Category: GE

KEY BENEFITS

• Modular construction: common hardware, reduced stock of spare

parts, plug & play modules for maintenance cost savings and

simplification

• Proven flexibility and customization capabilities make UR/URPlus

devices suitable to retrofit almost any kind of legacy P&C scheme

• Large HMI and annunciator panels provide local monitoring &

control capabilities, and backup the substation HMI

• Phasor Measurement Unit (synchrophasor) according to IIEEE®

C37.118 (2011) and IEC® 61850-90-5 directly streamed from your

protective device

• Three ethernet ports enable purpose specific LAN support that

eliminates latency effect of heavy traffic protocols on mission

critical communication services

• Embedded IEEE 1588 time synchronization protocol support

eliminates dedicated IRIG-B wiring requirements for P&C devices

• Complete IEC 61850 Process Bus solution provides resource

optimization and minimizes total P&C life cycle costs

Conclusion

CT/VT modules with enhanced diagnostics, released on 23 October 2006 with firmware 5.2.

offer much higher security for internal CT/VT module error detection and prevent undesired operations of URs.

Every UR firmware released since version 5.2 supports CT/VT modules with enhanced diagnostics,

which greatly improves the security and reliability of the protection system.

To take advantage of this feature, a relay hardware and possibly firmware upgrade is required.

If the existing relay has a firmware version below 4.0. GE recommends purchasing a

UR Upgrade Kit that allows modernization of the obsolete relay hardware

while taking advantage of the relay modularity.

The UR Upgrade Kit contains a new CPU and CT/VT modules that can be

inserted in an existing relay case (case is fully backwards compatible).

If the relay currently has firmware version 4.0 to 5.0. the latest firmware

can be downloaded from the GE Multilin website, and Enhanced Diagnostic

CT/VT modules (8L, 8M, 8N, 8R, 8S, 8V) can be purchased from the GE Online Store.

Consult with your local GE representative if you have any questions on the upgrade process.

Internal CT secondary monitoring

The CT/VT input modules with enhanced diagnostics are monitoring internal CT circuitry integrity.

This is done to eliminate relay erroneous operation in case of CT secondary winding failure.

The secondary winding of CT is divided into two equal parts with a central tap in the middle.

CT current values from both halves of the CT secondary windings are run through

a differential amplifier to get a true current sample for the phasor calculations.

It also compares between each other by simply summing two samples together.

(Note that due to CT central tap, samples have different polarity.)

In case that values from different halves of the same CT accumulated over

one protection pass per adaptable per signal level do exceed the fixed error boundary,

failure is declared and protection is blocked.

CT secondary monitoring is performed at all four CT channels (A, B, C, and N) individually at each CT bank.

Analog data integrity validation

The CT/VT input modules (8L, 8M, 8N, 8R, 8S, 8V) use an analog data integrity

check to verify the performance of the analog measurement channels.

This feature uses an additional analog hardware channel that has as its input,

an analog sum of Sa = Xa – Xb + Xc + Xn, where X stands for either Voltage

or Current phases A, B, C, and N analog inputs, to monitor the integrity of analog data.

After the multiplexer samples analog channels via the sample and hold (S/H) mechanism,

 samples from all four channels are summed up digitally, using the same equation to get a digital value Sd.

The “Mean Square” of the difference between the channels is summed up

in the hardware and an equivalent, computed digitally over one protection

pass is supplied to the comparator. If the summed squared difference Σ(Sa – Sd)2

is greater than the adaptable per signal level error boundary,

then “invalid data” is declared and protection functions using the measured data are momentarily blocked.

In addition, if the error keeps repeating, a major self-test diagnostics error message is displayed on the UR.

As a result of such failure, the relay’s self-test alarm contact operates and the relay is taken out of service.

The relay can be rebooted and if no more failures are detected,

it continues to be functional unless a new failure is detected and the relay is again taken out of service.

The above analog data integrity check is performed on both analog banks

(that is, four currents or four voltages) within each CT/VT input module.

In addition, these modules with enhanced diagnostics include power supply

voltage rail monitoring to further monitor hardware health.

This is achieved by continuous check of the power supply voltage Vdc against

safe operate reference voltage Vref, which ensures that all electronic components

of the CT/VT module operate in the safe operating conditions.

INTRODUCTION

The performance of a microprocessor-based relay is highly dependent

on the performance of the analog channels measurement of the relay,

as protection functions operate on these values.

The failure of an analog measurement channel, 

either due to a failure in the external measurement circuit,

or due to an internal failure inside a UR CT/VT module, 

can cause incorrect operation of protection functions.

The UR CT/VT modules with Enhanced Diagnostics (module types 8L, 8M, 8N, 8R, 8S, 8V)

can detect the failure of an analog channel measurement due to internal

failures of the CT/VT module, alarm for failure of the module,

and block tripping from any protection function associated with this module.

This feature is available when using firmware 5.20 or later within

the UR family and therefore field-proven since 2006.

• Security event reporting through the Syslog protocol for supporting Security

Information Event Management (SIEM) systems for centralized cyber security

monitoring.

There are two types of authentication supported by CyberSentry that can be used to

access the 889 device:

• Device Authentication – in which case the authentication is performed on the

889 device itself, using the predefined roles as users (No RADIUS involvement).

– 889 authentication using local roles may be done either from the front panel or

through EnerVista.

• Server Authentication – in which case the authentication is done on a RADIUS server,

using individual user accounts defined on the server. When the user accounts are

created, they are assigned to one of the predefined roles recognized by the 889

– 889 authentication using RADIUS server may be done only through EnerVista.

FASTPATH: WiFi and USB do not currently support CyberSentry security. For this reason WiFi is

disabled by default if the CyberSentry option is purchased. WiFi can be enabled, but be

aware that doing so violates the security and compliance model that CyberSentry is

supposed to provide.

Enervista Viewpoint Monitor does not currently support CyberSentry security.

With the CyberSentry security option, many communication settings cannot be changed

remotely. All communication settings can still be changed through the relay front panel.

CYBERSENTRY

The CyberSentry Embedded Security feature is a software option that provides advanced

security services. When the software option is purchased, the Basic Security is

automatically disabled.

CyberSentry provides security through the following features:

• An Authentication, Authorization, Accounting (AAA) Remote Authentication Dial-In

User Service (RADIUS) client that is centrally managed, enables user attribution, and

uses secure standards based strong cryptography for authentication and credential

protection.

• A Role-Based Access Control (RBAC) system that provides a permission model that

allows access to 889 device operations and configurations based on specific roles

and individual user accounts configured on the AAA server. At present the defined

roles are: Administrator, Operator and Observer.

• Strong encryption of all access and configuration network messages between the

EnerVista software and 889 devices using the Secure Shell (SSH) protocol, the

Advanced Encryption Standard (AES), and 128-bit keys in Galois Counter Mode (GCM)

as specified in the U.S. National Security Agency Suite B extension for SSH and

approved by the National Institute of Standards and Technology (NIST) FIPS-140-2

standards for cryptographic systems.

The following security features are available:

BASIC SECURITY

The basic security feature is present in the default offering of the 889 relay. The

889 introduces the notion of roles for different levels of authority. Roles are used as login

names with associated passwords stored on the device. The following roles are available

at present: Administrator, Operator, Factory and Observer, with a fixed permission

structure for each one. Note that the Factory role is not available for users, but strictly used

in the manufacturing process.

The 889 can still use the Setpoint access switch feature, but enabling the feature can be

done only by an Administrator. Setpoint access is controlled by a keyed switch to offer

some minimal notion of security.

Phasors, Transients, and Harmonics

All waveforms are processed eight times every cycle through a DC decaying removal filter

and a Discrete Fourier Transform (DFT). The resulting phasors have fault current transients

and all harmonics removed. This results in an overcurrent relay that is extremely secure

and reliable and one that will not overreach.

Processing of AC Current Inputs

The DC Decaying Removal Filter is a short window digital filter, which removes the DC

decaying component from the asymmetrical current present at the moment a fault occurs.

This is done for all current signals used for overcurrent protection; voltage signals use the

same DC Decaying Removal Filter. This filter ensures no overreach of the overcurrent

protection.

The Discrete Fourier Transform (DFT) uses exactly one cycle of samples to calculate a

phasor quantity which represents the signal at the fundamental frequency; all harmonic

components are removed. All subsequent calculations (e.g. power, etc.) are based upon the

current and voltage phasors, such that the resulting values have no harmonic

components. RMS (root mean square) values are calculated from one cycle of samples

prior to filtering.

Protection Elements

All voltage, current and frequency protection elements are processed eight times every

cycle to determine if a pickup has occurred or a timer has expired. The voltage and current

protection elements use RMS current/voltage, or the magnitude of the phasor.

Frequency

Frequency measurement is accomplished by measuring the time between zero crossings

of the composite signal of three-phase bus voltages, line voltage or three-phase currents.

The signals are passed through a low pass filter to prevent false zero crossings. Frequency

tracking utilizes the measured frequency to set the sampling rate for current and voltage

which results in better accuracy for the Discrete Fourier Transform (DFT) algorithm for offnominal

frequencies.

The main frequency tracking source uses three-phase bus voltages. The frequency

tracking is switched automatically by an algorithm to the alternative reference source, i.e.,

three-phase currents signal if the frequency detected from the three-phase voltage inputs

is declared invalid. The switching will not be performed if the frequency from the

alternative reference signal is detected invalid. Upon detecting valid frequency on the

main source, the tracking will be switched back to the main source. If a stable frequency

signal is not available from all sources, then the tracking frequency defaults to the nominal

system frequency.