Solutions for SCADA system Communication
Reliability in Photovoltaic Power Plants
Hu Guozhen1 2, Cai tao1 , Chen Changsong1, Duan Shanxu1
1. College of Electrical and Electronic Engineering, Huazhong University of Science ˂Technology, Wuhan 430074, Hubei
Province, China;
2. Huangshi Institute of Technology, Huangshi 435003, Hubei Province, China
Abstract ˖ Supervisory Control and Data Acquisition (SCADA)
Systems are used in photovoltaic (PV) power plants for monitoring,
control, remote communication purposes. The ingredient of SCADA
system in PV power plants is introduced in this paper. In order to
improve security and reliability of the SCADA system in PV plants,
this paper provides two effective solutions, security access control
strategy and redundancy mechanism. The proposed security access
control strategy adopts some measures, such as security authentication,
data encryption, as well as role-based access control. These measures
can solve communication security issues between the SCADA system
remote terminal units (RTU) and SCADA configuration server.
Furthermore, Device and network redundancy is presented in the
SCADA system. And redundancy switching mechanism has been
implemented through four redundancy services. The availability of the
SCADA system can be validated through SCADA configuration
server.
Index Terms: Supervisory Control and Data Acquisition ˄SCADA˅
Photovoltaic (PV) Remote terminal units (RTU) Security
certification Redundancy
I. INTRODUCTION
With the wide use of renewable energy resource (RES),
traditional energy resource structure have been adjusted and
modulated. Solar energy becomes ideal alternative energy of
traditional fossil energy for its wealthy resource, wide
distribution and availability in environmental protection [1] [2].
In recent years, Supervisory Control and Data Acquisition
(SCADA) system has been widely applied in power system
substation automation and becomes a focus of electric utility.
At the same time, SCADA system has been used in PV power
generation area, especially in large-scale application of PV
plants.
Photovoltaic power generation system can be divided into
stand-alone PV system and grid-connected PV system.
Grid-connected PV power systems (PV power plants) consist
of PV array, converter, energy management system (EMS), and
other several parts and so on. A typical distributed network of
PV power plants is shown in Fig. 1. SCADA system is a critical
sub-system of Energy Management System (EMS) in PV
power plants. Its core part is Remote Terminal Unit (RTU).
By considering that the system shown in Fig.1 is formed by
a set of sub components, its total reliability RTotal can be
expressed: RTotal R pv ˜ R converter ˜ R SC AD A
嘋,(((
Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on November 20,2023 at 09:16:20 UTC from IEEE Xplore. Restrictions apply.
PV plants’ efficient operation is not only related to
reliability of PV arrays and converter ( R pv and Rconverter ), but
also related to reliability of SCADA system ( R SCADA ). At
present, many literatures study the reliability of PV array and
converter [4]-[6]. But there are little literature considering
reliability of SCADA system in PV power generation system.
In [3], Risk assessment of SCADA in power systems has been
performed and it points out that the unreliability of SCADA
system would bring about greater economic losses. This paper
concentrates on the reliability of SCADA system and provides
appropriate solutions to improve the reliability.
PV Plant1
Grid
or
Load
PV-subnet
Ă...
PV PV
SCADA-RTU Plant 2 Ă... Plant N
SCADA
Configration OPC
Server
DB
Fig.1.Distributed network of PV power plants
The reliability of SCADA system is mainly affected by
two factors: communication security and device failure.
Distributed SCADA system communication network security is
related to entire photovoltaic power plants’ security. Illegal or
wrong information could disturb decision-making instructions,
even lead to system malfunction. IEEE Power Energy Society
(PES) has set up a special working group to study SCADA
system network information security issues [7]. Device failure
is also an important factor to affect the reliability of SCADA
system. To solve device failure issues, there are two ways:
improving device mean time between failures (MTBF) and
providing device redundancy. Though improving device
hardware and software MTBF is a good solution, it can not
eliminate the impact of damage to equipment in unexpected
condition (such as component failure, misoperation). In
long-distance communication condition, if the disable device
can not be replaced timely, PV power plants will stop running
and the losses are serious. In PV power generation system
device redundancy scheme should take investment cost into
account. However, the cost of SCADA system in actual budget
 ,3(0&
only takes one tenth of the whole investment. At the same time,
considering the important role of SCADA system in PV power
plants, device redundancy can be seen as a feasible method to
solve equipment failure and improve the reliability of SCADA
system.
This paper focuses on improving communication reliability
of SCADA system in PV power plants through adopting
effective security strategy and redundancy mechanism. Section
2 presents the component of SCADA system in PV power
plants. Section3 studies security communication mechanism in
distributed PV power plants network. SCADA system
redundant structure is shown in section 4, and in this section
redundancy switching mechanism is discussed. Finally, some
functions of the SCADA system were verified through SCADA
server configuration software.
II. SCADA SYSTEM STRUCTURE
In this study, the structure of a grid-connected PV
generation system is depicted in Fig. 2. The design scheme that
one DSP chip integrated system controller with local SCADA
RTU was adopted. This design scheme improved control
performance and saved system costs. Control circuits, PWM
drive circuit, as well as signal conditioning circuit were omitted
in Fig.2.
39$UUD\ ,QYHUWHU
D1 idc
DCT
T1
D2 V dc
C1
C2
T4
PT
PWM1
temperature
irradiance
Port 1: Ethernet
(RJ45)
Fig.2. SCADA in grid-connected PV system
Local SCADA system in PV power plants is composed of
data acquisition unit, RTU, and communications unit. The
SCADA system could measure and collect PV array
temperature, irradiance, DC output voltage and current, inverter
output AC voltage and current relay switch state and so on.
Data acquisition unit consisted of current transformer (DCT
and ACT) and voltage transformer (PT). The design of SCADA
system communication unit depended on the selection of
communication method. At present in RES power generation
system several communication methods were adopted in
remote monitoring, such asRS485, Internet, GSM, GPRS, GPS,
industrial fieldbus [8]-[10].
Although GSM, GPRS, and GTS have their unique
advantages, the high costs of investment cause these
communication methods not to be suitable for PV power
systems. The costs contain device investment and additional
communication costs. Internet WEB communication is B. security measure
extensively used in many areas, but it is also not suitable for
sending control information in power systems for its high
嘋,(((
Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on November 20,2023 at 09:16:20 UTC from IEEE Xplore. Restrictions apply.
communication latency (about 0.5-2s) and low reliability.
Nowadays in industrial communication area, there are a
number of fieldbus (such as PROFIBUS. HART, FF.etc).
Among these fieldbus, industrial Ethernet fieldbus displays its
predominant advantages in many fields for its high
transmission rate, strong compatibility and network
management. Combining with actual network requirement of
PV power plants, our system adopted industrial Ethernet
fieldbus which was based on TCP (UDP) / IP protocol as work
communication bus. And RS485 was adopted as redundant
communication bus at the same time. As shown in Fig.2, Port1
was Ethernet communication interface (RJ-45). Port2 was
RS485 communication interface and A / B were RS485
differential signal output.
III. COMMUNICATION SECURITY
A. Security communication strategy
Distributed PV power plants are an open network
communication system .If processes are monitored and
controlled by devices connected over the SCADA system then
a malicious attack has the potential to cause significant damage
to PV power plants. A set of communication mechanism
between SCADA RTU with SCADA server was presented in
Fig. 3.
SCADA
SCADA-RTU Server KDC
T3 T5
U Link request
a
ACT1
U Link respond
b LCL
ACT2
Filter Security certificate
Security certificate
U Request or Respond
c ACT3 Apply key Apply or Distribute Key
Device announcement
T6 T2 Date or Service
PT1 ACK R
PWM6
Fig.3.Security communication mechanism
SCADA -RTU As shown in Fig.3, before data communication between
Port 2: RS485 SCADA RTU and server, a secure connection should be
established to ensure that unauthorized entities can’t gain entry
A B
into the network. Firstly, RTU sent link request message to
SCADA server and could not do any operation before getting
back link respond message from SCADA server. In order to
identify whether the RTU was a legal device or not, RTU
requested to the server for certification and applied for a new
security key. SCADA server identified the RTU through Key
distribution center (KDC) (KDC could be an independent
server or integrated with the SCADA server). If the RTU was
legal device, KDC distributed a new sub-key return to the RTU.
After completing security certification operation, if the
equipment was identified as a security device, RTU began to
broadcast device announcement message. In order to improve
communication quality of SCADA system, Confirm
mechanism was provided. When RTU didn’t receive ACK in
one cycle after performing a data or service message sending
operation, it should perform a retransmission and didn’t need to
re-establish connection.
The proposed communication mechanism involved three
security measures.
 ,3(0&
 1) Security certification. Security certification performed the announcement service, Synchronization request service,
operation of validating Security License. Security License Synchronization service and Device Switching service [11].
included device authority (License ID, Authorized device list,) These services aimed at industrial Ethernet fieldbus, not for
and key information (key type, key length). It was used to RS485.
identify the device privileged.
2)Encryption. Data encryption can prevent data destruction or Gateway
RS485 Centralized
Controller

illegal wiretapping. Ethernet data packet encryption process in Switch

SCADA system is shown in Fig. 4. AES (Advanced Encryption 6&$'$578

2 $OWHUQDWH
1 GHYLFH

Standard) algorithm was adopted to encrypt Ethernet media 6&$'$578

$FWLYH 1
GHYLFH 2

access control access layer protocol data unit (MAC-PDU). 6&$'$578

2 6&$'$578
1 $OWHUQDWH
GHYLFH

And XOR algorithm was used to encrypt application layer $FWLYH 1

GHYLFH 2 Ă...
Ă...
protocol data unit (APL-PDU). Both these two encryption
algorithm carried with transmission key distributed by KDC. PV2 $FWLYH%XV
$OWHUQDWH%XV
Thus the encrypted PDU could avoid malicious damage or PV1
Port 1 TCP/IP
Port2 Modbus

illegal eavesdropping. Ă...

KDC Fig.5. SCADA system redundant topology

Redundant state announcement service
AES XOR
(R_DeviceActiveAnouncement) is broadcasted in every cycle
Transport Key
encrypt encrypt by active device. Synchronization request service
(R_SynRequest) is sent by new device to request configuration
MAC-PDU PDU APL-PDU information and operating information. Synchronization service
(R_Syn) implements the function that active device sends
PDU with Key
configuration and operating information to new access device.
Fig.4. Data packet encryption process
When the active device was malfunction, alternate device
3) Role based access control. In Power generation systems, broadcast device switching service (R_DeviceSwitch) message.
different users should have different rights. Role based access And the service included PD Tag, active device IP and failed
control (RBAC) strategy was introduced. Three roles device IP.
(administrator, operator and ordinary user) were set in this C. Redundancy switching
system. Ordinary users could only view parameters of the 1) Device redundancy switching
system and didn’t have the authority to change the parameters. Active device Alternate device

But operators could modify the parameters. System

R_SynRequest
administrator was the highest authority owner, who took charge R_SynRequest Resp(+)
Work
of SCADA system control strategy, and had the rights of adding R_Syn

or reducing users’ number and their privileges. R_Syn Resp(+) Device message
Ă...
IV. REDUNDANCY MECHANISM R_DeviceActiveAnouncement
R_DeviceActiveAn ouncement
To further enhance the reliability of SCADA system, T
T

redundant technology was presented. T Fault

Active device
Fault device
A. redundancy topology R_DeviceSwitch

SCADA system redundant topology in PV power plants is Fig.6. Redundancy switching mechanism
shown in Fig.5. Redundant system consisted of two sets of Active RTU, alternate RTU and their communication port
redundant bus (based on TCP / IP Ethernet fieldbus and based can be assigned by SCADA configuration server when devices
on Modbus RS485 bus). The active device and alternate powered on .Device switching mechanism was shown in Fig. 6.
device should be produced by the same manufacturers and be In normal condition, alternate RTU sent Synchronization
the same type. Type and communications port number of request service message (R_SynRequest) to active device.
device could be assigned by SCADA Server configuration. Active device gave a respond back to alternate device after
Under normal circumstances, active device was running. And receiving this message, and then called redundant
when this device was malfunction, alternative RTU was synchronization service (R_Syn) which was used to send to
enabled through redundancy switching operation. Ethernet device information and data to the alternate device. Active
and RS485 Bus switched through different port (Port1 and device should broadcast a device announcement service
Port2). The realization of network redundancy and device message (R_DeviceActiveAnouncement) in each
Redundancy switching operation depended on corresponding communication cycle T. This message included time stamp. If
redundant services. alternate device did not receive this message in two cycle
B. redundancy services (check the time-stamp), device redundancy switching service
In order to achieve redundancy switching operation, four (R_DeviceSwitch) would be triggered immediately. Alternate
services was defined as follows: Redundant state device became operating device, and the active device was

嘋,(((  ,3(0&

Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on November 20,2023 at 09:16:20 UTC from IEEE Xplore. Restrictions apply.
defined as fault device. Fig.10.The service messages were captured through a protocol
2) Network redundancy switching analysis software—Ethereal. When active device (128.128.2.17)
Available communication network is a prerequisite for was malfunction, alternate device (128.128.2.15) was switched
device redundancy. Aiming at network failure, RS485 serial to be active device and sent device announcement messages.
communication bus was designed as redundant network bus in
SCADA system. Generally, all messages should be sent in TCP
/ IP Industrial Ethernet fieldbus in PV power plants. In each
Cycle (T) RTU sent a device announcement message in
communication network. If configuration server didn’t receive
this announcement in four communication cycle (double time
of redundancy switching time), the server judged that the active
Ethernet was malfunction and switched to RS485 bus
automatically. And communications port switched from Port Fig.10 Device switching process
1to Port2. RS485 bus based on Modbus communication VI. CONCLUSIONS
protocol followed "inquiry - response" mode. In this mode
Configuration server sent inquiry command to RTU and waited In this paper, a complete SCADA system of PV power
to receive information from RTU. plants has been present. Concentrating on the communication
reliability of SCADA system, security communication strategy
V. EXPERIMENTAL TESTS and redundancy mechanism have been provided. Security
The complete three-phase PV generation system was set up communication strategy ensured reliable communication
in laboratory as shown in Fig.7. PV modules were placed on between SCADA RTU and server. It can avoid the system
the roof of our department. RTU in SCADA collected data and being disturbed or breached by invalid message. Simultaneity,
sent to remote PC (configuration server). the realization of redundancy mechanism improved the
reliability of SCADA communication network. The proposed
two methods are used in grid-connected PV generation system
in Laboratory and could be effectively employed in RES
remote communication areas.
REFERENCES
[1]J. M. Carrasco, L. G. Franquelo, J. T. Bialasiewicz, E. Galván,R. C. Portillo,
M. Á. Martín Prats, J. E. León, and N. Moreno-Alfonso,“Power-electronic
systems for the grid integration of renewable energy sources: A survey,” IEEE
Transaction on Industrial Electronics, Vol.53, No.4, pp.1002–1016, Aug.
Fig.7 Experimental set-up in laboratory 2006.
Fig.8 shows security access monitoring interface of [2] Benghanem, M.Maafi, “A.Data acquisition system for photovoltaic systems
performance monitoring,” IEEE Transactions on Instrumentation and
SCADA system. Before operating in this interface, the user Measurement, Vol.15, No.1, pp.30 – 33, Feb. 1998.
must enter his/her user ID, password, and priority. If either user [3] Hamoud, G. Chen, R.-L. Bradley, “Risk assessment of power systems
ID or password is wrong or incorrect, the user was refused to SCADA,” IEEE Power Engineering Society General Meeting, 2003, Vol.2, Jul.
access. Fig.9 shows the page of devices running state. ST2bak 2003.
[4]Zimmermann, C.G, “The Impact of Mechanical Defects on the Reliability of
is a redundancy device of ST1.The parameter and Solar Cells in Aerospace Applications,”IEEE Transactions on Device and
communication state of ST2bak, such as device cycle, active Materials Reliability,Vol.6,No 3,pp.486-494, Sep. 2006.
tag, enable operate time, can be seen in Fig.9. [5]Calogero Cavallaro,Angelo Raciti,Antonino Torrisi, “Reliability
improvement of photovoltaic power conversion systems by an optimal
remote-management controller”, Fourth IEEE International Caracas
Conference on Devices, Circuits and System, Aruba, Apr 17-19,2002.
[6] Chan, F, Calleja, H ,“Reliability: A New Approach in Design of Inverters
for PV Systems.”10th IEEE International Power Electronics Congress, pp.1–6,
Oct. 2006.
[7] Vinay M. Igure, Sean A. Laughter, Ronald D.Williams, “Security issues in
SCADA networks,” Computers & Security.Vol.25, No. 7, pp. 498-506, Oct.
2006.
Fig.8. Security access interface [8] Krauter, Stefan,Depping, Thomas. “Satellite monitoring system for remote
PV-systems,” Conference Record of the IEEE Photovoltaic Specialists
Conference, 2002, pp. 1714-1717.
[9]Gagliarducci, M,Lampasi,D.A,Podesta, “GSM-based monitoring and control
of photovoltaic power generation ,” Measurement: Journal of the International
Measurement Confederation, Vol.40, No.3, pp.314-321,Apr.2007.
[10] Wang Li,Liu Kuo-Hua, “Implementation of a web-based real-time
monitoring and control system for a hybrid wind-PV-battery renewable energy
system,” Engineering Intelligent Systems, Vol.15, No.2, pp.99-105, Jun. 2007.
[11]IEC 62409: Specification of EPA system architecture and communication
Fig.9 Redundancy device running state
for industrial measurement and control system[S], 2006.
Redundancy device switching process was shown in

嘋,(((  ,3(0&

Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on November 20,2023 at 09:16:20 UTC from IEEE Xplore. Restrictions apply.