1. Field of the Disclosure
The present disclosure relates to a protection relay, and more particularly to a protection relay installed at a power system and a network system including the protection relay.
2. Discussion of the Related Art
Recently, a power system uses an Ethernet to increase a communication speed, where power devices in the power system are connected to Internet to implement a web monitoring. Under this circumstance, a network must be opened to an authorized user permitted in advance to use the system, whereby illegal approach to the power devices in the power system can be blocked.
FIG. 1 illustrates an example of a general network according to prior art.
Referring to FIG. 1, a network (100) includes a plurality of IEDs (Intelligent Electronic Devices) (1˜3), an Ethernet communication device (4) and an upper-level monitoring unit (5). In a case the network illustrated in FIG. 1 is a network used by a substation, the plurality of IEDs (1˜3) may mean one of various protection relays, a PLC (Programmable Logic Controller), a measuring instrument and a monitoring device.
The Ethernet communication device (4) is a device connecting the plurality of IEDs in the Ethernet network, and may include an Ethernet hub. The upper-level monitoring device (5) may include a SCADA (Supervisory Control And Data Acquisition) and an HMI (Human Machine Interface), and uses an independent communication network (6) that sits between an Internet (7) and the Ethernet hub (4).
The prior art substation network illustrated in FIG. 1, which is a regionally-divided network, may be excellent in terms of security but may be disadvantageous in that no connection is possible between substations, an interconnection with an upper-level system is impossible and application to a system that must be with an outside network (e.g., telecommunicating) cannot be implemented.
The Ethernet communication device (4) in FIG. 1 is a relay device located in the center of an LAN (Local Area Network) transmission line such as an intercommunication network for connection between terminal devices. Thus, although a high-priced device may be added with some security functions using a certain set-up, the frequently used Ethernet communication device (4) is devoid of such advantage.
FIG. 2 illustrates another example of a general network according to prior art.
A network (200) illustrated in FIG. 2 is mounted with a high-priced firewall (8) between an outside Internet (7) and an upper-level monitoring device (5) to eliminate the disadvantage of the network illustrated in FIG. 1, and prevents an outside intrusion when the network is opened. The firewall (8) is made to be accessed by an authorized user only, where a user ID-based or a user password-based authentication system is generally employed, and in case of using a static IP (Internet Protocol), an authorized IP is employed to get access.
Under this configuration, however, the firewall (8) is the only means to block the outside intrusion in case of the system in FIG. 2, such that it is impossible to protect an inner system against hacking caused by repair of the firewall, and/or hacking from intentional or unintentional inner hacking.