Friday, September 22, 2017

IEC 61850: Usage of XML Schemata for Model Name Space Definitions

One of the crucial challenges in dealing with IEC 61850 is the sheer unlimited amount of Models (Logical Nodes, Data Objects, Data Attributes, Data Attribute Types, ... and related Services). How to manage these? How to figure out which model was valid last year, which model details are currently valid, ... questions, questions ...
What are the answers to these questions? Simply: good documentation of content, modifications, extensions, and changes.
The IEC TC 57 WG 10 has published a document that defines the rules for model content of IEC 61850 based core data model in IEC 61850-7-2, IEC 61850-7-3 and IEC 61850-7-4. Other domains (like DER, Hydro, Wind, etc.) could define their own data model based on IEC 61850 core data model to be able to use IEC 61850 core parts as a common layer.

The published 70 page document 57/1925/DTS contains the new draft rules:

Communication networks and systems for power utility automation –
Part 7-7: Basic communication structure –
Machine-processable format of IEC 61850-related data models for tools

The voting and commenting period closes 2017-12-15

"Year after year the IEC 61850 data models are extended both in depth with hundreds of new data items, and in width with tens of new parts.
In order to foster an active tool market with good quality, and at the end to improve IEC 61850 interoperability, we need a machine-processable file describing data model related parts of the standard as input. This is the purpose the new language Name Space Definition (NSD) defined by this part of IEC 61850.
This will avoid the need for any engineering tool related to the IEC 61850 data models to get the content of the standard manually entered, with the highest risk of mistakes. This will also help spreading easily any corrections to the data model, as requested to reach interoperability. Tool vendors will be able to integrate NSD in their tools to distribute the standard data models directly to end users."

This new document seems to be crucial for all experts that deal with models and their implementation in Tools and IEDs.

Sunday, September 17, 2017

IEC 61850 Logical Node Group Designation

IEC 61850 uses a well defined designation of Logical Node Groups like MMXU for 3phase electrical measurements. The following groups are defined:

A   Automatic control
C   Supervisory control
D   DER (Distributed Energy Resources)
F   Functional blocks
G   Generic function references
H   Hydro power
I    Interfacing and archiving
K   Mechanical and non-electrical primary equipment
L    System logical nodes
M   Metering and measurement
P    Protection functions
Q    Power quality events detection related
R    Protection related functions
S    Supervision and monitoring
T    Instrument transformer and sensors
W   Wind power
X    Switchgear
Y    Power transformer and related functions
Z    Further (power system) equipment

A total of several hundred of Logical Nodes are already defined and published.

Machine Processable SCL/XML Schema Available for Download

Please note that the SCL Schema Edition 1 and 2 are available for download from the IEC Website.

Click HERE for more details.

There will be more machine processable documents of the series IEC 61850 available in the near future.

I highly recommend to stay tuned to this IEC 61850 Blog ... just Subscribe to it (details can be found on the top right of the site).

First Document of Series IEC 61850 Published as Edition 2.1 FDIS

IEC TC 57 has just published the FDIS of IEC 61850-6/AMD1 ED2:

Amendment 1 – Communication networks and systems for power utility automation –
Part 6: Configuration description language for communication in power utility automation systems related to IEDs

The voting ends: 2017-10-27

Amendment 1 means finally Part 6 Edition 2.1:

The present FDIS reflects amendment 1 to IEC 61850-6 Ed. 2. TC 57 WG 10 has also developed a so-called consolidated edition 2.1 based on the present amendment and the existing Edition 2. The consolidated edition is circulated in parallel under reference 57/1919/INF, so that national committees can see the implementation of the amendment in the existing edition.
Once the present FDIS is approved, the consolidated edition will be published together with the amendment under reference IEC 61850-6 Ed. 2.1.

Machine processable Schema available!!

Note that the Schemata for Edition 1 and 2 of part 6 could be downloaded from the IEC Website:

The availability of the machine readable schemata is a very great progress in getting IEC 61850 applied in more and new application domains. More to come.


Saturday, September 16, 2017

IEC 61850: Training for Protection, Control, and SCADA experts

FMTP and NettedAutomation offer one of the most wanted

Training for Protection, Control, and SCADA based on systems according to IEC 61850

10.-13. October 2017
Karlsruhe/Germany (just one hour south of Frankfurt International Airport)

We have a few seats available - one for you and maybe one for your colleague.

Click HERE for details and registration information.
Click HERE for further training opportunities.

Saturday, September 9, 2017

TÜV SÜD Offers Interoperability Tests - What comes next?

The UCAIUG (UCA International Users Group) has issued 800 Certificates for IEC 61850 devices and tools. Congratulation for the success.

The global market has accepted the new technology standardized since 1995! No question!

In multi vendor projects quite often devices from different manufacturers or from different device firmware versions show interoperability issues. Device A and B may conform to the standard series - but device A may support options that are not supported by device B. This ends up in interoperability problems ... discussions and frustrations.

It is highly recommended that devices used in a multi vendor project are tested for interoperability! Interoperability tests are usually organized by users, e.g., big utilities. The UCAIUG organizes interoperability tests every second yer - far away from being sufficient! The next one is planned for being conducted in New Orleans (USA) in November. It requires a lot of resources to go there ... I guess European utilities may send very few experts only ... and small vendors are likely not travelling across the Atlantic.

So, what to do? I have recommended early to TÜV SÜD to offer interoperability test services.

TÜV SÜD (Munich, Germany) is offering interoperability test ... contact them to figure out how your device can interoperate with other devices.

Interoperable components save time and money during integration into complex systems - and help to reduce frustrations when struggling with implemented or not implemented options, with different interpretations by vendors, ...

And note this: Traveling to Munich (Germany) is easier and cheaper than flying around the globe!

Partners in the industrial automation domain have learned that interoperability (for easier integration) is a crucial means to save a lot of resources ... they are partnering:

Open Integration Partner program for practical testing of multi-vendor automation topologies

Endress + Hauser is proposing the following: “Open Integration validates the interplay of all products in a reference topology by mutual integration tests.” in a permanent lab environment.

I hope that some companies and organizations in the Power Industry will also implement such permanently available “LAT” (Lab Acceptance Tests) that would offer 24x7 support services to the power industry.

Maybe you are interested to discuss this with TÜV SÜD or ... or myself. Please feel free to contact me.

Thanks to TÜV SÜD to offer the interoperability test services. I look forward to see more in the near future - the whole energy market would appreciate it.

Tuesday, September 5, 2017

IEC 61850 Tissue Database is Crucial for Improving the Quality of IEC 61850

The Tissue (technical issues) Database is one of the most important means to improve the quality of the standard series IEC 61850.
When IEC published the first parts of the series in 2004 the editors used a Word document to keep track of technical issues reported to the key experts and the results of their discussions. NettedAutomation developed the Tissue Database to offer a public tool to support the standardization and quality assurance process.

The following parts have an entry in the Database:

We just added an entry to part 90-2 (Substation to Control Center communication).
Please note that the almost 1,500 entries play a crucial role in the latest parts published and in the UCAIUG testing specification. Excerpt of IEC 61850-6 Amendment 1 to Edition 2:

This list has 50+ entries referring to the Tissue Database.

Products that claim conformance with IEC 61850 have to be accompanied by the so-called "TICS" Technical Issues Conformance Statement. This is a list that describes which Technical Issues have been implemented in a specific product. It is quite important to understand, that a specific Technical Issue that has an impact on client and server (publisher and subscriber) has to be implemented on both sides!!

The test labs for IEC 61850 have to test Technical Issues - when required by the testcase. The UCAIUG maintains a list of all "green" Tissues that are integral part of UCAIUG Testing requirements.

If you have an issue with IEC 61850 I recommend to check the Database and search for the topic you are looking for. Maybe your concern has already been solved ... you find a lot of good discussions in many tissues.

NetteAutomation will continue to offer the Tissue Database for the next parts to be published, e.g., Edition 2.1 of the core documents.

Enjoy the Database.

Monday, September 4, 2017


NAKAMA SOLUCIONES S.A.C., FMTP, and NettedAutomation conduct a 5 days course on


in Lima (Peru), NM Lima Hotel, Av. Pardo y Aliaga N° 330, San Isidro 15073

Del 13 al 17 de Noviembre del 2017

Horario: De 09:00 a 17:00 horas

Click HERE for general information.
Click HERE for the full program.

Saturday, August 26, 2017

The Cassandra Coefficient and ICS Cyper - Some Thoughts

Do you have a idea what "The Cassandra Coefficient" is all about and how it relates to ICS cyber security? Joe Weiss discusses the issues in a recent publication:

Cassandra coefficient and ICS cyber – is this why the system is broken

Brief extract from the publication:
Joe Weiss writes: " ... What I have found is that each time another IT cyber event occurs more attention goes to the IT at the expense of ICS cyber security. The other common theme is “wait until something big happens or something happens to me, then we can take action”. Because there are minimal ICS cyber forensics and appropriate training at the control system layer (not just the network), there are very few publicly documented ICS cyber cases. However, I have been able to document more than 950 actual cases resulting in more than 1,000 deaths and more than $50 Billion in direct damages. I was recently at a major end-user where I was to give a seminar. The evening before I had dinner with their OT cyber security expert who mentioned he had been involved in an actual malicious ICS cyber security event that affected their facilities. For various reasons the event was not documented. Consequently, everyone from the end-user, other that the OT cyber expert involved, were unaware of a major ICS cyber event that occurred in their own company. So much for information sharing."

My personal experience in this and in many other areas is: People tend to hide information instead of sharing information. I found many times that SCADA experts do not really talk to RTU people, substation automation or protection engineers ... and not at all to the people that are responsible for the communication infrastructure. Most engineers likely tend to focus on their (restricted) tasks and not looking at the SYSTEM and its lifetime. Am I contributing to solve the challenges to build a quite secure system - or am I part of the problem?

I repeat what I have said many times: Teamwork makes the dream work! Become a team player!

Click HERE for the publication.

This publication is worth to read ... some definition of what Cassandra Coefficient is could be found HERE.

Wednesday, August 23, 2017

ICS-Security Für Kleine Unternehmen Machbar Machen

Industrielle Automatisierungssysteme (Industrial Automation and Control Systeme, IACS) durchdringen viele Bereiche der kritischen Infrastrukturen wie Versorgungssysteme für Strom, Gas, Wasser, Abwasser, ...).

Mittlerweile wächst so langsam das Bewußtsein, dass viele dieser Systeme aus vielerlei Gründen nur unzureichend (im Sinne von Informationssicherheit) geschützt sind. Gründe können sein, dass Verantwortliche noch nicht die Notwendigkeit für mehr Schutzanforderungen sehen oder dass die installierten Systeme "altersschwach" sind und nur durch Austausch geschützt werden können, und und ...

Wasserversorgungsunternehmen zusammen mit dem BSI und der RWTH Aachen haben eine Masterarbeit begleitet, die besonders kleinen Versogungsunternehmen den Blick für mehr Sicherheit in der Informations- und Automatisierungstechnik öffnen könnte:

Sarah Fluchs hat die folgende Masterarbeit geschrieben:

Erstellung eines IT-Grundschutz-Profils für ein Referenzunternehmen (kleines/mittelständisches Unternehmen, KMU) mit automatisierter Prozesssteuerung (Industrial Control System, ICS)
ICS-Security für kleine Unternehmen machbar machen

Die Arbeit und ein Anhang sind öffentlich zugänglich:

HIER für den Hauptteil der Arbeit klicken.
HIER für den Anhang "IT-Grundschutz-Pilotprofil bzw. IT-Grundschutz-Profil für die Wasserwirtschaft

Diese Masterarbeit ist absolut lesens- und beachtenswert!

Die Einleitung beginnt mit einer Aussage von Ralph Langer:

For many complex IACS networks, there is no longer any single person who fully understands the system, […] and neither is there accurate documentation.

Dieser Aussage stelle ich eine viel ältere von Rene Descartes (1596-1650) voran:

"Hence we must believe that all the sciences [all the aspects of a distributed Automation System; vom Verfasser des Blogposts eingefügt] are so interconnected, that it is much easier to study them all together than to isolate one from all others. If, therefore, anyone wishes to search out the truth of things in serious ernest, he ought not to select one special science (aspect), for all the sciences (aspects) are cojoined with each other and interdependent."

Die Herausforderungen der heutigen und zukünftigen Generationen bestehen darin, ganzheitlich zu denken und zu handeln sowie die vielen überlieferten und damit auch vielfältigen Erfahrungen von unseren Vorfahren, besonders aber von solchen Menschen zu berücksichtigen, die unmittelbar in der Praxis tätig waren und gegenwärtig sind! [Aussage wurde von einem guten Freund ergänzt].

Teamwork makes the dream work.

In diesem Sinne geht mein Dank an Frau Fluchs, die mit ihrer Masterarbeit einen Grundstein gelegt hat. Symptomatisch ist, dass oft grundlegende Arbeiten "nur" von Studenten durchgeführt werden. Schade! Die angesprochenen Themen betreffen uns ALLE!

Eine Aussage in ihrem Fazit und Ausblick würde ich gerne korrigieren:

"Die übergeordnete Thematik der vorliegenden Arbeit ist die ICS-Security. Das Thema besetzt im Vergleich zu der „gewöhnlichen“ IT-Security bislang eine Nische. Vor allen produzierende Unternehmen und Betreiber kritischer Infrastrukturen müssen sich damit befassen – Otto Nor-malverbraucher bekäme zwar die Auswirkungen eines Security Incidents potenziell zu spüren, hat aber keinen direkten Einfluss auf die ICS-Netze und deren Sicherheit."

Wir als Otto-Normalverbraucher haben einen sehr großen direkten Einfluss auf die Sicherheit unserer Infrastrukturen: Indem wir bereit sind, mehr für unsere Grund-Versorgung zu bezahlen!!

Tuesday, August 22, 2017

No Gas No Electric Power - Yes, it Happend

Taiwan was hit recently by a massive blackout caused by simply closing two gas valves that powered six power generators with a total capacity of some 4,0000 MW or 4 GW!
How could that happen? The peak generation did not have reserve power. So the 4 GW tripped could not be compensated by other generations. It happens so fast!
The general stress was one aspect - another was an error made by humans, "almost 9 per cent of the island’s generation capacity, stopped after workers accidentally shut off its natural gas supply".

I am not aware of any details of the human error. One thing is clear: Our infrastructure is really under stress! It will take some efforts to get it fixed.

Click HERE for a news report.

We have really problems with existing and new infrastructures:

Check the pictures from the problems of the new train tunnel project in Rastatt (close to my home town Karlsruhe/Germany) ... you may read German as well ...

What happened? Who knows? Maybe the cheapest offer was awarded a contract ...
There is almost no redundancy in the Rhine river valley rail system ... redundancy costs money ...

It is a pity that new build infrastructure collapses and destroys old (still working) infrastructures.

Monday, August 21, 2017

New Application Example for EvaDeHon Package

We have posted a new example extending the use of the Evaluation, Demonstration and Hands-On (EvaDeHon) Package.

We will publish from time to time additional models and documentation for interesting applications. The objective is to help you to understand the various topologies and possibilities to use the IEC 61850 technology for the process information exchange.

One focus is on the application of the IXXAT (HMS) Smart Grid Gateways.

The example offers polling and reporting (Server on PC, Client on IXXAT WEB-PLC Gateway). The download contains the client CID for the gateway, the server CID and the JSON file for the PC. The gateway polls every 2 seconds and receives reports every 5 seconds - these intervals can be configured. Additionally it includes some specific documentation.

Click HERE for more information.

Saturday, August 19, 2017

Smart Cars Under Attack- What Does it Mean for Power Systems?

We are quite often looking for smart things: cars, phones, power grids, ... expecting they make life easier or more comfortable. May be ... or may not be.
We have to understand and take into account that most of these smart things are under enormous pressure to become hacked.
Researchers have reported that "Smart car makers are faced with a potentially lethal hack that cannot be fixed with a conventional software security update. The hack is believed to affect all smart cars and could enable an attacker to turn off safety features, such as airbags, ABS brakes and power-steering or any of a vehicle’s computerised components connected to its controller area network (Can) bus. ... The hack is “currently indefensible by modern car security technology, and to completely resolve it would require broad, sweeping changes in standards and the ways in-vehicle
networks and devices are made,”"
Click HERE for the full report on computerweekly.
Click HERE for another detailed report also worth to read and FOLLOW.

Hm, that is no good news!

I hope that the power industry is using appropriate (security) standards to dramatically reduce the risk to hack devices used in power automation systems. One of them is IEC 62351. There are many other measures discussed on this block, e.g., the German BDEW Whitebook.
How many more wake-up calls do we need to change our ways how to secure energy delivery services? The more devices are brought into operation the more we need to care about security.

A lethal position of the management would be: "It could not happen to our systems - they are all safe. Really?

In the first years of open systems interconnection (OSI) ... early 1980s, I was quite unhappy with the Ethernet CSMA/CD method and the token bus solution. As a young engineer at Siemens here in Karlsruhe, I spent many hours and days of my free time (at home) to figure out how to improve the CSMA/CD to make the access deterministic - yes I found a solution! My colleagues and the management was supporting Tokenbus only ;-)

So, my patent was not used by Siemens ... but later I figured out that the CAN bus used the same algorithm I developed for my patent.

At that time almost nobody was expecting that years later people would intentionally hack media access protocols!! I remember one person complaining about OSI in the early 80s. He said (in German): "Wer offene Systeme haben will, der ist nicht ganz dicht!" This is not easily to be translated in English - I will try. "Offene Systeme" is "Open Systems". "Dicht" means "close" - and if someone is "nicht dicht" means: you are crazy. So: "If you want to have Open Systems - you must be crazy."

Click HERE to have a look at my patent (EP0110015).

I am really wondering that the old and for long time used protocols like CAN make that lethal trouble 30 years later! What will be next?

By the way, any Ethernet multicast shower in a subnetwork has the potential to crash a "smart" device. If the Ethernet controller has to filter out too many multicast messages it may stop to work.

Resume: Any system needs to be carefully designed, engineered and configured. Do you want to have a problem? No Problem!

The industry has to learn that a lot of changes in the way we automate today has to come!! That requires SMART People - and a lot more resources ... the costs of our living will definitely increase.

I question, if we have really made a lot of progress since the early 80s. Open Sytsems are too "open" ... we have to find ways to close the points where hacker could tap and "re-use" the messages in order to stop talking.

Friday, August 18, 2017

Draft of First Amendment to IEC 62351-3 (power system security) Published

Draft IEC 62351-3/AMD1 ED1 (57/1894/CDV)
Amendment 1 – Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP
The crucial amendment has been prepared by IEC TC57 Working Group 15 in order to address the following:

  1. Definition of additional security warnings for TLS versions 1.1 and 1.0
  2. Alignment of handling of revoked or expired certificates for TLS session resumption and TLS session renegotiation
  3. Clarification regarding session resumption and session renegotiation invocation based on session time.
  4. Enhancement of session resumption approach with the option of session tickets to better align with the upcoming new version of TLS
  5. Enhancement of the utilized public key methods for signing and key management with ECDSA based algorithms
  6. Update of the requirements for referencing standards
  7. Update of bibliograph
The CDV ballot ends 2017-11-03

Drei IEC-61850-Hands-On-Trainingskurse in Deutsch in Karlsruhe (2017 und 2018)

Die NettedAutomation GmbH (Karlsruhe) bietet drei Termine für das aktuelle IEC61850-Hands-On-Training in Karlsruhe an:
05.-08. Dezember 2017 
14.-17. Mai 2018
04.-07. Dezember 2018

Diese unschlagbar günstigen Trainingskurse vermitteln über 30 Jahre Erfahrungen mit Informationsaustausch-Systemen basierend auf internationalen Normenreihen wir IEC 61850 (allgemeine Anwendungen in der Energietechnik, Schaltanlagen, Transport- und Verteilnetze, Wasserkraft, Kraft-Wärmekopplung, Speicher, ...), IEC 61400-25 (Wind), IEC 60870-5-10x (traditionelle Fernwirktechnik), IEC 61158 (Feldbus), IEC 62351 (Sicherheit in der Informationstechnik) und vielen anderen.

Planen Sie schon heute das entsprechende Budget für das Jahr 2018!

Clicken Sie HIER für Inhalte, Preise und Anmeldeinformationen.

Thursday, August 17, 2017

SMA Inverter and Cyber Security Issues

Recently a study on cyber security threads regarding PV inverters was published, in which SMA was mentioned. The topic has also since been seized upon by other media outlets. Unfortunately, the claim has caused serious concern for SMA customers. SMA does not agree with this article, as some of the statements are not correct or greatly exaggerated.

Click HERE for the complete response by SMA.
HIER geht es zur deutschen Seite.

I hope that all vendors of network connected devices are as serious as SMA when it comes to security.

Thursday, August 10, 2017

Fuzzing Communication Protocols - Some Thoughts About a New Report

Have you heard about FUZZING?

Wikipedia explains:"Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. ..." Wow!

Is there any link to IEC 60870-5-104, OPC UA or IEC 61850? Yes there are people that have used the technique to test these and many other protocols.

The "State of Fuzzing 2017" report just published by SYNOPSIS (San Francisco) wants to make us belief that, e.g., the above mentioned protocols are weak and may crash easily. What?

The best is to read the report and my comments below. Other experts have commented similarly.

Click HERE to download the report.

Any kind of testing to improve IMPLEMENTATIONS of protocols is helpful. You can test implementations only – not the protocols or stacks per se.

One of the crucial questions I have with the fuzz testing report is: Which IMPLEMENTATION(s) did they test? Did they test 10 different or 100? Open source implementations only? New implementations or old? Or what?

Testing is always a good idea … more testing even a better approach. At the end of the day, customers have to pay for it (e.g., higher rates per kWh).

I would like to see more vendor-independent tests of any kind … but the user community must accept the higher costs. Are you ready to pay more? How much more would you accept to pay? 50%?

As long as vendors have the possibility to self-certify their products we will see more problems in the future.

Anyway: The best approach would be to use a different protocol for each IED … ;-)

What about testing the wide spectrum of application software? Not easy to automate … to fuzz.

You may have a protocol implementation without any error within one year … but an application that easily crashes … a holistic testing approach would be more helpful. IEC TC 57 WG 10 has discussed many times to define measures for functional tests … without any useful result so far. Utility experts from all over the world should contribute to that project – go and ask you manager to get approval for the next trips to New Orleans, Seoul, New York, Frankfurt, Brisbane, Tokyo, …  to contribute to functional testing. In case you do not attend – don’t complain in the future when IEDs crash …

The more complex an application is, the more likely it is that there will be serious and hard to find problems.

Crashing the protocol handler and application is one thing - what if they don’t crash but bad data gets through?

The report is a nice promotion for the fuzzing tools offered by Synopsis.
The last page states: "Synopsys offers the most comprehensive solution for building integrity—security and quality—into your SDLC and supply chain. We’ve united leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. ... our platform will help ensure the integrity of the applications that power your business."

Testing is very crucial and very complex. I hope that users of devices applying well known protocols in power system automation will soon better understand HOW important testing is - require various tests for devices they purchase and are willing to pay for it!
Start with an education phase as soon as possible - before it is too late.

Wednesday, August 9, 2017

Analysis Of The Malware Reportedly Used in the December 2016 Ukrainian Power System Attack

Senior experts of SANS ICS and E-ISAC have released a very good report:

ICS Defense Use Case No. 6:
Modular ICS Malware
August 2, 2017

This document contains a summary of information compiled from multiple publicly available sources, as well as analysis performed by the SANS Industrial Control Systems (ICS) team in relation to this event. Elements of the event provide an important learning opportunity for ICS defenders.

The sharing of this report is very much appreciated. It is very rare to get such a professional publicly available analysis about a significant and terrifying event in the control system world.

The report closes with this very important statement:

Defenders must take this opportunity to conduct operational and engineering discussions as suggested in this DUC and enhance their capabilities to gain visibility in to their ICS networks and hosts. The community must learn as much as it can from real world incidents and not delay; we expect adversaries to mature their tools and enhance them with additional capabilities.

I recommend you to study this document and get trained by the real experts - for the good of your country! Don't accept the decision of your HR ... not providing you the budget for training. Quite often HR managers believe that our systems are secure - no need for training on security, communication standards, etc.

Click HERE for the full report.

By the way, the SCADASEC blog (as a crucial platform for ICS defenders and other people) is a nice place to visit, discuss and learn issues related to the topics discussed in the paper.