IEC 60870-5

Last updated

IEC 60870 part 5 [1] is one of the IEC 60870 set of standards which define systems used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. Part 5 provides a communication profile for sending basic telecontrol messages between two systems, which uses permanent directly connected data circuits between the systems. The IEC Technical Committee 57 (Working Group 03) have developed a protocol standard for telecontrol, teleprotection, and associated telecommunications for electric power systems. The result of this work is IEC 60870-5. Five documents specify the base IEC 60870-5:

Contents

The IEC Technical Committee 57 has also generated companion standards:

IEC 60870-5-101/102/103/104 are companion standards generated for basic telecontrol tasks, transmission of integrated totals, data exchange from protection equipment & network access of IEC101 respectively.

IEC 60870-5-101

IEC 60870-5-101 [IEC101] is a standard for power system monitoring, control & associated communications for telecontrol, teleprotection, and associated telecommunications for electric power systems. This is completely compatible with IEC 60870-5-1 to IEC 60870-5-5 standards and uses standard asynchronous serial tele-control channel interface between DTE and DCE. The standard is suitable for multiple configurations like point-to-point, star, multidrop etc.

Features

Frame format

The character format of IEC 101 uses 1 bit each for start, stop and parity, as well as 8 data bits. FT1.2 (defined in IEC 60870-5-1) is used for frame format of IEC 101 which is suitable for asynchronous serial communication with Hamming distance of 4. This uses 3 types of frame formats - Frame with variable length ASDU, Frame with fixed length & single character. Single character is used for acknowledgments, fixed length frames are used for commands & variable lengths are used for sending data. The details of variable length frame is given below

IEC 101 Frame Format, Variable length
Data unitNameFunction
Start FrameStart CharacterIndicates start of Frame
Length Field (*2)Total length of Frame
Start Character (repeat)Repeat provided for reliability
Control FieldIndicates control functions like message direction
Link Address (0,1 or 2)Normally used as the device / station address
Data Unit IdentifierType IdentifierDefines the data type which contains specific format of information objects
Variable Structure QualifierIndicates whether type contains multiple information objects or not
COT (1 or 2)Indicates causes of data transmissions like spontaneous or cyclic
ASDU Address (1 or 2)Denotes separate segments and its address inside a device
Information ObjectInformation Object Address (1 or 2 or 3)Provides address of the information object element
Information Elements (n)Contains details of the information element depending on the type
Information Object-2-----
----------
Information Object-m
Stop FrameChecksumUsed for Error checks
Stop CharIndicates end of a frame

Types supported

--

IEC 60870-5-103

IEC 60870-5-103 [IEC103] is a standard for power system control and associated communications. It defines a companion standard that enables interoperability between protection equipment and devices of a control system in a substation. The device complying with this standard can send the information using two methods for data transfer - either using the explicitly specified application service data units (ASDU) or using generic services for transmission of all the possible information. The standard supports some specific protection functions and provides the vendor a facility to incorporate its own protective functions on private data ranges.

Frame format

IEC 103 uses FT1.2 (defined in IEC 60870-5-1) for frame format having options of Frame with variable length, Frame with fixed length & single character similar to IEC 101. Single character is used for acknowledgments, fixed length frames are used for commands & variable lengths are used for sending data. However the frame format of IEC 103 differs from IEC 101 in information object address which is split into function type (ftype) and information number (inumber) in IEC 103. Also IEC 103 can have only single information object in a frame whereas IEC 101 can have multiple information objects. Many of the field sizes are also restricted in IEC 103. The details of variable length frame is given below

IEC 103 Frame Format, Variable length
Data unitNameFunction
Start FrameStart CharacterIndicates start of Frame
Length Field (*2)Total length of Frame
Start Character (repeat)Repeat provided for reliability
Control FieldIndicates control functions like message direction
Link Address (1 or 2)Normally used as the device / station address
Data Unit IdentifierType IdentifierDefines the data type which contains specific format of information objects
Variable Structure QualifierIndicates whether type contains multiple information objects or not
COTIndicates causes of data transmissions like spontaneous or cyclic
ASDU AddressDenotes separate segments and its address inside a device
Information ObjectFunction TypeProvides function type of the protection equipment used
Information NumberDefines the information number within a given function type
Information Elements (n)Contains details of the information element depending on the type
Stop FrameChecksumUsed for Error checks
Stop CharIndicates end of a frame

Supported Types

IEC 60870-5-104

IEC 60870-5-104 (IEC 104) protocol is an extension of IEC 101 protocol with the changes in transport, network, link & physical layer services to suit the complete network access. The standard uses an open TCP/IP interface to network to have connectivity to the LAN (local area network) and routers with different facility (ISDN, X.25, Frame Relay etc.) can be used to connect to the wide area network (WAN). Application layer of IEC 104 is preserved same as that of IEC 101 with some of the data types and facilities not used. There are two separate link layers defined in the standard, which is suitable for data transfer over Ethernet & serial line (PPP - Point-to-Point Protocol). The control field data of IEC104 contains various types of mechanisms for effective handling of network data synchronization.

The security of IEC 104, by design has been proven to be problematic, [2] as many of the other SCADA protocols developed around the same time. Though the IEC technical committee (TC) 57 have published a security standard IEC 62351, which implements encryption tunneling and network monitoring in an effort to address attacks such as packet replay and man-in-the-middle. Due to the increase in complexity and cost, system owners are reluctant to roll this out on their networks.

Related Research Articles

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

IEEE 802.2 is the original name of the ISO/IEC 8802-2 standard which defines logical link control (LLC) as the upper portion of the data link layer of the OSI Model. The original standard developed by the Institute of Electrical and Electronics Engineers (IEEE) in collaboration with the American National Standards Institute (ANSI) was adopted by the International Organization for Standardization (ISO) in 1998, but it remains an integral part of the family of IEEE 802 standards for local and metropolitan networks.

The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the payload. Control information provides data for delivering the payload. Typically, control information is found in packet headers and trailers.

Supervisory control and data acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

High-Level Data Link Control (HDLC) is a bit-oriented code-transparent synchronous data link layer protocol developed by the International Organization for Standardization (ISO). The standard for HDLC is ISO/IEC 13239:2002.

AES3 is a standard for the exchange of digital audio signals between professional audio devices. An AES3 signal can carry two channels of pulse-code-modulated digital audio over several transmission media including balanced lines, unbalanced lines, and optical fiber.

<span class="mw-page-title-main">Remote terminal unit</span> Computer peripheral to collect telemetry data

A remote terminal unit (RTU) is a microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or SCADA system by transmitting telemetry data to a master system, and by using messages from the master supervisory system to control connected objects. Other terms that may be used for RTU are remote telemetry unit and remote telecontrol unit.

<span class="mw-page-title-main">Profibus</span> Communications protocol

Profibus is a standard for fieldbus communication in automation technology and was first promoted in 1989 by BMBF and then used by Siemens. It should not be confused with the Profinet standard for Industrial Ethernet. Profibus is openly published as type 3 of IEC 61158/61784-1.

Modbus is a data communications protocol originally published by Modicon in 1979 for use with its programmable logic controllers (PLCs). Modbus has become a de facto standard communication protocol and is now a commonly available means of connecting industrial electronic devices.

In electrical engineering and power system automation, the International Electrotechnical Commission 60870 standards define systems used for telecontrol. Such systems are used for controlling electric power transmission grids and other geographically widespread control systems. By use of standardized protocols, equipment from many different suppliers can be made to interoperate. IEC standard 60870 has six parts, defining general information related to the standard, operating conditions, electrical interfaces, performance requirements, and data transmission protocols. The 60870 standards are developed by IEC Technical Committee 57.

IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. It is a part of the International Electrotechnical Commission's (IEC) Technical Committee 57 reference architecture for electric power systems. The abstract data models defined in IEC 61850 can be mapped to a number of protocols. Current mappings in the standard are to Manufacturing Message Specification (MMS), GOOSE [see section 3, Terms and definitions, term 3.65 on page 14], SV or SMV, and soon to web services. In the previous version of the standard, GOOSE stood for "Generic Object Oriented Substation Event", but this old definition is still very common in IEC 61850 documentation. These protocols can run over TCP/IP networks or substation LANs using high speed switched Ethernet to obtain the necessary response times below four milliseconds for protective relaying.

<span class="mw-page-title-main">DNP3</span> Computer network protocol

Distributed Network Protocol 3 (DNP3) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations, Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter-Control Center Communications Protocol, is used for inter-master station communications. Competing standards include the older Modbus protocol and the newer IEC 61850 protocol.

CANopen is a communication protocol and device profile specification for embedded systems used in automation. In terms of the OSI model, CANopen implements the layers above and including the network layer. The CANopen standard consists of an addressing scheme, several small communication protocols and an application layer defined by a device profile. The communication protocols have support for network management, device monitoring and communication between nodes, including a simple transport layer for message segmentation/desegmentation. The lower level protocol implementing the data link and physical layers is usually Controller Area Network (CAN), although devices using some other means of communication can also implement the CANopen device profile.

IEC 60870 part 6 in electrical engineering and power system automation, is one of the IEC 60870 set of standards which define systems used for telecontrol in electrical engineering and power system automation applications. The IEC Technical Committee 57 have developed part 6 to provide a communication profile for sending basic telecontrol messages between two systems which is compatible with ISO standards and ITU-T recommendations.

IEC 61334, known as Distribution automation using distribution line carrier systems, is a standard for low-speed reliable power line communications by electricity meters, water meters and SCADA. It is also known as spread frequency-shift keying (S-FSK) and was formerly known as IEC 1334 before IEC's most recent renumbering. It is actually a series of standards describing the researched physical environment of power lines, a well-adapted physical layer, a workable low-power media access layer, and a management interface. Related standards use the physical layer, but not the higher layers.

The Open Smart Grid Protocol (OSGP) is a family of specifications published by the European Telecommunications Standards Institute (ETSI) used in conjunction with the ISO/IEC 14908 control networking standard for smart grid applications. OSGP is optimized to provide reliable and efficient delivery of command and control information for smart meters, direct load control modules, solar panels, gateways, and other smart grid devices. With over 5 million OSGP based smart meters and devices deployed worldwide it is one of the most widely used smart meter and smart grid device networking standards.

VHPready is an open industry standard for the control of decentralised power generation plants, consumers and energy storage systems via a central control centre. The uniform use of this standard enables the flexible connection of decentralized power plants to virtual power plants and Smart Grid applications.

TRAME was the name of the second computer network in the world similar to the internet to be used in an electric utility. Like the internet, the base technology was packet switching; it was developed by the electric utility ENHER in Barcelona. It was deployed by the same utility, first in Catalonia and Aragón, Spain, and later in other places. Its development started in 1974 and the first routers, called nodes at that time, were deployed by 1978. The network was in operation until 2016 with successive technological software and hardware updates.

References

  1. Gordon R. Clarke et al, Practical modern SCADA protocols: DNP3, 60870.5 and related systems, Newnes, 2004 ISBN   0-7506-5799-5
  2. Maynard, Peter; McLaughlin, Kieran; Haberler, Berthold (11 September 2014). "Towards Understanding Man-In-The-Middle Attacks on IEC 60870-5-104 SCADA Networks". 2nd International Symposium for ICS & SCADA Cyber Security Research 2014: 30–42. doi: 10.14236/ewic/ics-csr2014.5 . ISBN   9781780172866 . Retrieved 30 June 2015.