ICS SFC/SEE Replacement

I’d like to talk about the importance of replacing your SFC/SEE in time.

What is an SFC/SEE replacement?

Your Static Frequency Converter (SFC) and Static Excitation Equipment (SEE) are the systems that start your gas turbine and control the generator's voltage output. Without them, your turbine simply does not start – and when excitation degrades, voltage instability follows.

In the 1990s–2000s, Siemens SGT5 F-Class fleets, these systems are now 15–30+ years old. They were built with hardware and software that is no longer manufactured, no longer patched, and no longer supported by the OEM. That makes your SFC/SEE the single highest-risk component in your entire generating unit.

Why does this matter right now?

Several risks are converging simultaneously:

• Forced outages – when the SFC fails, the turbine cannot start. No generation. No capacity payments. Direct revenue loss.
• Grid-code non-compliance — modern Transmission System Operators (TSOs) demand AVR/PSS models in PSSE format and on-load validation that ageing systems cannot deliver.
• Cyber exposure – legacy systems running unpatched Windows with open remote access violate DOE (UAE), NCA OTCC (Saudi Arabia), and emerging regional cybersecurity mandates. Fines, audits, and personal executive liability are now on the table.
• Spare parts gone – OEM parts and factory support have been discontinued. Each failure is harder and slower to repair than the last.
• Insurance pressure – insurers and refinancers increasingly demand proof of cyber compliance on critical infrastructure. Non-compliant plants face higher premiums or reduced coverage.

The question is not if your SFC/SEE will fail – but when.

What comes next in this series?

Over the following seven emails, we'll walk through the specific risk areas that make a timely SFC/SEE replacement essential – and what ignoring each one can cost your plant:

1. Obsolescence
2. Integration with legacy systems
3. Grid-Code & Cyber Compliance
4. Start reliability
5. Ageing infrastructure
6. Cyber Security Hardening
7. Vendor-neutral solutions

Each email is a short, focused read – designed to give you and your team a clear understanding of the risks and how to address them.

Up next: Obsolescence – why "it still works" is the most expensive assumption in power generation.

Talk soon,

Petr Roupec
CEO, Bohemia Market

I trust your week is going well.

In our last email, we outlined why your SFC/SEE has become your plant's biggest single point of failure. Today, let's zoom in on the first and most immediate driver: Obsolescence.

What is obsolescence in this context?

Obsolescence means the hardware, software, and firmware inside your SFC and SEE are no longer manufactured, sold, or supported by the original equipment manufacturer. This includes control boards, thyristor stacks, processor modules, communication cards, and the operating systems that run them. When a component fails, there is no factory to call, no warehouse to ship from, and no engineer trained on that specific revision of the system.

Why does this matter?

Obsolescence does not announce itself with a warning light. It manifests the moment something breaks – and your team discovers that the replacement part has a 6–12 month lead time, if it exists at all. For gas turbines that provide baseload or peaking capacity to the grid, every day of unplanned downtime results in lost megawatt-hours, capacity payment penalties, and strained contractual obligations.

In the Middle East, where ambient temperatures push gas turbines harder, and grid demand peaks are unforgiving, a stranded unit isn't an inconvenience – it's a financial emergency.

What happens when obsolescence is ignored?

In August 2024, a power plant in Hungary experienced exactly this scenario. A 25-year-old Static Frequency Converter suffered a control system malfunction that shut down the unit. No compatible spare parts were available. The OEM no longer supported the system. The plant was forced into an unplanned outage – not because of catastrophic mechanical failure, but because of a single obsolete component.

Now imagine that scenario at your plant, during summer peak demand, with grid penalties accruing daily.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service addresses obsolescence at its root. Rather than chasing discontinued parts and improvising repairs, a modular replacement ensures your plant runs on current-generation hardware with a documented supply chain, structured spare-parts availability, and long-term support – so the next component failure is a routine maintenance event, not a crisis.

Coming up next: Integration with legacy systems – because replacing the SFC/SEE is only half the challenge. The other half is making it work seamlessly with your existing DCS.

Best regards,

Petr Roupec
CEO, Bohemia Market

Last time, we discussed how obsolescence turns a simple component failure into a plant-level crisis. But here's the follow-up question most plants don't ask early enough: When you do replace your SFC/SEE, how does it talk to everything else?

What is the legacy integration challenge?

Your SFC and SEE don't operate in isolation. They exchange critical signals with your Distributed Control System (DCS) – whether that's a Siemens T3000, TXP T2000, Emerson Ovation, or another platform. They interface with protection relays, the generator, and the grid operator's SCADA systems.

Legacy systems were built with proprietary protocols and hardwired connections that modern equipment doesn't natively support. The gap between your existing DCS architecture and a new SFC/SEE creates a real engineering challenge – one that, if underestimated, can turn a 12-day outage window into months of troubleshooting.

Why does this matter?

Integration is where many SFC/SEE replacement projects fail or stall – not because the new equipment doesn't work, but because it cannot communicate cleanly with the plant's existing control infrastructure. Protocol mismatches, signal mapping errors, and timing conflicts between old and new systems can cause start failures, protection malfunctions, and unreliable excitation control.

In the Middle East, where many plants run Siemens F-Class turbines commissioned in the late 1990s and 2000s, the DCS platforms are often just as aged as the SFC/SEE being replaced. The integration scope can be substantial.

What happens when integration is treated as an afterthought?

During one SFC/SEE replacement project in Singapore, the OEM initially stated it would be impossible to integrate a new SFC/SEE with the plant's existing DCS/TXP T2000. Had the operator accepted that claim at face value, they would have faced a far larger scope – potentially replacing both the SFC/SEE and the DCS simultaneously, with all the cost, outage time, and risk that entails.

Instead, with the right engineering approach, the new system was seamlessly integrated with the existing T2000 – not once, but twice across two units – within planned 12-day outage windows.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service is engineered for real-world integration from day one. Clean interfaces via Profibus DP ensure compatibility with your existing DCS – without requiring a full control system overhaul. Factory mock-up testing against your plant's actual DCS configuration validates every signal path before installation begins, so the outage window stays on schedule.

Coming up next: Grid-Code & Cyber Compliance – the regulatory requirements that your new SFC/SEE must satisfy before it's allowed to generate a single megawatt.

Best regards,

Petr Roupec
CEO, Bohemia Market

In the previous email, we covered why integration with your existing DCS is a make-or-break factor in any SFC/SEE replacement. Today, we're looking at the regulatory dimension – because even a perfectly installed system is worthless if it doesn't meet your grid operator's and cybersecurity authority's requirements.

What is Grid-Code & Cyber Compliance?

Grid-code compliance means your generating unit meets the technical requirements set by your Transmission System Operator (TSO) – including AVR/PSS performance models (typically IEEE 421.5 PSS2B in PSSE format), on-load testing, fault-ride-through capability, and reactive power control. These requirements ensure your plant supports grid stability, not undermines it.

Cyber compliance means your OT systems meet the cybersecurity controls mandated by your regional authority. In the Middle East, this includes:

• Saudi Arabia: NCA Essential Cybersecurity Controls (ECC) and Operational Technology Cybersecurity Controls (OTCC-1:2022) – mandatory for all government and private-sector critical national infrastructure operators.
• UAE: NESA Information Assurance Standards – 188 controls covering critical infrastructure sectors, including energy, with mandatory annual audits for the most critical facilities.
• Region-wide: Alignment with IEC 62443 for OT/ICS security, with increasing enforcement and penalty frameworks across GCC states.

Why does this matter?

Regulators and TSOs across the Middle East are simultaneously tightening requirements. Saudi Arabia's NCA now has explicit enforcement authority with substantial fines for non-compliance, following the December 2024 NCA Regulations. The UAE's NESA mandates annual OT security assessments for designated critical infrastructure.

Ageing SFC/SEE systems cannot deliver the AVR/PSS model documentation, the on-load test results, or the cybersecurity posture that these regulators demand. Running a non-compliant system is not just a technical gap – it's an executive liability.

What happens when compliance is deferred?

Consider this: a power plant passes its grid code validation when it is originally commissioned. Ten years later, the TSO updates its requirements – new PSS models, new fault-ride-through criteria, new reactive power envelopes. The plant's ageing SEE cannot meet the updated AVR response requirements. The TSO issues a remedial action notice. The unit is derated, capacity payments are reduced, and the plant enters a compliance remediation cycle that takes months –  all while generating at reduced output.

Now layer on a cybersecurity audit. The legacy SFC/SEE runs unpatched Windows, has open remote access ports, and lacks an audit trail for configuration changes. The auditor flags it as non-compliant. Under new NCA regulations, this triggers fines and mandatory remediation timelines. Under NESA, it means potential licence conditions.

Both situations are avoidable – with the right replacement.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service delivers compliance from day one. Grid-code compliance is built into the project scope – IEEE 421.5 PSS2B/PSS3B models in PSSE and PSCAD format, on-load testing coordination with your TSO, and full documentation for regulatory acceptance. On the cyber side, hardened OS baselines, application whitelisting, MFA, centralised logging, and IEC 62443 alignment are standard – not add-ons.

Coming up next: Start reliability – what actually happens in the seconds between "start command" and "turbine online," and why your SFC is the gatekeeper.

Best regards,

Petr Roupec
CEO, Bohemia Market

In the last email, we covered why grid-code and cyber compliance are non-negotiable. But there's one thing that comes before compliance, before revenue, before everything: your turbine has to start.

What is start reliability?

Start reliability is the probability that your gas turbine will successfully complete a start sequence when called upon. The Static Frequency Converter (SFC) is the system that makes this happen – it acts as the initial mover, effectively turning your generator into a motor to rotate the turbine up to self-sustaining speed.

If the SFC fails, the turbine does not start. It is as simple – and as consequential – as that.

Why does this matter?

In the Middle East, gas turbines are often called upon to start rapidly in response to grid demand – whether for daily peaking cycles, emergency black-start events, or load-following as renewable penetration increases. A failed start isn't just a maintenance log entry. It triggers a cascade of challenges:

• Capacity payment penalties – your offtake agreement likely penalises unavailability during peak demand windows.
• Grid reliability impact – your TSO is counting on your declared capacity. A failed start affects system-wide frequency response.
• Compounding failures – a failed start attempt can stress adjacent systems, increase wear, and require inspection before a retry.

For plants with black-start capability, a failed SFC means the grid segment cannot be restored after an outage – a scenario with serious national security implications.

What happens when reliability starts to degrade?

At a gas turbine power plant in Indonesia, an SFC malfunction – traced to a single damaged 24VDC power supply module – caused repeated start failures. The turbine could not reach operating speed. Root cause analysis using FMEA and fault-tree methods confirmed that the entire start chain depended on a small, ageing SFC component that had degraded over time.

In the Hungary case we mentioned in Email #2, a similar SFC control system failure shut down the entire unit – and with no OEM support or spare parts available, the plant could not restart.

These are not edge cases. They are the predictable outcome of running SFC equipment past its supported life.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service restores start reliability to as-new condition – with optimised acceleration ramps, multiple start modes (turbine start, black start, compressor washing, turning, boiler purging), and increased start capability. The modular design means the SFC can be replaced independently of the SEE, minimising scope, outage time, and cost. At the Pulau Seraya reference site in Singapore, the replacement system achieved a 100% start success rate from commissioning – and has maintained it since.

Coming up next: Ageing infrastructure – why the SFC/SEE isn't the only thing getting older in your plant, and why that matters for your replacement strategy.

Best regards,

Petr Roupec
CEO, Bohemia Market

In the last email, we looked at start reliability and how a single SFC failure can cause your entire turbine to ground. Today, let's take a step back and look at the bigger picture: Your SFC/SEE is ageing – but so is everything it connects to.

What do we mean by ageing infrastructure?

When we talk about ageing infrastructure in this context, we're not just referring to the SFC and SEE themselves. We mean the entire ecosystem of systems that surround them – the DCS, the protection relays, the cabling, the instrumentation, the switchgear, and the auxiliary systems, all installed in the same era. On a typical 1990s–2000s Siemens SGT5 F-Class plant, these systems are all approaching or exceeding their design life simultaneously.

Ageing infrastructure does not degrade linearly. It follows a pattern: systems operate reliably for years, then enter a phase where the frequency and severity of failures accelerate. Maintenance costs increase. Unplanned outages become more common. Each repair introduces new risk, because every intervention in an aged system can expose adjacent weaknesses.

Why does this matter?

The ageing of your plant infrastructure creates a compounding risk environment. A new SFC/SEE doesn't exist in a vacuum – it must interface with legacy systems on all sides. But equally, the continued operation of an aged SFC/SEE puts stress on everything it connects to:

• degraded excitation control increases electrical stress on the generator windings;
• poor voltage regulation propagates instability through the step-up transformer and into the grid;
• unreliable starts mean repeated thermal cycling on the turbine.

In the Middle East, where ambient temperatures routinely exceed 45°C, thermal stress accelerates component degradation across the entire plant – from electronics cabinets to cable insulation. The ageing curve is steeper than in temperate climates.

What happens when ageing infrastructure is ignored?

The International Atomic Energy Agency (IAEA), in its guidance on managing ageing and obsolescence of instrumentation and control systems, puts it clearly: "The ageing of I&C equipment has the potential to degrade the performance and reliability of such systems, which in turn can lead to a reduction in safety margins and an increase in operating and maintenance costs. Obsolescence can compound matters by making it difficult to source suitable replacements."

While that guidance was developed for the nuclear sector, the principle applies universally. When multiple ageing systems interact, the risk is no longer additive – it's multiplicative. Each failure exposes the fragility of the next system in the chain.

Plants that defer SFC/SEE replacement often find that by the time they act, the scope has expanded to include adjacent systems – turning what could have been a targeted 12-day outage into a multi-month capital project.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service is designed to work within the reality of ageing plant infrastructure – not against it. The modular, containerised approach minimises the interface footprint. Existing cabling is reused where possible to avoid disturbing aged firestopping and cable trays. The design integrates with your current DCS and protection architecture, so you address the highest-risk component (the SFC/SEE) without triggering a cascade of adjacent replacements.

Acting now, while the replacement can still be scoped as a targeted intervention, is significantly less costly and less risky than waiting until the infrastructure forces a larger overhaul.

Coming up next: Cyber Security Hardening – because connecting a new SFC/SEE to an aged control network creates risk vectors that regulators are now scrutinising closely.

Best regards,

Petr Roupec
CEO, Bohemia Market

In the last email, we looked at how ageing infrastructure compounds the risk around your SFC/SEE. Today, we're focusing on the cyber dimension – because a modern SFC/SEE connected to an unprotected network is an invitation, not a defence.

What is Cyber Security Hardening?

Cybersecurity hardening means reducing the attack surface of your industrial control systems – eliminating unnecessary access points, enforcing authentication, encrypting data flows, logging every action, and ensuring that no external connections can be used to manipulate critical setpoints or parameters.

Why does this matter?

The Middle East faces one of the most intense ICS threat landscapes in the world. In Q2 2025, the region ranked first globally for threats from email clients targeting ICS computers – 1.8 times higher than the global average. Ransomware rates on ICS systems in the Middle East were nearly double the global average, ranking second worldwide. Spyware, phishing, and malicious scripts targeting industrial systems remain consistently elevated across the region.

These are not theoretical risks. They are active, measured, and escalating.

Regional regulators are responding accordingly. Saudi Arabia's NCA OTCC-1:2022 mandates specific OT cybersecurity controls for all critical national infrastructure, including hardened OS baselines, network segmentation, access controls, and incident response. The UAE's NESA standards require annual security assessments for priority critical infrastructure. Across the GCC, enforcement is tightening, and penalties for non-compliance are becoming explicit.

What happens when cyber hardening is neglected?

Picture this: your plant completes an SFC/SEE replacement. The new system is modern, reliable, and performs beautifully. Your turbine starts every time. Your excitation control is stable.

But six months later, your cybersecurity auditor asks a simple question: "How do you monitor the operational status of this critical system? How do vendors access it for remote diagnostics? And how do you prove to your TSO and regulator that you have visibility and control over what's happening inside it?"

The answer reveals the gap: there is no secure data path between the SFC/SEE and your monitoring infrastructure. When vendors need remote access for diagnostics or support, they use VPNs with weak authentication or USB drives brought on-site – both of which are explicitly prohibited under the NCA OTCC and NESA frameworks. Performance data, event logs, and operational parameters exist only locally, with no centralised visibility or audit trail. You cannot prove compliance because you have no architecture to demonstrate it.

This is the blind spot that regulators across the Middle East are now scrutinising – not whether your SFC/SEE works, but whether you have secure, auditable visibility into its operation without creating exploitable pathways.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service includes the ICS Secure Data Transfer platform, which solves this exact problem. A hardware-based data diode architecture enforces one-way data flow – operational data exits the SFC/SEE environment and flows through an encrypted VPN to a secure cloud platform. External systems cannot send commands back through the diode. It is physically impossible for threats to traverse back to the SFC/SEE.

Every data transfer is logged with timestamps. Remote support operates through shared sessions – plant staff see every action in real time. MFA, certificate-based authentication, role-based access control, and automatic session timeouts are standard. The architecture is aligned with NERC CIP, NIS2, NCA OTCC, and NESA from the outset.

Security is not an add-on. It's built into the design.

Coming up next: Vendor-Neutral – why your SFC/SEE replacement should work with any DCS, any protocol, and any future decision you make.

Best regards,

Petr Roupec
CEO, Bohemia Market

Over the past seven emails, we've walked through the critical risk areas surrounding your SFC/SEE – from obsolescence and legacy integration to grid-code compliance, start reliability, ageing infrastructure, and cyber security hardening.

Today, we end with a topic that ties them all together: Vendor neutrality.

What does vendor-neutral mean?

Vendor-neutral means your SFC/SEE replacement is designed to integrate with any DCS platform, communicate via open standard protocols, and operate independently of any single manufacturer's ecosystem. It means your plant isn't locked into one vendor's proprietary hardware, software, or service model for the next 20 years.

Why does this matter?

Many power plants across the Middle East were built as turnkey OEM projects. The turbine, the DCS, the SFC/SEE, the excitation, and the service contract all came from one supplier. When that supplier discontinues a product line, changes its service model, or simply prioritises newer equipment, the plant is stranded.

OEM lead times for gas turbine components now average 48–60 months. Service slots are booked years in advance. When your SFC/SEE fails and the OEM is your only option, you wait – on their timeline, at their price, with limited alternatives.

Vendor lock-in is not just inconvenient. In an era of obsolescence, tightening regulations, and escalating cyber threats, it is a strategic risk. It limits your ability to respond, adapt, and make decisions that are best for your plant – not for the vendor.

What happens when vendor dependency isn't addressed?

Consider a plant that replaces its SFC/SEE with another proprietary OEM system. Five years later, the OEM announces end-of-support for that platform. The plant is back where it started – dependent on a single supplier's roadmap, with declining parts availability and no integration path to alternative providers. Every future decision – maintenance, upgrades, expansions – must go through the same vendor at whatever terms they dictate.

Now contrast that with a plant that chose a vendor-neutral solution: open interfaces, standard protocols, documented system architecture. When the time comes for the next upgrade, the plant can evaluate the market. It can integrate with a different DCS. It can source components from multiple suppliers. It retains control over its own assets.

What's the alternative?

The Bohemia Market ICS SFC/SEE Replacement service is built on vendor-neutral principles. Clean Profibus DP, Modbus TCP, Profinet, and IEC 61850 interfaces ensure seamless integration with Siemens T3000, PCS7, Emerson Ovation, or any third-party DCS. The modular, containerised design means SFC and SEE can be replaced independently, and future modules can come from the best available source, not just the only available source.

Your plant. Your choices. Your future.

What's next?

This is the final email in our educational series on the SFC/SEE Replacement. I hope it has given you and your team a clear picture of the risks – and the path forward.

If any of the topics we covered resonated – whether it's obsolescence, compliance, cyber hardening, or simply ensuring your turbine starts when you need it to – we'd welcome a conversation. No obligations, no sales pitch – just a focused discussion about your plant's specific situation.

You can reach me directly by replying to this email, or book a time here: [Insert booking link]

For a full overview of the service, visit Bohemia Market’s ICS SFC/SEE Replacement Service page.

Thank you for reading, {{first_name}}. I look forward to talking with you.

Best regards,

Petr Roupec
CEO, Bohemia Market