For upcoming pulic discussion with a DGI, I need to know specifically what embedded systems in a utility company can shut down a gas turbine? I read that a non-compliant fire suppression system can do this; what else can? I've read a lot of the internet info on embedded systems, but haven't found this exact information. Thanks.

Here is a quote that may help, "The vulnerability of a generator temperature control system at a power plant in the United Kingdom were reported in the Electric Power Research Institute Proceedings from EPRI Embedded Systems Workshop, Proceedings dated 10/4/1997. A compliance test was conducted in which "(t)he control) valve (for generator cooling) closed (fail safe), tripping the unit on high generator temperatures." It was concluded that "(l)oss of numerous generating units simultaneously in the United Kingdom could be devastating to the country." Sorry I saved this from some unremembered web-site, so can't cite it, but perhaps you could track down the source documents referenced in the quote.

Good luck with your discussion!

For below - remember that each time a sensor is mentioned that has to work - the whole train of electronic controls has to be absolutely trustworthy, or the machine may literally "explode" due to a real malfunction: this includes originating computer and BIOS and power supply, originating program, sensor itself, response from sensor (proably will be okay), responsding program (probably okay), response or recording program (most likely fail), and then emergency trip or "response to the sensed indication" program.

Oil level and sensor in generator and gas turbine side, oil-pressure sensor, high voltage output, low voltage sensors, high or low sensors on frequncy out, fuel level alams, temperature alarms or sensors tripping, fuel pressure sensors, vibration monitors (may or may be recorded), stress or turbine blade sensors (may or may not be instrumented), remote control feedback from master station, cooling water to mid stage recovery coolers, or cooling water for oil (depends on systems); all secondary heat recovery systems - which could be as complex as a full steam power plant. temperature alarms in inlet, outlet, mid stages.

Might be others. Most of these sensors you would find on all convential turbines and generators too. Plus hundreds of sensors in steam and condensate systems of regular steam cycle power plants.

Remember, not all of these will be sensitive, not all will be affected by dates or badly processed date information. But it only takes one to trip out the generator untill it is found and replaced or placed in "emergency run" conditions. And troubleshooting could be very difficult.

