Introduction to the IEC 60870-5-104 standard by ENSOTEST teaches you the basics of the 5-104 protocol.
The remote control of substations or power plants, using IEC 60870 5-104 standard, allows the utility to control locations separated long distances from a centralized control room optimizing the use of resources for that task.
The definition of standardized remote control protocols makes it possible to integrate systems automated by different vendors with the utility control centre. This allows controlling the system without the need of protocol converters or adaptations.
When the communication options were limited due to the bandwidth available, the remote control protocols used serial communication through radio links or the telephone networks in most cases though private networks.
Within these capabilities IEC defined the remote control protocol called IEC 60870-5-101. This standard includes a set of messages called ASDU and a set of application functions available to monitor and control remote stations through the serial channels available at that time.
The arrival of TCP/IP connectivity channels to the remote stations by the use of dedicated optical fibers, digital radio links or mobile phone networks using 3G/4G, made it possible to access to these systems with multiple communication channels and also to use a bigger bandwidth in the remote control task. This also improved the system response time.
Inconclusion, IEC 104 standard applies the remote control concepts defined by IEC 60870-5-101 removing the serial header and adding the appropriate headers for the use of TCP/IP channels.
To be able to understand IEC 60870-5-104 we need to learn the basic concepts defined in IEC 60870-5-101.
Depending on the type of communication channel available: shared (point to multipoint) or dedicated (point to point) we have two different communication modes:
The unbalanced mode can also by used in point-to-point channels but it will lost response time due to the lack of spontaneous transmission from the remote terminal units.
IEC 60870-5-101 defines two different types of frames, the fixed length frame (used for control messages) and the variable length frame (used to transport application level messages).
The field marked as data transports the Application Service Data Units (ASDU) that is the container of the remote control services.
IEC 60870-5-101 defines different types of ASDUto be used in the existing basic application functions:
The messages that are sent by IEC 60870-5-101 use one of the two directions of the communication:
All the ASDUstructures include a common header to identify them:
The standard defines different types of ASDUs to send different kind of information:
The format of an information object included the address of the object (IOA), the field value, the quality of the information, and optionally the timestamp,
Each data point in an IEC 60870-5-101/104 system is identified by two addresses: tha common address of application (CASDU) and the information object address (IOA).
The information of the remote terminal unit can be divided into for categories:
All the data objects include a quality bit IV that indicates if the value is valid or invalid. At the same time, depending on the data type, several other quality bit are available;
During the general interrogation, the information is sent without time stamping as it only includes the current value of the information of the remote terminal unit. When the remote terminal units send spontaneous ASDUs it uses ASDUs with timestamps so the control centre can create a sequence of events with the chronology that happened in all the remote terminal units.
IEC 60870-5-104 uses TCP/IP channels with full-duplex communication (near to the balanced mode in IEC 60870-5-101).
While IEC 60870-5-101 wait for a confirmation of each message sent, IEC 60870-5-104 assumes that the channel is stable and a maximum number of K messages can be sent without waiting for confirmation from the opposite station.
IEC 60870-5-104 removes the serial header and adds its own header called APCI (Application Protocol Control Information).
The first two bits in the first byte of the APCI header are used to identify 3 types of frames:
IEC 60870-5-104 allows the definition of redundancy channels over TCP/IP. The control centre establishes several connections at the same time (using different physical channels) and it activates one of these connections while the others are in the STOPPED state waiting for being STARTED when the communication in the active channel is lost.
IEC 60870-104 does not accept the use of any ASDU using relative timestamp with the information element CP24Time2A (24 bits). The absolute time stamp with the information element CP56Time2A (56bits) must be used.
Trying to synchronize a remote station through a TCP/IP channel with the time synchronization ASDU is not deterministic. With the TCP/IP profile used by IEC 60870-5-104 time synchronization prefers to use other protocols as SNTP or NTP (Network Time Protocol). When high accuracy is needed usually a GPS clock with IRIG-B or PTP is the choice selected.
The interoperability document indicates which basic application functions are available, and their supported options, at the same time this document identifies the supported ASDU and cause of transmission (COT) for each one.
Using the interoperability document (provided by the vendor of the remote terminal unit) the control centre knows how to configure the communication with that device.
At the same time, using this document the control centre may know if the remote terminal unit is compatible with its required functions.
During the system integration process, the compatible options must be selected comparing the control centre and the remote station interoperability documents.
The profiles are specifications that select a specific set of options from the available ones in the standard EC 60870-5-101/104. Usually the utility profiles also define addressing ranges for the different types of data and even specific points configured with special uses in their systems.
The motivation for the profiles is the limitation of the available options to select the best one according to the utility needs and also to solve any issue where the standard was not accurate. As an example a profile can be the selection of sending the analogue measurements periodically using the scaled value format, whilst a different profile may request to send them using spontaneous transmission and the floating point ASDU. The remote terminal unit manufacturer must check that the device fulfil the requirements of the profile specified by the utility before their devices can be installed in their system.
Usually the utility will request that the remote terminal unit is tested to be sure that their profile is implemented. This conformance test is performed with a test specification provided by the utility.
IEC defines IEC 60870-5-601/604 document with the basis test procedures to validate controlling and controlled station that use the standards IEC 60870-5-101/104.
The test cases to be executed depend on the device capabilities defined in their interoperability document.
IEC 60870-5-101/104 protocols do not include authentication of the data sent, so they are vulnerable to unauthorized connection or data modification throwing man-in-the-middle attacks. Usually the security measures consist of tables with list of authorized IP addresses, private networks and firewalls in the remote station.
These measures nowadays are considered to be quite poor and the experts in the TC 57 WG15 are working to develop extension to provide security to the remote control communications.
The main topics related to the security of IEC 60870-5-101/104 protocols are described in the technical specification IEC 62351-5. The technical specification IEC 60870-5-7 describes the new ASDU messages used. At the same time the document IEC 62351-100-1 describes the test procedures to validate the secure implementations.
ENSOTEST is a company that develops test automation tools for IEC 60870 5-104 protocol. IEC
Fill the form to receive a free copy of this article in pdf
Categories: Energy system automation, smart grids, Ethernet, substation, remote control
If you like this article and you want to know more or if you have some questions please. Send us a message with subject: “Introduction to the IEC 60870-5-104 standard”.