Thursday, November 26, 2020

IEC Offers New Web Site for IEC 61850

IEC offers a new website to provide general information about the standard series IEC 61850, IEC 62351, IEC 61400-25, and other standards.

Click HERE to visit the new web site.

Tuesday, November 10, 2020

UPDATE 2020-11-10: Crucial Frequency Deviation Of The European Electrical Interconnected Grid (UCTE)

 Please find another frequency deviation detected on 2020-11-10

Message time : 10.11.2020 06:00:52 MEZ
Message : UCTE high frequency
Mains frequency : 50,135 Hz
Mains load difference : 1916,6 MW

Monday, November 9, 2020

Hybrid Warfare Against Critical Energy Infrastructure: The Case Of Ukraine

A new 175 pages report
"Hybrid warfare against Critical Energy Infrastructure: The Case of Ukraine"
has just been published.

This study identifies and analyses the success of different hybrid warfare tools used by Russia in the Ukrainian energy sector between 2014 and 2017, namely different types of malicious acts against critical energy infrastructure, the implication of these events for Ukraine and the lessons to be learned for NATO security.

Click HERE for the full report [pdf, 6 MB]

Thursday, November 5, 2020

UPDATE late 2020-11-05: Crucial Frequency Deviation Of The European Electrical Interconnected Grid (UCTE)

 Please find another frequency deviation detected on late 2020-11-05

Message time : 05.11.2020 20:01:28 MEZ
Message : UCTE low frequency
Mains frequency : 49,889 Hz
Mains load difference : -1548,7 MW

UPDATE 2020-11-05: Crucial Frequency Deviation Of The European Electrical Interconnected Grid (UCTE)

Please find another frequency deviation detected on 2020-11-05

Message time : 05.11.2020 06:01:36 MEZ
Message : UCTE high frequency
Mains frequency : 50,122 Hz
Mains load difference : 1717,4 MW

Tuesday, November 3, 2020

UPDATE 2020-11-03: Crucial Frequency Deviation Of The European Electrical Interconnected Grid (UCTE)

 Please find another frequency deviation detected on 2020-11-02.

Message time : 02.11.2020 21:01:14 MEZ
Message : UCTE low frequency
Mains frequency : 49,896 Hz
Mains load difference : -1441,3 MW

Sunday, November 1, 2020

Ukrainian Power Grids Cyberattack - A Forensic Analysis Based On ISA/IEC 62443

Three Ukrainian power distribution companies sustained a cyberattack in western Ukraine on 23 December 2015. As the forensic information is extensive from a technical point of view, it is an opportunity to put 

ISA/IEC 62443-3-3
In­dus­tri­al com­mu­ni­ca­ti­on net­works - Net­work and sys­tem se­cu­ri­ty
- Part 3-3: Sys­tem se­cu­ri­ty re­qui­re­ments and se­cu­ri­ty le­vels

to the test with a real-life example. Several sources were used for this purpose that, overall, provide unusually detailed information.

Click HERE for the report "Ukrainian Power Grids Cyberattack - A Forensic Analysis Based On ISA/IEC 62443" ... worth to read!

Click HERE for a white paper on the series IEC 62443

Click HERE for a preview of the standard:

Tuesday, October 27, 2020

IEC 61499 Function Blocks At Schneider Electric Automation Solution

 In a white paper published by Schneider Electric you can read:

"The IEC 61499 standard sets a foundation for industrial automation application portability that creates wide-ranging benefits, including easy IT/OT system convergence, improved return-on-investment on software applications that can run independent of any hardware platform, and engineering design efficiency that radically speeds up new product time-to-market. ... Plug and Produce Systems: The move to automation systems based on IEC 61499 is more than a simple technology change. It has the potential to fundamentally change the way processes and machines are designed."

Click HERE for a new white paper on IEC 61499 from Schneider Electric.

Click HERE for a list of posts related to IEC 61499 ... and IEC 61850.

Ethernet Comes with a Brand New Easy Solution: Single Pair Ethernet (SPE)

Ethernet is well known globally as solution for communication. Ethernet was hated and liked for the last 40 years or so ... there have been alternative solutions developed that were marketed as much easier, faster, deterministic, ... think of Tokenbus (IEEE 804), Profibus, ... and many others.

Now we see a new version: Single Pair Ethernet (SPE). SPE can bring fast Ethernet (up to 1 GBit/s) and power to the field level using just one twisted wire pair ... enabling application of protocols using TCP/IP.

Click HERE for a general description.

Click HERE for a nice presentation by IEEE experts (January 2019)

SPE is a new technology to replace CANbus in automobiles (cars, trucks, busses, ... trains) and fieldbusses. SPE is a layer 1 standard ... so it can be used for Profinet, Ethercat, ... and it could run TCP/IP.

SPE is more intended to replace fieldbus systems ... here my dream of the late 80s becomes true:

Fieldbus Standardization - Another Way to Go

additional posts related to the topic:

The use of SPE for connecting sensors to the cloud is to follow a trend ... it may increase the sales of component manufacturers.

When I wrote my Diploma Thesis in 1982 (at Siemens) I was asked to analyze Ethernet ... the idea was cancelled because of the very very expensive MAU ... needed two ... each for 23,000 USD ... total of 46,000 USD ... no way to get approval to spend that amount for a "standard" Diploma Thesis ... 

It took some 40 years to get to SPE - likely the real Ethernet ... ;-)

Too late for me ... just retired this year with 67 ... 

One crucial challenge is here: HOW to SECURE a huge number of end nodes (sensors, actuators ...) directly connected to the clouds or data lakes? Compare the situation with Smart(er) Grids: In Smart(er) Grids it is intended to connect millions of smart meters to the entities (clouds!?) that use the data for billing and further applications like controlling millions of inverters or power users. 

In the German power system there is a requirement to use the so-called Smart Meter Gateway (SMG) to provide highly secure communication channels

Click HERE to check what has to be implemented ... many published Megabyte pdf documentation of the required specification like: "Protection Profile for the Gateway of a Smart Metering System (Smart-Meter-Gateway PP)" ... by the German BSI.

It took many years before we have seen the first certified Smart Meter Gateway offered at the market. And be aware: The Administration of this infrastructure is very complex and ... far away from cheap and affordable by "everyone".

Many similar huge "security systems" would be required to connect the billions of smart sensors and actuators through Single Pair Ethernet to some centralized entities ... 

SPE is nice - BUT to build secure distributed systems it is required to develop also new security solutions that are as simple as Single Pair Ethernet!!

We have to look at the complete SYSTEM COST - not just at the possibilities of a new physical layers ... the SPE increases the problems of implementing secure systems, because it is easier and cheap to build a huge mashed network of millions of end nodes ... that may not perfectly secured!

Wednesday, October 21, 2020

Crucial Frequency Deviation Of The European Electrical Interconnected Grid (UCTE)

The frequency of the European Interconnected Electrical Grid (UCTE) is under stress. The frequency should be 50 Hz ... as you know. Click HERE for an UCTE background paper. Click HERE for details and basics of the Nordic Grid.

The network frequency is uniform in a power supply network and, apart from minor deviations from the nominal value, constant over time. The frequency changed today and earlier more than what usually is expected.

Here is some information about todays situation at 11:00 a.m.:

Time : 21.10.2020 11:02:35 MESZ
Message : UCTE low frequency
Mains frequency : 49,886 Hz
Mains load difference : -1594,6 MW

UPDATE 2020-11-03
Message time : 02.11.2020 21:01:14 MEZ
Message : UCTE low frequency
Mains frequency : 49,896 Hz
Mains load difference : -1441,3 MW

UPDATE 2020-11-05
Message time : 05.11.2020 06:01:36 MEZ
Message : UCTE high frequency
Mains frequency : 50,122 Hz
Mains load difference : 1717,4 MW

UPDATE 2020-11-05/2

Message time : 05.11.2020 20:01:28 MEZ
Message : UCTE low frequency
Mains frequency : 49,889 Hz
Mains load difference : -1548,7 MW

UPDATE 2020-11-10

Message time : 10.11.2020 06:00:52 MEZ
Message : UCTE high frequency
Mains frequency : 50,135 Hz
Mains load difference : 1916,6 MW

A look at the following private website (offered by an experienced senior electrical engineer) provides very informative and easy to use information (right part on the figure): (the content can easily be translated - with Google)

You may register to receive messages like the one above:

Note that these messages carry just privately generated information about specific events of the frequency of the ENTSO-E Network in Continental Europe (former UCTE).

The diagram on the left part is derived from:

Hope you will find this post informative.

Thursday, September 17, 2020

Boeing's 737 MAX - A True But Unbelievable Story Told In A New Report

The final 245 page committee report (September 2020) on the problems with the Boeing 737 MAX tells stories that we (as engineers) could not believe! Or?

There are are many very crucial details that have been reported. You have to read the report on your own ...

Click HERE for the report.

Here are two excerpts that made me very sad:

"The story of the Boeing 737 MAX was never expected to be associated with catastrophe. It was supposed to be a story of American ingenuity and technological success—a modern, more fuelefficient airplane that had already become the manufacturing giant’s best-selling jet in its storied history prior to the first MAX crash ..." ... Obviously it was too easy to cheat ... in order to make more sales ... to earn more money, to get richer ... to ... what ever.

"... FAA delegated some certification activities to Boeing that it should have retained. In the case of the 737 MAX, in 2013, the FAA originally delegated 28 of 87 tasks to Boeing. However, this number rose to 79 of 91 activities by November 2016, four months prior to final certification of the 737 MAX aircraft."

Be aware that is very common in the industry to allow self-certification ... so, the results may be similar as with the 737 MAX ... non-conformity of a protection relay may lead to severe blackouts and ...  

One obvious reason for these behavior of humans these days could be found in 

"And for this cause God sendeth them a working of error, that they should believe a lie: that they all might be judged who believed not the truth, but had pleasure in unrighteousness."
Bible 2. Thessalonians 2:11-12 

Saturday, August 15, 2020

IEC TC 57 Just Published Additional Code Components for IEC 61850

IEC TC 57 has published five additional code components document as listed in the figure:

These documents are very helpful ... they provide the main parts of the corresponding information models.

Click HERE to see the full list of the 18 published code components.

Friday, August 7, 2020

IEC 61850 Global 2020 - Virtual Conference - 26-30 October 2020

IEC 61850 is one of the most crucial standard series for automation - in power systems and beyond. There are still just a few experts that really understand what it is all about.

If you want to learn a bit more, you may attend the VIRTUAL Conference 26-30 October 2020 ... You don't need to travel ... don't need to stay at a hotel ... stay at home with your family ...

Get a discount by registering before 28 August 2020.

Click HERE for the details.

Friday, July 31, 2020

Ten Years After Stuxnet Went Public - And Now?

One of the senior experts in cyber security wrote today:

"Recently many of us noted the 10th Anniversary of when Stuxnet went public. Some commentators think it was for cyberspace a “Hiroshima” type of event. Some have been saying that there have been no other events like it since and this puzzled me. So I wrote my thoughts down to share."

Another senior expert is wondering why there is little information disclosed and lack of guidance about control system cyber security incidents that can affect multiple facilities in multiple industries:

Both are worth to read!

Tuesday, July 28, 2020

IEDScout 5.00 Available - One of the Most Crucial Test Tools for IEC 61850

IEDScout is a well known test tool for most of the needed support in the communication with IEC 61850 compliant devices.
Omicron has released the version 5.00 ... providing crucial extensions compared to version 4.2:

IEDScout is a versatile software tool for working with IEC 61850 devices. With Version 5.0, IEDScout offers a new level of cyber security and powerful simulation utilizing the new MBX1/RBX1 hardware.
Additional improvements are:

  • IEDScout now supports function-related naming for logical devices
  • The icon set has been updated to provide a smooth user experience when used together with StationScout/StationGuard.
  • When writing data to an IED, IEDScout will now automatically update the “t” attribute of the data object.
  • Improved screen scaling for better readability on high resolution screens.
  • License information is now available in the configuration dialog.
  • OMICRON’s IEC 61850 library has been updated to include the latest developments in standardization and improve interoperability.
  • The usability of IEDScout is continuously improved based on expert reviews and customer feedback.
  • Several smaller tweaks and bug fixes improve overall performance and stability.

Click HERE for more information on IEDScout 5.0

Monday, July 20, 2020

PhD Student Working On Cyber Security In Critical Infrastructures

Fredrik Heiding (PhD Student) wrote the other day:

Fredrik Heiding, PhD StudentNetwork and Systems Engineering
KTH, Royal Institute of Technology

I am doing a PhD on cyber security in critical infrastructure. Currently I study the security trends for critical infrastructures in Europe, analyzing where it is heading and how it is developing. To strengthen the study I have identified seven general questions, they are general in nature so they can be answered by people in critical positions without revealing sensitive information.
Here are the Questions from Fredrik and Answers from a very senior expert:
Cybersecurity consulting
See also:
Vytautas Butrimas wrote in the introduction to his answers:
This a particularly interesting time in CIP. I come from and IT background and have focused mostly on the cybersecurity of industrial control systems in the past 10 years. This has been a long learning curve for I found that my IT knowledge did not provide enough to understand the engineering and laws of physics that are dominant in the monitor and control of physical processes found in the pumps and compressors on fuel pipelines, treatment of drinking water, routing of trains, and the generation and distribution of electricity. One needs to know the implications and peculiarities between working IT office time and real time to work in this field.
I looked at your questions and will give brief answers.  If you wish to further discuss them with me then we can do so offline.
Question 1:
What concerns for the future do you have regarding cyber security in critical infrastructure?

Answer 1:
How the introduction of increased complexity of systems (systems of systems, adding more sensors, increased connectivity) will be managed without taking away from safety, reliability and performance.

Question 2:
Over the past decade, digital attacks have become more central to the security of critical infrastructure. Do you think the trend will continue to increase or culminate?

Answer 2:
There are some signs that things will get better but at the same time they will get more complicated.  Security practitioners need to realize that much more attention is needed where the physical process is taking place and the devices closest to it that are monitoring and controlling it, not where they are being monitored by humans in a remote location or control room.  ** One more thing we should not just be focused  on „ATTACKS“.  We also have to consider unintended actions or accidents. As the complexity of systems and connectivity of devices increases so will the unintended or „why did that happen?“ incidents.***

Question 3:
What relevant research or technological advances do you find most interesting for the future?

Answer 3:
Have to think about this one.  It feels we are all trying to keep afloat in a tsunami of technological advances.  The ones that worry me the most are the new features which also come with vulnerabilities that need to be addressed before a malicious group decides to exploit them.

Question 4:
Do you see IIoT (Industrial Internet of Things) as an opportunity or a concern, if both, which part is greatest (positive or negative)?

Answer 4:
I see it mostly as a concern (see my earlier answers). I suggest watching a video available on youtube called "Brave New Internet 4.0 " by one of your famous countrymen, Ralph Langner.  The questions and concerns he raised in that lecture IMHO have not been addressed.

Question 5:
Do you have plans to, or do you think that you will expand the cyber security department in the coming years?

Answer 5:
I am currently working my out of "mandatory retirement" and am not in position in expand anything (perhaps later this year I will change my answer).  If I was in a position of influence at an operator of CI (energy sector for example) I would do my best to set up some support for the senior engineer of the plant.  When he sees something unusual going in the operation he should be able assign this problem to an security operation center. Could be at least one person or a small team that understands cyber threats and how they could be applied to the engineering side of the operation.  The senior plant engineer has to keep things running and does not have time to stop and investigate something.  He needs someone to help him and a ICS SOC could be a good solution is management is willing to spend the money for the positions and training.

Question 6:
Can you share anything about past attacks/intrusion attempts, both successful and unsuccessful attempts are interesting?

Answer 6:
Look at the freely available information on line. Look up Ralph Langer to learn about STUXNET. It happened 10 years ago and this is probably the most analyzed and documented incident we have today that is publicaly  available.  Much can still be learned for the methods continued to be applied today. In 2014 in Germany your government (BSI) published its yearly report on cyber incidents.  There is a section devoted to a cyber attack on a steel mill that had an uncontrolled shutdown and resulted in damage. Look at Triton/Trisis/Hatman incident of 2017 where the safety systems of a petrochemical plant tripped not one but twice. Look for video lectures on this from Dale Pedersons S4 conferences in 2018/2019 (see lecture by Julian Gustmanis and by Schneider Electric)

Question 7:
Has the attitude towards cyber security changed in the last 5 years, why and in which way/

Answer 7:
The attitude is changing and for the better. Much better in the engineering community who have  understood how threats from cyberspace can get into their operations. On the other hand as far as government policy makers go they still have a long way to go. Much technical expertise has left government for the private sector leaving some governments blind to some issues. The 3 Little Pigs problem is evident where one thinks one has taken the appropriate measures and build a house of straw or of sticks to protect from the wind and the rain but the possibility of their being a wolf is somehow missed.  You would be surprise at how many government policy makers do not know what scada is and yet think they are doing a great job at protecting critical infrastructure.

Improve the Quality of Your Standard With A Tissue Database

What is a Tissue Database? Tissue stands for Technical Issues - short Tissues.

One of the crucial challenges of maintaining and improving standard series like IEC 61850, IEC 62351, IEC 61400-25, ... is that usually standardization processes of the Standard Setting Organizations use text files (Word, pdf, ...) for publishing drafts and final documents. When it comes to manage and document errors and other problems, then quite often Excel Sheets are used ... or even just a text file.

This was the case in the IEC TC 57 regarding IEC 61850 after the first parts had been published. We often had a discussion like: Who has the latest Word Document with the Tissue Lists? When was it updated ... grrrr.

NettedAutomation GmbH developed the first version of the so-called IEC 61850 Database in 2004. 16 years later IEC uses a license of the improved tissue database (Tissue DB v.

Click HERE for the parts overview.

For the current Edition 2.1 of part 7-2 there are eight tissues listed:

Click HERE for 7-2 Ed 2.1.

The IEC 61850 tissue database is a very helpful tool to improve the quality of the standard series IEC 61850, IEC 61400-25, and IEC 62351.

Contact NettedAutomation GmbH for an offer of a license of the NettedAutomation tissue database for your project.

Click HERE to contact NettedAutomation for a quote.

IEC Just Published IEC 61850-80-5 Guideline for Mapping Information Between IEC 61850 and IEC 61158-6 (Modbus)

IEC TC 57 Just Published IEC 61850-80 -5 Guideline for Mapping Information Between IEC 61850 and IEC 61158-6 (Modbus)

(57/2250/CD, 166 pages) - closing date for comments: 2020-09-11

Excerpt from the introduction:

"This technical specification provides a guideline to exchanging information between IEC 61850 and IEC 61185-6 (Modbus TCP). Nowadays, industrial field such as distributed energy resource (wind and solar energy, etc.) and condition monitoring, has been exchanging the information from Modbus to IEC 61850 for an effective operation. Although many manufacturers already implemented the Modbus to IEC 61850 conversion device or system, these devices do not guarantee interoperability. Therefore, it requires the consistent and unified information exchange scheme between IEC 61850 and IEC 61158-6 (Modbus).
Modbus over serial line (Modbus RTU) is not part of IEC 61185-6, but is also considered in this technical specification."