OBTAINING INSTRUCTIONS WITHIN A WIND POWER PLANT PRIVATE NETWORK

Abstract

Obtaining within a private network of a power plant one or more instructions for controlling the power plant, wherein the power plant includes one or more wind turbine generators, and wherein one or more instructions for controlling the power plant are received at an external digital storage device placed externally with respect to the private network. The one or more instructions are stored in a queue in the external digital storage device. The one or more instructions are fetched from the queue independent with respect to events initiated externally with respect to the private network.

Claims

1. A method for obtaining within a private network of a power plant one or more instructions for controlling the power plant, wherein the power plant is comprising one or more wind turbine generators, and wherein the method comprises: Receiving at an external digital storage device placed externally with respect to the private network one or more instructions for controlling the power plant; Storing the one or more instructions in a queue in the external digital storage device; and Obtaining within the private network on request from within the private network one or more instructions for controlling the power plant, wherein said obtaining includes that one or more devices within the private network are fetching from the queue in the external digital storage device said one or more instructions for controlling the power plant stored in the queue in the external digital storage device, wherein said fetching is independent with respect to events initiated externally with respect to the private network.

2. The method according to claim 1, further comprising: approving or rejecting, within the private network, the one or more instructions for controlling the power plant obtained within the private network.

3. The method of claim 2, wherein the approving or rejecting comprises validating a command of the one or more instructions.

4. The method of claim 3, wherein an instruction is rejected due to a lack of validation if the command is not on a predefined list of commands.

5. The method of claim 2, wherein the approving or rejecting comprises verifying that the one or more instructions originate from a trusted source.

6. The method of claim 5, wherein an instruction is rejected due to a lack of verification if the source is not on a predefined list of trusted sources.

7. The method of claim 1, wherein said fetching is halted if one or more predefined criteria are determined within the private network to be fulfilled.

8. The method of claim 7, wherein the one or more predefined criteria are determined to be fulfilled if one or more of the following corresponding conditions are determined to be true: rejecting, within the private network, the one or more instructions for controlling the power plant obtained within the private network; rejecting, within the private network, the one or more instructions for controlling the power plant obtained within the private network for failure to verify that the one or more instructions originate from a trusted source; determining that a temporal distribution of time of receipt of one or more instructions at the external digital storage device is not acceptable; determining that a number of instructions received at the external digital storage device exceeds a first predetermined number of instructions within a first predetermined period of time; determining that a number of instructions addressing assets which are not subject to control via the private network and received at the external digital storage device exceeds a second predetermined number of instructions within a second predetermined period of time; determining that a number of instructions not belonging to a predetermined set of instructions and received at the external digital storage device exceeds a third predetermined number of instructions within a third predetermined period of time; determining that an instruction received at the external digital storage device is not signed by a trusted source; determining that an signature of a trusted source on an instruction received at the external digital storage device is not validated by a device within the private network; determining that an instruction received at the external digital storage device belongs to a predetermined subset of instructions and a command of the instruction is outside a predefined set of commands for the predetermined subset of instructions; determining that an instruction received at the external digital storage device belongs to a predetermined subset of instructions and a command of the instruction relating to a rate of change of a value is outside a predefined range of rate of changes for the predetermined subset of instructions; determining that a value of a command of an instruction of a certain instruction type received at the external digital storage device is outside a predefined value range for the instruction type; determining that a rate of change of a value of a parameter of a command of an instruction of a certain instruction type received at the external digital storage device is outside a defined rate range for the instruction type; determining that an instruction would upon execution entail an absolute value of an operational parameter of the power plant exiting a first predetermined range; determining that an instruction would upon execution entail a relative change of a value of an operational parameter of the power plant exiting a second predetermined range; determining that an instruction received at the external digital storage device is malformed; determining that a number of non-executable instructions received at the external digital storage device exceeds a fourth predetermined number of instructions within a fourth predetermined period of time; and determining that a number of instructions addressing assets which are not connected to the private network and received at the external digital storage device exceeds a fifth predetermined number of instructions within a fifth predetermined period of time.

9. The method of claim 1, wherein the method further comprises sending instructions from a source to the external digital storage device.

10. The method of claim 1, wherein the method further comprises: executing at the power plant of the one or more obtained instructions for controlling the power plant.

11. The method of claim 1, wherein the power plant is repeatedly sending power plant data to one or more recipients placed externally with respect to the private network, wherein power plant data comprises data regarding power plant operation and/or data regarding power plant conditions, wherein said sending is initiated from within the private network and independent with respect to requests originating externally with respect to the private network.

12. The method of claim 11, wherein the method comprises: Comparing the instructions received at the external digital storage device with power plant data and verifying execution at the power plant of the instructions received at the external digital storage device.

13. The method of claim 1, wherein the external digital storage device is in a demilitarized zone.

14. A system comprising: A power plant comprising: one or more wind turbine generators; and a private network; and An external digital storage device placed externally with respect to the private network, and wherein the system is configured to perform an operation, comprising: receiving, at an external digital storage device placed externally with respect to the private network, one or more instructions for controlling the power plant; storing the one or more instructions in a queue in the external digital storage device; and obtaining within the private network on request from within the private network one or more instructions for controlling the power plant, wherein said obtaining includes that one or more devices within the private network are fetching from the queue in the external digital storage device said one or more instructions for controlling the power plant stored in the queue in the external digital storage device, wherein said fetching is independent with respect to events initiated externally with respect to the private network.

15. (canceled)

16. The system according to claim 15, further comprising: approving or rejecting, within the private network, the one or more instructions for controlling the power plant obtained within the private network.

17. The system according to claim 16, wherein the approving or rejecting comprises validating a command of the one or more instructions.

18. The system according to claim 17, wherein an instruction is rejected due to a lack of validation if the command is not on a predefined list of commands.

19. The system according to claim 16, wherein the approving or rejecting comprises verifying that the one or more instructions originate from a trusted source.

20. A computer program product comprising instructions which, when executed by one or more processors, perform an operation of obtaining within a private network of a power plant one or more instructions for controlling the power plant, wherein the power plant comprises one or more wind turbine generators; the operation, comprising: receiving, at an external digital storage device placed externally with respect to the private network, one or more instructions for controlling the power plant; storing the one or more instructions in a queue in the external digital storage device; and obtaining within the private network on request from within the private network one or more instructions for controlling the power plant, wherein said obtaining includes that one or more devices within the private network are fetching from the queue in the external digital storage device said one or more instructions for controlling the power plant stored in the queue in the external digital storage device, wherein said fetching is independent with respect to events initiated externally with respect to the private network.

Description

BRIEF DESCRIPTION OF THE FIGURES

[0077] The method for obtaining within a private network of a power plant one or more instructions for controlling the power plant and the corresponding system and computer program product according to the invention will now be described in more detail with regard to the accompanying figures. The figures show one way of implementing the present invention and is not to be construed as being limiting to other possible embodiments falling within the scope of the attached claim set.

[0078] FIG. 1 shows a wind turbine,

[0079] FIG. 2 is a flow chart illustrating a method 210 for obtaining 218 within a private network 336 of a power plant 332 one or more instructions for controlling the power plant,

[0080] FIG. 3 shows an embodiment of a system 330 according to the second aspect.

DETAILED DESCRIPTION OF AN EMBODIMENT

[0081] FIG. 1 shows a wind turbine 100 (which may also be referred to as a wind turbine generator (WTG)) comprising a tower 101 and a rotor 102 with at least one rotor blade 103, such as three blades. The rotor is connected to a nacelle 104 which is mounted on top of the tower 101 and being adapted to drive a generator situated inside the nacelle. The rotor 102 is rotatable by action of the wind. The wind induced rotational energy of the rotor blades 103 is transferred via a shaft to an electrical generator. Thus, the wind turbine 100 is capable of converting kinetic energy of the wind into mechanical energy by means of the rotor blades and, subsequently, into electric power by means of the generator. The generator may include a power converter for converting the generator AC power into a DC power and a power inverter for converting the DC power into an AC power to be injected into a utility grid. The generator is controllable to produce a power corresponding to a power request. The blades 103 can be pitched in order to alter the aerodynamic properties of the blades, e.g. in order to maximize uptake of the wind energy and to ensure that the rotor blades are not subjected to too large loads when strong winds are blowing. The blades are pitched by a pitch system with a pitch force system controlled by a pitch control system, where the pitch force system includes actuators for pitching the blades dependent on a pitch request from the pitch control system. The wind turbine may be an asset of a (wind) power plant and the parts of the wind turbine, such as one or more of the actuators for pitching the blades, may similarly be seen as (sub-)assets of the wind turbine and power plant.

[0082] FIG. 2 is a flow chart illustrating a method 210 for obtaining 218 within a private network 336 of a power plant 332 one or more instructions for controlling the power plant, wherein the power plant is comprising one or more wind turbine generators 100, 334, and wherein the method is comprising: [0083] Receiving 212 at an external digital storage device 338 placed externally with respect to the private network one or more instructions for controlling the power plant, wherein the method may be further comprising (not shown) sending instructions from a source to the external digital storage device 338 prior to said receiving 212, [0084] Storing 214 the one or more instructions in a queue in the external digital storage device, such as wherein the external digital storage device may be a server and wherein said server is in a demilitarized zone 340 associated with or on the perimeter of the private network 336, [0085] Obtaining 218 within the private network on request from within the private network one or more instructions for controlling the power plant, wherein said obtaining includes that one or more devices 342 within the private network are fetching from the queue in the external digital storage device said one or more instructions for controlling the power plant stored in the queue in the external digital storage device, wherein said fetching is independent with respect to events initiated externally with respect to the private network.

[0086] As indicated by dashed line 216 representing a border of the private network 336, an instruction is entering into the private network when—and only when—it is obtained on request from within the private network and upon independent fetching. The method schematically illustrated in FIG. 2 is further comprising subjecting within the private network the one or more instructions for controlling the power plant obtained within the private network to a step 220 of approval 227 or rejection 228, wherein the step of approval or rejection comprises validating 222 a command of the one or more instructions and wherein the step of approval or rejection comprises verifying 224 that the one or more instructions originate from a trusted source 344. As indicated in FIG. 2 said fetching is halted 229 if one or more predefined criteria are determined within the private network 336 to be fulfilled, wherein in the present case a predefined criterion is fulfilled in case of a rejection 227 due to lack of validation of a command and/or due to lack of verification. The method furthermore comprises execution (226) at the power plant 332 of the one or more obtained instructions for controlling the power plant, which in the present case is conditioned by approval 227 in the step 220 of approval or rejection. The entire process 210 may be carried out multiple times, such as repeated upon execution 226 or restarted subsequent to halting 229.

[0087] FIG. 3 shows a system 330 comprising: [0088] A power plant 332 comprising [0089] i. one or more wind turbine generators 334 [0090] ii. a private network 336, [0091] An external digital storage device 338 placed externally with respect to the private network, [0092] and wherein the system is arranged for carrying out a method 210 according to any one of the preceding claims.

[0093] FIG. 3 furthermore shows a source, such as a trusted source 344 of instructions, wherein the instructions are generated in and sent (internally within the trusted source network) from a data- and surveillance center 352 of the trusted source and wherein instructions are sent (externally out of the trusted source network) via and from an instruction collector 354 of the trusted source. The trusted source may be within a trusted source network 356 (as indicated by the dashed line), which may be, e.g., a local area network (LAN) of the trusted source or the public internet. The figure furthermore shows a demilitarized zone (DMZ) 340 (as indicated by the dashed line) on the perimeter of the private network 336 and wherein the demilitarized zone comprises the external digital storage device 338. The demilitarized zone 340 is considered to be external to the private network. The figure furthermore a private network 336 of a power plant with one or more wind turbine generators 334 and still further shows a device 342 within the private network 336 being arranged for obtaining 218 via fetching instructions for controlling the power plant from the external digital device 338, optionally via an access point 346 associated with the private network 336.

[0094] FIG. 3 furthermore shows a private network data relaying device 348 within the private network 336 being arranged for (receiving internally within the private network 336 power plant data, such as including data relating to Supervisory Control And Data Acquisition (SCADA), from the device 342 and for) repeatedly and autonomously sending power plant data to one or more recipients, which in the present system is a relaying recipient in form of an external data relaying device 350 placed externally with respect to the private network 336 in the demilitarized zone (340). In the depicted system 330 the external data relaying device 350 is arranged for relaying the power plant data to a final recipient and furthermore arranged for receiving and relaying instructions initially received at the external digital storage device 338 to the final recipient, which in the present case is the trusted source 344 which receives the power plant data via a source data relaying unit 358. This may be advantageous for enabling the final recipient, which may be a source, such as a trusted source, of instructions initially received at the external digital storage device, to compare the instructions received 212 at the external digital storage device 338 with power plant data and verifying execution at the power plant of these received instructions.

[0095] Each interface in FIG. 3 is either a public interface, cf., the public interface 360, or an inter-component interface, cf., the inter-component interface 362.

[0096] Although the present invention has been described in connection with the specified embodiments, it should not be construed as being in any way limited to the presented examples. The scope of the present invention is set out by the accompanying claim set. In the context of the claims, the terms “comprising” or “comprises” do not exclude other possible elements or steps. Also, the mentioning of references such as “a” or “an” etc. should not be construed as excluding a plurality. The use of reference signs in the claims with respect to elements indicated in the figures shall also not be construed as limiting the scope of the invention. Furthermore, individual features mentioned in different claims, may possibly be advantageously combined, and the mentioning of these features in different claims does not exclude that a combination of features is not possible and advantageous.