IEC 60870-5

IEC 60870 part 5 [1] is one of the IEC 60870 set of standards which define systems used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. Part 5 provides a communication profile for sending basic telecontrol messages between two systems, which uses permanent directly connected data circuits between the systems. The IEC Technical Committee 57 (Working Group 03) have developed a protocol standard for telecontrol, teleprotection, and associated telecommunications for electric power systems. The result of this work is IEC 60870-5. Five documents specify the base IEC 60870-5:

  • IEC 60870-5-1 Transmission Frame Formats
  • IEC 60870-5-2 Data Link Transmission Services
  • IEC 60870-5-3 General Structure of Application Data
  • IEC 60870-5-4 Definition and Coding of Information Elements
  • IEC 60870-5-5 Basic Application Functions
  • IEC 60870-5-6 Guidelines for conformance testing for the IEC 60870-5 companion standards
  • IEC TS 60870-5-7 Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351)

The IEC Technical Committee 57 has also generated companion standards:

  • IEC 60870-5-101 Transmission Protocols - companion standards especially for basic telecontrol tasks
  • IEC 60870-5-102 Transmission Protocols - Companion standard for the transmission of integrated totals in electric power systems (this standard is not widely used)
  • IEC 60870-5-103 Transmission Protocols - Companion standard for the informative interface of protection equipment
  • IEC 60870-5-104 Transmission Protocols - Network access for IEC 60870-5-101 using standard transport profiles
  • IEC TS 60870-5-601 Transmission protocols - Conformance test cases for the IEC 60870-5-101 companion standard
  • IEC TS 60870-5-604 Conformance test cases for the IEC 60870-5-104 companion standard

IEC 60870-5-101/102/103/104 are companion standards generated for basic telecontrol tasks, transmission of integrated totals, data exchange from protection equipment & network access of IEC101 respectively.

IEC 60870-5-101

IEC 60870-5-101 [IEC101] is a standard for power system monitoring, control & associated communications for telecontrol, teleprotection, and associated telecommunications for electric power systems. This is completely compatible with IEC 60870-5-1 to IEC 60870-5-5 standards and uses standard asynchronous serial tele-control channel interface between DTE and DCE. The standard is suitable for multiple configurations like point-to-point, star, mutidropped etc.

Features

  • Supports unbalanced (only master initiated message) & balanced (can be master/slave initiated) modes of data transfer.
  • Link address and ASDU (Application Service Data Unit) addresses are provided for classifying the end station and different segments under the same.
  • Data is classified into different information objects and each information object is provided with a specific address.
  • Facility to classify the data into high priority (class-1) and low priority (class-2) and transfer the same using separate mechanisms.
  • Possibility of classifying the data into different groups (1-16) to get the data according to the group by issuing specific group interrogation commands from the master & obtaining data under all the groups by issuing a general interrogation.
  • Cyclic & Spontaneous data updating schemes are provided.
  • Facility for time synchronization
  • Schemes for transfer of files-Example:IED's will store disturbance recorder file in the memory, When electrical disturbance is occurred in the field. This file can be retrieved through IEC103 protocol for fault analysis

Frame format

Character format of IEC 101 uses 1 start bit, 1 stop bit, 1 parity bit & 8 data bits. FT1.2 (defined in IEC 60870-5-1) is used for frame format of IEC 101 which is suitable for asynchronous communication with hamming distance of 4. This uses 3 types of frame formats - Frame with variable length ASDU, Frame with fixed length & single character. Single character is used for acknowledgments, fixed length frames are used for commands & variable lengths are used for sending data. The details of variable length frame is given below

IEC 101 Frame Format, Variable length
Data unit Name Function
Start Frame Start Character Indicates start of Frame
Length Field (*2) Total length of Frame
Start Character (repeat) Repeat provided for reliability
Control Field Indicates control functions like message direction
Link Address (0,1 or 2) Normally used as the device / station address
Data Unit Identifier Type Identifier Defines the data type which contains specific format of information objects
Variable Structure Qualifier Indicates whether type contains multiple information objects or not
COT (1 or 2) Indicates causes of data transmissions like spontaneous or cyclic
ASDU Address (1 or 2) Denotes separate segments and its address inside a device
Information Object Information Object Address (1 or 2 or 3) Provides address of the information object element
Information Elements (n) Contains details of the information element depending on the type
Information Object-2 -----
----- -----
Information Object-m
Stop Frame Checksum Used for Error checks
Stop Char Indicates end of a frame

Types supported

  • Single indication without / with 24 / with 56 bit timestamps.
  • Double indication without / with 24 / with 56 bit timestamps.
  • Step position information without / with 24 / with 56 bit timestamps.
  • Measured value – normalized, scaled, short floating point without / with timestamps.
  • Bitstring of 32 bit without / with timestamps.
  • Integrated totals (counters) without / with timestamps.
  • Packed events (start & tripping ) of protection equipments
  • Single commands
  • Double commands
  • Regulating step command
  • Set point commands of various data formats
  • Bitstring commands
  • Interrogation commands
  • Clock synchronization & delay acquisition commands
  • Test & reset commands

--

IEC 60870-5-103

IEC 60870-5-103 [IEC103] is a standard for power system control and associated communications. It defines a companion standard that enables interoperability between protection equipment and devices of a control system in a substation. The device complying with this standard can send the information using two methods for data transfer - either using the explicitly specified application service data units (ASDU) or using generic services for transmission of all the possible information. The standard supports some specific protection functions and provides the vendor a facility to incorporate its own protective functions on private data ranges.

Frame format

IEC 103 uses FT1.2 (defined in IEC 60870-5-1) for frame format having options of Frame with variable length, Frame with fixed length & single character similar to IEC 101. Single character is used for acknowledgments, fixed length frames are used for commands & variable lengths are used for sending data. However the frame format of IEC 103 differs from IEC 101 in information object address which is split into function type (ftype) and information number (inumber) in IEC 103. Also IEC 103 can have only single information object in a frame whereas IEC 101 can have multiple information objects. Many of the field sizes are also restricted in IEC 103. The details of variable length frame is given below

IEC 103 Frame Format, Variable length
Data unit Name Function
Start Frame Start Character Indicates start of Frame
Length Field (*2) Total length of Frame
Start Character (repeat) Repeat provided for reliability
Control Field Indicates control functions like message direction
Link Address (1 or 2) Normally used as the device / station address
Data Unit Identifier Type Identifier Defines the data type which contains specific format of information objects
Variable Structure Qualifier Indicates whether type contains multiple information objects or not
COT Indicates causes of data transmissions like spontaneous or cyclic
ASDU Address Denotes separate segments and its address inside a device
Information Object Function Type Provides function type of the protection equipment used
Information Number Defines the information number within a given function type
Information Elements (n) Contains details of the information element depending on the type
Stop Frame Checksum Used for Error checks
Stop Char Indicates end of a frame

Supported Types

  • Type 1 — Time-tagged message
  • Type 2 — Time-tagged message with relative time
  • Type 3 — Measurands I
  • Type 4 — Time-tagged measurands with relative time
  • Type 5 — Identification
  • Type 6 — Time synchronization
  • Type 7 — Start of General interrogation
  • Type 8 —- General interrogation termination
  • Type 9 — Measurands II
  • Type 10 — Generic data
  • Type 11 — Generic identification
  • Type 23–31 — Used for transferring disturbance files

IEC 60870-5-104

IEC 60870-5-104 (IEC 104) protocol is an extension of IEC 101 protocol with the changes in transport, network, link & physical layer services to suit the complete network access. The standard uses an open TCP/IP interface to network to have connectivity to the LAN (Local Area Network) and routers with different facility (ISDN, X.25, Frame relay etc.) can be used to connect to the WAN (Wide Area Network). Application layer of IEC 104 is preserved same as that of IEC 101 with some of the data types and facilities not used. There are two separate link layers defined in the standard, which is suitable for data transfer over Ethernet & serial line (PPP - Point-to-Point Protocol). The control field data of IEC104 contains various types of mechanisms for effective handling of network data synchronization.

The security of IEC 104, by design has been proven to be problematic,[2] as many of the other SCADA protocols developed around the same time. Though the IEC technical committee (TC) 57 have published a security standard IEC 62351, which implements end-to-end encryption which would prevent such attacks as replay, man-in-the-middle and packet injection. Unfortunately due to the increase in complexity vendors are reluctant to roll this out on their networks.

References

  1. ^ Gordon R. Clarke et al, Practical modern SCADA protocols: DNP3, 60870.5 and related systems, Newnes, 2004 ISBN 0-7506-5799-5
  2. ^ Maynard, Peter; McLaughlin, Kieran; Haberler, Berthold (11 September 2014). "Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks". 2nd International Symposium for ICS & SCADA Cyber Security Research 2014: 30–42. doi:10.14236/ewic/ics-csr2014.5. Retrieved 30 June 2015.

External links

  • Eclipse NeoSCADA™, IEC 60870-5-104 client and server Java implementation in Eclipse NeoSCADA™, EPL-licensed
  • j60870, IEC 60870-5-104 client and server Java library at openmuc.org, GPL-licensed
  • part5 IEC 60870-5-101 & IEC 60870-5-104 client and server Go implementation, public domain
  • IEC 60870-5 Training Videos
Cyclic redundancy check

A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data. Blocks of data entering these systems get a short check value attached, based on the remainder of a polynomial division of their contents. On retrieval, the calculation is repeated and, in the event the check values do not match, corrective action can be taken against data corruption. CRCs can be used for error correction (see bitfilters).CRCs are so called because the check (data verification) value is a redundancy (it expands the message without adding information) and the algorithm is based on cyclic codes. CRCs are popular because they are simple to implement in binary hardware, easy to analyze mathematically, and particularly good at detecting common errors caused by noise in transmission channels. Because the check value has a fixed length, the function that generates it is occasionally used as a hash function.

The CRC was invented by W. Wesley Peterson in 1961; the 32-bit CRC function, used in Ethernet and many other standards, is the work of several researchers and was published in 1975.

DNP3

DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (a.k.a. Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter-Control Center Communications Protocol (a part of IEC 60870-6), is used for inter-master station communications. Competing standards include the older Modbus protocol and the newer IEC 61850 protocol.

IEC 60870

In electrical engineering and power system automation, the International Electrotechnical Commission 60870 standards define systems used for telecontrol (supervisory control and data acquisition). Such systems are used for controlling electric power transmission grids and other geographically widespread control systems. By use of standardized protocols, equipment from many different suppliers can be made to interoperate. IEC standard 60870 has six parts, defining general information related to the standard, operating conditions, electrical interfaces, performance requirements, and data transmission protocols. The 60870 standards are developed by IEC Technical Committee 57 (Working Group 03).

IEC 60870-6

IEC 60870 part 6 is one of the IEC 60870 set of standards which define systems used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. The IEC Technical Committee 57 (Working Group 03) have developed part 6 to provide a communication profile for sending basic telecontrol messages between two systems which is compatible with ISO standards and ITU-T recommendations.

IEC 61400-25

International standard IEC 61400-25 (Communications for monitoring and control of wind power plants, TC 88) provides uniform information exchange for monitoring and control of wind power plants. This addresses the issue of proprietary communication systems utilizing a wide variety of protocols, labels, semantics, etc., thus enabling one to exchange information with different wind power plants independently of a vendor. It is a subset of IEC 61400; a set of standards for designing wind turbines.The IEC 61400-25 standard is a basis for simplifying the roles that the wind turbine and SCADA systems have to play. The crucial part of the wind power plant information, information exchange methods, and communication stacks are standardized. They build a basis to which procurement specifications and contracts could easily refer.

The standard has specified five mapping (IEC 61400-25-4) to communication protocol stacks in order to address the real wind power business needs for communication. The mappings specified in the part of IEC 61400-25 comprises a mapping to SOAP-based web services, OPC/XML-DA, IEC 61850-8-1 MMS, IEC 60870-5-104 and a mapping to DNP3.

IEC 61850

IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. It is a part of the International Electrotechnical Commission's (IEC) Technical Committee 57 reference architecture for electric power systems. The abstract data models defined in IEC 61850 can be mapped to a number of protocols. Current mappings in the standard are to MMS (Manufacturing Message Specification), GOOSE (Generic Object Oriented Substation Event), SMV (Sampled Measured Values), and soon to Web Services. These protocols can run over TCP/IP networks or substation LANs using high speed switched Ethernet to obtain the necessary response times below four milliseconds for protective relaying.

IEC 62351

IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.

IEC TC 57

IEC Technical Committee 57 is one of the technical committees of the International Electrotechnical Commission (IEC). TC 57 is responsible for development of standards for information exchange for power systems and other related systems including Energy Management Systems, SCADA, distribution automation & teleprotection.

Industroyer

Industroyer (also referred to as Crashoverride) is a malware framework considered to have been used in the cyberattack on Ukraine’s power grid on December 17, 2016.

The attack cut a fifth of Kiev, the capital, off power for one hour and is considered to have been a large-scale test.

The Kiev incident was the second cyberattack on Ukraine's power grid in two years. The first attack occurred on December 23rd, 2015. Industroyer is the first ever known malware specifically designed to attack electrical grids.

At the same time, it is the fourth malware publicly revealed to target industrial control systems, after Stuxnet, Havex, BlackEnergy, and TRITON/TRISIS.

List of TCP and UDP port numbers

This is a list of TCP and UDP port numbers used by protocols of the application layer of the Internet protocol suite for the establishment of host-to-host connectivity.

The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full-duplex, bidirectional traffic. The Stream Control Transmission Protocol (SCTP) and the Datagram Congestion Control Protocol (DCCP) also use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist.

The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. However, many unofficial uses of both well-known and registered port numbers occur in practice. Similarly many of the official assignments refer to protocols that were never or are no longer in common use. This article lists port numbers and their associated protocols that have experienced significant uptake.

List of automation protocols

This is a list of communication protocols used for the automation of processes (industrial or otherwise), such as for building automation, power-system automation, automatic meter reading, and vehicular automation.

Remote terminal unit

A remote terminal unit (RTU) is a microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or SCADA (supervisory control and data acquisition) system by transmitting telemetry data to a master system, and by using messages from the master supervisory system to control connected objects. Other terms that may be used for RTU are remote telemetry unit and remote telecontrol unit.

SCADA

Supervisory Control and Data Acquisition (SCADA) is a control system architecture that uses computers, networked data communications and graphical user interfaces for high-level process supervisory management, but uses other peripheral devices such as programmable logic controller (PLC) and discrete PID controllers to interface with the process plant or machinery.

The use of SCADA has been also considered for management and operations of project-driven-process in construction.

TRAME

TRAME(TRAnsmission of MEssages) was the name of the second computer network in the world similar to Internet to be used in an electric utility. Like Internet, the base technology was packet switching and it was developed by the electric utility ENHER in Barcelona and deployed by this same Utility first in Catalonia and Aragón, Spain, and later in other places. Its development started in year 1974 and the first routers, called nodes by that time, were deployed by year 1978. The network has been in operation until year 2016 (38 years), obviously with successive technological software and hardware updates.

VHPready

VHPready (abbreviation for Virtual Heat and Power Ready) is an open industry standard for the control of decentralised power generation plants, consumers and energy storage systems via a central control centre. The uniform use of this standard enables the flexible connection of decentralized power plants to virtual power plants and Smart Grid applications.

VHPready was originally developed by Vattenfall on the basis of international communication standards and was initially used to network its own plants. At the beginning of 2014, Vattenfall handed over the standard with all rights to the Industrieforum VHPready e. V., which had been significantly prepared by the Fraunhofer Institute for Open Communication Systems (FOKUS) and took over the further development and dissemination as an international industry standard.

Process automation
Industrial control system
Building automation
Power-system automation
Automatic meter reading
Automobile / Vehicle
IEC standards
ISO/IEC standards
Related

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.