Sunday, September 17, 2017

IEC 61850 Logical Node Group Designation

IEC 61850 uses a well defined designation of Logical Node Groups like MMXU for 3phase electrical measurements. The following groups are defined:

A   Automatic control
C   Supervisory control
D   DER (Distributed Energy Resources)
F   Functional blocks
G   Generic function references
H   Hydro power
I    Interfacing and archiving
K   Mechanical and non-electrical primary equipment
L    System logical nodes
M   Metering and measurement
P    Protection functions
Q    Power quality events detection related
R    Protection related functions
S    Supervision and monitoring
T    Instrument transformer and sensors
W   Wind power
X    Switchgear
Y    Power transformer and related functions
Z    Further (power system) equipment

A total of several hundred of Logical Nodes are already defined and published.

Machine Processable SCL/XML Schema Available for Download

Please note that the SCL Schema Edition 1 and 2 are available for download from the IEC Website.

Click HERE for more details.

There will be more machine processable documents of the series IEC 61850 available in the near future.

I highly recommend to stay tuned to this IEC 61850 Blog ... just Subscribe to it (details can be found on the top right of the site).

First Document of Series IEC 61850 Published as Edition 2.1 FDIS

IEC TC 57 has just published the FDIS of IEC 61850-6/AMD1 ED2:

Amendment 1 – Communication networks and systems for power utility automation –
Part 6: Configuration description language for communication in power utility automation systems related to IEDs

The voting ends: 2017-10-27

Amendment 1 means finally Part 6 Edition 2.1:

The present FDIS reflects amendment 1 to IEC 61850-6 Ed. 2. TC 57 WG 10 has also developed a so-called consolidated edition 2.1 based on the present amendment and the existing Edition 2. The consolidated edition is circulated in parallel under reference 57/1919/INF, so that national committees can see the implementation of the amendment in the existing edition.
Once the present FDIS is approved, the consolidated edition will be published together with the amendment under reference IEC 61850-6 Ed. 2.1.

Machine processable Schema available!!

Note that the Schemata for Edition 1 and 2 of part 6 could be downloaded from the IEC Website:

The availability of the machine readable schemata is a very great progress in getting IEC 61850 applied in more and new application domains. More to come.


Saturday, September 16, 2017

IEC 61850: Training for Protection, Control, and SCADA experts

FMTP and NettedAutomation offer one of the most wanted

Training for Protection, Control, and SCADA based on systems according to IEC 61850

10.-13. October 2017
Karlsruhe/Germany (just one hour south of Frankfurt International Airport)

We have a few seats available - one for you and maybe one for your colleague.

Click HERE for details and registration information.
Click HERE for further training opportunities.

Saturday, September 9, 2017

TÜV SÜD Offers Interoperability Tests - What comes next?

The UCAIUG (UCA International Users Group) has issued 800 Certificates for IEC 61850 devices and tools. Congratulation for the success.

The global market has accepted the new technology standardized since 1995! No question!

In multi vendor projects quite often devices from different manufacturers or from different device firmware versions show interoperability issues. Device A and B may conform to the standard series - but device A may support options that are not supported by device B. This ends up in interoperability problems ... discussions and frustrations.

It is highly recommended that devices used in a multi vendor project are tested for interoperability! Interoperability tests are usually organized by users, e.g., big utilities. The UCAIUG organizes interoperability tests every second yer - far away from being sufficient! The next one is planned for being conducted in New Orleans (USA) in November. It requires a lot of resources to go there ... I guess European utilities may send very few experts only ... and small vendors are likely not travelling across the Atlantic.

So, what to do? I have recommended early to TÜV SÜD to offer interoperability test services.

TÜV SÜD (Munich, Germany) is offering interoperability test ... contact them to figure out how your device can interoperate with other devices.

Interoperable components save time and money during integration into complex systems - and help to reduce frustrations when struggling with implemented or not implemented options, with different interpretations by vendors, ...

And note this: Traveling to Munich (Germany) is easier and cheaper than flying around the globe!

Partners in the industrial automation domain have learned that interoperability (for easier integration) is a crucial means to save a lot of resources ... they are partnering:

Open Integration Partner program for practical testing of multi-vendor automation topologies

Endress + Hauser is proposing the following: “Open Integration validates the interplay of all products in a reference topology by mutual integration tests.” in a permanent lab environment.

I hope that some companies and organizations in the Power Industry will also implement such permanently available “LAT” (Lab Acceptance Tests) that would offer 24x7 support services to the power industry.

Maybe you are interested to discuss this with TÜV SÜD or ... or myself. Please feel free to contact me.

Thanks to TÜV SÜD to offer the interoperability test services. I look forward to see more in the near future - the whole energy market would appreciate it.

Tuesday, September 5, 2017

IEC 61850 Tissue Database is Crucial for Improving the Quality of IEC 61850

The Tissue (technical issues) Database is one of the most important means to improve the quality of the standard series IEC 61850.
When IEC published the first parts of the series in 2004 the editors used a Word document to keep track of technical issues reported to the key experts and the results of their discussions. NettedAutomation developed the Tissue Database to offer a public tool to support the standardization and quality assurance process.

The following parts have an entry in the Database:

We just added an entry to part 90-2 (Substation to Control Center communication).
Please note that the almost 1,500 entries play a crucial role in the latest parts published and in the UCAIUG testing specification. Excerpt of IEC 61850-6 Amendment 1 to Edition 2:

This list has 50+ entries referring to the Tissue Database.

Products that claim conformance with IEC 61850 have to be accompanied by the so-called "TICS" Technical Issues Conformance Statement. This is a list that describes which Technical Issues have been implemented in a specific product. It is quite important to understand, that a specific Technical Issue that has an impact on client and server (publisher and subscriber) has to be implemented on both sides!!

The test labs for IEC 61850 have to test Technical Issues - when required by the testcase. The UCAIUG maintains a list of all "green" Tissues that are integral part of UCAIUG Testing requirements.

If you have an issue with IEC 61850 I recommend to check the Database and search for the topic you are looking for. Maybe your concern has already been solved ... you find a lot of good discussions in many tissues.

NetteAutomation will continue to offer the Tissue Database for the next parts to be published, e.g., Edition 2.1 of the core documents.

Enjoy the Database.

Monday, September 4, 2017


NAKAMA SOLUCIONES S.A.C., FMTP, and NettedAutomation conduct a 5 days course on


in Lima (Peru), NM Lima Hotel, Av. Pardo y Aliaga N° 330, San Isidro 15073

Del 13 al 17 de Noviembre del 2017

Horario: De 09:00 a 17:00 horas

Click HERE for general information.
Click HERE for the full program.

Saturday, August 26, 2017

The Cassandra Coefficient and ICS Cyper - Some Thoughts

Do you have a idea what "The Cassandra Coefficient" is all about and how it relates to ICS cyber security? Joe Weiss discusses the issues in a recent publication:

Cassandra coefficient and ICS cyber – is this why the system is broken

Brief extract from the publication:
Joe Weiss writes: " ... What I have found is that each time another IT cyber event occurs more attention goes to the IT at the expense of ICS cyber security. The other common theme is “wait until something big happens or something happens to me, then we can take action”. Because there are minimal ICS cyber forensics and appropriate training at the control system layer (not just the network), there are very few publicly documented ICS cyber cases. However, I have been able to document more than 950 actual cases resulting in more than 1,000 deaths and more than $50 Billion in direct damages. I was recently at a major end-user where I was to give a seminar. The evening before I had dinner with their OT cyber security expert who mentioned he had been involved in an actual malicious ICS cyber security event that affected their facilities. For various reasons the event was not documented. Consequently, everyone from the end-user, other that the OT cyber expert involved, were unaware of a major ICS cyber event that occurred in their own company. So much for information sharing."

My personal experience in this and in many other areas is: People tend to hide information instead of sharing information. I found many times that SCADA experts do not really talk to RTU people, substation automation or protection engineers ... and not at all to the people that are responsible for the communication infrastructure. Most engineers likely tend to focus on their (restricted) tasks and not looking at the SYSTEM and its lifetime. Am I contributing to solve the challenges to build a quite secure system - or am I part of the problem?

I repeat what I have said many times: Teamwork makes the dream work! Become a team player!

Click HERE for the publication.

This publication is worth to read ... some definition of what Cassandra Coefficient is could be found HERE.

Wednesday, August 23, 2017

ICS-Security Für Kleine Unternehmen Machbar Machen

Industrielle Automatisierungssysteme (Industrial Automation and Control Systeme, IACS) durchdringen viele Bereiche der kritischen Infrastrukturen wie Versorgungssysteme für Strom, Gas, Wasser, Abwasser, ...).

Mittlerweile wächst so langsam das Bewußtsein, dass viele dieser Systeme aus vielerlei Gründen nur unzureichend (im Sinne von Informationssicherheit) geschützt sind. Gründe können sein, dass Verantwortliche noch nicht die Notwendigkeit für mehr Schutzanforderungen sehen oder dass die installierten Systeme "altersschwach" sind und nur durch Austausch geschützt werden können, und und ...

Wasserversorgungsunternehmen zusammen mit dem BSI und der RWTH Aachen haben eine Masterarbeit begleitet, die besonders kleinen Versogungsunternehmen den Blick für mehr Sicherheit in der Informations- und Automatisierungstechnik öffnen könnte:

Sarah Fluchs hat die folgende Masterarbeit geschrieben:

Erstellung eines IT-Grundschutz-Profils für ein Referenzunternehmen (kleines/mittelständisches Unternehmen, KMU) mit automatisierter Prozesssteuerung (Industrial Control System, ICS)
ICS-Security für kleine Unternehmen machbar machen

Die Arbeit und ein Anhang sind öffentlich zugänglich:

HIER für den Hauptteil der Arbeit klicken.
HIER für den Anhang "IT-Grundschutz-Pilotprofil bzw. IT-Grundschutz-Profil für die Wasserwirtschaft

Diese Masterarbeit ist absolut lesens- und beachtenswert!

Die Einleitung beginnt mit einer Aussage von Ralph Langer:

For many complex IACS networks, there is no longer any single person who fully understands the system, […] and neither is there accurate documentation.

Dieser Aussage stelle ich eine viel ältere von Rene Descartes (1596-1650) voran:

"Hence we must believe that all the sciences [all the aspects of a distributed Automation System; vom Verfasser des Blogposts eingefügt] are so interconnected, that it is much easier to study them all together than to isolate one from all others. If, therefore, anyone wishes to search out the truth of things in serious ernest, he ought not to select one special science (aspect), for all the sciences (aspects) are cojoined with each other and interdependent."

Die Herausforderungen der heutigen und zukünftigen Generationen bestehen darin, ganzheitlich zu denken und zu handeln sowie die vielen überlieferten und damit auch vielfältigen Erfahrungen von unseren Vorfahren, besonders aber von solchen Menschen zu berücksichtigen, die unmittelbar in der Praxis tätig waren und gegenwärtig sind! [Aussage wurde von einem guten Freund ergänzt].

Teamwork makes the dream work.

In diesem Sinne geht mein Dank an Frau Fluchs, die mit ihrer Masterarbeit einen Grundstein gelegt hat. Symptomatisch ist, dass oft grundlegende Arbeiten "nur" von Studenten durchgeführt werden. Schade! Die angesprochenen Themen betreffen uns ALLE!

Eine Aussage in ihrem Fazit und Ausblick würde ich gerne korrigieren:

"Die übergeordnete Thematik der vorliegenden Arbeit ist die ICS-Security. Das Thema besetzt im Vergleich zu der „gewöhnlichen“ IT-Security bislang eine Nische. Vor allen produzierende Unternehmen und Betreiber kritischer Infrastrukturen müssen sich damit befassen – Otto Nor-malverbraucher bekäme zwar die Auswirkungen eines Security Incidents potenziell zu spüren, hat aber keinen direkten Einfluss auf die ICS-Netze und deren Sicherheit."

Wir als Otto-Normalverbraucher haben einen sehr großen direkten Einfluss auf die Sicherheit unserer Infrastrukturen: Indem wir bereit sind, mehr für unsere Grund-Versorgung zu bezahlen!!

Tuesday, August 22, 2017

No Gas No Electric Power - Yes, it Happend

Taiwan was hit recently by a massive blackout caused by simply closing two gas valves that powered six power generators with a total capacity of some 4,0000 MW or 4 GW!
How could that happen? The peak generation did not have reserve power. So the 4 GW tripped could not be compensated by other generations. It happens so fast!
The general stress was one aspect - another was an error made by humans, "almost 9 per cent of the island’s generation capacity, stopped after workers accidentally shut off its natural gas supply".

I am not aware of any details of the human error. One thing is clear: Our infrastructure is really under stress! It will take some efforts to get it fixed.

Click HERE for a news report.

We have really problems with existing and new infrastructures:

Check the pictures from the problems of the new train tunnel project in Rastatt (close to my home town Karlsruhe/Germany) ... you may read German as well ...

What happened? Who knows? Maybe the cheapest offer was awarded a contract ...
There is almost no redundancy in the Rhine river valley rail system ... redundancy costs money ...

It is a pity that new build infrastructure collapses and destroys old (still working) infrastructures.

Monday, August 21, 2017

New Application Example for EvaDeHon Package

We have posted a new example extending the use of the Evaluation, Demonstration and Hands-On (EvaDeHon) Package.

We will publish from time to time additional models and documentation for interesting applications. The objective is to help you to understand the various topologies and possibilities to use the IEC 61850 technology for the process information exchange.

One focus is on the application of the IXXAT (HMS) Smart Grid Gateways.

The example offers polling and reporting (Server on PC, Client on IXXAT WEB-PLC Gateway). The download contains the client CID for the gateway, the server CID and the JSON file for the PC. The gateway polls every 2 seconds and receives reports every 5 seconds - these intervals can be configured. Additionally it includes some specific documentation.

Click HERE for more information.

Saturday, August 19, 2017

Smart Cars Under Attack- What Does it Mean for Power Systems?

We are quite often looking for smart things: cars, phones, power grids, ... expecting they make life easier or more comfortable. May be ... or may not be.
We have to understand and take into account that most of these smart things are under enormous pressure to become hacked.
Researchers have reported that "Smart car makers are faced with a potentially lethal hack that cannot be fixed with a conventional software security update. The hack is believed to affect all smart cars and could enable an attacker to turn off safety features, such as airbags, ABS brakes and power-steering or any of a vehicle’s computerised components connected to its controller area network (Can) bus. ... The hack is “currently indefensible by modern car security technology, and to completely resolve it would require broad, sweeping changes in standards and the ways in-vehicle
networks and devices are made,”"
Click HERE for the full report on computerweekly.
Click HERE for another detailed report also worth to read and FOLLOW.

Hm, that is no good news!

I hope that the power industry is using appropriate (security) standards to dramatically reduce the risk to hack devices used in power automation systems. One of them is IEC 62351. There are many other measures discussed on this block, e.g., the German BDEW Whitebook.
How many more wake-up calls do we need to change our ways how to secure energy delivery services? The more devices are brought into operation the more we need to care about security.

A lethal position of the management would be: "It could not happen to our systems - they are all safe. Really?

In the first years of open systems interconnection (OSI) ... early 1980s, I was quite unhappy with the Ethernet CSMA/CD method and the token bus solution. As a young engineer at Siemens here in Karlsruhe, I spent many hours and days of my free time (at home) to figure out how to improve the CSMA/CD to make the access deterministic - yes I found a solution! My colleagues and the management was supporting Tokenbus only ;-)

So, my patent was not used by Siemens ... but later I figured out that the CAN bus used the same algorithm I developed for my patent.

At that time almost nobody was expecting that years later people would intentionally hack media access protocols!! I remember one person complaining about OSI in the early 80s. He said (in German): "Wer offene Systeme haben will, der ist nicht ganz dicht!" This is not easily to be translated in English - I will try. "Offene Systeme" is "Open Systems". "Dicht" means "close" - and if someone is "nicht dicht" means: you are crazy. So: "If you want to have Open Systems - you must be crazy."

Click HERE to have a look at my patent (EP0110015).

I am really wondering that the old and for long time used protocols like CAN make that lethal trouble 30 years later! What will be next?

By the way, any Ethernet multicast shower in a subnetwork has the potential to crash a "smart" device. If the Ethernet controller has to filter out too many multicast messages it may stop to work.

Resume: Any system needs to be carefully designed, engineered and configured. Do you want to have a problem? No Problem!

The industry has to learn that a lot of changes in the way we automate today has to come!! That requires SMART People - and a lot more resources ... the costs of our living will definitely increase.

I question, if we have really made a lot of progress since the early 80s. Open Sytsems are too "open" ... we have to find ways to close the points where hacker could tap and "re-use" the messages in order to stop talking.

Friday, August 18, 2017

Draft of First Amendment to IEC 62351-3 (power system security) Published

Draft IEC 62351-3/AMD1 ED1 (57/1894/CDV)
Amendment 1 – Power systems management and associated information exchange – Data and communications security – Part 3: Communication network and system security – Profiles including TCP/IP
The crucial amendment has been prepared by IEC TC57 Working Group 15 in order to address the following:

  1. Definition of additional security warnings for TLS versions 1.1 and 1.0
  2. Alignment of handling of revoked or expired certificates for TLS session resumption and TLS session renegotiation
  3. Clarification regarding session resumption and session renegotiation invocation based on session time.
  4. Enhancement of session resumption approach with the option of session tickets to better align with the upcoming new version of TLS
  5. Enhancement of the utilized public key methods for signing and key management with ECDSA based algorithms
  6. Update of the requirements for referencing standards
  7. Update of bibliograph
The CDV ballot ends 2017-11-03

Drei IEC-61850-Hands-On-Trainingskurse in Deutsch in Karlsruhe (2017 und 2018)

Die NettedAutomation GmbH (Karlsruhe) bietet drei Termine für das aktuelle IEC61850-Hands-On-Training in Karlsruhe an:
05.-08. Dezember 2017 
14.-17. Mai 2018
04.-07. Dezember 2018

Diese unschlagbar günstigen Trainingskurse vermitteln über 30 Jahre Erfahrungen mit Informationsaustausch-Systemen basierend auf internationalen Normenreihen wir IEC 61850 (allgemeine Anwendungen in der Energietechnik, Schaltanlagen, Transport- und Verteilnetze, Wasserkraft, Kraft-Wärmekopplung, Speicher, ...), IEC 61400-25 (Wind), IEC 60870-5-10x (traditionelle Fernwirktechnik), IEC 61158 (Feldbus), IEC 62351 (Sicherheit in der Informationstechnik) und vielen anderen.

Planen Sie schon heute das entsprechende Budget für das Jahr 2018!

Clicken Sie HIER für Inhalte, Preise und Anmeldeinformationen.

Thursday, August 17, 2017

SMA Inverter and Cyber Security Issues

Recently a study on cyber security threads regarding PV inverters was published, in which SMA was mentioned. The topic has also since been seized upon by other media outlets. Unfortunately, the claim has caused serious concern for SMA customers. SMA does not agree with this article, as some of the statements are not correct or greatly exaggerated.

Click HERE for the complete response by SMA.
HIER geht es zur deutschen Seite.

I hope that all vendors of network connected devices are as serious as SMA when it comes to security.

Thursday, August 10, 2017

Fuzzing Communication Protocols - Some Thoughts About a New Report

Have you heard about FUZZING?

Wikipedia explains:"Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. ..." Wow!

Is there any link to IEC 60870-5-104, OPC UA or IEC 61850? Yes there are people that have used the technique to test these and many other protocols.

The "State of Fuzzing 2017" report just published by SYNOPSIS (San Francisco) wants to make us belief that, e.g., the above mentioned protocols are weak and may crash easily. What?

The best is to read the report and my comments below. Other experts have commented similarly.

Click HERE to download the report.

Any kind of testing to improve IMPLEMENTATIONS of protocols is helpful. You can test implementations only – not the protocols or stacks per se.

One of the crucial questions I have with the fuzz testing report is: Which IMPLEMENTATION(s) did they test? Did they test 10 different or 100? Open source implementations only? New implementations or old? Or what?

Testing is always a good idea … more testing even a better approach. At the end of the day, customers have to pay for it (e.g., higher rates per kWh).

I would like to see more vendor-independent tests of any kind … but the user community must accept the higher costs. Are you ready to pay more? How much more would you accept to pay? 50%?

As long as vendors have the possibility to self-certify their products we will see more problems in the future.

Anyway: The best approach would be to use a different protocol for each IED … ;-)

What about testing the wide spectrum of application software? Not easy to automate … to fuzz.

You may have a protocol implementation without any error within one year … but an application that easily crashes … a holistic testing approach would be more helpful. IEC TC 57 WG 10 has discussed many times to define measures for functional tests … without any useful result so far. Utility experts from all over the world should contribute to that project – go and ask you manager to get approval for the next trips to New Orleans, Seoul, New York, Frankfurt, Brisbane, Tokyo, …  to contribute to functional testing. In case you do not attend – don’t complain in the future when IEDs crash …

The more complex an application is, the more likely it is that there will be serious and hard to find problems.

Crashing the protocol handler and application is one thing - what if they don’t crash but bad data gets through?

The report is a nice promotion for the fuzzing tools offered by Synopsis.
The last page states: "Synopsys offers the most comprehensive solution for building integrity—security and quality—into your SDLC and supply chain. We’ve united leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. ... our platform will help ensure the integrity of the applications that power your business."

Testing is very crucial and very complex. I hope that users of devices applying well known protocols in power system automation will soon better understand HOW important testing is - require various tests for devices they purchase and are willing to pay for it!
Start with an education phase as soon as possible - before it is too late.

Wednesday, August 9, 2017

Analysis Of The Malware Reportedly Used in the December 2016 Ukrainian Power System Attack

Senior experts of SANS ICS and E-ISAC have released a very good report:

ICS Defense Use Case No. 6:
Modular ICS Malware
August 2, 2017

This document contains a summary of information compiled from multiple publicly available sources, as well as analysis performed by the SANS Industrial Control Systems (ICS) team in relation to this event. Elements of the event provide an important learning opportunity for ICS defenders.

The sharing of this report is very much appreciated. It is very rare to get such a professional publicly available analysis about a significant and terrifying event in the control system world.

The report closes with this very important statement:

Defenders must take this opportunity to conduct operational and engineering discussions as suggested in this DUC and enhance their capabilities to gain visibility in to their ICS networks and hosts. The community must learn as much as it can from real world incidents and not delay; we expect adversaries to mature their tools and enhance them with additional capabilities.

I recommend you to study this document and get trained by the real experts - for the good of your country! Don't accept the decision of your HR ... not providing you the budget for training. Quite often HR managers believe that our systems are secure - no need for training on security, communication standards, etc.

Click HERE for the full report.

By the way, the SCADASEC blog (as a crucial platform for ICS defenders and other people) is a nice place to visit, discuss and learn issues related to the topics discussed in the paper.

Tuesday, August 8, 2017

Draft for Role Based Access Control (RBAC) Published (IEC 62351-90-1)

IEC TC 57 published the IEC TR 62351-90-1 Draft for Role Based Access Control (RBAC) [57/1905/DTR]:

IEC 62351 Data and communications security –
Part 90-1: Guidelines for handling role-based access control in power systems

The voting period closes on 2017-09-29.

"The power system sector is adopting security measures to ensure the reliable delivery of energy. One of these measures comprises Role-based Access Control (RBAC), allowing utility operators, energy brokers and end-users to utilize roles to restrict the access to equipment and energy automation functionalities on a need-to-handle basis. The specific measures to realize this functionality have been defined in the context of IEC 62351-8. It defines 3 profiles for the transmission of RBAC related information. This information is, but not limited to, being contained in public key certificates, attribute certificates, or software tokens. Moreover, especially for IEC 61850, it defines a set of mandatory roles and associated rights. The standard itself also allows the definition of custom roles and associated rights, but this is not specified in a way to ensure interoperability."

Data and communication security is a crucial issue in the communication between multiple IEC 61850 clients and an IED with a single IEC 61850 Server. The administration of the roles and further behavior requires a highly complex (centralized!?) administration and a complex functionality in each IED implementing RBAC.

The following aspects have a big impact on implementations:
  1. TCP/IP Networking,
  2. General security measures like TLS,
  3. RBAC, 
  4. MMS,
  5. IEC 61850 Services, Models and Configuration, and
  6. Power system functionalities (key for the power delivery system) on top
The bulk of resources needed are mainly independent of the MMS protocol and services. People that want to use other protocols cannot really expect that the cost for getting secure communication and data will be lowered - the most efforts are related to non-protocol issues.
The second, third, fifth, and sixth bullet are most crucial.
In addition to the cost of implementing RBAC (including the other required parts of the series IEC 62351) one has to understand that the operation, management, engineering, and configuration of RBAC consumes a relatively huge amount of resources of the embedded controllers or other platforms.
That is one of the crucial reasons why many IEDs installed today cannot (and likely will not) be upgraded for measures defined in the IEC 62351 series.

Recommendation: As soon as possible get started to understand the impact of the measures defined in IEC 62351 and how to implement some or many of these measures.

Related documents of the series IEC 62351 IEC/TS 62351, Power systems management and associated information exchange – Data and communications security – are:

Part 1: Communication network and system security – Introduction to security issues
Part 3: Communication network and system security – Profiles including TCP/IP
Part 4: Profiles including MMS
Part 5: Security for IEC 60870-5 and derivatives
Part 8: Role-based Access Control

Monday, August 7, 2017

IEC 61850, Sensors, and Cyber Threats

Sensors all over will be more important in the future: First to automate processes and second to monitor the automation systems.
The other day I found a very serious report on compromising automation systems under the title:

ICS cyber threats are morphing into compromise of plant functionality – do we have the right tools? 

The report by Joe Weiss is worth to read.

Click HERE for reading the complete report.

The discussion is about compromising an actuator (Valve, ...)  and let the physics do the damage!

Joe resumes: "Without sensor monitoring, it is NOT possible to see the precursor to these kinds of conditions until it is too late."

I have discussed the reported issues with an expert of valves in industrial process control applications. He confirmed that the cavitation (bubble or Wasserblasen) effect is known for long. But there are only a relatively few applications of (vibration) sensors installed to measure the noise produced by cavitation (see video at Youtube) to figure out that something is going wrong.

IEC 61850 has a bunch of models and services to support sensors:

and event reporting:

The quality attributes that come with all values could be used to flag that the value is valid or not. Additionally the sensor may have a health problem (figured out by a diagnosis routine) that can be reported using the TTMP.EEHealth.stVal attribute (EE - external equipment).

All models and services have to rely on good hardware and software! Or we get: Garbage in - Garbage out!

In our seminars and hands-on training courses we discuss these and many other topics in detail.

IEC 61850 Europe 2017 Conference and Exhibition in September 2017

The largest conference and exhibition on IEC 61850 and related topics invites you:

Multi-Vendor Multi-Edition IEC 61850
Implementation & Operation
3-Day Conference, Exhibition & Networking Forum
26-28 September 2017 
Novotel Amsterdam City
The Netherlands

Now firmly established as the European end-user forum for IEC 61850 experts and implementation leaders, this dedicated 3-day conference, exhibition and networking forum provides the information, inspiration, and connections you need to propel your IEC 61850 deployments further faster!

This year’s end-user driven programme explores the opportunities and challenges presented by sophisticated multi-vendor multi-edition IEC 61850 implementation, operation and maintenance. Utility experiences of advanced functionalities such as Process Bus, GOOSE Messaging, PRP & HSR, and Time Synchronisation are evaluated in the context of digital substations, as well as inter-substation, substation to SCADA systems, substation to metering infrastructure, and substation to DER.

Click HERE for the details of the event.

Attending this conference will give you a flavor of the market for IEC 61850 based systems.

After the conference you may have a lot of questions and my look for some senior experts that will guide you vendor-independently into the magic of the standard series.

Please have a look what kind of training FMTP and NettedAutomation offer you in October and December 2017 in Karlsruhe (Germany).

ENTSO-E Just Published a New Update on Activities Related to IEC 61850

ENTSO-E is actively supporting the application of IEC 61850.

They believe that "The IEC 61850 Standard for the design of electrical substation automation addresses many crucial aspects of TSO communications, data modeling and engineering in order to reach seamless interoperability of different vendors’ subsystems within the TSO system management architecture."

ENTSO-E published an Update on their activities related to IEC 61850 in July 2017.

ENTSO-E Ad Hoc Group IEC 61850 continued to intensively work on the improvement of the IEC 61850 standard interoperability on two main domains:
  1. At information level (data semantic), the development of the ENTSO-E profile through the Interoperability Specification Tool (ISTool)
  2. At engineering level, by consolidating ENTSO-E requirements that have been formalized into a DC (Document for Comment), approved through the IEC National Committees (NC) voting process, and now encapsulated in the action plan of several task forces of the IEC TC 57 WG10
Click HERE for reading the complete the report.

Comparison of IEC 60870-5-10x, DNP3, and IEC 60870-6-TASE.2 with IEC 61850

In 2008 I published the 3rd version of the document:

Comparison of IEC 60870-5-101/-103/-104, DNP3, and IEC 60870-6-TASE.2 with IEC 61850

This is really the most downloaded document since then - and still in 2017!

Click HERE for getting a copy.

It is interesting that so many people are still interested to see the difference between IEC 61850 and the other IEC TC 57 standard series.

Now, in 2017 we have learned that IEC 61850 goes far beyond the other standard series.

The RTU standards like 104 or DNP3 are still in widespread use. Utilities are expecting that many vendors of RTUs will start to discontinue to supporting these standards.
That is one of many reasons why more utilities are starting to get involved in understanding IEC 61850.

IEC PC 118 Has Published Two CDV Documents Dealing With Smart Grid Communication

IEC PC 118 "SMART GRID USER INTERFACE" has published two new CDV documents available for PUBLIC comments:

Systems interface between customer energy management system and the power management system – Part 10-1: Open Automated Demand Response [118/75/CDV] with 87 pages

Systems interface between customer energy management system and the power management system – Part 10-3: Adapting smart grid user interface to IEC CIM [118/76/CDV] with 27 pages

Both CDV (committee draft for vote) are accessible for PUBLIC comments (

These documents of IEC PC 118 are likely to have an impact on the work done and under development of IEC TC 57 and IEC TC 65. With your comments a duplication of work may be prevented.

Please use the opportunity to provide your comments through the IEC channel.

IEC 61850-90-9 Models for Electrical Energy Storage Systems

IEC 61850 Part 90-9: Use of IEC 61850 for Electrical Energy Storage Systems is progressing these days. The latest draft describes the basic functions of Electric Energy Storage System (EESS) and the information model of the interface to integrate EESS in intelligent grids and establish the necessary communication with standardised data objects. The next official draft is expected to be published soon.
This draft  is  connected  with  IEC 61850-7-420,  as  well  as  IEC 61850-7-4:2010, explaining how the control system and other functions in a battery based electric energy storage unit utilizes logical nodes and information  exchange services  within the IEC 61850 framework to specify the information exchanged between functions as well as information that individual functions need and generate. The first Edition of IEC 61850-7-420 provides an information model for batteries which was derived from the proposed data objects of part 7-4. Those data objects follow the requirements of batteries that are supposed to be used in substations as an auxiliary power system and as backup power supplies. For this purpose it was sufficient to only model the discharge function. Therefore it is necessary to prepare new logical nodes to be applicable for grid connected electrical energy storage systems.
This draft provides necessary information within 61850 based object model in order to model functions of a battery based electrical energy storage system as a DER unit. For intelligently operated and/or automated grids, storing energy for optimising the grid operation is a core function. Therefore shorter periods of storing energy with charging and discharging capability is also an indispensable function. Charging and discharging operations need to be modelled thoroughly and are in the focus of this technical report.

The draft lists several use-cases found in the real world:

UC1 Retrieve current status and capabilities of EESS
UC2 Set charging power to EESS
UC3 Set discharging power to EESS
UC4 Set Operating mode/ schedule  to EESS
UC5 EESS Alarm / Asset Monitoring

UC1 current capability /status information as an example:

1-2-1 EESS Generic Status Reporting
•  ES-DER on or off
•  Storage available or not available
•  Inverter/converter active power output
•  Inverter/converter reactive output
•  Storage remaining capacity (% and/or kW)
•  Storage Free capacity (% and/or kW)

1-2-2 EESS inverter /converter status
•  Current connect mode:  connected or disconnected at its ECP
•  Inverter on, off, and/or in stand-by status: inverter is switched on (operating), off
(not able to operate), or in stand-by
•  mode, e.g. capable of operating but currently not operating
•  DC current level available for operation: there is sufficient current to operate
•  Value of the output power setpoint
•  Value of the output reactive power setpoint
•  Value of the power factor setpoint as angle (optional)
•  Value of the frequency setpoint (optional)

1-2-3 EESS (battery) internal status
 •  Amp-hour capacity rating
•  Nominal voltage of battery
•  Maximum battery discharge current
•  Maximum battery charge voltage
•  High and Low battery voltage alarm level
•  Rate of output battery voltage change
•  Internal battery voltage
•  Internal battery current
•  State of charge (energy % of maximum charge level)
•  Reserve (Minimum energy charge level allowed, % of maximum charge level)
•  Available Energy (State of charge – Reserve)
•  Type of battery

1-2-4 Power measurements
•  Total Active Power (Total P): Value, High and Low Limits
•  Total Reactive Power (Total Q): Value, High and Low Limits
•  Average Power factor (Total PF): Value, High and Low Limits, and averaging time
•  Phase to ground voltages (VL1ER, …): Value, High and Low Limits

More to come ...

Wednesday, July 26, 2017

IEC TC 88 Published Edition 2 Documents for the Series IEC 61400-25

IEC TC 88 has published the edition 2 of the following two parts of the series IEC 61400-25:

IEC 61400-25-4: Wind energy generation systems -
Part 25-4: Communications for monitoring and control of wind power plants -
Mapping to communication profile
The mappings specified in this part of IEC 61400-25 comprise:
  •  SOAP-based web services,
  •  OPC/XML-DA,
  •  IEC 61850-8-1 MMS,
  •  IEC 60870-5-104,
  •  DNP3.
Click HERE for the Preview.

IEC 61400-25-6: Wind power generation systems -
Part 25-6: Communications for monitoring and control of wind power plants -
Logical node classes and data classes for condition monitoring

Click HERE for the Preview

Note that the mapping to MMS according to IEC 61850-8-1 is the most used communication protocol for applications in the Wind Power Industry.
The modeling approach and the models are now in general compatible with those defined in IEC 61850-7-x. This is a major step forward.
General gateway solutions for IEC 61850 could be used for wind energy generation systems to bridge from Profibus, ProfiNet, Modbus, CAN bus, ... to IEC 60870-5-104 or IEC 61850-8-1.

Friday, July 21, 2017

Data and Communications Security: IEC TC 57 Just Published IEC 62351-7

IEC TC 57 just published IEC 62351-7:2017:
Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

IEC 62351-7:2017 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC TS 62351-7 (2010): NSM object data model reviewed and enriched; UML model adopted for NSM objects description; SNMP protocol MIBs translation included as Code Components.
The Code Components included in this IEC standard are also available as electronic machine readable file.
Click HERE for the Preview.
Click HERE for the Code Components.
The standard series IEC 61850 will also come with Code Components when the various 7-x parts will be published as International Standard. This will ease the development and maintenance of engineering and configuration tools ... tremendously.
Check HERE for Code Components ... coming later in 2017 or 2018 ...

Again Security: How do you Protect your Industrial Control System from Electronic Threats?

Industrial Control System (ICS) need to be protected from Electronic Threats - one of the most crucial challenge yesterday, today, and in the future. Joseph Weiss (PE, CISM - one of the real senior experts in the field) uses the term “electronic threats” rather than cyber security because there are many electronic threats to Industrial Control Systems beyond traditional cyber threats (as he says).

Joe Weiss has written a book with more than 300 pages published in 2010 worth to study (and more important TO IMPLEMENT): "Protecting Industrial Control Systems from Electronic Threats"
List of contents:
  1. Industrial Control System Descriptions
  2. Convergence of Industrial Control Systems and Information Technology
  3. Differences between Industrial Control Systems and Information Technology
  4. Electronic Threats to Industrial Control Systems
  5. Myths
  6. Current Personnel Status and Needs
  7. Information Sharing and Disclosure
  8. Industrial Control System Cyber Risk Assessments
  9. Selected Industry Activities
  10. Industrial Control System Security Trends and Observations
  11. Industrial Control System Cyber Security Demonstrations
  12. Selected Case Histories: Malicious Attacks
  13. Selected Case Histories: Unintentional  Incidents
  14. Industrial Control System Incident Categorization
  15. Recommendations
As long as you can read this blog post you could assume that there is enough power for all computers involved in the chain from the server holding this bog to your computer.
When you will see the following message on your screen: "Sorry, we are out power!" don't worry that much - because the only message you CANNOT SEE ON YOUR SCREEN IS: "SORRY; WE ARE OUT OF POWER. No power no screen display. ;-) 
Click HERE for more details on the book.
I guess Joe would have spent another 100 or so pages to talk about IoT vulnerability if he would have written the book now. 
In a report published the other day by Wired you can read:
"On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy" a vulnerability in a piece of code called gSOAP widely used in physical security products, potentially allowing faraway attackers to fully disable or take over thousands of models of internet-connected devices from security cameras to sensors to access-card readers.
Using the internet-scanning tool Shodan, Senrio found 14,700 of XXXX's cameras alone that were vulnerable to their attack-at least, before XXXX patched it. And given that's one of the dozens of ONVIF companies alone that use the gSOAP code, Senrio's researchers estimate the total number of affected devices in the millions."
Click HERE for the full Wired report.
How long will you wait to implement more measures to protect your industrial control system?
Start now - latest next Monday.

Tuesday, July 18, 2017

IXXAT (HMS) Offers New POWERFUL Smart Grid Gateways for IEC 61850, IEC 60870-5, Profibus and more

Under the IXXAT brand, HMS delivers connectivity solutions for embedded control, energy, safety and automotive testing.
The new and very powerful IIoT gateways from HMS allow industrial equipment to communicate with power grids based on IEC 60870-5-104 and IEC 61850. In addition they also include Modbus TCP Client/Server and Modbus RTU Master/Slave

IXXAT SG-gateways...
  • enable easy remote control and management of electrical systems
  • allow to log and display application data and energy consumption
  • provide IEC 61850 client/server and IEC 60870-5-104 server support
  • have in-built Modbus TCP Client/Server and Modbus RTU Master/Slave interfaces
  • provide connectivity for CAN Bus, I/O, M-Bus, PROFIBUS, PROFINET and EtherNet/IP based devices
Click HERE for more details in English
Hier klicken für Details in Deutsch

Friday, July 14, 2017

How Much Will The Implementation Of Security Measures Cost?

Almost everybody is talking about security measures in the context of automation and communication systems in factories, power plants, substations, hospitals, ... Talking about the topic is one thing - what's about implementing and sustainable use of secure systems? Hm, a good question.
A news report published on June 13, 2017, under the title
"The “Internet of Things” is way more vulnerable
than you think—and not just to hackers

points out that many - maybe most - devices that communicate using internet technologies are not capable to carry the load needed for reasonable security measures. One paragraph referring to Joe Weiss (a well known expert) is eye-catching:
"Weiss believes that the first step in securing the IoT is to build entirely new devices with faster processors and more memory. In essence, hundreds of billions of dollars’ worth of machines need to be replaced or upgraded significantly."

Click HERE to read the complete report.

I would like to see - at least - more powerful platforms when it comes to new installations. Be aware that the cost of a new platform with implemented state-of-the-art security measures is one thing. Another thing is to implement a more centralized security infrastructures to manage the security.
IEC 62351-9 specifies cryptographic key management, namely how to generate, distribute, revoke, and handle X.509 digital certificates and cryptographic keys to protect digital data and its communication.
Primary goals of the series IEC 62351 are considered for the use of cryptography:
  • Verifying the claimed identity of a message sender (authentication);
  • Verifying that the sender has the right to access the requested data (authorization);
  • Ensuring no one has tampered with a message during transit (integrity);
  • Obscuring the contents of a message from unintended recipients (confidentiality);
  • Associating specific actions with the entity that performed them (non-repudiation).
It is recommended for vendors and users to pay more attention to IEC 62351 (and other standards) and to listen carefully to the experts involved in protecting our infrastructures.
A reasonable white paper on the matter has been published by the BDEW (Germany): "Requirements for Secure Control and Telecommunication Systems".
Click HERE to access the BDEW white paper.
Click HERE for further information (some documents are in English).
Click HERE for a paper discussing the BDEW white paper.

Tuesday, July 11, 2017

Interactive Information about German Power Generation, Load and Export/Import

The German regulator of the electric power network has just opened a new website which gives you a deep inside view in power generation, load and export/import.

Graph from the new website.
Click HERE to access the new website.
This is a very interesting service ... to see what's going on.

When will Hackers Take Control Over Substations?

I guess most people belief that our power delivery infrastructure is very secure - yes, I agree that this is (still) the case. What's next? There are some publicly visible efforts to change this - obviously.
One of the attempts to approach the power delivery control systems has been made public the other day with the headline:
Attack on Critical Infrastructure Leverages Template Injection
"Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer."
Click HERE to read the full report.
Click HERE for NYTimes report.

Saturday, July 8, 2017

IEC-61850-Hands-On-Training in Deutsch in Karlsruhe (Dezember 2017 und Mai 2018)

NettedAutomation GmbH bietet zwei IEC-61850 Hands-On-Trainingskurse zu unschlagbar günstigen Preisen in Deutsch in Karlsruhe an:

05.-08. Dezember 2017 
14.-17. Mai 2018
04.-07. Dezember 2018

NEU: Zusätzlicher Schwerpunkt wird das Thema "Sicherheitsanforderungen" (BDEW White Paper, ...) für die Energieversorgung sein.
Die drei (3) Blöcke (1 Tag + 2 Tage + 1 Tag) können einzeln oder in Kombination gebucht werden. Sie entscheiden selbst, ob Sie nur einen Tag von Ihrem Arbeitsplatz fern bleiben möchten oder zwei, drei oder vier. Je nachdem, wieviel Zeit Sie investieren wollen oder können und welchen Bedarf Sie haben.

Lernen Sie, wie über 4.300 Teilnehmer vor Ihnen, was IEC 61850 und andere Normen wie IEC 60870-5-10x oder IEC 62351 (Security) bedeuten. Gewinnen Sie einen Einblick in relevante Realisierungen wie die FNN-Steuerbox oder VHPready, die auf IEC 61850 aufbauen. Verstehen Sie, wie Feldbusse (Profibus, Profinet, Modbus, ...) über lostengünstige Gateways in die Anlagen eingebunden werden können.

Im Hands-On-Training lernen Sie die wesentlichen Konzepte der Normenreihe praktisch kennen. Die umfangreiche Trainings-Software dürfen Sie behalten und weiterhin nutzen!

Copyright, 2017-07, Michael Hüter

Der Kurs ist für alle geeignet, die mehr über IEC 61850 erfahren wollen.

HIER klicken, um zur Beschreibung und den Anmeldeunterlagen zu gelangen [pdf, 430 KB].

Beachten Sie auch, dass die meisten Seminare als Inhouse-Kurse stattfinden! Falls Sie Interesse an einem Inhouse-Kurs (in deutsch, englisch, italienisch oder schwedisch) haben sollten kontaktieren Sie uns bitte!

Monday, July 3, 2017

An All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25

NettedAutomation GmbH (Karlsruhe, Germany) has released an All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25 (EvaDeHon) for immediate download and use!
The new EvaDeHon Package comprises the roles Client, Server, Publisher, and Subscriber running on a PC, HMS (IXXAT, Beck IPC) Gateways, SystemCorp IEDs, ...
The new solutions allow to run multiple IED models (all roles) in parallel on one PC (simulating IEDs of a complete system!) ... and more. The roles and applications are configured directly by SCL files (.cid). You can build your own models and run them with all roles ... if configured.
This Package is based on our 30+ years of experience. We are really proud of offering these tools to the industry today! Sit down, enjoy and relax ...

Copyright, 2017, Michael Hüter

Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Example: Server and Client on two PCs:

Many topologies on PCs:

... and topologies with gateways:

Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Monday, June 26, 2017

Update on OPC UA IEC 61850 Companion Specification

The OPC UA IEC 61850 Companion Specification of the OPC Foundation is focusing on gateways that are intended to be used to transfer information fully and accurately through gateways between devices that implement IEC 61850 or OPC UA respectively.
While IEC 61850 is focusing on electricity generation, transmission, distribution, distributed energy resources (DER), and consumption, OPC UA is dealing with non-electrical industrial process activities. It is clear that users require integration of the electrical aspects of a plant with non-electrical aspects.
The information models defined in IEC 61850 were focused during the late 90s on protection and automation of electric power systems. In the meantime the models provide a huge number logical nodes (e.g., STMP = Supervision of temperature with measurement, alarms and trips, or FPID = PID loop control) applicable in most non-electrical applications domains. The communication services (Reporting, Logging, GOOSE, Control, Setting Group Control, ...) are generic for any application domain.
OPC UA’s modelling capabilities is understood to make it possible to transfer data between different systems without losing the semantics of data. Thus the drafted companion specification document describes how IEC 61850 data can exchanged using OPC UA data modelling and services.
Click HERE for more information.
IEC TC 88 PT 25 is currently working on a technical specification: 
Wind turbines - IEC 61400-25-41: Communications for monitoring and control of wind power plants - Mapping to communication profile based on IEC 62541 (OPC UA)
Microsoft has provided an Open-Source OPC UA stack to OPC Foundation! 
The new OPC Foundation .NET reference stack, based on the new .NET Standard Library technology, was developed and optimized by Microsoft to serve as the complete platform-independent infrastructure, from the embedded world to the cloud. This new version is enabled on the following supported platforms: Various Linux distributions, iOS, Android, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Phone, HoloLens and the Azure cloud.
Click HERE for the press news from the OPC Foundation.
Click HERE for accessing the open source reference stack at Gidhub.
Brief comparison of IEC 61850 and OPC UA:
Standard? Yes for both in IEC.
Available since? IEC 61850 for some 15 years; OPC UA for a few years.
SCADA support? Yes for both.
Real-time support? Yes in IEC 61850; OPC UA is intended to run on TSN (IEEE 802).
Security? Yes for both (IEC 61850 refers to IEC 62351).
Semantic? IEC 61850 has huge, still growing list of models; OPC UA has not yet semantics.
Configuration Language? IEC 61850 has SCL (System Configuration Language); OPC UA has no.
Conformance testing? Yes for both.
Support: By many big and small companies.
Open Source Stack? Yes for IEC 61850 (; yes for OPC UA (from Microsoft, see above).

Wednesday, June 14, 2017

How to Model Thousands of Measurement Signals?

The standard series IEC 61850 was originally developed for high voltage substation automation and protection ... with well defined logical nodes and data objects representing the most crucial signals like status (CSWI.stVal), 3-phase electrical measurements (MMXU.V.phsA ...), temperature supervision (STMP.Tmp, STMP.Alm, ...) and many other signals.
Several applications require huge number of values, e.g.,
  1. Logs (hundreds of status changes over a long period)
  2. Power Quality measurements (hundreds of values of min, max, ...)
  3. Temperature (hundreds or thousands of raw measured or processed values)
The corresponding logical nodes and communication service models would end-up in a lot of overhead in the modelling or in the communication.
I have discussed the first two bullets already inside the standardization groups ... more details may be discussed in a future blog post.
Today, I will discuss the third issue: huge amount of temperature values.
First of all, there are two models for temperature: TTMP (Transducer for a single sensor value) and STMP (Supervision of a single temperature value) with the following excerpt of details:

TTMP.TmpSv.instMag and TTMP.TmpSv.q are the two mandatory data attributes.

STMP.Tmp.mag.f, STMP.Tmp.mag.q, STMP.Tmp.mag.t (Tmp is optional)
STMP.Alm.stVal, STMP.Alm.q, STMP.Alm.t (Alm is optional)
STMP.Trip.stVal, STMP.Trip.q, STMP.Trip.t (Trip is optional)
Second, If you want to communicate just hundreds of temperature values, I would model this application as follows (SIUnits and sample rate ... may be modeled as well):
[Sure, I am aware that multiple instances of TmpSv are not yet standardized ... I would not care a lot at the moment ... it will come anyway. If not, define an extended Data Object TmpSamp with multiplicity 0..*]
TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
TmpSv100.instMag and TmpSv100.q
Unbuffered Report CB="UnbTTMP1
Data Set="DsTTMP1" 
trigger option: integrity period 
period: 1 h or ...
TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
TmpSv100.instMag and TmpSv100.q
Unbuffered Report CB="UnbTTMP2
Data Set="DsTTMP2" 
trigger option: integrity period 
period: 1 h or ...
TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
TmpSv100.instMag and TmpSv100.q
Unbuffered Report CB="UnbTTMP3
Data Set="DsTTMP3" 
trigger option: integrity period 
period: 1 h or ...
Third, If you want to use hundreds of temperature values AND alarms AND trips etc. then STMP would be the right choice. The above modeling approach would be the same.
In addition to the data sets for the measured values, you may also configure data sets for the quality "q", and configure report control blocks with trigger option "data change". You may also add the quality into the other FCDAs ... depending on how crucial the quality is for the client application.

Tuesday, June 13, 2017

Are Blackouts Knocking at the Doors of Substations?

Dear experts interested in secure power delivery systems,
You may have been informed yesterday about one of the latest developments in destroying the power delivery infrastructure: Industroyer.
What is Industroyer? It is "A new threat for industrial control systems" according to Anton Cherepanov (ESET):
"Win32/Industroyer is a sophisticated piece of malware designed to disrupt
the working processes of industrial control systems (ICS), specifically
industrial control systems used in electrical substations.
Those behind the Win32/Industroyer malware have a deep knowledge
and understanding of industrial control systems and, specifically, the
industrial protocols used in electric power systems. Moreover, it seems very
unlikely anyone could write and test such malware without access to the
specialized equipment used in the specific, targeted industrial environment.
Support for four different industrial control protocols, specified in the
standards listed below, has been implemented by the malware authors:
• IEC 60870-5-101 (aka IEC 101)
• IEC 60870-5-104 (aka IEC 104)
• IEC 61850
• OLE for Process Control Data Access (OPC DA)
In addition to all that, the malware authors also wrote a tool that
implements a denial-of-service (DoS) attack against a particular family of
protection relays, ..."

Click HERE for a comprehensive report [pdf].

The Conclusion of the report closes with this statement:

"The commonly-used industrial control protocols used in this malware
were designed decades ago without taking security into consideration.
Therefore, any intrusion into an industrial network with systems using
these protocols should be considered as “game over”."

The protocols used are not the crucial issue! The protocols like IEC 61850 could be protected by the accompanying standard series IEC 62351 (Power systems management and associated information exchange - Data and communications security).
One crucial show stopper is: "Stingy is cool" mentality!!
Securing the systems could be implemented - with far higher costs during development, engineering, configuration, OPERATION, and maintenance.
As long as we all do not accept that the electric power (and other) infrastructures will require a lot more resources to keep the level of today's availability, quality, and security, we will experience more disrupted infrastructures.
Building an infrastructure, operating, and maintaining it are different aspects. The maintenance of our infrastructures will consume definitely more resources than we believe today.
I was shocked to read, that some "friends" believe that the reports about the "Industroyer" are just fake news.
Whatever you believe, one thing is really true: Many systems and devices in the automation domain (substations, ...) are not protected! Believe me!

Saturday, June 10, 2017

CIM-Workshop am 19. Oktober 2017 in Frankfurt

Die DKE lädt zum CIM (Common Information Model)-Workshop 2017 ein!

Ort: Frankfurt/Main
Datum: 19. Oktober 2017

Mit vielen spannenden Themen, u.a.
  • Eine Kurzeinführung in CIM 
  • Viele Anwendungsbeispiele 
  • Vorstellung des Themas CIM in Verteilnetze, Niederspannung 
  • „Life Hack“ – Wir bauen einen Kundenanschluss… 
  • Rolle von CIM in verschiedenen Projekten 
  • Referenzmodelle und CIM 
  • Podiumsdiskussion mit den Themen CIM Blick in die Zukunft, Blockchain, … 
Hier für weitere Informationen klicken.
Introduction to CIM

Thursday, June 8, 2017

What is your Annual Cybersecurity Incident Bill?

"Although the majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year."

Click HERE to read more details.

Many ICS (Industrial Control Systems) are also used in power system applications. So, what is the situation there? Likely similar to the industrial domain.

Wednesday, May 31, 2017

Just published: IEC TR 61850-90-17

IEC TC 57 has published a new part of IEC 61850 in May 2017:

IEC TR 61850-90-17
Part 90-17: Using IEC 61850 to transmit power quality data

This part of IEC 61850 defines how to exchange power quality data between instruments whose functions include measuring, recording and possibly monitoring power quality phenomena in power supply systems, and clients using them in a way that is compliant to the concepts of IEC 61850.

Click HERE for a preview of the new document.

Note that the Tissue Database can be used for posting technical issues with IEC 61850-90-17. The first tissue has been registered:

Click HERE for the first tissue on part 90-17.

Thursday, May 25, 2017

WWW - Water, Wine, and Watt-hours

When it comes to get prepared for a blackout, what do you need to survive? The "World Wide Web" (WWW) will likely not work anymore.

What's about "Water, Wine, and Watt-hours"? The new WWW.

It is still a challenge to store Watt-hours - a battery of, let's say 20 kWh would dry out within short time. It would not help in winter to survive. I would like to harvest the sun in summer, convert the electric kWh into hydrogen kWh or methane gas kWh and store it locally or somewhere outside the city.

In wintertime we could use it for heating and generate electricity.

I look forward to purchasing a system that could generate hydrogen or methane gas and store it. It may be round the corner - who knows.

Friday, May 19, 2017

Data And Communication Security for MMS is Speeding Up

IEC TC 57 is about to accelerate the publication of a new Standard on Security:
IEC 62351-4 ED1 (57/1860/CDV):
Power systems management and associated information exchange -
Data and communications security -
Part 4: Profiles including MMS
Closing date for voting: 2017-08-11

The current part 4 is just a TS (technical Specification). The need for a definitive solution for secure MMS communication is at hand.

This second edition of this part of IEC 62351 substantially extents the scope of the first edition [KHS: TS only!]. While the first edition primarily provided some limited support for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this second edition provides support for extended integrity and authentication both for the handshake phase, and for the data transfer phase. In addition, it provides for shared key management and data transfer encryption and it provides security end-to-end (E2E) with zero or more intermediate entities. While the first edition only provides support for systems based on the MMS, i.e., systems using Open Systems Interworking (OSI) protocols, this second edition also provides support for application protocols using other protocol stacks, e.g., a TCP/IP protocol stack. This support is extended to protect application protocols using XML encoding [KHS: IEC 61850-8-2] and other protocols that have a handshake that can support the Diffie-Hellman key exchange. This extended security is referred to as E2E-security.
It is intended that this part of IEC 62351 be referenced as normative part of IEC TC 57 standards that have a need for using application protocols, e.g., MMS, in a secure manner.
It is anticipated that there are implementation, in particular Inter-Control Centre Communications Protocol (ICCP) implementations that are dependent on the first edition of this part of IEC 52315. The first edition specification of the A-security-profile is therefore included as separate sections. Implementations supporting this A-security-profile will interwork with implementation supporting the first edition of this part of IEC 62351.
Special diagnostic information is provided for exception conditions for E2E-security.
This part of IEC 62351 represents a set of mandatory and optional security specifications to
be implemented for protected application protocols."

By the way: The best security standard is useless if it is not implemented (and even worse when it is available but not used) in as many devices as possible! Talk to your management to get the resources (hardware, software, peopleware) to implement this new part - as soon as possible.