A vital part of any process control system is the initial and periodic point-to-point verification of the system, including the process input values, the database, the displays and the like. Such a verification procedure is associated with a SCADA system, which in its most generic definition is essentially a process control system. The components of SCADA system comprise a SCADA device and one or more remotely connected IEDs. As used herein, the term SCADA device is used as a convenient shorthand for what may be a collection of electronic equipment, including a computer based controller, that is used to remotely monitor and/or control the operation of one or more remote IEDs such as relays, meters, transducers and the like. In general, the SCADA device is located miles away from the IEDs presenting many SCADA system verification difficulties. However, such a definition should not preclude a SCADA device located much closer, even in the same plant as the IED or IEDs.
A complete point-to-point verification of a SCADA system is very time and labor intensive. The verification is particularly time and labor intensive where the IED is in an extremely remote location with respect to the SCADA device. In such a case, transportation and communication problems abound. Therefore, reducing the time and effort required to perform a point-to-point verification of a SCADA system while insuring that the SCADA device database and overall SCADA system operation meets the highest possible accuracy standards would provide substantial cost advantages over current verification procedures.
An essential element of installing and periodically verifying the operation of a SCADA system is the point-to-point verification of the interaction between the IED and the SCADA device. In the simplest form of a point-to-point verification, a known quantity (e.g., an analog value or its equivalent or a status value, which can comprise one or more binary bits) is injected into the measuring input of the IED. Thereafter, the injected quantity is verified by comparing the value obtained on all user displays, databases, and process programs to the expected, injected value. In a more complex verification, the injected value is varied so as to exceed defined alarm limits, thereby verifying that the correct alarm and event messages are generated by the program(s) receiving the value.
An accurate and reliable point-to-point verification requires the value injected into the IED input circuit to be highly stable and determinable so that the value can be accurately traced through the control chain to its end location (i.e., at a SCADA device). For example, consider a simple current metering circuit in an electric power system:
1. A stable and accurate 60 Hz current is caused to flow on the phase wire being measured. PA1 2. The output of the current transformer connected to the phase wire is then measured and checked to verify that it is scaled by the CT turns ratio and that the phasing is correct. PA1 3. The output of the transducer connected to the CT is measured and checked to verify that the milliamp DC signal is proportional to the 60 Hz current by the specified scale factor. PA1 4. The output of an analog-to-digital converter connected to the transducer is checked to verify that it is producing a correct digital representation of the known 60 Hz current. PA1 5. The output of the alarm and event processing software that is logically connected to the A/D converter is checked to verify that it is producing the value of the 60 Hz current in the appropriate numerical form. PA1 6. All graphic and tabular displays that include the 60 Hz current are checked to verify that the proper value is presented in the correct location on the display. PA1 7. The 60 Hz current is varied to insure that the dynamic changes in the value are correctly transmitted to the end display or database. PA1 1. Assembling and transporting to the IED location a collection of complex and expensive test equipment and signal generators that are required to produce the injected signals. PA1 2. A technician at the remote location to inject the single quantity into the IED's analog inputs. PA1 3. A technician at the central location(s) to verify the correct processing and display of the injected quantity. PA1 4. Disabling or disconnecting the IED from the process so that the proper signals can be injected without interference to the process; or without actually causing process control changes (breaker operations) to occur.
Many point-to-point verification procedures bypass the first two steps listed above. Primarily, this bypass is acceptable because it is difficult to maintain a highly stable and accurate input signal, particularly where the pre-transformation signal is a high value (as in the case of a high-voltage power line), and also because it is likely that the current and voltage transformers (or other primary transformation devices) have been checked and calibrated by some other means. In an electric power system, for example, the transformers are verified at the time of initial installation and commissioning.
Although various steps can be eliminated from the verification procedure, an essential part of point-to-point verification is the ability to inject or trigger a single quantity as part of the process. This ability to transmit a single quantity is commonly referred to as the "single quantity" concept. This insures that only a single data point needs verification. Moreover, restricting the injection to a single quantity eliminates any possible ambiguity that could result if multiple responses are observed. Typical IEDs, such as microprocessor-based relays used in electric power systems, are complex devices that can have thousands of database values. Many, or all, of these values may be transmitted to a controlling device, such as a SCADA device, for further processing and/or display to users. Performing a point-to-point verification of a SCADA system involving these relays can be very difficult because of the complex interaction between the measured values and the resulting functions performed by the relay. For example, injecting a current greater than a specified value may cause the relay to operate, sending a signal to its associated circuit breaker. Such an event will cause two or more indications: (1) a digital representation of the current value, and (2) a status change representing the signal sent to the controlled circuit breaker. This violates the single quantity concept because the injection of a single quantity will require the tracing of multiple quantities through the system.
Violating the single quantity concept greatly complicates verification. For example, in a relay verification, the operator performing the verification must verify that all alarms and messages relating to both events are generated and processed properly. This would not be too difficult if only two quantities are generated, but in reality, a single input current can result in additional indications like target information, fault records, operation records, and the like. Additionally, as more IEDs are added to the system, the problem is compounded.
In addition to the requirement for single-quantity verification, most procedures for doing a point-to-point verification require the following:
Such a verification system presents many drawbacks. For example, two technicians at disparate locations are required to perform the verification. One of the technicians may be required to travel long distances. Moreover, the IED must be disconnected from the process that it is monitoring and/or controlling, which may affect the process under control.
The applicants have recognized that there is a need for method and apparatus that address the shortcomings of present verification systems by reducing the burden of verifying aspects of the operation of a SCADA system.