IEC TC 88 Published Edition 2 Documents for the Series IEC 61400-25

IEC TC 88 has published the edition 2 of the following two parts of the series IEC 61400-25:

IEC 61400-25-4: Wind energy generation systems -
Part 25-4: Communications for monitoring and control of wind power plants -
Mapping to communication profile
The mappings specified in this part of IEC 61400-25 comprise:

•  SOAP-based web services,
•  OPC/XML-DA,
•  IEC 61850-8-1 MMS,
•  IEC 60870-5-104,
•  DNP3.

Click HERE for the Preview.

IEC 61400-25-6: Wind power generation systems -
Part 25-6: Communications for monitoring and control of wind power plants -
Logical node classes and data classes for condition monitoring

Click HERE for the Preview

Note that the mapping to MMS according to IEC 61850-8-1 is the most used communication protocol for applications in the Wind Power Industry.
The modeling approach and the models are now in general compatible with those defined in IEC 61850-7-x. This is a major step forward.
General gateway solutions for IEC 61850 could be used for wind energy generation systems to bridge from Profibus, ProfiNet, Modbus, CAN bus, ... to IEC 60870-5-104 or IEC 61850-8-1.

Data and Communications Security: IEC TC 57 Just Published IEC 62351-7

IEC TC 57 just published IEC 62351-7:2017:
Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

IEC 62351-7:2017 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC TS 62351-7 (2010): NSM object data model reviewed and enriched; UML model adopted for NSM objects description; SNMP protocol MIBs translation included as Code Components.
The Code Components included in this IEC standard are also available as electronic machine readable file.
Click HERE for the Preview.
Click HERE for the Code Components.
The standard series IEC 61850 will also come with Code Components when the various 7-x parts will be published as International Standard. This will ease the development and maintenance of engineering and configuration tools ... tremendously.
Check HERE for Code Components ... coming later in 2017 or 2018 ...

Again Security: How do you Protect your Industrial Control System from Electronic Threats?

Industrial Control System (ICS) need to be protected from Electronic Threats - one of the most crucial challenge yesterday, today, and in the future. Joseph Weiss (PE, CISM - one of the real senior experts in the field) uses the term “electronic threats” rather than cyber security because there are many electronic threats to Industrial Control Systems beyond traditional cyber threats (as he says).

Joe Weiss has written a book with more than 300 pages published in 2010 worth to study (and more important TO IMPLEMENT): "Protecting Industrial Control Systems from Electronic Threats"
List of contents:

1. Industrial Control System Descriptions
2. Convergence of Industrial Control Systems and Information Technology
3. Differences between Industrial Control Systems and Information Technology
4. Electronic Threats to Industrial Control Systems
5. Myths
6. Current Personnel Status and Needs
7. Information Sharing and Disclosure
8. Industrial Control System Cyber Risk Assessments
9. Selected Industry Activities
10. Industrial Control System Security Trends and Observations
11. Industrial Control System Cyber Security Demonstrations
12. Selected Case Histories: Malicious Attacks
13. Selected Case Histories: Unintentional  Incidents
14. Industrial Control System Incident Categorization
15. Recommendations

As long as you can read this blog post you could assume that there is enough power for all computers involved in the chain from the server holding this bog to your computer.

When you will see the following message on your screen: "Sorry, we are out power!" don't worry that much - because the only message you CANNOT SEE ON YOUR SCREEN IS: "SORRY; WE ARE OUT OF POWER. No power no screen display. ;-) 

Click HERE for more details on the book.

I guess Joe would have spent another 100 or so pages to talk about IoT vulnerability if he would have written the book now. 

In a report published the other day by Wired you can read:

"On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy" a vulnerability in a piece of code called gSOAP widely used in physical security products, potentially allowing faraway attackers to fully disable or take over thousands of models of internet-connected devices from security cameras to sensors to access-card readers.

Using the internet-scanning tool Shodan, Senrio found 14,700 of XXXX's cameras alone that were vulnerable to their attack-at least, before XXXX patched it. And given that's one of the dozens of ONVIF companies alone that use the gSOAP code, Senrio's researchers estimate the total number of affected devices in the millions."

Unbelievable!!
Click HERE for the full Wired report.

How long will you wait to implement more measures to protect your industrial control system?

Start now - latest next Monday.

IXXAT (HMS) Offers New POWERFUL Smart Grid Gateways for IEC 61850, IEC 60870-5, Profibus and more

Under the IXXAT brand, HMS delivers connectivity solutions for embedded control, energy, safety and automotive testing.
The new and very powerful IIoT gateways from HMS allow industrial equipment to communicate with power grids based on IEC 60870-5-104 and IEC 61850. In addition they also include Modbus TCP Client/Server and Modbus RTU Master/Slave


IXXAT SG-gateways...

• enable easy remote control and management of electrical systems
• allow to log and display application data and energy consumption
• provide IEC 61850 client/server and IEC 60870-5-104 server support
• have in-built Modbus TCP Client/Server and Modbus RTU Master/Slave interfaces
• provide connectivity for CAN Bus, I/O, M-Bus, PROFIBUS, PROFINET and EtherNet/IP based devices

Click HERE for more details in English
Hier klicken für Details in Deutsch

How Much Will The Implementation Of Security Measures Cost?

Almost everybody is talking about security measures in the context of automation and communication systems in factories, power plants, substations, hospitals, ... Talking about the topic is one thing - what's about implementing and sustainable use of secure systems? Hm, a good question.
A news report published on June 13, 2017, under the title
"The “Internet of Things” is way more vulnerable
than you think—and not just to hackers
points out that many - maybe most - devices that communicate using internet technologies are not capable to carry the load needed for reasonable security measures. One paragraph referring to Joe Weiss (a well known expert) is eye-catching:
"Weiss believes that the first step in securing the IoT is to build entirely new devices with faster processors and more memory. In essence, hundreds of billions of dollars’ worth of machines need to be replaced or upgraded significantly."

Click HERE to read the complete report.

I would like to see - at least - more powerful platforms when it comes to new installations. Be aware that the cost of a new platform with implemented state-of-the-art security measures is one thing. Another thing is to implement a more centralized security infrastructures to manage the security.
IEC 62351-9 specifies cryptographic key management, namely how to generate, distribute, revoke, and handle X.509 digital certificates and cryptographic keys to protect digital data and its communication.
Primary goals of the series IEC 62351 are considered for the use of cryptography:

• Verifying the claimed identity of a message sender (authentication);
• Verifying that the sender has the right to access the requested data (authorization);
• Ensuring no one has tampered with a message during transit (integrity);
• Obscuring the contents of a message from unintended recipients (confidentiality);
• Associating specific actions with the entity that performed them (non-repudiation).

It is recommended for vendors and users to pay more attention to IEC 62351 (and other standards) and to listen carefully to the experts involved in protecting our infrastructures.
A reasonable white paper on the matter has been published by the BDEW (Germany): "Requirements for Secure Control and Telecommunication Systems".
Click HERE to access the BDEW white paper.
Click HERE for further information (some documents are in English).
Click HERE for a paper discussing the BDEW white paper.

Interactive Information about German Power Generation, Load and Export/Import

The German regulator of the electric power network has just opened a new website which gives you a deep inside view in power generation, load and export/import.



Graph from the new website.
Click HERE to access the new website.
Enjoy.
This is a very interesting service ... to see what's going on.

When will Hackers Take Control Over Substations?

I guess most people belief that our power delivery infrastructure is very secure - yes, I agree that this is (still) the case. What's next? There are some publicly visible efforts to change this - obviously.
One of the attempts to approach the power delivery control systems has been made public the other day with the headline:
Attack on Critical Infrastructure Leverages Template Injection
"Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer."
Click HERE to read the full report.
Click HERE for NYTimes report.

IEC-61850-Hands-On-Training in Deutsch in Karlsruhe (Dezember 2017 und Mai 2018)

NettedAutomation GmbH bietet zwei IEC-61850 Hands-On-Trainingskurse zu unschlagbar günstigen Preisen in Deutsch in Karlsruhe an:

05.-08. Dezember 2017 
14.-17. Mai 2018
04.-07. Dezember 2018

NEU: Zusätzlicher Schwerpunkt wird das Thema "Sicherheitsanforderungen" (BDEW White Paper, ...) für die Energieversorgung sein.
Die drei (3) Blöcke (1 Tag + 2 Tage + 1 Tag) können einzeln oder in Kombination gebucht werden. Sie entscheiden selbst, ob Sie nur einen Tag von Ihrem Arbeitsplatz fern bleiben möchten oder zwei, drei oder vier. Je nachdem, wieviel Zeit Sie investieren wollen oder können und welchen Bedarf Sie haben.

Lernen Sie, wie über 4.300 Teilnehmer vor Ihnen, was IEC 61850 und andere Normen wie IEC 60870-5-10x oder IEC 62351 (Security) bedeuten. Gewinnen Sie einen Einblick in relevante Realisierungen wie die FNN-Steuerbox oder VHPready, die auf IEC 61850 aufbauen. Verstehen Sie, wie Feldbusse (Profibus, Profinet, Modbus, ...) über lostengünstige Gateways in die Anlagen eingebunden werden können.

Im Hands-On-Training lernen Sie die wesentlichen Konzepte der Normenreihe praktisch kennen. Die umfangreiche Trainings-Software dürfen Sie behalten und weiterhin nutzen!


Copyright, 2017-07, Michael Hüter

Der Kurs ist für alle geeignet, die mehr über IEC 61850 erfahren wollen.

HIER klicken, um zur Beschreibung und den Anmeldeunterlagen zu gelangen [pdf, 430 KB].

Beachten Sie auch, dass die meisten Seminare als Inhouse-Kurse stattfinden! Falls Sie Interesse an einem Inhouse-Kurs (in deutsch, englisch, italienisch oder schwedisch) haben sollten kontaktieren Sie uns bitte!

An All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25

NettedAutomation GmbH (Karlsruhe, Germany) has released an All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25 (EvaDeHon) for immediate download and use!
The new EvaDeHon Package comprises the roles Client, Server, Publisher, and Subscriber running on a PC, HMS (IXXAT, Beck IPC) Gateways, SystemCorp IEDs, ...
The new solutions allow to run multiple IED models (all roles) in parallel on one PC (simulating IEDs of a complete system!) ... and more. The roles and applications are configured directly by SCL files (.cid). You can build your own models and run them with all roles ... if configured.
This Package is based on our 30+ years of experience. We are really proud of offering these tools to the industry today! Sit down, enjoy and relax ...


Copyright, 2017, Michael Hüter

Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Example: Server and Client on two PCs:


Many topologies on PCs:


... and topologies with gateways:


Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Update on OPC UA IEC 61850 Companion Specification

The OPC UA IEC 61850 Companion Specification of the OPC Foundation is focusing on gateways that are intended to be used to transfer information fully and accurately through gateways between devices that implement IEC 61850 or OPC UA respectively.

While IEC 61850 is focusing on electricity generation, transmission, distribution, distributed energy resources (DER), and consumption, OPC UA is dealing with non-electrical industrial process activities. It is clear that users require integration of the electrical aspects of a plant with non-electrical aspects.

The information models defined in IEC 61850 were focused during the late 90s on protection and automation of electric power systems. In the meantime the models provide a huge number logical nodes (e.g., STMP = Supervision of temperature with measurement, alarms and trips, or FPID = PID loop control) applicable in most non-electrical applications domains. The communication services (Reporting, Logging, GOOSE, Control, Setting Group Control, ...) are generic for any application domain.

OPC UA’s modelling capabilities is understood to make it possible to transfer data between different systems without losing the semantics of data. Thus the drafted companion specification document describes how IEC 61850 data can exchanged using OPC UA data modelling and services.

Click HERE for more information.

IEC TC 88 PT 25 is currently working on a technical specification: 

Wind turbines - IEC 61400-25-41: Communications for monitoring and control of wind power plants - Mapping to communication profile based on IEC 62541 (OPC UA)

Microsoft has provided an Open-Source OPC UA stack to OPC Foundation! 

The new OPC Foundation .NET reference stack, based on the new .NET Standard Library technology, was developed and optimized by Microsoft to serve as the complete platform-independent infrastructure, from the embedded world to the cloud. This new version is enabled on the following supported platforms: Various Linux distributions, iOS, Android, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Phone, HoloLens and the Azure cloud.

Click HERE for the press news from the OPC Foundation.

Click HERE for accessing the open source reference stack at Gidhub.

Brief comparison of IEC 61850 and OPC UA:
Standard? Yes for both in IEC.
Available since? IEC 61850 for some 15 years; OPC UA for a few years.
SCADA support? Yes for both.
Real-time support? Yes in IEC 61850; OPC UA is intended to run on TSN (IEEE 802).
Security? Yes for both (IEC 61850 refers to IEC 62351).
Semantic? IEC 61850 has huge, still growing list of models; OPC UA has not yet semantics.
Configuration Language? IEC 61850 has SCL (System Configuration Language); OPC UA has no.
Conformance testing? Yes for both.
Support: By many big and small companies.
Open Source Stack? Yes for IEC 61850 (http://libiec61850.com); yes for OPC UA (from Microsoft, see above).

How to Model Thousands of Measurement Signals?

The standard series IEC 61850 was originally developed for high voltage substation automation and protection ... with well defined logical nodes and data objects representing the most crucial signals like status (CSWI.stVal), 3-phase electrical measurements (MMXU.V.phsA ...), temperature supervision (STMP.Tmp, STMP.Alm, ...) and many other signals.
Several applications require huge number of values, e.g.,

1. Logs (hundreds of status changes over a long period)
2. Power Quality measurements (hundreds of values of min, max, ...)
3. Temperature (hundreds or thousands of raw measured or processed values)

The corresponding logical nodes and communication service models would end-up in a lot of overhead in the modelling or in the communication.
I have discussed the first two bullets already inside the standardization groups ... more details may be discussed in a future blog post.
Today, I will discuss the third issue: huge amount of temperature values.
First of all, there are two models for temperature: TTMP (Transducer for a single sensor value) and STMP (Supervision of a single temperature value) with the following excerpt of details:

TTMP.TmpSv.instMag and TTMP.TmpSv.q are the two mandatory data attributes.

STMP.Tmp.mag.f, STMP.Tmp.mag.q, STMP.Tmp.mag.t (Tmp is optional)

STMP.Alm.stVal, STMP.Alm.q, STMP.Alm.t (Alm is optional)

STMP.Trip.stVal, STMP.Trip.q, STMP.Trip.t (Trip is optional)

Second, If you want to communicate just hundreds of temperature values, I would model this application as follows (SIUnits and sample rate ... may be modeled as well):

[Sure, I am aware that multiple instances of TmpSv are not yet standardized ... I would not care a lot at the moment ... it will come anyway. If not, define an extended Data Object TmpSamp with multiplicity 0..*]

TTMP1.

TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
...
TmpSv100.instMag and TmpSv100.q

DataSet="DsTTMP1"

FCDA=TmpSv1.instMag
FCDA=TmpSv2.instMag
FCDA=TmpSv3.instMag
...
FCDA=TmpSv100.instMag

Unbuffered Report CB="UnbTTMP1

Data Set="DsTTMP1" 
trigger option: integrity period 
period: 1 h or ...

----------------------------------------------

TTMP2.

TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
...
TmpSv100.instMag and TmpSv100.q

DataSet="DsTTMP2"

FCDA=TmpSv1.instMag
FCDA=TmpSv2.instMag
FCDA=TmpSv3.instMag
...
FCDA=TmpSv100.instMag

Unbuffered Report CB="UnbTTMP2

Data Set="DsTTMP2" 
trigger option: integrity period 
period: 1 h or ...

---------------------------------------------

TTMP3.

TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
...
TmpSv100.instMag and TmpSv100.q

DataSet="DsTTMP3"

FCDA=TmpSv1.instMag
FCDA=TmpSv2.instMag
FCDA=TmpSv3.instMag
...
FCDA=TmpSv100.instMag

Unbuffered Report CB="UnbTTMP3

Data Set="DsTTMP3" 
trigger option: integrity period 
period: 1 h or ...

---------------------------------------------

Third, If you want to use hundreds of temperature values AND alarms AND trips etc. then STMP would be the right choice. The above modeling approach would be the same.
In addition to the data sets for the measured values, you may also configure data sets for the quality "q", and configure report control blocks with trigger option "data change". You may also add the quality into the other FCDAs ... depending on how crucial the quality is for the client application.

Are Blackouts Knocking at the Doors of Substations?

Dear experts interested in secure power delivery systems,
You may have been informed yesterday about one of the latest developments in destroying the power delivery infrastructure: Industroyer.
What is Industroyer? It is "A new threat for industrial control systems" according to Anton Cherepanov (ESET):
"Win32/Industroyer is a sophisticated piece of malware designed to disrupt
the working processes of industrial control systems (ICS), specifically
industrial control systems used in electrical substations.
Those behind the Win32/Industroyer malware have a deep knowledge
and understanding of industrial control systems and, specifically, the
industrial protocols used in electric power systems. Moreover, it seems very
unlikely anyone could write and test such malware without access to the
specialized equipment used in the specific, targeted industrial environment.
Support for four different industrial control protocols, specified in the
standards listed below, has been implemented by the malware authors:
• IEC 60870-5-101 (aka IEC 101)
• IEC 60870-5-104 (aka IEC 104)
• IEC 61850
• OLE for Process Control Data Access (OPC DA)
In addition to all that, the malware authors also wrote a tool that
implements a denial-of-service (DoS) attack against a particular family of
protection relays, ..."

Click HERE for a comprehensive report [pdf].

The Conclusion of the report closes with this statement:

"The commonly-used industrial control protocols used in this malware
were designed decades ago without taking security into consideration.
Therefore, any intrusion into an industrial network with systems using
these protocols should be considered as “game over”."

The protocols used are not the crucial issue! The protocols like IEC 61850 could be protected by the accompanying standard series IEC 62351 (Power systems management and associated information exchange - Data and communications security).
One crucial show stopper is: "Stingy is cool" mentality!!
Securing the systems could be implemented - with far higher costs during development, engineering, configuration, OPERATION, and maintenance.
As long as we all do not accept that the electric power (and other) infrastructures will require a lot more resources to keep the level of today's availability, quality, and security, we will experience more disrupted infrastructures.
Building an infrastructure, operating, and maintaining it are different aspects. The maintenance of our infrastructures will consume definitely more resources than we believe today.
I was shocked to read, that some "friends" believe that the reports about the "Industroyer" are just fake news.
Whatever you believe, one thing is really true: Many systems and devices in the automation domain (substations, ...) are not protected! Believe me!

CIM-Workshop am 19. Oktober 2017 in Frankfurt

Die DKE lädt zum CIM (Common Information Model)-Workshop 2017 ein!

Ort: Frankfurt/Main
Datum: 19. Oktober 2017

Mit vielen spannenden Themen, u.a.

• Eine Kurzeinführung in CIM 
• Viele Anwendungsbeispiele 
• Vorstellung des Themas CIM in Verteilnetze, Niederspannung 
• „Life Hack“ – Wir bauen einen Kundenanschluss… 
• Rolle von CIM in verschiedenen Projekten 
• Referenzmodelle und CIM 
• Podiumsdiskussion mit den Themen CIM Blick in die Zukunft, Blockchain, … 

Hier für weitere Informationen klicken.
Introduction to CIM

What is your Annual Cybersecurity Incident Bill?

"Although the majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year."

Click HERE to read more details.

Many ICS (Industrial Control Systems) are also used in power system applications. So, what is the situation there? Likely similar to the industrial domain.

Just published: IEC TR 61850-90-17

IEC TC 57 has published a new part of IEC 61850 in May 2017:

IEC TR 61850-90-17
COMMUNICATION NETWORKS AND SYSTEMS
FOR POWER UTILITY AUTOMATION –
Part 90-17: Using IEC 61850 to transmit power quality data

This part of IEC 61850 defines how to exchange power quality data between instruments whose functions include measuring, recording and possibly monitoring power quality phenomena in power supply systems, and clients using them in a way that is compliant to the concepts of IEC 61850.

Click HERE for a preview of the new document.

Note that the Tissue Database can be used for posting technical issues with IEC 61850-90-17. The first tissue has been registered:

Click HERE for the first tissue on part 90-17.

WWW - Water, Wine, and Watt-hours

When it comes to get prepared for a blackout, what do you need to survive? The "World Wide Web" (WWW) will likely not work anymore.

What's about "Water, Wine, and Watt-hours"? The new WWW.

It is still a challenge to store Watt-hours - a battery of, let's say 20 kWh would dry out within short time. It would not help in winter to survive. I would like to harvest the sun in summer, convert the electric kWh into hydrogen kWh or methane gas kWh and store it locally or somewhere outside the city.

In wintertime we could use it for heating and generate electricity.

I look forward to purchasing a system that could generate hydrogen or methane gas and store it. It may be round the corner - who knows.

Data And Communication Security for MMS is Speeding Up

IEC TC 57 is about to accelerate the publication of a new Standard on Security:
IEC 62351-4 ED1 (57/1860/CDV):
Power systems management and associated information exchange -
Data and communications security -
Part 4: Profiles including MMS
Closing date for voting: 2017-08-11

The current part 4 is just a TS (technical Specification). The need for a definitive solution for secure MMS communication is at hand.

"Scope
This second edition of this part of IEC 62351 substantially extents the scope of the first edition [KHS: TS only!]. While the first edition primarily provided some limited support for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this second edition provides support for extended integrity and authentication both for the handshake phase, and for the data transfer phase. In addition, it provides for shared key management and data transfer encryption and it provides security end-to-end (E2E) with zero or more intermediate entities. While the first edition only provides support for systems based on the MMS, i.e., systems using Open Systems Interworking (OSI) protocols, this second edition also provides support for application protocols using other protocol stacks, e.g., a TCP/IP protocol stack. This support is extended to protect application protocols using XML encoding [KHS: IEC 61850-8-2] and other protocols that have a handshake that can support the Diffie-Hellman key exchange. This extended security is referred to as E2E-security.
It is intended that this part of IEC 62351 be referenced as normative part of IEC TC 57 standards that have a need for using application protocols, e.g., MMS, in a secure manner.
It is anticipated that there are implementation, in particular Inter-Control Centre Communications Protocol (ICCP) implementations that are dependent on the first edition of this part of IEC 52315. The first edition specification of the A-security-profile is therefore included as separate sections. Implementations supporting this A-security-profile will interwork with implementation supporting the first edition of this part of IEC 62351.
Special diagnostic information is provided for exception conditions for E2E-security.
This part of IEC 62351 represents a set of mandatory and optional security specifications to
be implemented for protected application protocols."

By the way: The best security standard is useless if it is not implemented (and even worse when it is available but not used) in as many devices as possible! Talk to your management to get the resources (hardware, software, peopleware) to implement this new part - as soon as possible.

TSN: Fieldbus Standardization - Another Way to Go

Fieldbus standardization has a very long history - resulting in tens of solutions in ONE single standard series IEC 61158. This has been discussed several times on this blog.
The latest decisions in the industrial automation domain could change the direction to go: To get one or two or three ... solutions - based on TSN (Time-sensitive Networking).
It took more than 25 years to implement in principle what I have written in a paper on Fieldbus and Ethernet. When I worked for Siemens Industry in the early 90s, I recommended to use native Ethernet instead of fieldbusses … now we write 2017 – 26 years later:
Click HERE for the paper “Bridging MAP to Ethernet” [PDF, 720 KB, 1991]
Click HERE for the paper “Fieldbus standardization: Another way to go” [PDF, 720 KB, 1991].

25 years of fieldbus wars are likely to end in the near future.
Even the Profibus International Users Group (PI) published the other day in the PI Profinews:
"TSN (Time-sensitive Networking) is a promising new IEEE technology for Ethernet that combines ... PI will expand PROFINET with the mechanisms of TSN in layer 2, retaining the application layer on the higher levels. This makes it possible to migrate the applications to the new technology simply and incrementally and to take advantage of the benefits of an open, globally standardized IT technology.”
Clicke HERE for the full announcement in the Profinews.

It's a pity that it took 25 years to understand that Ethernet is THE solution for the future.

TSN is just another link layer solution - what's about the upper layers? Huuch ... there is still the old fight of various groups that belief that their solution is the best!
PROFINET will keep their higher layers and add the option of OPC UA for higher automation levels to the cloud. So, they are recommending a compromise - which ends up in many higher layer solutions on TSN.

ABB, Bosch Rexroth, B&R, Cisco, GE, Kuka, NI, Schneider Electric, Belden/Hirschmann and Phoenix Contact are fighting for a SINGLE combination: TSN and OPC UA.

In the meantime we have - for more than 20 years - a SINGLE combination for the electric power (and energy) market: IEC 61850 with Ethernet and MMS (for client/server communication) supported by hundreds of vendors and users worldwide. AND: IEC 61850 has a huge basket of object models and a configuration language! What is being communicated through OPC UA TSN?

A finished solution (Ethernet/MMS some 25 years ago) is better than a perfect one that will never be accomplished - even not with TSN plus XX, YY, ZZ, ...!

This lets IEC 61850 look very good!

If you need your Profibus or Profinet data being communicated by IEC 61850, check HERE for Gateways.