Traditionally it is considered preferable to have backup protection for power systems which should be designed to avoid common-mode failure. Thus using a different protection function type, independent sets of CT/VTs, separate relays, a separate auxiliary power supply etc are to be considered, albeit not always economically justified depending on the asset being protected.
We are looking at the protection of an asset with main and backup protection on separate multifunction relays; however the supplier has suggested essentially the same relay for both, using different functions. Is there much merit, these days, in advocating for these relays to be from different manufacturers?
Arguments for are avoiding common mode failures in the device itself (e.g. manufacturing defects or firmware errors) and improving the cybersecurity (less likelihood that both devices will be incidentally compromised and less likelihood that both devices will be exploitable from unpatched vulnerabilities at the same time*) for devices which may be in place for decades.
Arguments against are that it adds complexity for the control scheme (physically and logically, even if they do use a harmonised protocol) and operators would have two different relays to navigate introducing a risk of human error. Further on cybersecurity the easiest and most likely way to cause problems with a compromised relay would be to cause it to trip, and changing the manufacturer of the other device will not prevent that (though it would make it easier to identify post-hoc).
Does anyone have any thoughts on this? Throwing it out there to make sure I'm not discussing it in an echo-chamber within the team.
*I am not a cyber-security expert, as I am sure you can tell
