Introduction to the IEC 60870-5-104 standard

Introduction to the IEC 60870-5-104 standard by ENSOTEST teaches you the basics of the 5-104 protocol.

Introduction to the IEC 60870-5-104 standard

The remote control of substations or power plants, using IEC 60870 5-104 standard, allows the utility to control locations separated long distances from a centralized control room optimizing the use of resources for that task.

The definition of standardized remote control protocols makes it possible to integrate systems automated by different vendors with the utility control centre. This allows controlling the system without the need of protocol converters or adaptations.

When the communication options were limited due to the bandwidth available, the remote control protocols used serial communication through radio links or the telephone networks in most cases though private networks.

Within these capabilities IEC defined the remote control protocol called IEC 60870-5-101. This standard includes a set of messages called ASDU and a set of application functions available to monitor and control remote stations through the serial channels available at that time.

The arrival of TCP/IP connectivity channels to the remote stations by the use of dedicated optical fibers, digital radio links or mobile phone networks using 3G/4G, made it possible to access to these systems with multiple communication channels and also to use a bigger bandwidth in the remote control task. This also improved the system response time.

Inconclusion, IEC 104 standard applies the remote control concepts defined by IEC 60870-5-101 removing the serial header and adding the appropriate headers for the use of TCP/IP channels.


60870 5-101

To be able to understand IEC 60870-5-104 we need to learn the basic concepts defined in IEC 60870-5-101.

Communication modes: balanced and unbalanced

Depending on the type of communication channel available: shared (point to multipoint) or dedicated (point to point) we have two different communication modes:

  • Balanced mode. It is used when a dedicated point to point communication channel is available (telephone connection or dedicated link). The communication is full duplex, and the remote terminal unit can send data without waiting for the control centre to request it. This makes the spontaneous data transfer faster and so on the control centre update.
  • Unbalance mode. It is used in point to multipoint links as the radio shared connection. The communication mode is half duplex. The only remote terminal unit that send data is the one that has been requested by the control centre using its specific link address in the data request. The master needs to request cyclically to all the remote terminal units in the channel to know if there is new data waiting to be transferred.
Figura-1- Unbalanced mode used in radio link

Unbalanced mode used in radio link

The unbalanced mode can also by used in point-to-point channels but it will lost response time due to the lack of spontaneous transmission from the remote terminal units.

Frame formats

IEC 60870-5-101 defines two different types of frames, the fixed length frame (used for control messages) and the variable length frame (used to transport application level messages).

Figure-2- IEC 60870-5-101 frames format

IEC 60870-5-101 frames format

The field marked as data transports the Application Service Data Units (ASDU) that is the container of the remote control services.

Basic application functions

IEC 60870-5-101 defines different types of ASDUto be used in the existing basic application functions:

  • Initialization.
  • Polling data.
  • Periodic transfer.
  • Spontaneous event transfer.
  • General interrogation.
  • Time synchronization.
  • Control command.
  • Counters.
  • Parameters loading.
  • Test command.
  • File transfer.
  • Transfer delay measurements.
  1. After the reboot of the remote station, this will notify this event to the control centre by sending an END_ON_INIT ASDU. This message indicates to the control centre that is needed to update its process image of the remote station using the general interrogation process.
  2. The general interrogation process allows obtaining the current status of all the digital and analogue signals monitored and included in the general interrogation response by the remote station. This snapshot of the remote station makes it possible to update its process image of the remote station.

    Figure-3– General interrogation process

    General interrogation process

  3. After the general interrogation process, any change in the status of the variables in the remote station will be sent to the control centre by the use of different mechanisms as the periodical transfer mechanism (used with analogue measurements only) or the spontaneous transfer (used with digital data and measurements with configured deadbands).

    Figure-4– Spontaneous transfer of measurement with deadband

    Spontaneous transfer of measurement with deadband

  4. When the remote station includes integrated total as the energy counters, the remote station may send this information on demand or spontaneously depending on the counter mode configured in the system.
  5. When an operator requires to modify the system behaviour, a command ASDUcan be send (C_XX) or a parameter change (P_XX) to act over the controlled system.
Figure-5– Activation command, confirmation and termination

Activation command, confirmation and termination

ASDU – Application Service Data Unit

The messages that are sent by IEC 60870-5-101 use one of the two directions of the communication:

  • Control direction: from the control centre to the remote station.
  • Monitor direction: from the remote station to the control centre.

All the ASDUstructures include a common header to identify them:

Figure-6– The ASDU format

The ASDU format

  • TI: Type Identification. Number that identifies the ASDU and then its format and its content.
  • VSQ: Variable Structure Qualifier. It describes how the information objects are organized.
  • COT: Cause of Transmission. It includes the reason for sending the ASDU and one byte with an identifier of the control centre.
  • CASDU: Common Address of ASDU. Application address used to identify the data in the system. Generally a remote terminal unit uses only one CASDU.
  • Information objects. They include the content of the requested service or the notified information.

The standard defines different types of ASDUs to send different kind of information:

  • Process information in monitor direction that include status values, measurements, step positions, etc. (M_XX_XX_X).
  • Process information in control direction that includes single commands, double command, step positions and set points (C_XX_XX_X).
  • System information in monitor direction, M_EI_NA_1 (end_of_init)
  • System information in control direction that includes the general interrogation commands, counter interrogation, reset, test, read command and time synchronization (C_XX_XX_X).
  • Control direction parameters that allow to modify the deadbands (P_XX_XX_X)
  • File transfer (F_XX_XX_X)

Information objects

The format of an information object included the address of the object (IOA), the field value, the quality of the information, and optionally the timestamp,

Figure-7- The format of the information object in IEC 60870 5-104

The format of the information object

Information identification

Each data point in an IEC 60870-5-101/104 system is identified by two addresses: tha common address of application (CASDU) and the information object address (IOA).

Information object types

The information of the remote terminal unit can be divided into for categories:

  • Digital signals.
  • Analogue signals.
  • Counters.
  • Commands and settings.
Figure-8- Basic information object types

Basic information object types

Quality bits in the signals

All the data objects include a quality bit IV that indicates if the value is valid or invalid. At the same time, depending on the data type, several other quality bit are available;

  • Substituted (SB) indicates if the value source is the field or if the value was substituted.
  • Blocked (BL): indicates that the data point is blocked.
  • Overflow (OV): indicates that a measurement is out of range.

Information time stamping

During the general interrogation, the information is sent without time stamping as it only includes the current value of the information of the remote terminal unit. When the remote terminal units send spontaneous ASDUs it uses ASDUs with timestamps so the control centre can create a sequence of events with the chronology that happened in all the remote terminal units.

IEC 60870 5-104 standard

IEC 60870-5-104 uses TCP/IP channels with full-duplex communication (near to the balanced mode in IEC 60870-5-101).

While IEC 60870-5-101 wait for a confirmation of each message sent, IEC 60870-5-104 assumes that the channel is stable and a maximum number of K messages can be sent without waiting for confirmation from the opposite station.

IEC 60870 5-104 frame format

IEC 60870-5-104 removes the serial header and adds its own header called APCI (Application Protocol Control Information).

Figure-9- APCI header in IEC 60870-5-104

APCI header in IEC 60870-5-104

The first two bits in the first byte of the APCI header are used to identify 3 types of frames:

  • U Frame. These control frames manage the traffic exchange over the TCP channel. They include a START message to allow the traffic flow, a STOP message to block further communication and a TEST message to check if the connection is alive.
  • I Frame. These frames transport application data (ASDUs).
  • S Frame. The Supervisory frames indicate to the opposite station the number of the last frame received properly. They are used as an acknowledge of a set of messages in order to indicate that the transmission of data can continue.

Redundancy groups in IEC 60870-5-104

IEC 60870-5-104 allows the definition of redundancy channels over TCP/IP. The control centre establishes several connections at the same time (using different physical channels) and it activates one of these connections while the others are in the STOPPED state waiting for being STARTED when the communication in the active channel is lost.

Differences with the application layer in IEC 60870-5-101

IEC 60870-104 does not accept the use of any ASDU using relative timestamp with the information element CP24Time2A (24 bits). The absolute time stamp with the information element CP56Time2A (56bits) must be used.

Trying to synchronize a remote station through a TCP/IP channel with the time synchronization ASDU is not deterministic. With the TCP/IP profile used by IEC 60870-5-104 time synchronization prefers to use other protocols as SNTP or NTP (Network Time Protocol). When high accuracy is needed usually a GPS clock with IRIG-B or PTP is the choice selected.


The interoperability document indicates which basic application functions are available, and their supported options, at the same time this document identifies the supported ASDU and cause of transmission (COT) for each one.

Figure-10- Interoperability document section

Interoperability document section

Using the interoperability document (provided by the vendor of the remote terminal unit) the control centre knows how to configure the communication with that device.

At the same time, using this document the control centre may know if the remote terminal unit is compatible with its required functions.

During the system integration process, the compatible options must be selected comparing the control centre and the remote station interoperability documents.


The profiles are specifications that select a specific set of options from the available ones in the standard EC 60870-5-101/104. Usually the utility profiles also define addressing ranges for the different types of data and even specific points configured with special uses in their systems.

The motivation for the profiles is the limitation of the available options to select the best one according to the utility needs and also to solve any issue where the standard was not accurate. As an example a profile can be the selection of sending the analogue measurements periodically using the scaled value format, whilst a different profile may request to send them using spontaneous transmission and the floating point ASDU. The remote terminal unit manufacturer must check that the device fulfil the requirements of the profile specified by the utility before their devices can be installed in their system.

Usually the utility will request that the remote terminal unit is tested to be sure that their profile is implemented. This conformance test is performed with a test specification provided by the utility.

Testing specifications with IEC 60870 5-104

IEC defines IEC 60870-5-601/604 document with the basis test procedures to validate controlling and controlled station that use the standards IEC 60870-5-101/104.

The test cases to be executed depend on the device capabilities defined in their interoperability document.

Security inclusion with IEC 60870 5-104

IEC 60870-5-101/104 protocols do not include authentication of the data sent, so they are vulnerable to unauthorized connection or data modification throwing man-in-the-middle attacks. Usually the security measures consist of tables with list of authorized IP addresses, private networks and firewalls in the remote station.

These measures nowadays are considered to be quite poor and the experts in the TC 57 WG15 are working to develop extension to provide security to the remote control communications.

The main topics related to the security of IEC 60870-5-101/104 protocols are described in the technical specification IEC 62351-5. The technical specification IEC 60870-5-7 describes the new ASDU messages used. At the same time the document IEC 62351-100-1 describes the test procedures to validate the secure implementations.

COMMON TERMS Introduction to the IEC 60870-5-104 standard

  • ASDU – Application Service Data Unit. Data structure that holds application layer information to exchange between a control centre and a remote terminal unit.
  • DNP3 – Distributed Network Protocol version 3. Protocol used for automation and remote control communication with serial and TCP-IP capabilities that is used in substation automation and the communication with control centers.
  • IEC – International Electrotechnical Commission – International organization that develops standards related to the energy sector.
  • IEC 60870-5-101/104 – Protocol serial or TCP/IP to exchange data from a substation to the control centre.
  • IED – Intelligent Electronic Device – Any equipment with communication capabilities used to automate a system.
  • RTU – Remote Terminal Unit – Device that gather the information of a whole system and send it to the control centre using protocols as DNP3 or IEC 60870-5-101/104.

ENSOTEST is a company that develops test automation tools for IEC 60870 5-104 protocol. IEC

Fill the form to receive a free copy of this article in pdf

    Categories: Energy system automation, smart grids, Ethernet, substation, remote control


    Have you enjoy Introduction to the IEC 60870-5-104 standard ?

    Have you any questions about Introduction to the IEC 60870-5-104 standard ?

    If you like this article and you want to know more or if you have some questions please. Send us a message with subject: “Introduction to the IEC 60870-5-104 standard”.

    Alternative Titles:

    • Introduction to the IEC 60870 standard

    • Start with the IEC 104 standard

    • Introduction to the IEC 5-104 standard