Saturday, October 28, 2017

Wow: IEC Goes XML and PSON

IEC provides access to crucial standardized information by modern web technologies:
The content of the Electropedia (The World's Online Electrotechnical Vocabulary) is now made accessible by XML documents and PSON (REST) through the opendata gateway.
“A json version of all subject areas (or IEV parts) in the Electropedia is available by calling the REST endpoint: “ 

I expect that the PSON option will be made available for the complete vocabulary soon.
More to come!

Draft TR IEC 62351-90-2: Deep Packet Inspection (DPI) of Encrypted Communication

IEC TC 57 just published the document 57/1939/DTR:

Power systems management and associated information exchange –
Data and communications security –
IEC TR 62351-90-2: Deep Packet Inspection (DPI) of encrypted communications

This technical report analyses the impact of encrypted communication channels in power systems introduced with IEC 62351. As defined in IEC 62351 an encrypted channel can be employed when communicating with IEDs and encryption can be adopted at message level as well. For example, the use of encrypting TLS setups according to IEC 62351-3 introduces some issues when Deep Packet Inspection (DPI) is needed to inspect the communication channel for monitoring, auditing and validation needs.
In this report we analyze different techniques that can be employed to circumvent this issues when DPI of communications is required.

The voting closes 2017-12-22

Sunday, October 8, 2017

ABB Presents the Benefits of Substation Digitalization with IEC 61850

A nice video by ABB (Steven Kunsman) explains "all the benefits of substation digitalization ... it’s little wonder there’s so much interest in the shift to this technology. Supported by the open communication capabilities derived from IEC 61850’s, substation assets are providing a growing volume of health and operational data that’s enabling higher levels of both reliability and performance. This excerpt from an ABB Automation & Customer World Workshop provides key highlights of how the digital substation is also safer, smaller, and simpler to commission and operate than traditional substations."

Click HERE for the video.

Saturday, October 7, 2017

IEC TC 57 published Two Documents Related to Security Measures (IEC 62351)

IEC TC 57 just published the following two documents:

IEC 62351-100-3: Conformance test cases for the IEC 62351-3, the secure communication extension for profiles including TCP/IP

The scope is to specify common available procedures and definitions for conformance and/or interoperability testing of the requirements of IEC 62351-3, the security extension for profiles including TCP/IP.

Proposed revision of IEC TS 62351-6 ED1 and conversion into an International Standard (Power systems management and associated information exchange - Data and communications security - Part 6: Security for IEC 61850)

Both documents indicate that the security measures defined by the series IEC 62351 are becoming more important! Hope that more experts in the power delivery domain will understand the impact!

Draft TR IEC 61850-90-6 for Distribution Automation Published

IEC TC 57 WG 17 just published the 277 page (!) draft TR 57/1929/DTR:

IEC 61850-90-6: Use of IEC 61850 for Distribution Automation Systems

Commenting period and ballot closes 2017-12-01.

This technical report provides basic aspects that need to be considered when using IEC 61850 for information exchange between systems and components within MV network automation. In particular, the report:
  • Defines use cases for typical DA applications that require information exchange between two or more components/systems
  • Provides modelling of components commonly used in DA applications
  • Proposes new logical nodes and the extensions to the existing logical nodes that can be used in typical DA applications.
  • Provides guidelines for the communication architecture and services to be used in DA applications
  • Provides configuration methods for IEDs to be used in DA systems.
Basic function for which models will be selected or defined cover:
  • Fault Passage Indication and report
  • FLISR (Fault Location, Isolation and Service Restoration)
  • VVC (Voltage and Var Control)
  • Anti-Islanding Protection Based on Communications
  • Automatic Switch Transfer
  • Monitoring Energy Flow
  • Environment Situation Awareness
A Distribution Automation System (DAS) can have up to tens of thousands of IEDs spreading
over a wide area distribution network.

Multiple new Logical Node Classes and extensions for existing LNs are proposed:

This draft is very detailed and easy to read.

Conflicting Use of TCP Port 102 for IEC 61850 and Simatic S7

IEC 61850-8-1 defines how the abstract IEC 61850 services (ACSI) are mapped to MMS (ISO 9506). The MMS protocol runs on ISO/OSI Transport Layer, ISO/OSI Session Layer, ... For IEC 61850 it has been decided to use TCP/IP as transport protocol.

TCP has to be "extended" by some definitions to get the same services and protocol features as provided by ISO/OSI Transport Layer class 0: The IETF RFC 1006 defines how to use TCP for MMS. RFC 1006 defines among other issues to use TCP Port number 102 for the MMS Server role. Any IEC 61850 Server role has to run on port 102 - independent of the platform it is running on: protection device, control device or a Windows PC.

Siemens SIMATIC S7 PLCs use RFC 1006 entitled "ISO Transport Service on top of the TCP" (ISO-on-TCP) as a protocol extension for the TCP protocol for connection between two systems.

RFC 1006 (and thus Port 102) is used for standard connections in the SIMATIC environment.

  • STEP 7 remote programming via LAN
  • ISO-on-TCP connections
  • S7 connections via Industrial Ethernet

I have come across situations where PCs are running SIMATIC S7 tools that are using Port 102! In that case you cannot run an IEC 61850 Server role on the same PC (with the same IP address) - because Port 102 is already in use!!

If you have trouble running an IE 61850 Server role on your computer - check also if Port 102 is already in use. In one case we figured out this situation with a server model (SCL) that we tried to simulate with the Omicron IED Scout! IED Scout reported an error: TCP Port 102 already in use. We stopped the SIMATIC S7 application to free the Port 102.

This is another use case where the IEDScout reports very useful error information!

Here is an example of the command "netstat -a" (may use as well "netstat -a -b") to figure out, if the port 102 is used or not: Waiting for port "102": 

Click HERE for the Server demo (shown on the right).

Click HERE for a list of ports used by Siemens SIMATIC S7.

Tuesday, October 3, 2017

Are Devices Using IEC 61850 Vulnerable?

Devices that implement IEC 61850 may be vulnerable - depending on the measures (not) implemented to protect your SYSTEM! There are many layers of security that can be build into the system to make is less vulnerable. IEC 61850 needs special security measures to hide the semantics of the information being exchanged in a system.

IEC 61850 has well defined models for controlling switch gears: Logical Node CSWI.Pos for operating any kind of switchgears liek circuit breaker, dis-connector or earthing switches. If a client (SCADA, RTU, Proxy, ...) has "open" access to an IED, it could use the self-description and figure out which CSWI instances are available ... and could try to use MMS Write to open or close a switch gear. In a bad system design, this may work.

A high level of security would not (easily) allow other clients (except those that are designed to operate) to operate a switch gear.

Security measures have to be implemented to prevent misuse of the self-description. Even without the self-description, it may be possible that somebody gets access to the SCL file of the system to "read" the models from an XML file. As a consequence: XML files need to be secured as well ...!

You will find solutions for many of the known security problems in the standard series IEC 62351!

The definitions have to be implemented - the paper standards do not protect your systems!

A very new, comprehensive and up-to-date report on security has been published the other day:


Click HERE for the report [pdf, 20 pages].

By the way, the report mentions IEC 60870-5-101/104, IEC 61850 and OPC UA.
Worth to read.

Monday, October 2, 2017


Orientado a la proteccion, control y automatizacion de subestaciones electricas, haciendo uso de: GOOSE Sampled Values, SCADA y el lenguaje de configuracion SCL.

EI estandar IEC 61850 es aplicado desde hace varios anos en el diseno de nuevas subestaciones alrededor del mundo. Durante el seminario, los mäs experimentados y reconocidos ingenieros especialistas a nivel global le ensenarän como utilizar y aplicar la norma IEC 61850 en el diseno, supervision y control de subestaciones digitales para el sector electrico. Se harän aplicaciones präcticas utilizando herramientas de prueba, software e IEDs de diferentes fabricantes.

NM Lima Hotel
Av. Pardo y Aliaga N° 330
San lsidro 15073
Dei 27 al 30 de Noviembre del 2017.
Horarlo: De 09:00 a 17:30 horas.

Organized by: Nakama Solutions, FMTP, and NettedAutomation

Click HERE for the brochure.
Click HERE for the program.