This part of IEC 61850, which is a technical report, provides a comprehensive overview of the different aspects that need to be considered while using IEC 61850 for information exchange between substations and control or maintenance centres or other system level applications. In particular, this technical report:<\/p>\n
defines use cases and communication requirements that require an information exchange between substations and control or maintenance centres<\/p>\n<\/li>\n
describes the usage of the configuration language of IEC 61850-6<\/p>\n<\/li>\n
gives guidelines for the selection of communication services and architectures compatible with IEC 61850<\/p>\n<\/li>\n
describes the engineering workflow<\/p>\n<\/li>\n
introduces the use of a Proxy\/Gateway concept<\/p>\n<\/li>\n
describes the links regarding the Specific Communication Service Mapping (SCSM)<\/p>\n<\/li>\n<\/ul>\n
This technical report does not define constraints or limitations for specific device implementations. There is no specific chapter for cyber security which is tackled when it is necessary. The model, for IEC TR 61850-90-2, provides security functions based upon the security threats and security functions found in IEC TS 62351-1 and IEC TS 62351-2. This technical report touches several security aspects with the following basic assumptions:<\/p>\n
Information authentication and integrity (e.g. the ability to provide tamper detection) is needed<\/p>\n<\/li>\n
Confidentiality is optional<\/p>\n<\/li>\n<\/ul>\n
It shall be possible to provide information authentication and integrity in an end-to-end method, regardless of information hierarchies. The typical method to provide this security function is through some type of information\/message authentication code. IEC 62351-4:2007 and IEC 62351-91 describe how authentication and integrity is achieved for IEC 61850-8-1. A later version of IEC 62351-4 will provide means to ensure end-to-end data integrity through Proxy\/Gateways.<\/p>\n
Beneath information authentication and integrity, information availability is an important aspect for telecontrol. This technical report provides redundancy architectures to enhance the availability of information in control and maintenance centres.<\/p>\n
The scheme shown in Figure 1 gives an overview of the connectivity and the communication paths. In particular it indicates the principle to access directly or indirectly \u2013 via the Proxy\/Gateway \u2013 to an IED. An application of security controls for substation to control centre communication can be found in IEC 62351-10:2012, 6.4.3. Thus, the substation automation system has to be considered inside a perimeter of cyber security. The access is totally checked by security access points (this document does not describe such a security access point). The boundary of the electronic security perimeter is defined by the point, where the communication line leaves the perimeter of the substation over public ground. There might be more than one security access point, where separation of applications (e.g. control centre and maintenance centre) is required. When more than one client needs access to the same security access point information level access control, e.g. according to IEC TS 62351- 8:2011, may be added. IEC TS 62351-8:2011 may also be used in other cases, where different access rights are required.<\/p>\n
The majority of applications for which this technical report is applicable will use the services of MMS (ISO 9506) mapped to ISO\/IEC 8802-3 frame formats, as described in IEC 61850-8-1:2011.<\/p>\n
The primary application for the use of indirect access, as described in this technical report, will be for telecontrol applications. Nevertheless this technical report does not imply that the use of a Proxy\/Gateway is required for telecontrol applications. Direct access may also be used for telecontrol applications where applicable and accepted by the customer.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 4<\/td>\n | CONTENTS <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 1 Scope <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 2 Normative references Figures Figure 1 \u2013 Connectivity and communication paths of a substation <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 4 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 5 Use cases and requirements 5.1 Use cases 5.1.1 Overview 5.1.2 Actors <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 5.1.3 Use case diagram Figure 2 \u2013 Use case diagram for substation to control centre communication <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 5.1.4 Use cases 5.2 Telecontrol 5.2.1 General <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 5.2.2 Constraints \/ assumptions \/ design considerations 5.2.3 Actors <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 5.2.4 Use cases diagram Figure 3 \u2013 Telecontrol use case diagram <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 5.2.5 Use case description 5.2.6 Sequence diagrams <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | Tables Table 1 \u2013 Constraints for acquisition of status <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | Table 2 \u2013 Constraints for acquisition of alarms Table 3 \u2013 Constraints for remote control <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | Figure 4 \u2013 Principle of data forwarding, depending on the operation mode Table 4 \u2013 Forwarding of information depending on the operation mode <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 5.3 Synchrophasor 5.3.1 General 5.3.2 Constraints \/ assumptions \/ design considerations 5.3.3 Use cases 5.4 Disturbance 5.4.1 General 5.4.2 Constraints \/ assumptions \/ design considerations 5.4.3 Actors <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 5.4.4 Use case diagram Figure 5 \u2013 Disturbance use cases diagram <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 5.4.5 Uses cases description 5.4.6 Sequence diagrams <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 5.5 Counting 5.5.1 General 5.5.2 Constraints \/ assumptions \/ design considerations <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 5.5.3 Actors 5.5.4 Use cases diagram 5.5.5 Use cases description Figure 6 \u2013 Counting use cases diagram <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 5.5.6 Sequence diagrams 5.6 Power quality 5.6.1 General 5.6.2 Constraints \/ assumptions \/ design considerations <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 5.6.3 Actors 5.6.4 Use cases diagram 5.6.5 Use cases description 5.6.6 Sequence diagrams Figure 7 \u2013 Power quality use cases diagram <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 5.7 Asset 5.7.1 General Figure 8 \u2013 Asset management touches a broad range of core electric utility processes <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 5.7.2 Constraints \/ assumptions \/ design considerations 5.7.3 Actors 5.7.4 Use cases diagram 5.7.5 Use cases description 5.7.6 Sequence diagram Figure 9 \u2013 Asset supervision use cases diagram <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 5.8 Parameter configuration 5.8.1 General 5.8.2 Constraints \/ assumptions \/ design considerations 5.8.3 Actors <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 5.8.4 Use cases diagram 5.8.5 Use cases description 5.8.6 Sequence diagrams Figure 10 \u2013 Parameter configuration use cases diagram <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 5.9 Communication requirements for SS to CC communication 5.9.1 General issues <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | Figure 11 \u2013 Levels and logical interfaces in substation automation systems <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 5.9.2 Functions based on substation- to-control-centre communication 5.9.3 Message performance requirements Figure 12 \u2013 Definition of transfer time t <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 5.9.4 Introduction and use of message performance classes <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 5.9.5 Requirements for data and communication quality 5.9.6 Reliability 5.9.7 Availability Table 5 \u2013 Typical Transfer time requirements for control and monitoring data <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 5.9.8 Requirements concerning the communication system 5.10 Modelling requirements for SS to CC communication <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 6 Configuration aspects 6.1 Requirements <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 6.2 Extension of the engineering process with SCL 6.2.1 General 6.2.2 Engineering workflow Figure 13 \u2013 Scope of separated engineering workflow <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 6.2.3 Integrated engineering workflow \u2013 LANs with WAN Figure 14 \u2013 Engineering workflow <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | 6.3 Extension of the SCL schema from IEC\u00a061850-6:2009 6.3.1 General 6.3.2 Modelling of redundancy Figure 15 \u2013 Scope of integrated workflow <\/td>\n<\/tr>\n | ||||||
| 50<\/td>\n | Figure 16 \u2013 Diagram of eTr-IEC61850-90-2:RedundancyModes Table 6 \u2013 Attributes of the eTr-IEC61850-90-2:RedundancyModes element <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | Figure 17 \u2013 Diagram of eTr-IEC61850-90-2:LinkModes Table 7 \u2013 Attributes of the eTr-IEC61850-90-2:LinkModes element <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Figure 18 \u2013 Diagram of eTr-IEC61850-90-2:ClientRedundancyServices Table 8 \u2013 Elements of the eTr-IEC61850-90-2:ClientRedundancyServices element <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | Figure 19 \u2013 Diagram of eTr-IEC61850-90-2:LDeviceOverride <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | Figure 20 \u2013 Diagram of eTr-IEC61850-90-2:RedundantServerTo <\/td>\n<\/tr>\n | ||||||
| 55<\/td>\n | Table 9 \u2013 Attributes of the eTr-IEC61850-90-2:RedundantServerTo element <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | Figure 21 \u2013 Diagram of eTr-IEC61850-90-2:RedundantClientTo Table 10 \u2013 Attributes of the eTr-IEC61850-90-2:RedundantClientTo element <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | 6.3.3 Modelling of data references between SCL files Figure 22 \u2013 Diagram of eTr-IEC61850-90-2:StandbyLinkMode Table 11 \u2013 Values of the eTr-IEC61850-90-2:tLinkModeEnum <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | Figure 23 \u2013 Diagram of eTr-IEC61850-90-2:ExternalSCL Table 12 \u2013 Attributes of the eTr-IEC61850-90-2:ExternalSCL element <\/td>\n<\/tr>\n | ||||||
| 59<\/td>\n | Figure 24 \u2013 Diagram of eTr-IEC61850-90-2:ProxyOf <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | 6.3.4 Functional naming 6.3.5 Examples 6.4 Security aspects Table 13 \u2013 Attributes of the eTr-IEC61850-90-2:ProxyOf element <\/td>\n<\/tr>\n | ||||||
| 61<\/td>\n | 7 Basic Communication Structure \u2013 Principles and models 7.1 Communication and Modelling aspects 7.1.1 General 7.1.2 Communication aspects <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | Figure 25 \u2013 Communication concept <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | Table 14 \u2013 Use case vs. IEC\u00a061850 \u2013 Service table <\/td>\n<\/tr>\n | ||||||
| 67<\/td>\n | Figure 26 \u2013 SS to CC communication via direct access <\/td>\n<\/tr>\n | ||||||
| 68<\/td>\n | Figure 27 \u2013 Basic configuration for indirect access <\/td>\n<\/tr>\n | ||||||
| 70<\/td>\n | Table 15 \u2013 Link states Table 16 \u2013 Usage of buffered \/ unbuffered reporting for the redundancy schemes <\/td>\n<\/tr>\n | ||||||
| 71<\/td>\n | Table 17 \u2013 Requirements versus redundancy scheme <\/td>\n<\/tr>\n | ||||||
| 72<\/td>\n | Figure 28 \u2013 Configuration without redundancy <\/td>\n<\/tr>\n | ||||||
| 73<\/td>\n | Figure 29 \u2013 AccessPoint redundancy <\/td>\n<\/tr>\n | ||||||
| 74<\/td>\n | Figure 30 \u2013 Device redundancy of frontend computers <\/td>\n<\/tr>\n | ||||||
| 75<\/td>\n | Figure 31 \u2013 Device redundancy of Proxy\/Gateway and frontend computers <\/td>\n<\/tr>\n | ||||||
| 76<\/td>\n | Figure 32 \u2013 Multiple redundancies <\/td>\n<\/tr>\n | ||||||
| 79<\/td>\n | Figure 33 \u2013 Usage of buffers and duplicate filter <\/td>\n<\/tr>\n | ||||||
| 80<\/td>\n | 7.1.3 Proxy\/Gateway model Table 18 \u2013 Extension of the common LN class <\/td>\n<\/tr>\n | ||||||
| 82<\/td>\n | Figure 34 \u2013 Product related naming Proxy\/Gateway <\/td>\n<\/tr>\n | ||||||
| 84<\/td>\n | Figure 35 \u2013 Modelling a Proxy\/Gateway IED \u2013 Preserving the logical devices <\/td>\n<\/tr>\n | ||||||
| 85<\/td>\n | Figure 36 \u2013 Modelling a Proxy\/Gateway IED \u2013 Renaming of logical devices <\/td>\n<\/tr>\n | ||||||
| 86<\/td>\n | Figure 37 \u2013 Modelling a Proxy\/Gateway IED \u2013 Rearranging logical nodes <\/td>\n<\/tr>\n | ||||||
| 87<\/td>\n | Figure 38 \u2013 Modelling a Proxy\/Gateway IED \u2013 Merging of logical nodes <\/td>\n<\/tr>\n | ||||||
| 88<\/td>\n | Figure 39 \u2013 Modelling a Proxy\/Gateway IED \u2013 Splitting of logical nodes <\/td>\n<\/tr>\n | ||||||
| 89<\/td>\n | Figure 40 \u2013 Modelling a Proxy\/Gateway IED \u2013 Transform to semantically defined LN <\/td>\n<\/tr>\n | ||||||
| 90<\/td>\n | Figure 41 \u2013 Modelling a Proxy\/Gateway IED \u2013 Convert semantically defined LNs <\/td>\n<\/tr>\n | ||||||
| 91<\/td>\n | Figure 42 \u2013 Modelling a Proxy\/Gateway IED \u2013 Create an array subset <\/td>\n<\/tr>\n | ||||||
| 94<\/td>\n | Figure 43 \u2013 Comparison of indirect, indirect transparent and direct access <\/td>\n<\/tr>\n | ||||||
| 98<\/td>\n | 7.1.4 Service tracking 7.2 Modelling and control block classes 7.2.1 General 7.2.2 CONTROL class model for Proxy\/Gateway Figure 44 \u2013 Principle of the Proxy\/Gateway control model <\/td>\n<\/tr>\n | ||||||
| 100<\/td>\n | Table 19 \u2013 Negative responses to service requests <\/td>\n<\/tr>\n | ||||||
| 103<\/td>\n | Figure 45 \u2013 State machine of direct control with normal security <\/td>\n<\/tr>\n | ||||||
| 104<\/td>\n | Figure 46 \u2013 Direct control with normal security \u2013 positive case <\/td>\n<\/tr>\n | ||||||
| 105<\/td>\n | Figure 47 \u2013 Direct control with normal security \u2013 negative case <\/td>\n<\/tr>\n | ||||||
| 106<\/td>\n | Figure 48 \u2013 State machine of SBO control with normal security <\/td>\n<\/tr>\n | ||||||
| 107<\/td>\n | Figure 49 \u2013 SBO control with normal security \u2013 positive case <\/td>\n<\/tr>\n | ||||||
| 108<\/td>\n | Figure 50 \u2013 SBO control with normal security \u2013 negative case <\/td>\n<\/tr>\n | ||||||
| 109<\/td>\n | Figure 51 \u2013 State machine of direct control with enhanced security <\/td>\n<\/tr>\n | ||||||
| 110<\/td>\n | Figure 52 \u2013 Direct control with enhanced security \u2013 positive case <\/td>\n<\/tr>\n | ||||||
| 111<\/td>\n | Figure 53 \u2013 Direct control with enhanced security \u2013 negative case <\/td>\n<\/tr>\n | ||||||
| 112<\/td>\n | Figure 54 \u2013 State machine of SBO control with enhanced security <\/td>\n<\/tr>\n | ||||||
| 113<\/td>\n | Figure 55 \u2013 SBO control with enhanced security \u2013 positive case <\/td>\n<\/tr>\n | ||||||
| 114<\/td>\n | 7.2.3 SETTING-GROUP-CONTROL-BLOCK class model for Proxy\/Gateway Figure 56 \u2013 SBO control with enhanced security \u2013 negative case <\/td>\n<\/tr>\n | ||||||
| 115<\/td>\n | 7.2.4 REPORT-CONTROL-BLOCK class model for Proxy\/Gateway 7.2.5 LOG-CONTROL-BLOCK class model for Proxy\/Gateway 7.2.6 File transfer Table 20 \u2013 Mapping of Comtrade folder names in the Proxy\/Gateway <\/td>\n<\/tr>\n | ||||||
| 116<\/td>\n | 7.2.7 Applying cyber security to the Proxy\/Gateway Figure 57 \u2013 Integrity protection for the Clear Token Figure 58 \u2013 Integrity protection for the Clear Token and the MMS message <\/td>\n<\/tr>\n | ||||||
| 117<\/td>\n | 8 SCSM aspects \u2013 MMS and ISO\/IEC 8802-3 8.1 General 8.2 TCP\/IP T-Profiles Figure 59 \u2013 Integrity protection and encryption for the MMS message Figure 60 \u2013 MMS Objects and services used <\/td>\n<\/tr>\n | ||||||
| 118<\/td>\n | 8.3 OSI T-Profile 9 SCSM aspects \u2013 Sampled values over ISO\/IEC 8802-3 (IEC\u00a061850-9-2) <\/td>\n<\/tr>\n | ||||||
| 119<\/td>\n | Annexes Annex A (informative) Protocol Implementation Conformance Statement A.1 General A.2 ACSI basic conformance statement Table A.1 \u2013 Basic conformance statement <\/td>\n<\/tr>\n | ||||||
| 120<\/td>\n | A.3 ACSI models conformance statement Table A.2 \u2013 ACSI models conformance statement <\/td>\n<\/tr>\n | ||||||
| 121<\/td>\n | A.4 ACSI service conformance statement Table A.3 \u2013 ACSI service conformance statement <\/td>\n<\/tr>\n | ||||||
| 124<\/td>\n | A.5 Redundancy support statement A.6 Transformation function support statement Table A.4 \u2013 Redundancy mechanism support statement <\/td>\n<\/tr>\n | ||||||
| 125<\/td>\n | A.7 Proxy\/Gateway model support statement Table A.5 \u2013 Proxy\/Gateway transformation function support statement Table A.6 \u2013 Proxy\/Gateway model support statement <\/td>\n<\/tr>\n | ||||||
| 126<\/td>\n | A.8 Instruction and comments on using this template A.8.1 Comments A.8.2 Instructions A.8.3 Revision history <\/td>\n<\/tr>\n | ||||||
| 127<\/td>\n | Annex B (informative) SCL syntax: XML schema definition <\/td>\n<\/tr>\n | ||||||
| 131<\/td>\n | Annex C (informative) Substation SCD example <\/td>\n<\/tr>\n | ||||||
| 157<\/td>\n | Annex D (informative) Control Centre SCD example <\/td>\n<\/tr>\n | ||||||
| 190<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Communication networks and systems for power utility automation – Using IEC 61850 for communication between substations and control centres<\/b><\/p>\n |