Friday, July 21, 2017

Data and Communications Security: IEC TC 57 Just Published IEC 62351-7

IEC TC 57 just published IEC 62351-7:2017:
Power systems management and associated information exchange - Data and communications security - Part 7: Network and System Management (NSM) data object models

IEC 62351-7:2017 defines network and system management (NSM) data object models that are specific to power system operations. These NSM data objects will be used to monitor the health of networks and systems, to detect possible security intrusions, and to manage the performance and reliability of the information infrastructure. The goal is to define a set of abstract objects that will allow the remote monitoring of the health and condition of IEDs (Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy Resources) systems and other systems that are important to power system operations. This new edition constitutes a technical revision and includes the following significant technical changes with respect to IEC TS 62351-7 (2010): NSM object data model reviewed and enriched; UML model adopted for NSM objects description; SNMP protocol MIBs translation included as Code Components.
The Code Components included in this IEC standard are also available as electronic machine readable file.
Click HERE for the Preview.
Click HERE for the Code Components.
The standard series IEC 61850 will also come with Code Components when the various 7-x parts will be published as International Standard. This will ease the development and maintenance of engineering and configuration tools ... tremendously.
Check HERE for Code Components ... coming later in 2017 or 2018 ...

Again Security: How do you Protect your Industrial Control System from Electronic Threats?

Industrial Control System (ICS) need to be protected from Electronic Threats - one of the most crucial challenge yesterday, today, and in the future. Joseph Weiss (PE, CISM - one of the real senior experts in the field) uses the term “electronic threats” rather than cyber security because there are many electronic threats to Industrial Control Systems beyond traditional cyber threats (as he says).

Joe Weiss has written a book with more than 300 pages published in 2010 worth to study (and more important TO IMPLEMENT): "Protecting Industrial Control Systems from Electronic Threats"
List of contents:
  1. Industrial Control System Descriptions
  2. Convergence of Industrial Control Systems and Information Technology
  3. Differences between Industrial Control Systems and Information Technology
  4. Electronic Threats to Industrial Control Systems
  5. Myths
  6. Current Personnel Status and Needs
  7. Information Sharing and Disclosure
  8. Industrial Control System Cyber Risk Assessments
  9. Selected Industry Activities
  10. Industrial Control System Security Trends and Observations
  11. Industrial Control System Cyber Security Demonstrations
  12. Selected Case Histories: Malicious Attacks
  13. Selected Case Histories: Unintentional  Incidents
  14. Industrial Control System Incident Categorization
  15. Recommendations
As long as you can read this blog post you could assume that there is enough power for all computers involved in the chain from the server holding this bog to your computer.
When you will see the following message on your screen: "Sorry, we are out power!" don't worry that much - because the only message you CANNOT SEE ON YOUR SCREEN IS: "SORRY; WE ARE OUT OF POWER. No power no screen display. ;-) 
Click HERE for more details on the book.
I guess Joe would have spent another 100 or so pages to talk about IoT vulnerability if he would have written the book now. 
In a report published the other day by Wired you can read:
"On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy" a vulnerability in a piece of code called gSOAP widely used in physical security products, potentially allowing faraway attackers to fully disable or take over thousands of models of internet-connected devices from security cameras to sensors to access-card readers.
Using the internet-scanning tool Shodan, Senrio found 14,700 of XXXX's cameras alone that were vulnerable to their attack-at least, before XXXX patched it. And given that's one of the dozens of ONVIF companies alone that use the gSOAP code, Senrio's researchers estimate the total number of affected devices in the millions."
Click HERE for the full Wired report.
How long will you wait to implement more measures to protect your industrial control system?
Start now - latest next Monday.

Tuesday, July 18, 2017

IXXAT (HMS) Offers New POWERFUL Smart Grid Gateways for IEC 61850, IEC 60870-5, Profibus and more

Under the IXXAT brand, HMS delivers connectivity solutions for embedded control, energy, safety and automotive testing.
The new and very powerful IIoT gateways from HMS allow industrial equipment to communicate with power grids based on IEC 60870-5-104 and IEC 61850. In addition they also include Modbus TCP Client/Server and Modbus RTU Master/Slave

IXXAT SG-gateways...
  • enable easy remote control and management of electrical systems
  • allow to log and display application data and energy consumption
  • provide IEC 61850 client/server and IEC 60870-5-104 server support
  • have in-built Modbus TCP Client/Server and Modbus RTU Master/Slave interfaces
  • provide connectivity for CAN Bus, I/O, M-Bus, PROFIBUS, PROFINET and EtherNet/IP based devices
Click HERE for more details in English
Hier klicken für Details in Deutsch

Friday, July 14, 2017

How Much Will The Implementation Of Security Measures Cost?

Almost everybody is talking about security measures in the context of automation and communication systems in factories, power plants, substations, hospitals, ... Talking about the topic is one thing - what's about implementing and sustainable use of secure systems? Hm, a good question.
A news report published on June 13, 2017, under the title
"The “Internet of Things” is way more vulnerable
than you think—and not just to hackers

points out that many - maybe most - devices that communicate using internet technologies are not capable to carry the load needed for reasonable security measures. One paragraph referring to Joe Weiss (a well known expert) is eye-catching:
"Weiss believes that the first step in securing the IoT is to build entirely new devices with faster processors and more memory. In essence, hundreds of billions of dollars’ worth of machines need to be replaced or upgraded significantly."

Click HERE to read the complete report.

I would like to see - at least - more powerful platforms when it comes to new installations. Be aware that the cost of a new platform with implemented state-of-the-art security measures is one thing. Another thing is to implement a more centralized security infrastructures to manage the security.
IEC 62351-9 specifies cryptographic key management, namely how to generate, distribute, revoke, and handle X.509 digital certificates and cryptographic keys to protect digital data and its communication.
Primary goals of the series IEC 62351 are considered for the use of cryptography:
  • Verifying the claimed identity of a message sender (authentication);
  • Verifying that the sender has the right to access the requested data (authorization);
  • Ensuring no one has tampered with a message during transit (integrity);
  • Obscuring the contents of a message from unintended recipients (confidentiality);
  • Associating specific actions with the entity that performed them (non-repudiation).
It is recommended for vendors and users to pay more attention to IEC 62351 (and other standards) and to listen carefully to the experts involved in protecting our infrastructures.
A reasonable white paper on the matter has been published by the BDEW (Germany): "Requirements for Secure Control and Telecommunication Systems".
Click HERE to access the BDEW white paper.
Click HERE for further information (some documents are in English).
Click HERE for a paper discussing the BDEW white paper.

Tuesday, July 11, 2017

Interactive Information about German Power Generation, Load and Export/Import

The German regulator of the electric power network has just opened a new website which gives you a deep inside view in power generation, load and export/import.

Graph from the new website.
Click HERE to access the new website.
This is a very interesting service ... to see what's going on.

When will Hackers Take Control Over Substations?

I guess most people belief that our power delivery infrastructure is very secure - yes, I agree that this is (still) the case. What's next? There are some publicly visible efforts to change this - obviously.
One of the attempts to approach the power delivery control systems has been made public the other day with the headline:
Attack on Critical Infrastructure Leverages Template Injection
"Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer."
Click HERE to read the full report.
Click HERE for NYTimes report.

Saturday, July 8, 2017

IEC-61850-Hands-On-Training in Deutsch in Karlsruhe (Dezember 2017 und Mai 2018)

NettedAutomation GmbH bietet zwei IEC-61850 Hands-On-Trainingskurse zu unschlagbar günstigen Preisen in Deutsch in Karlsruhe an:

05.-08. Dezember 2017 
14.-17. Mai 2018

Die drei (3) Blöcke (1 Tag + 2 Tage + 1 Tag) können einzeln oder in Kombination gebucht werden. Sie entscheiden selbst, ob Sie nur einen Tag von Ihrem Arbeitsplatz fern bleiben möchten oder zwei, drei oder vier. Je nachdem, wieviel Zeit Sie investieren wollen oder können und welchen Bedarf Sie haben.

Lernen Sie, wie über 4.300 Teilnehmer vor Ihnen, was IEC 61850 und andere Normen wie IEC 60870-5-10x oder IEC 62351 (Security) bedeuten. Gewinnen Sie einen Einblick in relevante Realisierungen wie die FNN-Steuerbox oder VHPready, die auf IEC 61850 aufbauen. Verstehen Sie, wie Feldbusse (Profibus, Profinet, Modbus, ...) über lostengünstige Gateways in die Anlagen eingebunden werden können.

Im Hands-On-Training lernen Sie die wesentlichen Konzepte der Normenreihe praktisch kennen. Die umfangreiche Trainings-Software dürfen Sie behalten und weiterhin nutzen!

Copyright, 2017-07, Michael Hüter

Der Kurs ist für alle geeignet, die mehr über IEC 61850 erfahren wollen.

HIER klicken, um zur Beschreibung und den Anmeldeunterlagen zu gelangen [pdf, 430 KB].

Beachten Sie auch, dass die meisten Seminare als Inhouse-Kurse stattfinden! Falls Sie Interesse an einem Inhouse-Kurs (in deutsch, englisch, italienisch oder schwedisch) haben sollten kontaktieren Sie uns bitte!

Monday, July 3, 2017

An All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25

NettedAutomation GmbH (Karlsruhe, Germany) has released an All NEW Evaluation, Demo, Hands-On Package for IEC 61850 and IEC 61400-25 (EvaDeHon) for immediate download and use!
The new EvaDeHon Package comprises the roles Client, Server, Publisher, and Subscriber running on a PC, HMS (IXXAT, Beck IPC) Gateways, SystemCorp IEDs, ...
The new solutions allow to run multiple IED models (all roles) in parallel on one PC (simulating IEDs of a complete system!) ... and more. The roles and applications are configured directly by SCL files (.cid). You can build your own models and run them with all roles ... if configured.
This Package is based on our 30+ years of experience. We are really proud of offering these tools to the industry today! Sit down, enjoy and relax ...

Copyright, 2017, Michael Hüter

Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Example: Server and Client on two PCs:

Many topologies on PCs:

... and topologies with gateways:

Click HERE to download the documentation only [pdf, 3.2 MB]
Click HERE for downloading the demo package including the documentation and license conditions.

Monday, June 26, 2017

Update on OPC UA IEC 61850 Companion Specification

The OPC UA IEC 61850 Companion Specification of the OPC Foundation is focusing on gateways that are intended to be used to transfer information fully and accurately through gateways between devices that implement IEC 61850 or OPC UA respectively.
While IEC 61850 is focusing on electricity generation, transmission, distribution, distributed energy resources (DER), and consumption, OPC UA is dealing with non-electrical industrial process activities. It is clear that users require integration of the electrical aspects of a plant with non-electrical aspects.
The information models defined in IEC 61850 were focused during the late 90s on protection and automation of electric power systems. In the meantime the models provide a huge number logical nodes (e.g., STMP = Supervision of temperature with measurement, alarms and trips, or FPID = PID loop control) applicable in most non-electrical applications domains. The communication services (Reporting, Logging, GOOSE, Control, Setting Group Control, ...) are generic for any application domain.
OPC UA’s modelling capabilities is understood to make it possible to transfer data between different systems without losing the semantics of data. Thus the drafted companion specification document describes how IEC 61850 data can exchanged using OPC UA data modelling and services.
Click HERE for more information.
IEC TC 88 PT 25 is currently working on a technical specification: 
Wind turbines - IEC 61400-25-41: Communications for monitoring and control of wind power plants - Mapping to communication profile based on IEC 62541 (OPC UA)
Microsoft has provided an Open-Source OPC UA stack to OPC Foundation! 
The new OPC Foundation .NET reference stack, based on the new .NET Standard Library technology, was developed and optimized by Microsoft to serve as the complete platform-independent infrastructure, from the embedded world to the cloud. This new version is enabled on the following supported platforms: Various Linux distributions, iOS, Android, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Phone, HoloLens and the Azure cloud.
Click HERE for the press news from the OPC Foundation.
Click HERE for accessing the open source reference stack at Gidhub.
Brief comparison of IEC 61850 and OPC UA:
Standard? Yes for both in IEC.
Available since? IEC 61850 for some 15 years; OPC UA for a few years.
SCADA support? Yes for both.
Real-time support? Yes in IEC 61850; OPC UA is intended to run on TSN (IEEE 802).
Security? Yes for both (IEC 61850 refers to IEC 62351).
Semantic? IEC 61850 has huge, still growing list of models; OPC UA has not yet semantics.
Configuration Language? IEC 61850 has SCL (System Configuration Language); OPC UA has no.
Conformance testing? Yes for both.
Support: By many big and small companies.
Open Source Stack? Yes for IEC 61850 (; yes for OPC UA (from Microsoft, see above).

Wednesday, June 14, 2017

How to Model Thousands of Measurement Signals?

The standard series IEC 61850 was originally developed for high voltage substation automation and protection ... with well defined logical nodes and data objects representing the most crucial signals like status (CSWI.stVal), 3-phase electrical measurements (MMXU.V.phsA ...), temperature supervision (STMP.Tmp, STMP.Alm, ...) and many other signals.
Several applications require huge number of values, e.g.,
  1. Logs (hundreds of status changes over a long period)
  2. Power Quality measurements (hundreds of values of min, max, ...)
  3. Temperature (hundreds or thousands of raw measured or processed values)
The corresponding logical nodes and communication service models would end-up in a lot of overhead in the modelling or in the communication.
I have discussed the first two bullets already inside the standardization groups ... more details may be discussed in a future blog post.
Today, I will discuss the third issue: huge amount of temperature values.
First of all, there are two models for temperature: TTMP (Transducer for a single sensor value) and STMP (Supervision of a single temperature value) with the following excerpt of details:

TTMP.TmpSv.instMag and TTMP.TmpSv.q are the two mandatory data attributes.

STMP.Tmp.mag.f, STMP.Tmp.mag.q, STMP.Tmp.mag.t (Tmp is optional)
STMP.Alm.stVal, STMP.Alm.q, STMP.Alm.t (Alm is optional)
STMP.Trip.stVal, STMP.Trip.q, STMP.Trip.t (Trip is optional)
Second, If you want to communicate just hundreds of temperature values, I would model this application as follows (SIUnits and sample rate ... may be modeled as well):
[Sure, I am aware that multiple instances of TmpSv are not yet standardized ... I would not care a lot at the moment ... it will come anyway. If not, define an extended Data Object TmpSamp with multiplicity 0..*]
TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
TmpSv100.instMag and TmpSv100.q
Unbuffered Report CB="UnbTTMP1
Data Set="DsTTMP1" 
trigger option: integrity period 
period: 1 h or ...
TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
TmpSv100.instMag and TmpSv100.q
Unbuffered Report CB="UnbTTMP2
Data Set="DsTTMP2" 
trigger option: integrity period 
period: 1 h or ...
TmpSv1.instMag and TmpSv1.q
TmpSv2.instMag and TmpSv2.q
TmpSv3.instMag and TmpSv3.q
TmpSv100.instMag and TmpSv100.q
Unbuffered Report CB="UnbTTMP3
Data Set="DsTTMP3" 
trigger option: integrity period 
period: 1 h or ...
Third, If you want to use hundreds of temperature values AND alarms AND trips etc. then STMP would be the right choice. The above modeling approach would be the same.
In addition to the data sets for the measured values, you may also configure data sets for the quality "q", and configure report control blocks with trigger option "data change". You may also add the quality into the other FCDAs ... depending on how crucial the quality is for the client application.

Tuesday, June 13, 2017

Are Blackouts Knocking at the Doors of Substations?

Dear experts interested in secure power delivery systems,
You may have been informed yesterday about one of the latest developments in destroying the power delivery infrastructure: Industroyer.
What is Industroyer? It is "A new threat for industrial control systems" according to Anton Cherepanov (ESET):
"Win32/Industroyer is a sophisticated piece of malware designed to disrupt
the working processes of industrial control systems (ICS), specifically
industrial control systems used in electrical substations.
Those behind the Win32/Industroyer malware have a deep knowledge
and understanding of industrial control systems and, specifically, the
industrial protocols used in electric power systems. Moreover, it seems very
unlikely anyone could write and test such malware without access to the
specialized equipment used in the specific, targeted industrial environment.
Support for four different industrial control protocols, specified in the
standards listed below, has been implemented by the malware authors:
• IEC 60870-5-101 (aka IEC 101)
• IEC 60870-5-104 (aka IEC 104)
• IEC 61850
• OLE for Process Control Data Access (OPC DA)
In addition to all that, the malware authors also wrote a tool that
implements a denial-of-service (DoS) attack against a particular family of
protection relays, ..."

Click HERE for a comprehensive report [pdf].

The Conclusion of the report closes with this statement:

"The commonly-used industrial control protocols used in this malware
were designed decades ago without taking security into consideration.
Therefore, any intrusion into an industrial network with systems using
these protocols should be considered as “game over”."

The protocols used are not the crucial issue! The protocols like IEC 61850 could be protected by the accompanying standard series IEC 62351 (Power systems management and associated information exchange - Data and communications security).
One crucial show stopper is: "Stingy is cool" mentality!!
Securing the systems could be implemented - with far higher costs during development, engineering, configuration, OPERATION, and maintenance.
As long as we all do not accept that the electric power (and other) infrastructures will require a lot more resources to keep the level of today's availability, quality, and security, we will experience more disrupted infrastructures.
Building an infrastructure, operating, and maintaining it are different aspects. The maintenance of our infrastructures will consume definitely more resources than we believe today.
I was shocked to read, that some "friends" believe that the reports about the "Industroyer" are just fake news.
Whatever you believe, one thing is really true: Many systems and devices in the automation domain (substations, ...) are not protected! Believe me!

Saturday, June 10, 2017

CIM-Workshop am 19. Oktober 2017 in Frankfurt

Die DKE lädt zum CIM (Common Information Model)-Workshop 2017 ein!

Ort: Frankfurt/Main
Datum: 19. Oktober 2017

Mit vielen spannenden Themen, u.a.
  • Eine Kurzeinführung in CIM 
  • Viele Anwendungsbeispiele 
  • Vorstellung des Themas CIM in Verteilnetze, Niederspannung 
  • „Life Hack“ – Wir bauen einen Kundenanschluss… 
  • Rolle von CIM in verschiedenen Projekten 
  • Referenzmodelle und CIM 
  • Podiumsdiskussion mit den Themen CIM Blick in die Zukunft, Blockchain, … 
Hier für weitere Informationen klicken.
Introduction to CIM

Thursday, June 8, 2017

What is your Annual Cybersecurity Incident Bill?

"Although the majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year."

Click HERE to read more details.

Many ICS (Industrial Control Systems) are also used in power system applications. So, what is the situation there? Likely similar to the industrial domain.

Wednesday, May 31, 2017

Just published: IEC TR 61850-90-17

IEC TC 57 has published a new part of IEC 61850 in May 2017:

IEC TR 61850-90-17
Part 90-17: Using IEC 61850 to transmit power quality data

This part of IEC 61850 defines how to exchange power quality data between instruments whose functions include measuring, recording and possibly monitoring power quality phenomena in power supply systems, and clients using them in a way that is compliant to the concepts of IEC 61850.

Click HERE for a preview of the new document.

Note that the Tissue Database can be used for posting technical issues with IEC 61850-90-17. The first tissue has been registered:

Click HERE for the first tissue on part 90-17.

Thursday, May 25, 2017

WWW - Water, Wine, and Watt-hours

When it comes to get prepared for a blackout, what do you need to survive? The "World Wide Web" (WWW) will likely not work anymore.

What's about "Water, Wine, and Watt-hours"? The new WWW.

It is still a challenge to store Watt-hours - a battery of, let's say 20 kWh would dry out within short time. It would not help in winter to survive. I would like to harvest the sun in summer, convert the electric kWh into hydrogen kWh or methane gas kWh and store it locally or somewhere outside the city.

In wintertime we could use it for heating and generate electricity.

I look forward to purchasing a system that could generate hydrogen or methane gas and store it. It may be round the corner - who knows.

Friday, May 19, 2017

Data And Communication Security for MMS is Speeding Up

IEC TC 57 is about to accelerate the publication of a new Standard on Security:
IEC 62351-4 ED1 (57/1860/CDV):
Power systems management and associated information exchange -
Data and communications security -
Part 4: Profiles including MMS
Closing date for voting: 2017-08-11

The current part 4 is just a TS (technical Specification). The need for a definitive solution for secure MMS communication is at hand.

This second edition of this part of IEC 62351 substantially extents the scope of the first edition [KHS: TS only!]. While the first edition primarily provided some limited support for authentication during handshake for the Manufacturing Message Specification (MMS) based applications, this second edition provides support for extended integrity and authentication both for the handshake phase, and for the data transfer phase. In addition, it provides for shared key management and data transfer encryption and it provides security end-to-end (E2E) with zero or more intermediate entities. While the first edition only provides support for systems based on the MMS, i.e., systems using Open Systems Interworking (OSI) protocols, this second edition also provides support for application protocols using other protocol stacks, e.g., a TCP/IP protocol stack. This support is extended to protect application protocols using XML encoding [KHS: IEC 61850-8-2] and other protocols that have a handshake that can support the Diffie-Hellman key exchange. This extended security is referred to as E2E-security.
It is intended that this part of IEC 62351 be referenced as normative part of IEC TC 57 standards that have a need for using application protocols, e.g., MMS, in a secure manner.
It is anticipated that there are implementation, in particular Inter-Control Centre Communications Protocol (ICCP) implementations that are dependent on the first edition of this part of IEC 52315. The first edition specification of the A-security-profile is therefore included as separate sections. Implementations supporting this A-security-profile will interwork with implementation supporting the first edition of this part of IEC 62351.
Special diagnostic information is provided for exception conditions for E2E-security.
This part of IEC 62351 represents a set of mandatory and optional security specifications to
be implemented for protected application protocols."

By the way: The best security standard is useless if it is not implemented (and even worse when it is available but not used) in as many devices as possible! Talk to your management to get the resources (hardware, software, peopleware) to implement this new part - as soon as possible.

TSN: Fieldbus Standardization - Another Way to Go

Fieldbus standardization has a very long history - resulting in tens of solutions in ONE single standard series IEC 61158. This has been discussed several times on this blog.
The latest decisions in the industrial automation domain could change the direction to go: To get one or two or three ... solutions - based on TSN (Time-sensitive Networking).
It took more than 25 years to implement in principle what I have written in a paper on Fieldbus and Ethernet. When I worked for Siemens Industry in the early 90s, I recommended to use native Ethernet instead of fieldbusses … now we write 2017 – 26 years later:
Click HERE for the paper “Bridging MAP to Ethernet” [PDF, 720 KB, 1991]
Click HERE for the paper “Fieldbus standardization: Another way to go” [PDF, 720 KB, 1991].

25 years of fieldbus wars are likely to end in the near future.
Even the Profibus International Users Group (PI) published the other day in the PI Profinews:
"TSN (Time-sensitive Networking) is a promising new IEEE technology for Ethernet that combines ... PI will expand PROFINET with the mechanisms of TSN in layer 2, retaining the application layer on the higher levels. This makes it possible to migrate the applications to the new technology simply and incrementally and to take advantage of the benefits of an open, globally standardized IT technology.”
Clicke HERE for the full announcement in the Profinews.

It's a pity that it took 25 years to understand that Ethernet is THE solution for the future.

TSN is just another link layer solution - what's about the upper layers? Huuch ... there is still the old fight of various groups that belief that their solution is the best!
PROFINET will keep their higher layers and add the option of OPC UA for higher automation levels to the cloud. So, they are recommending a compromise - which ends up in many higher layer solutions on TSN.

ABB, Bosch Rexroth, B&R, Cisco, GE, Kuka, NI, Schneider Electric, Belden/Hirschmann and Phoenix Contact are fighting for a SINGLE combination: TSN and OPC UA.

In the meantime we have - for more than 20 years - a SINGLE combination for the electric power (and energy) market: IEC 61850 with Ethernet and MMS (for client/server communication) supported by hundreds of vendors and users worldwide. AND: IEC 61850 has a huge basket of object models and a configuration language! What is being communicated through OPC UA TSN?

A finished solution (Ethernet/MMS some 25 years ago) is better than a perfect one that will never be accomplished - even not with TSN plus XX, YY, ZZ, ...!

This lets IEC 61850 look very good!

If you need your Profibus or Profinet data being communicated by IEC 61850, check HERE for Gateways.

Monday, May 15, 2017

IEC 61850-90-21 - New Project On Travelling Wave Fault Location System

IEC TC 57 just published a Proposal to develop an IEC Technical Report: IEC TR 61850-90-21: Communication networks and systems for power utility automation –
Part 90-21: Travelling wave fault location system

1. Describe the principles of fault location based on travelling waves aided by communications.
2. Specify use cases for this method under the following application scenarios:
   a. Single-ended fault location
   b. Double-ended fault location through peer-to-peer communications
   c. Double-ended fault location with communications to a master station
   d. Wide area fault location applications
   e. Pulse radar-type echo (Japanese) method
   f. Substation integration with other fault location and disturbance recording functions
   g. Testing and calibration
3. Describe the information model for each use case.
4. Give guidance on its applications and its communication requirements.
5. Give guidance on how to achieve co-existence and interoperability with different fault location techniques.
More to come.

Updated IEC 61850 Roadmap - What is going on?

The following 40 (!!) documents are in the process of revision or definition:

What else are you looking for? Several other documents have already been officially published.

IEC TC 57 Published IEC 61850 Roadmap and Schedule

IEC TC 57 just published a new IEC 61850 Roadmap and Schedule to give an update on the ongoing work (57/1882/INF).

The following 35 (!!) parts are in the process of revision respectively under preparation:

General Topics
5 / 7-1 / 7-2 7-3 / 7-4 8-1 / 9-2
90-4, 90-12, 90-13
7-510 7-520
90-6 / 90-9 / 90-14 90-15 / 90-21
90-10 / 90-18

The years 2017/2018 will bring more stable documents than ever before! The major step forward is the use of a formal UML modelling tool (Enterprise Architect) to keep the consistency very high level.
Any question? Let us know.

IEC TC 88 Started Work on SCL for Wind Power Plants

WOW! IEC TC 88 has published a new work item proposal (88/621/NP) for the specification of extending the SCL (System Configuration Language):

Wind energy generation systems –
Part 25-7: Communications for monitoring and control of wind power plants –
Configuration description language for communication in wind automation systems
related to IEDs

The objective of the NWIP is to describe the adoption of the System Configuration description Language (SCL) defined in IEC 61850-6 to the wind domain

"This part would extend the IEC 61400-25 series with a file format for describing communication-related IED (Intelligent Electronic Device) configurations of a wind turbine, wind power plant controller, metrological mast etc. The extension of SCL to wind domain would simplify integration of wind power plant equipment as well as their integration to the electrical system. The adoption of SCL allows formalised tool based exchange of IED parameters, communication system configurations, switch yard (function) structures, as well as description of the relations between them.
The purpose of this format is to formally and efficiently exchange wind turbine and wind power plant IED capability descriptions, and system descriptions between IED engineering tools and the system
engineering tool(s) of different manufacturers in a compatible way. The file format is also intended for providing report configuration and alarms as well as HMI interface information from a wind power plant. This information can be used to engineer overlying SCADA systems for the site, for connected DSO, TSO or fleet operators maintenance and surveillance systems. Finally, the SCL is intended as a documentation of the configuration and topology of the delivered system."

WOW! Why a WOW? During the fist years of standardization of the series IEC 61400-25 the proposal of applying and extending the SCL (IEC 61850-6) did not find enough support to start working on the issue! Time is passing and more and more experts understand the advantage of SCL!

Good luck.

Friday, May 5, 2017

IEC TC 57 published Draft for Machine-Processable Models

IEC TC 57 has just published (57/1870/CD) the first draft improving the applicability of IEC 61850:

Communication networks and systems for power utility automation –
Part 7-7: Basic communication structure –
Machine-processable format of IEC 61850-related data models for tools

This Technical Specification of IEC 61850 specifies a way to model the code components of IEC 61850 data model (e.g., the tables describing logical nodes, common data classes, structured data attributes, and enumerations) in an XML format that can be imported and interpreted by tools. The following main use cases shall be supported:

  • Generation of SCL data type templates for system specification or ICD files. One sub-use case is the generation of LNodeTypes for replacing GGIO.
  • Validation of SCL data type templates.
  • Definition of private extensions by following the rules of the standard.
  • Adapting rapidly the whole engineering chain as soon as a new version of IEC 61850 data model (an addendum, a corrigenda or a Tissue) affects the content of the standard.
  • Provide tool-neutral textual help to users of tools on the data model contents.
  • Supporting multi-language publication, i.e., enabling the expression of the data model in different languages, through a machine processable format.

The purpose of this proposal is limited to the publication of the XML format which should support the data model part of any IEC 61850 related standard. The publication of code components themselves will be part of the related IEC 61850 part.

Comments are expected by 2017-07-28.

This a major step forward. Especially because the "cleaned-up" models of all parts to be published as Edition 2.1 of the corresponding parts could be understood as the real Edition 2 of the parts that contain models!

Monday, May 1, 2017

Why Wikipedia Misleads People Looking for Help regarding IEC 61850

How do people understand and learn what the standard series IEC 61850 really offers to the protection, automation and supervision of energy systems and what this all means for their application (as vendor, user, consultant, ...)? Some up-to-date discussion you can find on this blog, e.g., by this posting:

Who can tell you what IEC 61850 really is?

Some people (managers and ...) just go to Wikipedia and believe that they get a reasonable overview about IEC 61850. After reading the German and English version, they have learned: That IEC 61850 is mainly a PROTOCOL standard!

German Version tells in the very first sentence:

"Die Norm IEC 61850 der International Electrotechnical Commission (IEC) beschreibt ein allgemeines Übertragungsprotokoll für die Schutz- und Leittechnik in elektrischen Schaltanlagen der Mittel- und Hochspannungstechnik (Stationsautomatisierung)."

English Version talks a lot about PROTOCOLS:

"IEC 61850 is a standard for vendor-agnostic engineering of the configuration of Intelligent Electronic Devices for electrical substation automation systems to be able to communicate with each other. ... The abstract data models defined in IEC 61850 can be mapped to a number of protocols. Current mappings in the standard are to MMS (Manufacturing Message Specification), GOOSE (Generic Object Oriented Substation Event), SMV (Sampled Measured Values),[clarification needed] and soon to Web Services. These protocols can run over TCP/IP networks or substation LANs using high speed switched Ethernet to obtain the necessary response times below four milliseconds for protective relaying."

After reading these two pages ... some managers believe that IEC 61850 is mainly dealing with protocols. Protocols are required to exchange information between devices.
IEC 61850 deals mainly with the description of signal flows between any point of a (power or energy) system that generates information (status, measurements, alarms, settings, ...) and those points that need to receive or consume this information.(protection, automation, SADA, control center, ... asset management, ...).
The signal flow could be completely described (and documented) as an SCL file of tens of Mega Bytes ... such files have almost nothing to do with protocols - but the tools that design and engineer systems like substations are key to the future systems. SCL is defined in one document (IEC 61850-6). This document has the biggest impact on how we manage power systems in the future.
In my understanding SCL is likely 2/3 of the importance of IEC 61850. Then there are the many crucial models - and finally we have protocols. Protocols are crucial when it comes to devices that have to send and receive signals - no discussion.

Unfortunately the managers (and everybody) that uses Wikipedia for understanding the impact of IEC 61850 are completely mislead! And likely may not understand how IEC 61850 impacts the system design and engineering based on SCL - aspects that are today usually not linked to any protocol.

If the resources for a project to implementing and using IEC 61850 is determined by the assumption that IEC 61850 is another PROTOCOL - then it is likely that the project will fail to get what IEC 61850 could provide.

This post was triggered by a discussion during an IEC 61850 Seminar and hands-on training recently. It is really frustrating for engineers to discuss the needed resources with managers that believe IEC 61850 is mainly a PROTOCOL.

Who can tell you what IEC 61850 really is?

Wednesday, April 26, 2017

NEW IEC 61850 Demo Package for Windows available

The main purpose of the new demonstration and evaluation package is to provide a free of charge simple and easy to use IEC 61850 Client/Subscriber Tool (running on Windows PCs) that can be used to communicate with a Server/Publisher implemented on the platforms:

Beck IPC DK151 Development Kit for SC145 (DK61)
Beck IPC com.tom / IXXAT SG-gateways (WEB-PLC)
SystemCorp Smart Grid Controllers
Windows PC

Several other uses cases are possible:

The demonstration uses a single generic SCL model (and a derived JSON file [JavaScript Object Notation] that can (beyond the main purpose) be used on the above platforms to automatically configure (tree structured graphical applications) for Clients, Server/Publisher, and Client/Subscriber roles as shown on the next slides.

The specification of additional models (.icd and .json) could be provided for a fee. 
Contact NettedAutomation if you are looking for other models, please.
Click HERE for further details and instructions to download the new package including the documentation.
Click HERE for documentation only.
The package is used in our training courses.

Sunday, April 23, 2017

Final Call for IEC 61850 Training Courses in May 2017 in Karlsruhe (Germany)

The following two training courses are just one (two) weeks away:

02.-05. May 2017, Karlsruhe/Germany:

Click HERE for details - and register as soon as possible.

09.-12. Mai 2017, Karlsruhe/Deutschland
HIER klicken - für Details zum Training in Deutsch

Thursday, April 20, 2017

Dubai (UAE): NEW IEC 61850 Seminar for Protection, Control, and Generation

You are invited to register for one of the world leading IEC 61850 Seminars for Protection, Control, and Generation to be conducted by

FMTP, Al-Ojaimi, and NettedAutomation 
in Dubai (UAE) at the Sheraton Dubai Mall of the Emirates
11-13 July 2017

With the focus on protection and control in HV/MV substations, power generation (PV, Wind, DER, Hydro), distribution systems using Client/Server, GOOSE, SV, SCADA and SCL Language covering:
  • IEC 61850 / IEC 61400-25 Introduction (Edition 1, 2, and 2.1) and experience after more than 10 years in operation. Where are we today?
  • Return of experience, applications and practical demonstrations:
  • Protection and Control in Substation Automation
  • Engineering and Configuration
  • Maintenance
  • Monitoring and SCADA system
  • Specification of the IEC 61850 protection and control system.
  • Through the practical demonstrations, you will learn:
  • To handle IEC 61850 relay protections from different vendors and their software tools; to be able to efficiently manage flexibility in engineering and interoperability.
  • To use the state of the art IEC 61850 testing tools and equipment to efficiently detect the technical problems and work-out their solutions.
  • To understand SCL files, setup clients and servers for MMS communication to SCADA and RTU Systems
  • All the presentations are supported by practical examples or demonstrations.
Who should attend?
  • Protection and Electrical Engineers (protection, control, engineering, SCADA, asset managers)
  • System integrators
  • Product managers of vendors
  • R&D engineers
  • Maintenance personnel
  • Experts responsible for network infrastructure
Click HERE for program and registration information.
Click HERE for other training opportunities.

Monday, April 17, 2017

What is a Function in IEC 61850?

The term "Function" is used in a variety of flavors throughout the standard series IEC 61850. If you ask five experts, you may get six answers.
IEC TC 57 has proposed (57/1863/DC) to develop a new Technical report IEC 61850-6-100: "SCL Function Modelling for Substation Automation"
A "function" is more or less a synonym for operation or action ... as described in Wikipedia:
"A function model or functional model in systems engineering and software engineering is a structured representation of the functions (activities, actions, processes, operations) within the modeled system or subject area."
In my seminars I compare IEC 61850 with Logistics:

IEC 61850 defines simple and more and more complex functions. A schedule according to IEC 61850-90-10 defines a set of quite complex (or comprehensive) functions. In most cases the functions defined by IEC 61850 are just functional components that are used as bricks to build a comprehensive application function.
The brick-concept of IEEE 1550 (UCA 2.0) indicated the use of the standard models: the Bricks (which are now the Logical Nodes in IEC 61850).
IEC 61850-7-2 Services define functions (called services) that provide information logistics, e.g., for accessing the device information model, allow exchange of any value made available by a device based on events for real-time and non-real-time applications, or services for controlling a controllable item like a circuit breaker or a fan.
Functions may be composed using the standard IEC 61499 (Function blocks) as described in the following papers:
V. Vyatkin, G. Zhabelova, N. Higgins, K. Schwarz, and N.-K. C. Nair, Towards intelligent smart grid devices with IEC 61850 interoperability and IEC 61499 open control architecture, IEEE Conference on Transmission and Distribution, New Orleans, April, 2010
 N. Higgins, V. Vyatkin, N. Nair and K. Schwarz, “Intelligent Decentralised Power Distribution Automation with IEC 61850, IEC 61499 and Holonic Control“,IEEE Transactions on Systems, Machine and Cybernetics, Part C, 40(3), 2010,
J. Xu, C.-W.Yang, V. Vyatkin, S. Berber, Towards Implementation of IEC61850 GOOSE Messaging in IEC61499 Environment, IEEE Conference on Industrial Informatics (INDIN’13), Bochum, July 29-31, 2013
Click HERE for more papers.
More to come ... stay tuned to this blog!

Thursday, April 13, 2017

HMS Smart Grid Gateways Are Now IXXAT SG Gateways

The HMS Smart Grid Gateways (supporting a wide range of standards like IEC 60870-5-104, IEC 61850, Modbus TCp/IP, ...) are now marketed by HMS under the HMS brand IXXAT Energy SG Gateways.
IXXAT SG-gateways... 

  • enable easy remote control and management of electrical systems
  • allow to log and display application data and energy consumption
  • provide IEC61850 client/server (publisher/subscriber) and IEC60870-5-104 client/server support
  • have in-built Modbus TCP client and Modbus RTU Master interfaces
  • provide connectivity for I/O, M-Bus, PROFIBUS, PROFINET and EtherNet/IP based devices

Click HERE for more details [EN]
Click HERE for more details [DE]

Friday, April 7, 2017

FDIS for IEC 62351-7 published - Network and System Management (NSM) data object models

IEC TC 57 has just published the 232 page FDIS (57/1857/FDIS) of the part IEC 62351-7 for final vote:

Power systems management and associated information exchange –
Data and communications security –
Part 7: Network and System Management (NSM) data object models

The vote closes 2017-05-12.

"This part of IEC 62351 defines network and system management (NSM) data object models
that are specific to power system operations. These NSM data objects will be used to monitor
the health of networks and systems, to detect possible security intrusions, and to manage the
performance and reliability of the information infrastructure. The goal is to define a set of
abstract objects that will allow the remote monitoring of the health and condition of IEDs
(Intelligent Electronic Devices), RTUs (Remote Terminal Units), DERs (Distributed Energy
Resources) systems and other systems that are important to power system operations. ...
The NSM objects provide monitoring data for IEC protocols used for power systems
(IEC 61850, IEC 60870-5-104) and device specific environmental and security status. As a
derivative of IEC 60870-5-104, IEEE 1815 DNP3 is also included in the list of monitored
protocols. The NSM data objects use the naming conventions developed for IEC 61850,
expanded to address NSM issues. For the sake of generality these data objects, and the data
types of which they are comprised, are defined as abstract models of data objects."

The document comprises many useful information objects related to devices and communication security issues like:

Intrusion detection systems (IDS) 
Passive observation techniques
Active security monitoring architecture with NSM data objects

End-to-end security
End-to-end security concepts
Role of NSM in end-to-end security

NSM requirements
Detecting unauthorized access
Detecting resource exhaustion as a denial of service (DoS) attack
Detecting invalid buffer access DoS attacks
Detecting tampered/malformed PDUs
Detecting physical access disruption
Detecting invalid network access
Detecting coordinated attacks

Saturday, April 1, 2017

IEC SC 65C Published 5,000+ Pages of New Fieldbus Editions (IEC 61158)

IEC SC 65C (subcommittee 65C: Industrial networks, of IEC technical committee 65: Industrial-process measurement, control and automation) has published 5,000+ pages with the following documents available for PUBLIC comments (
  1. 65C/864A/CDV (77 pages)
    IEC 61158-1 ED2: Industrial communication networks - Fieldbus specifications - Part 1: Overview and guidance for the IEC 61158 and IEC 61784 series
  2. 65C/865A/CDV (219 pages)
    IEC 61158-3-X ED4: Industrial communication networks - Fieldbus specifications - Part 3 - X: Data-link layer service definition - Type X elements
  3. 65C/866A/CDV (1,445 pages)
    IEC 61158-4-X ED4: Industrial communication networks - Fieldbus specifications - Part 4 - X: Data-link layer protocol specification - Type x elements
  4. 65C/867A/CDV (1,721 pages)
    IEC 61158-5-X ED4: Industrial communication networks - Fieldbus specifications - Part 5-X: Application layer service definition - Type X elements
  5. 65C/868A/CDV (2,205 pages)
    IEC 61158-6-X ED4: Industrial communication networks - Fieldbus specifications - Part 6-X: Application layer protocol specification - Type X elements
  6. 65C/869/CDV
    IEC 61918 ED4: Industrial communication networks - Installation of communication networks in industrial premises 
There are many other documents that are part of this standard series.
Take your time to comment on these documents.

What's about interoperability? Read what part 1 says in clause 4.2:

"Most of the fieldbus types specified in the IEC 61158 series include a range of selectable and configurable options within their detailed specifications. In general, only certain restricted combinations of options will interwork or interoperate correctly."

It seems like an April fool' s joke - BUT, NO, IT IS REALLY TRUE.

Thursday, March 23, 2017

ASCII Text, XML, SCL, Models, and Errors All Over

IEC 61850 makes use of ASCII text, XML, SCL, and comprehensive Information Models. At any level you may find errors. How to figure out, e.g., if a DataSet member references a FCDA that is not available in any Logical Node model?

I run through the following inconsistency:
There is a DOType "SPG_0" defined that contains a fc="SP"(bottom).
The DO "SetPt19" uses this DOType with fc="SP" (above)
The marked DataSet member FCDA refers to DO "SetPt19" with fc="ST".

This reference is not correct - there is no DO "SetPt19" with fc="ST" !! How does a stack react when it has to parse such a wrong model? Hmm!

It took me some time to figure out what the issue was when I loaded the file onto a HMS Gateway with WEB-PLC:

In the meantime I have checked the wrong file with six (well known) IEC 61850 tools - NONE of them complained about this inconsistency.
The SystemCorp stack complained, because it was not able to find the referenced object to implement the model! WOW!

This example confirms what I always tell people in my courses: Develop your own simple tools for finding errors in the "ASCII Text" - it is just a simple search you need ... I am not saying that the many tools on the market are useless!! No way! But many simple checks could be done with simple tools. Even tool developer may not have a clue what kind of checks would be helpful.
In this case it would have been quite easy to check (ASCII search and comparison) all members of all DataSets and check in the Logical Node models if there is a DataObject that matches with the reference in the DataSet. Such a ASCII text search would have resulted in something like: Did not find an fc="ST" for the object "SetPt19".

It is that easy! Believe me.

My experiences with this and many other issues are one of the core topics in my courses.
Click HERE for courses in German in Karlsruhe/Germany.

Wednesday, March 22, 2017

GridEx: The Smart Tool to Test Your IEC 61850 Network

FMTP (From Minus to Plus, Sweden) has gained a lot of positive feedback from experts using the GridEx Tool around the globe. GridEx built-in intelligence based on 30 years combined field experience in Protection Control with IEC 61850.

The new Test Tool looks very ruggedized:

The standalone tool provides many very crucial functions for simplifying the test and operation of automation systems based on IEC 61850. Here is one example function:

Click HERE for more details on the GridEx.

CD published: Conformance Test Cases for the IEC 62351-5

IEC TC 57 just published a 110 page crucial document on security testing (57/1852/CD):

IEC TS 62351 - Data and communications security -
Part 100-1: Conformance test cases for the IEC 62351-5 and its companion standards for secure data exchange communication interfaces

Comments are welcome by 2017-06-09

The scope is to specify common available procedures and definitions for conformance and/or interoperability testing of the IEC/TS 62351-5 (Security for IEC 60870-5 and derivatives), the IEC/TS 60870-5-7 and also their recommendations over the IEC 62351-3 for profiles including TCP/IP. These are the security extensions for IEC 60870-5 and derivatives to enable unambiguous and standardised evaluation of IEC/TS 62351-5 and its companion standards protocol implementations.

Tuesday, March 21, 2017

BIG Data, Smart Data, or Fake Data

Do you trust the process data you rely on for decisions to be made for many different applications? Hmm! It may be - I hope you could trust the data.

BBC just published a crucial paper with the title:
"How fake data could lead to failed crops and other woes"

Click HERE for the paper.

I guess this has been said many times - not yet by everybody.
What is most important: You have to do something to protect the data you (or your device) produce - so that the receiver can trust that the data are not FAKE data.

Maybe we extend the quality details defined in IEC 61850-7-3:
fake (extended)

I am kidding ... sure.

Do you know that IEC 61850 does not define any measure to protect the data while they are on rest or travel? It's true - no crucial definitions on security. This is intended.
The series IEC 62351 defines many very crucial measures and describes how to apply them to power systems and IEC 61850 refers to IEC 62351:
IEC/TS 62351 - Power systems management and associated information exchange - Data and communications security:
Part 1: Introduction to security issues
Part 2: Glossary of terms
Part 3: Profiles Including TCP/IP
Part 4: Security for profiles including MMS
Part 5: Security for IEC 60870-5 and derivatives
Part 6: Security for IEC 61850 profiles
Part 7: Objects for Network Management
Part 8: Role-Based Access Control
Part 9: Key Management
Part 10: Security Architecture
Part 11: Security for XML Files
Part 12: Resilience and Security Recommendations for Power Systems with DER
Part 13: Guidelines on what security topics should be covered in standards and specifications

Check an overview from part 13:

Click HERE for the source of published parts of IEC 62351.
An excellent source of hints in German can be found at GAI NetConsult (Berlin).

You should do more than buying and reading the various parts of IEC 62351 - You should implement many of the crucial measures defined in these documents,

Good luck!

Wednesday, March 8, 2017

Who can tell you what IEC 61850 really is?

Has ever someone learned what IEC 61850 really provides
from product presentations of vendors? Maybe to some extent?

How do people understand and learn what the standard series IEC 61850 really offers to the protection, automation and supervision of energy systems and what this all means for their application (as vendor, user, consultant, ...)?
A bit by reading power point presentations and papers ... and listen to presentations ... and to some extent by attending presentations and hands-on exercises conducted by equipment and tool vendors.
Is this enough?
If you are happy with the products - without understanding how far IEC 61850 is really implemented - then you could go and ... quite often at the end of the day you may learn that you got far to less

or far too much compared to what the standard would provide for your needs:

You need more vendor-independent information and experience from long-term experts like Andrea Bonetti (FMTP) or Karlheinz Schwarz (SCC). Sure, any demonstration or hands-on exercise of any IEC 61850 feature requires products like the great IEDScout of Omicron or ... BUT: the products implement just a fraction of what IEC 61850 is all about.
If you want to learn the Philosophy of IEC 61850 and compare it with the many different other approaches like IEC 60870-5-104, or other products, then you need independent information and experience. And finally you need to understand how the product X of vendor A compares to the product Y from vendor B.
To meet two of the most experienced experts and discuss with them your needs, doubts and complains, ... please register for the next training courses in Stockholm next week or in Karlsruhe in May.
Click HERE for the details of seminars in German.
Click HERE for the courses in English.
See you soon.
After the education of more than 4,000 attendees I know what people need ... and what they get by vendor-driven "education".

Saturday, March 4, 2017

XMPP, XML, and MMS: Two New TC 57 CDVs available for Public Comments

IEC TC 57 has published the following two CDV documents and allows you access to them:

IEC 61850-8-1/AMD1 ED2: Amendment 1 - Communication networks and systems for power utility automation - Part 8-1: Specific communication service mapping (SCSM) -
Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3

IEC 61850-8-2 ED1: Communication networks and systems for power utility automation - Part 8-2: Specific communication service mapping (SCSM) -
Mapping to Extensible Messaging Presence Protocol (XMPP) 
You can study these two documents and provide comments.
Click HERE for the access (need to register only).
XMPP is used here to transport the XML message payloads between IEC 61850 server and client. The main contents of the messages are MMS messages (defined in ASN.1) and encoded with ASN.1 XER (XML encoding rule) - instead of ASN.1 BER (basic encoding rule). 
Example (excerpt):
Quite interesting. Most of what you have understood of MMS (subset used in IEC 61850-8-1) is applicable for 8-2 as well.
Click HERE for an introduction to ASN.1 and a discussion of why we need encoding rules.

Wednesday, March 1, 2017

IEC TC 57 and WG 10 in Figures

IEC TC 57 Working Group 10 "Power system IED communication and associated data models" met last week in Geneva (Switzerland) at the IEC central office.
Mr. Charles Jacquemart (IEC Technical Officer) presented some very interesting figures about the TC 57 and especially WG 10. The following slides are published here with the permission of Mr. Jacquemart.

TC 57 History:

Crucial Publications:

Various TC 57 Working Groups (250 members in WG 10!!):

IEC TC 57 WG 10 is the LARGEST WG in the whole IEC!!

Sales of IEC 61850 standards:

You are right, IEC 61850 is one of the most crucial standard series in IEC and also in the market of power systems!
More to come!

Wednesday, February 22, 2017

Read One of the Best Papers on IEC 61850 ever Published

Eric A. Udren (a friend of mine) from Quanta Technology, LLC of Raleigh, North Carolina has written one of the best papers on the application of IEC 61850 in general and in the USA I ever read:

What Drives the Business Case for IEC 61850?
published in the December 2016 issue of the PAC World magazine.
This paper summarizes the experience of more than 10 years with the application of the standard series IEC 61850. It is a very easy to read and understand summary of the content of my training courses. After more than 230 training courses I conducted globally since 2003 and more than 4,200 experts educated in these courses I fully agree with the crucial recommendations of the paper:
Eric states at the very beginning (3rd sentence!): " ... one must first understand that IEC 61850 is not just a communications protocol." Well said. He lists many crucial facets.
The main part of Eric's conclusion is [highlights are added by myself]:
"The following action items can help the utility to achieve technical success and lowest life cycle costs:
  • Develop requirements for and relationships with product vendors, who must commit to support interoperable and sustainable products and designs over the service life of the PAC design.
  • Apply the sustainable design principles of the previous sections. If some of these seem unfamiliar, get expert help from vendors and from vendor-independent industry experts with experience in PAC system design and integration.
  • Create strong, rigid design standards; develop broadly useable documentation for new PAC design features like network configuration, data flows, and GOOSE messaging connections of functional points.
  • Set up rigid documentation and configuration management systems. With IEC 61850, much of the PAC design is no longer evident in the physical installation – this managed design information is the only tool to maintain the system.
  • Create a development laboratory to validate the performance of the design. Keep the laboratory throughout the installation life to train personnel, to troubleshoot bugs that arise in the field, and to test new product or firmware insertions in the existing design before authorizing those for field use.
  • Develop and run training programs for field maintenance personnel, including hands-on participation and feedback during the design and laboratory test phases.
  • Develop and run training programs for other enterprise stakeholders, including system planning, capital planning, purchasing, and operations teams.
  • After the pilot or trial phase, plan a crisp organizational transition to the new design at the fastest sustainable rate."
Click HERE to access the paper for free.

There have been a lot of misleading and strange statements on the benefits of IEC 61850 communicated ... trust the real experts like Eric Udren ...

One of the real show-stoppers of a beneficial application is the lack of education of many engineers. We offer the right experience and knowledge for your people to harvest the benefits of the application of IEC 61850 and other standards:

Click HERE for the latest announcements of courses in German.
Click HERE for the latest announcements of courses in English.

I look forward meeting you in one of the public courses or in an inhouse seminar. Peopleware is one of the most crucial issues in future energy systems.

Thursday, February 16, 2017

IEC-61850-Seminare in Deutsch (Mai und Dezember 2017)

NettedAutomation GmbH bietet in 2017 zwei IEC-61850-Seminare zu unschlagbaren Preisen in Karlsruhe an:

09.-12. Mai 2017 
05.-08. Dezember 2017

Die drei (3) Blöcke (1 Tag + 2 Tage + 1 Tag) können einzeln oder in Kombination gebucht werden. Sie entscheiden selbst, ob Sie nur einen Tag von Ihrem Arbeitsplatz fern bleiben möchten oder zwei, drei oder vier. Je nachdem, wieviel Zeit Sie investieren wollen oder können und welchen Bedarf Sie haben.

Lernen Sie, wie über 4.000 Teilnehmer vor Ihnen, was IEC 61850 und andere Normen wie IEC 60870-5-10x oder IEC 62351 (Security) bedeuten. Gewinnen Sie einen Einblick in relevante Realisierungen wie die FNN-Steuerbox oder VHPready, die auf IEC 61850 aufbauen. Verstehen Sie, wie Feldbusse über lostengünstige Gateways in die Anlagen eingebunden werden können.

HIER klicken, um zur Beschreibung und den Anmeldeunterlagen zu gelangen [pdf, 430 KB].

Beachten Sie auch, dass die meisten Seminare als Inhouse-Kurse stattfinden! Falls Sie Interesse an einem Inhouse-Kurs (in deutsch, englisch, italienisch oder schwedisch) haben sollten kontaktieren Sie uns bitte!

IEC TC 57 has Published Several New Documents

IEC TC 57 has published several new documents related to IEC 61850 and IEC 62351 (Security):

IEC 61850-7-3: Amendment 1 - Communication networks and systems for power utility automation - Part 7-3: Basic communication structure - Common data classes
The amendment has been accepted with 100 % in favour

IEC 62351-9: Data and communications security –
Part 9: Cyber security key management for power system equipment
voting closes 2017-03-17

Communication networks and systems for power utility automation - Part XXX: System management for IEC 61850 (proposed IEC 61850-XXX TS)
The new work item proposal has been accepted with 100 % in favour

IEC 61850-7-7: Basic communication structure – Machine-processable format of IEC 61850-related data models for tools
The new work item proposal has been accepted with almost 100 % in favour

Tuesday, February 14, 2017

Seminar on Protection and Control in Stockholm (18-22 Sep / 10-13 Oct 2017)

FMTP, KTH, OPAL RT, and NettedAutomation offer a very comprehensive training courses on IEC 61850 and related standards

Stockholm-Arlanda (Airport)
18-22 September 2017
Click HERE for details
Karlsruhe (Germany)
10-13 October 2017
Click HERE for details

Thursday, February 2, 2017

Wind Energy Generation Systems - About to Use and Extend SCL

IEC TC 88 (Wind energy generation systems) has just published a new work item proposal for the series IEC 61400-25 (Communications for monitoring and control of wind power plants):

Part 25-7: Communications for monitoring and control of wind power plants –
Configuration description language for communication in wind automation systems related to IEDs

The voting closes 2017-04-21.

The scope of this NWIP is to describe the adoption of the System Configuration description Language (SCL) defined in IEC 61850-6 to the wind domain.

Tuesday, January 17, 2017

Animal "Attacks" on Power Systems - Worry About Squirrels

BBC news has published an interesting report on "Squirrel 'threat' to critical infrastructure".

According to the report "The real threat to global critical infrastructure is not enemy states or organisations but squirrels, according to one security expert.
Cris Thomas has been tracking power cuts caused by animals since 2013.
Squirrels, birds, rats and snakes have been responsible for more than 1,700 power cuts affecting nearly 5 million people, he told a security conference."

Click HERE to read the report.

Are You Looking for Authenticated Encrypted Time Signals?

GPS-based time signals could be less robust and reliable - this has been discussed in various forums. Electric power systems rely on time synchronization you can trust.

In a new US DOE project (TASQC - Timing Authentication Secured by Quantum Correlations) experts are planning to develop authenticated encrypted time signals that mitigate known vulnerabilities in GPS-based time. The project aims to:
  • Develop and demonstrate a secure time distribution system using quantum-correlated signals over geographically wide area;
  • Develop and demonstrate protocols for time-stamp authentication for data reported from power systems;
  • Expand capability of the developed infrastructure for secure authentication of broadcast messages;
  • Evaluate the system for cyber- and physical-vulnerabilities;
  • Partner with industry to develop timing requirements for power systems and to refine design of system and protocols.
Phil Evans, Ph.D., TASQC Principle Investigator, Oak Ridge National Laboratory, respectfully requests your assistance for the TASQC project by both answering the questions in a brief survey, and distributing it amongst your colleagues in the electric power industry.