase 1 Current, Phase 2 Current, Phase 3 Current, and Ground Current.

Each group is made up of two switches. The first switch for the Phase 1 group is at

terminal 7 and 21 and is configured as shown on the right:

Note that terminals 7 and 21 are shorted together regardless of whether the switch is open or closed.

The second switch for the Phase 1 group is at terminals 8 and 22. It is configured as shown on the right:

Note that this switch operates as make before break. When this switch is closed terminals 8 and 22 are

shorted together.

abs will be sufficient

to hold the 515 module securely in place. If additional fastening is desired bend out the clamping

screw tabs at both ends of the chassis at right angles.

Insert the #8 screws provided in the accessory pouch into the tapped holes with the vibration

proof nut between the tab and the panel. Tighten each screw until the end of the screw butts firmly against the front panel.

Ensure the nut is installed tightly against the bent tab. Nylon inserts in these nuts prevent them from vibrating loose.

The 515 test switch module should now be securely mounted to the panel with no movement ready for rear terminal wiring.

When completed, place the front cover over the mounted 515 test module and turn

the fasteners at both ends ¼ turn to lock it in place, as shown in Figure 3.

As a safety precaution, a ground screw located on the bottom-right of the

rear side of the module is available to be connected to panel chassis ground.

This in turn shorts the Phase 1 CT. It is essential that the CT is connected to the shorted side 

of the switch as shown on the right. Otherwise, dangerously high voltages would be present

at the open circuited current transformer. Also note that currents can be

injected into the protection relay from a secondary injection test set.

With the switch between terminals 7 and 21 open and the switch between terminals 8 and 22 closed as shown below,

a 515 test plug can be inserted between terminals 7 and 21 to monitor the CT current.

See the diagrams below for details. Note that the 515 test plug is made up of two conductors separated by an insulator.