Saturday, July 14, 2018

IEC TC 57 just published FDIS IEC 61850-8-2 (Mapping to XMPP)

IEC TC 57 just published FDIS IEC 61850-8-2 (Mapping to XMPP) - 253 pages !


Voting ends: 2018-08-24

Part 8-2: Specific communication service mapping (SCSM)
– Mapping to Extensible Messaging Presence Protocol (XMPP)

The long wait for a second SCSM is over!

The new mapping of IEC 61850 describes a specific communication service mapping
(SCSM) over the Extensible Messaging and Presence Protocol (XMPP), providing detailed
information on how to create and exchange concrete communication messages that
implement abstract services and models specified in IEC 61850-7-4, IEC 61850-7-3, and
IEC 61850-7-2.

Note that the MMS messages (defined using ASN.1) are used in IEC 61850-8-1 AND -8-2 ! The only crucial difference between the two message and model mappings (in 8-1 and 8-2) is this:

8-1 uses BER (Basic Encoding Rule) for the messages on the wire, while 8-2 uses (XER (XML Encoding Rule). The complexity of the MMS messages is the same in both mappings - because the structure and how to build messages and how to carry the 7-2 services and 7-x models are the same!

The challenges to implement 8-2 message mapping are more or less the same as with 8-1. Note that the messages in XER are far longer than with BER.

There is - of course - a difference between the two: The transport of messages in 8-2 uses XMPP.

Some may argue, that there are more tools available for XER than for BER. Ok.

IEC 61850-8-2 is far away from something simple and easy to implement and use - especially when you need only a few simple services and models.

WOW -- IEC 61850 Models Publically Available for Download

After long time, IEC has accepted to provide free online access to the IEC 61850 Models!!


Excerpt from 57/2023/INF (2018-07-13):

"With IEC 61850-7-7, a machine processable format for the distribution of IEC 61850 data models has been defined. Based on that, in the future, all IEC 61850 models will be as well available in this format as namespace files (NSD files).
The namespace files are code components, that are intended to be directly processed by a computer. The purchase of the associated IEC standard carries a copyright license for the purchaser to sell software containing Code Components from this standard to end users either directly or via distributors, subject to IEC software licensing conditions, which can be found at: ..."

Screenshot from the TC 57 Supporting Documents page:

Click HERE to get to the above page.

Sunday, July 8, 2018

First Draft IEC 61850-90-16 Requirements for System Management for IEC 61850

The first Draft on IEC 61850-90-16 (97 pages) has been published (57/2014/DC):

Requirements for System Management for IEC 61850

"The distribution grid is facing a massive roll out and refurbishment of automation equipment to
implement deeper monitoring and new smart grid applications. The new equipment to be deployed in order to solve today’s issues (MV voltage and reactive power regulation for example) will necessarily have to be adjustable and upgradeable in order to face challenges of tomorrow (for example massive electric vehicles fleets, low voltage automation, …) which will arrive long before the end of its 20 years’ service life. Furthermore, there is a necessity for the equipment to adapt to the evolving and growing cybersecurity threats.
The equipment will therefore need to be patched, updated and reconfigured, and this has to be done remotely due to the great number of equipment. This is a cornerstone of the System Management (SM), which refers to functionalities that are not directly linked to the operational role of the equipment but allow it to perform its operational functions in the best conditions possible. Smart Grid Devices Management also includes other functions such as asset management or supervision.
These functionalities need to be managed by the grid operator and address multiple devices from different vendors through independent Information Systems and thus the requirements and exchanges need to be standardized. As these are to be applied to IEC 61850 compliant equipment, these mechanisms need to be integrated in the standard. ..."

Comments are due by 2018-09-28

Role-based Access Control - On its way to become Standard

IEC 62351-8 is on its way to become an IEC Standard (57/2017/CD):

Power systems management and associated information exchange – Data and communications security –
Part 8: Role-based access control

The part 8 is currently a Technical Specification. This will change in the next step.

The 62 page CD has been published for commenting until 2018-09-28

"This document provides standard for access control in power systems. The power system
environment supported by this standard is enterprise-wide and extends beyond traditional
borders to include external providers, suppliers, and other energy partners. ...

The following interactions are in scope:

  • local (direct wired) access to the object by a human user;
  • local (direct wired) access to the object by a local and automated computer agent, e.g. another object at the field site;
  • direct access by a user to the object using the objects’ built-in HMI or panel;
  • remote (via dial-up or wireless media) access to the object by a human user;
  • remote (via dial-up or wireless media) access to the object by a remote automated computer agent, e.g. another object at another substation, a distributed energy resource at an end-user’s facility, or a control centre application."

Wednesday, July 4, 2018

IEEE Spectrum July 2018: 6 WAYS IoT IS VULNERABLE

IEEE Spectrum 2018-07 publishes an opinion by Stacey Higginbotham about the vulnerability of IoT devices and systems:


Here is an excerpt of the six reasons why security for the Internet of Things (IoT) is different from—and more difficult to tackle than—traditional IT security:

  1. We’ve raised the stakes by connecting more physical systems and facilities to wireless networks -> Consequences of failure are more dire.
  2. IoT security is a special challenge:The adversaries are unlike any we’ve seen before.
  3. For traditional IT system, one can count on the software company’s support for a
    set amount of time. What we see: it could be 10 years, 7, 3, 2, or even 0 ...
  4. A connected product that generates a small profit may require years of updates, patches, and security evaluations.
  5. Many connected devices are built with software, hardware, and firmware that are created
    by different companies and pieced together at the end. It takes only one weak link to create a vulnerability ...
  6. Many connected devices live in environments unlike any IT system. In a home, there’s no IT manager to push patches to a connected fridge. And in an industrial setting, patching one machine might cause it to stop working with other equipment on the line.

I would summarize the challenge as follows:

IoT devices and systems require in principle the same attention, efforts and resources like traditional IT systems. The sheer unlimited number of interconnected IoT devices will work securely only if we except to spend much more money than what the market expects!

Or: Today´s solutions will be the problems of tomorrow.

Click HERE for the complete document (1 page).

Real-time Access to German Generation and Consumption of Electricity

You have real-time access to the German generation and consumption of electricity:

Click HERE for the real-time data access.

Monday, July 2, 2018

Version 2 des OE/BDEW-Whitepaper Anforderungen an sichere Steuerungs - und Telekommunikationssysteme

Version 2 des OE/BDEW-Whitepaper (komplett überarbeitete Version!; 80 Seiten):

Anforderungen an sichere Steuerungs - und Telekommunikationssysteme
(Requirements for Secure Control and Telecommunication Systems)


Click HIER für den Zugriff auf das gesamte Dokument.

"Das vorliegende Dokument definiert grundsätzliche Sicherheitsanforderungen für Steuerungs- und
Telekommunikationssysteme für die Prozesssteuerung in der Energieversorgung und gibt
Ausführungshinweise zu deren Umsetzung. Hierzu werden von Fachexperten zusammengestellte,
aktuelle und branchenspezifische Empfehlungen zur Sicherstellung der Informationssicherheit
Das Whitepaper definiert Anforderungen an Einzelkomponenten und für aus diesen Komponenten
zusammengesetzte Systeme und Anwendungen. Ergänzend werden auch Sicherheitsanforderungen
an Wartungsprozesse, Projektorganisation und Entwicklungsprozesse behandelt.
Fokus dieses Dokuments sind die im Rahmen der Beschaffung zu berücksichtigenden Anforderungen
an technische Komponenten und Systeme und für die Projektabwicklung relevanten Prozesse.
Ebenso wichtig sind organisatorische Sicherheitsmaßnahmen im Unternehmen, wie der
Aufbau einer Sicherheitsorganisation, ein angemessenes Risikomanagement oder die Schaffung
eines umfassenden Sicherheitsbewusstseins bei den Mitarbeitern (Security Awareness). Diese
organisatorischen Anforderungen stehen nicht im Fokus des Whitepapers, hierzu sei insbesondere
auf die Normen ISO/IEC 27001 und ISO/IEC 27019 verwiesen.
Das vorliegende Dokument ist eine vollständig überarbeitete Neuauflage des BDEW Whitepapers
und der zugehörigen Ausführungshinweise von Oesterreichs Energie und BDEW. Beide Dokumente
wurden zusammengeführt und die Inhalte gemäß aktuellen Technologienentwicklungen
umfassend aktualisiert und ergänzt."

Die englische Version wird in Kürze erscheinen.

Die hier beschriebenen Anforderungen haben erheblichen Einfluss auf Unternehmen im Kontext der Energieversorgung: mehr Mitarbeiter und mehr technische Hilfsmittel, mit denen die Anforderungen erfüllt werden könnten - und damit höhere Kosten!