2013. — 11 c.
Ethernet has emerged as a popular message transport method across many industries, including those considered mission critical, such as electric power, water and wastewater, data centers, and many others. To date, it is most often used for nonmission-critical information technology (IT) messaging, such as supervisory control and data acquisition (SCADA) and configuration access. Meanwhile, the mission-critical protection-class operational technology (OT) messages have traditionally been transported over direct serial links. These messages are published after a fault or event malfunction and used in high-speed automation, interlocking, or teleprotection functions. Protection-class digital messaging requires more deterministic message delivery than IT and must meet internationally standardized requirements for message delivery, dependability, and security. Protection, control, and monitoring (PCM) intelligent electronic devices (IEDs) apply IEEE 802.1p and IEEE 802.1Q parameters to published messages to improve the ability of the network to provide OT behavior. Most IT professionals assume that all perimeter devices, including PCM IEDs, are not capable of managing these parameters and therefore make inappropriate network design choices. In order to transport protection-class messages over Ethernet, IT and OT network engineers must collaborate with protection experts to design the communications to meet OT requirements based on IEC 60834-1, which specifies performance and testing requirements for the teleprotection equipment of power systems. Failure to collaborate on network design has been demonstrated to create unacceptable message delivery delays due to network congestion and rerouting. Each delay is a near miss and has the potential of causing a control system to miss a command to operate. Protection-class messages must travel in a few milliseconds to provoke reaction to a fault or malfunction and cannot survive the same delays allowed for IT networks. If the message is delayed, the message receiver cannot perform mission-critical actions to prevent loss of life, blackouts, or other catastrophes. Power system faults are not frequent; however, the network has to be fast and available every time a fault occurs.
